iManager 2.5 на Win сервере - не работает

[Андрей Тр. aka RH]

Сегодня пробовал ставить iManager 2.5 на Win 2003 - с IIS, не с Апачем. Поставилось все вроде бы нормально, Томкэт крутится, судя по всему, но при обращении к /nps/imanager выдается пустая страница. Даже не 404, а пустая, если смотреть сорс, то видны какие-то следы iManager'a, заголовок страницы там .. выставлен рефреш, но почему-то ничего не происходит.

При этом с другого сервера ( Нетваре ) в этом же дереве срабатывает удаленное администрирование (?) виндозовского, открывается некая страница с набором сервисов, большинство из которых видны как запущенные. Я не очень в курсе, что именно я могу увидеть на виндозном сервере с еДиром - на мой взгляд выглядит вполне .. вот только iManager ..

Единственное, что нашел на саппорте ( и в доке по 2.5 ) - вариант с созданием нового вебсервера и virtual directory под IIS ( опять же я не знаток IIS ). Но это, вроде, не мой случай ( хотя попробовал, создал отдельный недефолтовый сайт на другом порту под jakarta - с тем же результатом ).

У кого-нить iManager работает с IIS ?

[Владимир Горяев]

Вчера какое-то обновление на iManager 2.5 появилось. Вдруг поможет.

[Damm]

если на Windows, то я бы поставил mobile

[Андрей Тр. aka RH]

Владимир Горяев

Это да, появился там MU2 .. вот только ставить его надо непосредственно в iManager'e для чего того сперва надо запустить.

Damm

Надо будет подумать .. а чем именно они отличаются ?

[Damm]

Надо будет подумать .. а чем именно они отличаются ?

mobile идет как полностью автономное приложение в комплекте со своей копией томката, ему не нужен веб сервер для работы

по моим ощущениям работает он быстрее стандартного, и при внесении изменений в конфигурацию его достаточно просто перезапустить

недостаток - несовместимость с некоторыми плагинами
http://support.novell.com/cgi-bin/searc ... 097687.htm

[Андрей Тр. aka RH]

Проблема в некоторой степени решилась - на самом сервере в IE его IP-адрес добавил в зону Local Intranet, после чего в окне c iManager все появилось При этом на любой другой машине при обращении к этому же самому серверу ( по его IP ) выдается ошибка Томкэтом, кажется ( не 404, точно сейчас не помню ). Насколько я понимаю, проблема на IIS с привилегиями или что-то в этом роде ..

[Сергей Дубров]

Вот, в тему:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Many smaller organizations relied on Novell for security through
obscurity (STO) - hoping no one would find the flaws. Now the millions
of users of Novell eDirectory iMonitor have learned that STO doesn't
work for ever. The risk from this programming error is an
enterprise-wide compromise and loss of all unencrypted data. (#1)

Also a critical vulnerability was discovered in another back-up product
- - EMC Legato and Sun StorEde that uses Legato. The full contents of your
back ups are at rsik. (#2).

Alan

*************************************************************************
@RISK: The Consensus Security Vulnerability Alert
August 19, 2005 Vol. 4. Week 33
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:
========================================================================
Platform # of Updates & Vulnerabilities
========================================================================
Windows (#3)
Third Party Windows Apps 3
Mac Os 1 (#4)
HP-UX 2
Novell 1
Cross Platform 3 (#1, #2, #6, #7)
Web Application 24 (#5)
Network Device 3

******************** Sponsored by SurfControl ***************************
Test your defenses! Can you build a bullet-proof email security system?
Try our network simulator and set up our ultra-powerful e- mail
appliance, RiskFilter, to fight spam, viruses, spyware and other blended
and emerging threats - even protect outgoing email. It's fun. It's
challenging. Put your security skill to the test. Logon now.
http://www.surfcontrol.com/go/XRFN4
*************************************************************************
Security Training Update
"SANS is the ultimate security training program. It is the most
intensive and informative security training available -- a must have for
infosec professionals." (Aaron Despain, TriWest Healthcare)

Scheduled SANS training programs over the next three months in: Boston,
New York, Whippany NJ, Baltimore, Virginia Beach, Herndon VA, Orlando,
New Orleans, Chicago, Dallas, Los Angeles, San Jose CA, Portland OR;
Ottawa, Tokyo, Barcelona, Vancouver, Amsterdam.
Details: http://www.sans.org
*************************************************************************

Table of Contents:

Part I -- Critical Vulnerabilities

Widely Deployed Software
(1) CRITICAL: Novell eDirectory iMonitor Buffer Overflow
(2) CRITICAL: EMC Legato Networker and Sun StorEdge Backup Weak Authentication
(3) HIGH: Internet Explorer MSDDS.DLL Remote Code Execution
(4) HIGH: Apple Cumulative Security Update 2005-007
(5) HIGH: PHPXMLRPC and Pear XML_RPC Library PHP Code Injection
(6) MODERATE: Adobe Acrobat and Adobe Reader Buffer Overflow

