Trend Micro InterScan eManager is a plug-in for InterScan which manages spam, message
content, and mail delivery. It can be managed through a web-based console interface.
Several CGI components of eManager contain a buffer overflow vulnerability which could
allow an attacker to execute arbitrary code within the Local System context.
It is important to note the web management console does not have an authentication
method.
News: Government
9/13/2001 8:54
FAA plans new IT security
FCW
Posted By: Benjamin D. Thomas
9/13/2001 8:54
A vulnerability has been found in certain configurations of Macintosh OS X.
A remote attacker may read obtain web directory content information by submitting a URL
to the vulnerable host's web service of the following form:
Revision 1.0
For public release 2001 September 12 08:00 (GMT -0800)
Summary
ProFTPD contains a vulnerability which may allow for remote attackers to bypass ProFTPD access control lists or have false information logged. ProFTPD does not forward resolve reverse-resolved hostnames to verify that the IP address matches of the client matches DNS records.
It may be possible for a remote attacker with control over address space to set an arbitrary hostname as the PTR record for the attacking address. This false hostname will be evaluated against the ProFTPD ACLs and recorded in log files.
The msgchk utility under certain versions of Digital Unix contains a buffer overflow vulnerability which could yield root privilege.
If a local user invokes the msgchk utility at the command line, argumented with a sufficiently long string of bytes, a buffer overflow condition can be triggered. Where msgchk runs suid root, this can allow hostile code to be executed as root, granting an attacker administrative access to the vulnerable system.
Joerg Wendland's 'libnss-pgsql' is a NSS(Name Service Switch) module for PostgreSQL.
The NSS database module 'libnss-pgsql' is prone to a vulnerability which will allow SQL queries to be manipulated via a HTTP request. Data that is included in SQL query strings is not adequately sanitized. It may be possible for malicious users to modify the structure of SQL queries.
Security experts are stunned but not necessarily surprised that four domestic commercial jets were hijacked on Tuesday to carry out attacks on New York and Washington.
Airport security in the country is so poor, they say, that bypassing security measures and wreaking havoc onboard a flight is easy.
WASHINGTON -- Federal police are reportedly increasing Internet surveillance after Tuesday's deadly attacks on the World Trade Center and the Pentagon.
Just hours after three airplanes smashed into the buildings in what some U.S. legislators have dubbed a second Pearl Harbor, FBI agents began to visit Web-based, e-mail firms and network providers, according to engineers at those companies who spoke on condition of anonymity.
The FBI has gained a foothold in the hacker underground thanks to an 18-month undercover operation launched during the height of the U.S. military's 1999 bombing campaign in Kosovo. What started out as a Defense Department operation designed to ferret out pro-Serbian hackers responsible for the April 1999 denial-of-service attacks against U.S. government and NATO Web sites (see story) soon led to the first coordinated undercover operation targeting U.S.-based hackers, Computerworld has learned.