Exploit
(7) Novell ZENWorks Buffer Overflow

************************ Sponsored Links ********************************

1) Learn how Security + Network = Business Control with QRadar Attend
a FREE online demo. Register today!
http://www.sans.org/info.php?id=847

2) Solve remote connectivity and security problems. FREE Top 10
Malware Protection Techniques for Remote Access Connections.
http://www.sans.org/info.php?id=848
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities

-- Third Party Windows Apps
05.33.1 - WinFTP Server Log-SCR Buffer Overflow
05.33.2 - Chris Moneymaker's World Poker Championship Buffer Overflow
05.33.3 - Veritas Backup Exec Remote Agent Arbitrary File Download
-- Mac Os
05.33.4 - Apple Mac OS X Multiple Vulnerabilities
-- HP-UX
05.33.5 - HP Ignite-UX TFTP File Upload Vulnerability
05.33.6 - HP Ignite-UX Password File Disclosure
-- Novell
05.33.7 - eDirectory Server iMonitor Buffer Overflow
-- Cross Platform
05.33.8 - Cisco Clean Access API Access Validation
05.33.9 - Parlano MindAlign Multiple Unspecified Vulnerabilities
05.33.10 - CPAINT Multiple Vulnerabilities
- - -- Web Application
05.33.11 - phpPgAds Lib-View-Direct.INC.PHP SQL Injection
05.33.12 - ECW Shop Index.PHP HTML Injection Vulnerability
05.33.13 - ECW Shop Order Manipulation
05.33.14 - Dada Mail Archives HTML Injection
05.33.15 - SafeHTML UTF-7 and CSS Comment Tag Cross Site Scripting Vulnerabilities
05.33.16 - PersianBlog Userslist.ASP SQL Injection
05.33.17 - CPAINT xmlhttp Request Input Validation
05.33.18 - ECW Shop Index.PHP SQL Injection
05.33.19 - ECW Shop Index.PHP Cross-Site Scripting
05.33.20 - Apple Mac OS X Weblog Server Cross-Site Scripting
05.33.21 - My Image Gallery Multiple Cross-Site Scripting Vulnerabilities
05.33.22 - Isemarket JaguarControl ActiveX Control Buffer Overflow
05.33.23 - Dokeos Multiple Directory Traversal Vulnerabilities
05.33.24 - PHPXMLRPC and PEAR XML_RPC Remote Code Injection
05.33.25 - Discuz! Arbitrary File Upload Vulnerability
05.33.26 - MyBulletinBoard Multiple SQL Injection Vulnerabilities
05.33.27 - phpBB BBCode IMG Tag Script Injection
05.33.28 - FUDforum Tree View Access Validation
05.33.29 - VegaDNS Index.PHP Cross-Site Scripting
05.33.30 - EQdkp Session.PHP Authorization Bypass
05.33.31 - Lasso Professional Server Remote Authentication Bypass
05.33.32 - MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection
05.33.33 - MidiCart ASP Search_List.ASP SQL Injection
05.33.34 - Gallery PostNuke Integration Access Validation Vulnerability
-- Network Device
05.33.35 - Linksys WRT54GS Wireless Authentication Bypass
05.33.36 - Mentor ADSL-FR4II Multiple Vulnerabilities
05.33.37 - HP Proliant DL585 Server Unauthorized Remote Access

______________________________________________________________________

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar (rohitd_at_tippingpoint.com) at
TippingPoint, a division of 3Com, as a by-product of that company's
continuous effort to ensure that its intrusion prevention products
effectively block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security managers
from twelve large organizations who confidentially share with SANS the
specific actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process
Archives at http://www.sans.org/newsletters/risk


************************
Widely Deployed Software
************************

(1) CRITICAL: Novell eDirectory iMonitor Buffer Overflow
Affected:
iMonitor for eDirectory version 8.7.3 on Windows NT/2000/2003

Description: Novell iMonitor provides monitoring and diagnostic
capability for Novell eDirectory, a multi-platform directory service
with millions of installations worldwide, via HTTP. iMonitor server,
that listens on port 8008/tcp by default, is automatically started along
with the eDirectory services on Windows platforms. This server contains
a stack-based buffer overflow that can be triggered by an overlong URL.
The flaw can be exploited by an unauthenticated attacker to execute code
on the eDirectory server with "SYSTEM" privileges. Exploit code has been
included in the Metasploit exploit tool.

Status: Novell has confirmed the flaw; fixes are available. A workaround
is to block the port 8008/tcp at the network perimeter. The flaw should
be patched on a priority basis as compromising an eDirectory server can
lead to enterprise-wide compromise.

References:
Novell Advisories
http://support.novell.com/cgi-bin/searc ... 098568.htm
http://support.novell.com/cgi-bin/searc ... 972038.htm
Exploit Code
http://www.metasploit.com/projects/Fram ... monitor.pm
iMonitor Information
http://www.novell.com/documentation/nds ... hgofu.html
SecurityFocus BID
http://www.securityfocus.com/bid/14548

****************************************************************


(2) CRITICAL: EMC Legato Networker and Sun StorEdge Enterprise Backup
Weak Authentication
Affected:
EMC Legato Networker versions 6.0.x, 7.1.3 and 7.2
Sun StorEdge Enterprise Backup Software versions 7.0 through 7.2
Solstice Backup Software versions 6.0 and 6.1

Description: EMC Legato Networker backup solutions are designed to
deliver centralized data protection and management across heterogeneous
environments. Sun StorEdge and Solstice backup products package the EMC
Legato Networker software. These products use "AUTH_UNIX" authentication
mechanism for RPC calls. This mechanism is known to be weak, and an
attacker can easily spoof the RPC messages such that they appear to have
been sent by a privileged user. Hence, the flaw can be exploited by the
attacker to modify the configurations of the backup servers, execute
arbitrary code on the backup clients or view the contents of the backed
up files. In addition, an unauthenticated attacker can execute arbitrary
commands on the backup servers with "root" privileges by modifying the
access tokens for the software's underlying database.

Status: Sun and EMC have issued patches that should be applied on a
priority basis. Firewalling high TCP/UDP ports in the range 7937-9936
is a workaround which may not be practical.

References:
EMC Advisories
http://www.legato.com/support/websuppor ... cation.htm
http://www.legato.com/support/websuppor ... cation.htm
Sun Advisory
http://sunsolve.sun.com/search/document ... 6-101886-1
CERT Advisories
http://www.kb.cert.org/vuls/id/606857
http://www.kb.cert.org/vuls/id/407641
Product Pages
http://www.sun.com/storage/software/dat ... on/backup/
http://www.legato.com/products/networker/networker.htm
SecurityFocus BID
http://www.securityfocus.com/bid/14582

****************************************************************

(3) HIGH: Internet Explorer MSDDS.DLL Remote Code Execution
Affected:
Internet Explorer 6.0 and potentially all prior versions
MSDDL.DDL versions prior to 7.10.x

Description: Internet Explorer contains a heap memory corruption flaw
while loading "msdds.dll" as an ActiveX object. This vulnerability is
similar to the earlier reported ones involving many DLLs for which
patches MS05-037 and MS05-038 were issued. A malicious webpage can
exploit the flaw to execute arbitrary code on a client system with the
privileges of the logged-on user. The vulnerable DLL is not installed
by default on all Windows systems; SANS has identified a list of
software that can potentially install this DLL - Visual Studio .NET
2002/2003, Microsoft Office, Project, Access and Visio. Note that even
if MSDDS.DLL is not installed on a user's machine, an attacker can force
its download via the "codebase" attribute while instantiating the
ActiveX object. However, the download would require user interaction.
Exploit code has been publicly posted.

Status: Microsoft has issued an advisory with various workarounds. One
way to resolve the issue is to set the kill bit for the MSDDS.DLL. The
CLSID of this DLL is EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F. Instructions
for setting kill bit for an ActiveX control are available at:
http://support.microsoft.com/kb/q240797/ . Alternatively, download the
kill bit utility provided by Intelguardians at
http://isc.sans.org/msddskillbit.php.

Council Site Actions: All reporting council sites are waiting for
official word and a patch from Microsoft. One site will consider
setting the kill bit if fix is not in the August patch bundle or if this
starts being exploited on a wide-scale basis.

References:
Microsoft Advisory
http://www.microsoft.com/technet/securi ... 06267.mspx
SANS Handler's Diary Posting
http://isc.sans.org/diary.php?date=2005-08-18
Exploit Code
http://www.frsirt.com/exploits/20050817 ... l-0day.php

****************************************************************

(4) HIGH: Apple Cumulative Security Update 2005-007
Affected:
Mac OS X Server version 10.3.9
Mac OS X Client version 10.3.9

Description: Apple released a cumulative security update for Mac OS that
fixes over 33 vulnerabilities. The important vulnerabilities fixed
include buffer overflows in the Directory Service, processing rich
text/Microsoft Word file formats, Kerberos service, MySQL, OpenSSL,
servermgrd, X11 and zlib. The update also fixes vulnerabilities in
Safari browser that can lead to execution of arbitrary code on users'
systems. The discoverers have not posted the technical details about
many of the flaws.

Status: Apply the Apple Cumulative Update (version 1.1) to both server
and client systems. Version 1.0 of this update breaks 64-bit
applications.

Council Site Actions: One site has already scheduled the push of the
update and another site is currently testing Update 2005-007 version 1.1
which fixes the 64-bit code break problem.

References:
Apple Advisory
http://docs.info.apple.com/article.html?artnum=302163
Update breaks 64-bit Applications
http://www.macworld.com/news/2005/08/17/64bit/index.php
SecurityFocus BID
http://www.securityfocus.com/bid/14567

***************************************************************

(5) HIGH: PHPXMLRPC and Pear XML_RPC Library PHP Code Injection
Affected:
PHPXMLRPC version prior to 1.2
Pear XML_RPC version prior to 1.4.0

Description: PHP XML-RPC library is designed for writing clients and
servers in PHP that can make remote procedure calls via XML using HTTP
as the transport protocol. The PHPXMLRPC and Pear XML_RPC libraries are
used by a number of projects including TikiWiki, Drupal, b2evolution,
phpmyfaq, PostNuke, phpgroupware, phpAdsNew, phpPgAds, Nucleus,
eGroupware, phpGroupware, phpWiki and BLOG: CMS. The libraries contain
a vulnerability that leads to arbitrary PHP code execution on the web
server. The flaw arises due to mishandling of nested XML tags. No
technical details that could lead to exploit code development have been
posted yet.

Status: PHPXMLRPC and Pear XML_RPC have released updated libraries.

References:
Posting by Stefan Essar
http://archives.neohapsis.com/archives/ ... /0195.html
http://archives.neohapsis.com/archives/ ... /0196.html
Vendor Homepage
http://phpxmlrpc.sourceforge.net/
http://pear.php.net/package/XML_RPC
SecurityFocus BID
http://www.securityfocus.com/bid/14560

****************************************************************

(6) MODERATE: Adobe Acrobat and Adobe Reader Buffer Overflow
Affected:
Adobe Reader versions 5.1, 6.0-6.0.3, 7.0-7.0.2
Adobe Acrobat versions 5.0-5.0.5, 6.0-6.0.3, 7.0-7.0.2

Description: Adobe Acrobat and Reader contain a buffer overflow in one
of the default plug-ins. A malicious PDF file may exploit the overflow
to execute arbitrary code on a users' system. The flaw may be exploited
without any user interaction as browsers like Internet Explorer, Mozilla
and Firefox can open PDF documents automatically. No technical details
that could lead to exploit code development have been posted yet.

Status: Adobe found the flaw and has released updates. Adobe offers an
automatic update facility for certain versions which should be enabled.

Council Site Actions: One site is currently in the process of updating
their systems. Two other sites will address it during their next
regularly scheduled system update process.

References:
Adobe Advisory
http://www.adobe.com/support/techdocs/321644.html
SecurityFocus BID
http://www.securityfocus.com/bid/14603

****************************************************************


********************
Exploit
********************

(7) Novell ZENWorks Buffer Overflow

Description: Exploit code has been posted for the buffer overflow in
Novell ZENWorks software suite used for managing desktops, laptops,
servers, handheld devices, etc. in a large enterprise.

Council Site Updates: No response from council sites on this item.

References:
Exploit Code
http://www.metasploit.com/projects/Fram ... ktop_agent
Previous @RISK Newsletter Posting
http://www.sans.org/newsletters/risk/di ... 20#widely1

*****************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 33, 2005

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 4475 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

______________________________________________________________________

05.33.1 CVE: CVE-MAP-NOMATCH
Platform: Third Party Windows Apps
Title: WinFTP Server Log-SCR Buffer Overflow
Description: WinFTP Server is a multithreaded FTP server for Windows
98/NT/XP. It is affected by a buffer overflow vulnerability in the
"Log-SCR" function, a function for displaying server logs on screen.
An attacker sends a request to the application containing an excessive
amount of data which when viewed using the "Log-SCR" function results
in a buffer overflow. Win FTP Server version 1.6.8 is vulnerable.
Ref: http://www.autistici.org/fdonato/adviso ... .8-adv.txt
______________________________________________________________________

05.33.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chris Moneymaker's World Poker Championship Buffer Overflow
Description: Chris Moneymaker's World Poker Championship is an online
poker game. It is vulnerable to a buffer overflow issue due to
insecure usage of sprintf() when a player joins a game. A remote
attacker could exploit this issue to run arbitrary code on a
vulnerable system. World Poker Championship version 1.0 is vulnerable.
Ref: http://www.securityfocus.com/bid/14587/info
______________________________________________________________________

05.33.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Veritas Backup Exec Remote Agent Arbitrary File Download
Description: Veritas Backup Exec is a network enabled backup solution.
It is affected by an unauthorized download of arbitrary files
vulnerability. This issue is exposed through TCP port 10000, which is
the NDMP (Network Data Management Protocol) listener port for Backup
Exec Remote Agent. Access to the service may be gained with a
CONNECT_CLIENT_AUTH request that specifies a user of "root" and a
password value of "xb4xb8x0fx26x20x5cx42x34x03xfcxaexeex8fx91x3dx6f".
It is then possible to dump arbitrary files from the computer in MTF
(Microsoft Tape Format). Please see the advisory for details.
Ref: http://securityresponse.symantec.com/av ... 8.12b.html
______________________________________________________________________

05.33.4 CVE: CAN-2004-0079, CAN-2004-0112, CAN-2004-0885,
CAN-2004-1083, CAN-2004-1084, CAN-2004-1189, CAN-2005-0605,
CAN-2005-0709, CAN-2005-0710, CAN-2005-0711, CAN-2005-1344,
CAN-2005-1769, CAN-2005-2096, CAN-2005-1175, CAN-2005-1689,
CAN-2005-1174, CAN-2005-2095
Platform: Mac Os
Title: Apple Mac OS X Multiple Vulnerabilities
Description: Multiple security vulnerabilities are reported to affect
Apple Mac OS X. Apple has released SA-2005-08-15 to address these
issues. Please refer to the advisory for further details.
Ref: http://lists.apple.com/archives/securit ... 00000.html
______________________________________________________________________

05.33.5 CVE: CAN-2004-0952
Platform: HP-UX
Title: HP Ignite-UX TFTP File Upload Vulnerability
Description: HP Ignite-UX is an installation, administration and
recovery tool for the HP-UX operating system. During installation,
Ignite-UX can use a TFTP server for remote access. During the process,
parts of the server path can be made world writable.
Versions of Ignite-UX prior to the C.6.2.241 patches are reported to
be vulnerable.
Ref: http://www.securityfocus.com/bid/14571
______________________________________________________________________

05.33.6 CVE: CAN-2004-0951
Platform: HP-UX
Title: HP Ignite-UX Password File Disclosure
Description: HP Ignite-UX is an installation, administration and
recovery tool for the HP-UX operating system. During installation,
Ignite-UX can use a TFTP server for remote access. Under some
circumstances, a copy of the passwd file will be stored in the TFTP
server path. This happens if the administrator runs the make_recovery
command on the host. A copy of /etc/passwd will be created as
"/var/opt/ignite/recovery/passwd.makrec", retrievable by anonymous
TFTP clients. The vulnerability is present in versions prior to B.3.2.
Ref: http://www.securityfocus.com/archive/1/408221
______________________________________________________________________

05.33.7 CVE: Not Available
Platform: Novell
Title: eDirectory Server iMonitor Buffer Overflow
Description: Novell eDirectory is a directory server application. The
iMonitor is vulnerable to a buffer overflow. eDirectory iMonitor
version 8.7.3 is reported to be vulnerable.
Ref: http://support.novell.com/cgi-bin/searc ... /2972038.h
tm
http://support.novell.com/cgi-bin/searc ... 098568.htm
______________________________________________________________________

05.33.8 CVE: CVE-MAP-NOMATCH
Platform: Cross Platform
Title: Cisco Clean Access API Access Validation
Description: Cisco Clean Access (CCA) is a software solution that
scans devices attempting to connect to a network. The Cisco Clean
Access API is prone to an authentication bypass issue that could allow
unauthorized users to access the API. This could allow the attacker to
bypass the security checks performed by CCA, change user role
assignments, disconnect users from the system, and to obtain
information about configured users. Cisco Clean Access (CCA) version
3.5.3 and older are reportedly vulnerable.
Ref: http://www.cisco.com/en/US/products/pro ... 3127.shtml
______________________________________________________________________

05.33.9 CVE: CVE-MAP-NOMATCH
Platform: Cross Platform
Title: Parlano MindAlign Multiple Unspecified Vulnerabilities
Description: Parlano MindAlign is an enterprise group messaging and
collaboration server. It is prone to multiple unspecified
vulnerabilities like user enumeration, cross-site scripting,
authentication bypass and weak encryption. Successful exploitation of
these issues could lead to unauthorized access, information disclosure
or denial of service. MindAlign versions 5.0 and later are vulnerable
to these issues.
Ref: http://www.uniras.gov.uk/niscc/docs/br- ... 00673.html
______________________________________________________________________

05.33.10 CVE: Not Available
Platform: Cross Platform
Title: CPAINT Multiple Vulnerabilities
Description: CPAINT provides code to implement AJAX and JSRS on the
back-end. It is vulnerable to unspecified command execution and
information disclosure issues. CPAINT version 1.3 is reported to be
vulnerable.
Ref: http://www.securityfocus.com/archive/1/408130
______________________________________________________________________

05.33.11 CVE: Not Available
Platform: Web Application
Title: phpPgAds Lib-View-Direct.INC.PHP SQL Injection
Description: phpPgAds is a banner ad management application.
Insufficient sanitization of the "clientid" parameter of the
"lib-view-direct.inc.php" script exposes the application to an SQL
injection issue. phpPgAds version 2.0.6 was released to fix this
issue.
Ref: http://www.securityfocus.com/bid/14583/info
______________________________________________________________________

05.33.12 CVE: Not Available
Platform: Web Application
Title: ECW Shop Index.PHP HTML Injection Vulnerability
Description: ECW Shop is a shopping cart system. It is reported to be
vulnerable to an HTML injection issue due to improper sanitization of
user-supplied input to the "max" and "ctg" parameters of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/14579
______________________________________________________________________

05.33.13 CVE: Not Available
Platform: Web Application
Title: ECW Shop Order Manipulation
Description: ECW Shop is a shopping cart application. It is vulnerable
to an input validation issue due to insufficent sanitization of the
URI parameter data when computing product charges. ECW Shop version
6.0.2 is reported to be vulnerable.
Ref: http://www.nobytes.com/nobytes9.txt
______________________________________________________________________

05.33.14 CVE: Not Available
Platform: Web Application
Title: Dada Mail Archives HTML Injection
Description: Dada Mail is a mailing list management application. It is
vulnerable to an HTML injection issue due to insufficient sanitization
of archived messages. Dada Mail version 2.9.2 is vulnerable.
Ref: http://sourceforge.net/project/shownote ... _id=349531
______________________________________________________________________

05.33.15 CVE: CAN-2005-2608
Platform: Web Application
Title: SafeHTML UTF-7 and CSS Comment Tag Cross Site Scripting
Vulnerabilities
Description: SafeHTML is a parser which strips down all potentially
dangerous HTML code, written in PHP. It is prone to cross-site
scripting vulnerabilities, specifically in dealing with UTF-7 encoding
of characters and with CSS comment tags. An attacker can compose
malicious character sequences that will bypass the security
restrictions of the affected application. SafeHTML versions prior to
1.3.5 are affected by these issues.
Ref: http://www.securityfocus.com/bid/14574
______________________________________________________________________

05.33.16 CVE: Not Available
Platform: Web Application
Title: PersianBlog Userslist.ASP SQL Injection
Description: PersianBlog is web log software implemented in ASP.
PersianBlog is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input to the "page" parameter of "userslist.asp" script.
Ref: http://www.securityfocus.com/archive/1/408250
______________________________________________________________________

05.33.17 CVE: CVE-MAP-NOMATCH
Platform: Web Application
Title: CPAINT xmlhttp Request Input Validation
Description: CPAINT is an AJAX (Asynchronous JavaScript+XML) and JSRS
(JavaScript Remote Scripting) implementation. It is prone to multiple
input validation vulnerabilities due to the way xmlhttp request is
implemented. Although there are some initial security checks made in
the form of user input sanitization, an attacker can bypass these by
separating malicious input amongst various arguments to different
functions. CPAINT version 1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/408251
______________________________________________________________________

05.33.18 CVE: Not Available
Platform: Web Application
Title: ECW Shop Index.PHP SQL Injection
Description: ECW Shop is a shopping cart system. Insufficient
sanitization of the "max" and "min" parameters of the "index.php"
script exposes the application to an SQL injection issue. ECW-Shop
version 6.0.2 is affected.
Ref: http://www.securityfocus.com/bid/14576
______________________________________________________________________

05.33.19 CVE: Not Available
Platform: Web Application
Title: ECW Shop Index.PHP Cross-Site Scripting
Description: ECW Shop is a shopping cart system. It is vulnerable to a
cross-site scripting issue due to insufficient sanitization of
user-supplied input to the "index.php" script. An attacker may
leverage this issue to steal cookie-based authentication credentials
or to perform other attacks. ECW-Shop version 6.0.2 is vulnerable.
Ref: http://www.securityfocus.com/bid/14578
______________________________________________________________________

05.33.20 CVE: CAN-2005-2523
Platform: Web Application
Title: Apple Mac OS X Weblog Server Cross-Site Scripting
Description: Apple Mac OS X provides a weblog server. Insufficient
sanitization of the "author" and "comments" sections exposes the
application to a cross-site scripting issue. Mac OS X Server versions
10.4.2 and earlier are affected.
Ref: http://docs.info.apple.com/article.html?artnum=302163
______________________________________________________________________

05.33.21 CVE: CAN-2005-2603
Platform: Web Application
Title: My Image Gallery Multiple Cross-Site Scripting Vulnerabilities
Description: My Image Gallery is an image gallery management system.
It is vulnerable to multiple cross-site scripting issues due to
improper sanitization of user-supplied input to "index.php" script. An
attacker could exploit this issue to steal cookie based authentication
or other attacks. My Image Gallery version 1.4.1 is vulnerable.
Ref: http://sourceforge.net/project/shownote ... _id=349348
______________________________________________________________________

05.33.22 CVE: Not Available
Platform: Web Application
Title: Isemarket JaguarControl ActiveX Control Buffer Overflow
Description: Isemarket JaguarControl ActiveX control is reported to be
vulnerable to a buffer overflow issue due to improper boundary checks.
All current versions are affected.
Ref: http://www.securityfocus.com/bid/14558
______________________________________________________________________

05.33.23 CVE: Not Available
Platform: Web Application
Title: Dokeos Multiple Directory Traversal Vulnerabilities
Description: Dokeos is an online course management and e-learning
application. Insufficient sanitization of the "move_file" and
"move_to" parameters of the "/claroline/document/document.php" script
exposes the application to multiple directory traversal
vulnerabilities. All current versions are affected.
Ref: http://www.securityfocus.com/bid/14563/info
______________________________________________________________________

05.33.24 CVE: CAN-2005-2498
Platform: Web Application
Title: PHPXMLRPC and PEAR XML_RPC Remote Code Injection
Description: PHPXMLRPC and PEAR_XML_RPC are XML-RPC protocol
implementations. They are vulnerable to a remote PHP code injection
issue due to a failure in the application to properly sanitize
user-supplied input. PHPXMLRPC version 1.1.1 and PEAR XML_RPC version
1.3.3 are vulnerable.
Ref: http://www.hardened-php.net/advisory_152005.67.html
______________________________________________________________________

05.33.25 CVE: Not Available
Platform: Web Application
Title: Discuz! Arbitrary File Upload Vulnerability
Description: Discuz! is a web based message board application. It is
reported to be vulnerable to an arbitrary file upload issue due to
improper sanitization of user-supplied input. Discuz! version 4.0 rc4
is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/14564
______________________________________________________________________

05.33.26 CVE: CAN-2005-2580
Platform: Web Application
Title: MyBulletinBoard Multiple SQL Injection Vulnerabilities
Description: MyBulletinBoard is web forum software, prone to multiple
SQL injection vulnerabilities. These vulnerabilities are caused by
improper sanitization of the user-supplied input to the "index.php",
"member.php", "polls.php" and "search.php" scripts. MyBulletinBoard
version RC4 is affected.
Ref: http://www.securityfocus.com/archive/1/407960
______________________________________________________________________

05.33.27 CVE: CVE-MAP-NOMATCH
Platform: Web Application
Title: phpBB BBCode IMG Tag Script Injection
Description: phpBB is a web forum application that is prone to a
script injection vulnerability. This issue is due to a failure of the
application to properly sanitize user-supplied input in bbcode "[IMG]"
tags included in a user signature. The problem presents itself when an
attacker supplies a remote folder containing malicious code as the
image to include. This issue is reported to affect phpBB version
2.0.17.
Ref: http://www.securityfocus.com/bid/14555
______________________________________________________________________

05.33.28 CVE: Not Available
Platform: Web Application
Title: FUDforum Tree View Access Validation
Description: FUDforum is a web-based forum. It is affected by an
access validation issue due to a failure in granting access to private
forums. The problem presents itself when input to the "mid" parameter
is not validated before being used to retrieve a forum post. FUDforum
versions 2.6.15 and earlier are affected.
Ref: http://www.securityfocus.com/bid/14556/info
______________________________________________________________________

05.33.29 CVE: Not Available
Platform: Web Application
Title: VegaDNS Index.PHP Cross-Site Scripting
Description: VegaDNS is a web-based TinyDNS administration
application. It is vulnerable to a cross-site scripting issue due to
insufficient sanitization of user supplied input to the "message"
parameter of the "index.php" script. VegaDNS versions 0.9.9 and
earlier are reported to be vulnerable.
Ref: http://packetstorm.linuxsecurity.com/05 ... s-dyn0.txt
______________________________________________________________________

05.33.30 CVE: CAN-2005-2615
Platform: Web Application
Title: EQdkp Session.PHP Authorization Bypass
Description: EQdkp is a Dragon Kill Points (DKP) system. It is
affected by an authorization bypass vulnerability. This issue is due
to a session handling error in the "session.php" script regarding the
"auto_login_id" value. EQdkp versions 1.2.0 and earlier are affected.
Ref: http://eqdkp.com/?p=changelog
______________________________________________________________________

05.33.31 CVE: CAN-2005-2605
Platform: Web Application
Title: Lasso Professional Server Remote Authentication Bypass
Description: Lasso Professional Server is a commercial, cross-platform
database driven Web application platform. It is susceptible to a
remote authentication bypass vulnerability due to a failure of the
application to properly enforce defined security constraints. This
issue presents itself when web pages are protected with the "[Auth]",
and "[Auth_User]" tags. If these tags are called with no parameters by
an attacker, then the security mechanism is bypassed. Lasso
Professional Server versions 8.0.4 and 8.0.5 are susceptible.
Ref: http://www.securityfocus.com/bid/14543
______________________________________________________________________

05.33.32 CVE: Not Available
Platform: Web Application
Title: MidiCart ASP Item_Show.ASP Code_No Parameter SQL Injection
Description: MidiCart ASP is an e-commerce application. Insufficient
sanitization of the "code_no" parameter in the "item_show.php" script
exposes the application to an SQL injection issue.
Ref: http://systemsecure.org/ssforum/viewtopic.php?t=30
______________________________________________________________________

05.33.33 CVE: Not Available
Platform: Web Application
Title: MidiCart ASP Search_List.ASP SQL Injection
Description: MidiCart ASP is an e-commerce solution. It is vulnerable
to an SQL injection issue due to a failure in the application to
properly sanitize user-supplied input to the "search_list.php" script.
Ref: http://systemsecure.org/ssforum/viewtopic.php?t=30
______________________________________________________________________

05.33.34 CVE: Not Available
Platform: Web Application
Title: Gallery PostNuke Integration Access Validation Vulnerability
Description: Gallery is a web application designed to allow users to
manage images on their web site. It is reported to be vulnerable to an
access validation issue when integrated with PostNuke due to improper
usage of the "$name" global variable in the
"classespostnuke0.7.1User.php" script. Gallery versions 1.5 and
earlier are reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/14547
______________________________________________________________________

05.33.35 CVE: Not Available
Platform: Network Device
Title: Linksys WRT54GS Wireless Authentication Bypass
Description: Linksys WRT54GS is a Wireless-G broadband router with
SpeedBooster. It is reported to be vulnerable to an authentication
bypass issue. The issue presents itself when the device is configured
for "WPA/TKIP" authentication. Firmware version 4.50.6 is reported to
be vulnerable.
Ref: http://www.securityfocus.com/bid/14566
______________________________________________________________________

05.33.36 CVE: Not Available
Platform: Network Device
Title: Mentor ADSL-FR4II Multiple Vulnerabilities
Description: Mentor ADSL-FR4II is a router device for sharing
broadband connections. It is vulnerable to multiple issues that could
allow unauthorized remote access or result in a denial of service.
Ref: http://www.securityfocus.com/bid/14557/info
______________________________________________________________________

05.33.37 CVE: Not Available
Platform: Network Device
Title: HP Proliant DL585 Server Unauthorized Remote Access
Description: HP Proliant DL585 Server is vulnerable to an unauthorized
access issue due to a problem in the Integrated Lights Out (ILO)
firmware prior to version 1.81. A remote attacker can gain access to
the server controls when the server is powered down. HP ProLiant DL585
Integrated Lights Out versions earlier than 1.81 are vulnerable.
Ref: http://www.securityfocus.com/advisories/9029
______________________________________________________________________

(c) 2005. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible
for managing and securing information systems and networks. You may
forward this newsletter to others with such responsibility inside or
outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDBlCY+LUG5KFpTkYRAjg2AKCjobt06CY0x+IA5RUMHa7U+rVJrACePrZ1
k0kMKoENM95dZfQ6rIp5neE=
=1po4
-----END PGP SIGNATURE-----

[Damm]

Вот, в тему:

патч здесь
http://support.novell.com/cgi-bin/searc ... 971782.htm

[Андрей Тр. aka RH]

Many smaller organizations relied on Novell for security through
obscurity (STO) - hoping no one would find the flaws. Now the millions
of users of Novell eDirectory iMonitor have learned that STO doesn't
work for ever.
Alan
(7) Novell ZENWorks Buffer Overflow

Интересно, сколько users из этих millions используют eDir на NT/2000/2003 ? И еще интересно, что buffer overflow на одной платформе приводит к уязвимости и при этом не приводит на другой, судя по всему ( eDir на Netware и Линукс ).

Мне больше любопытна :
(7) Novell ZENWorks Buffer Overflow - http://www.sans.org/newsletters/risk/di ... 20#widely1

P.S. Хотя фиксы уже появились в конце мая. Надо патчиться.

[Андрей Тр. aka RH]

Что касается моей проблемы с iManager, то при обращании не с самого сервера выдается :

Код: Выделить всё

HTTP Status 404 - /nps/imanager

--------------------------------------------------------------------------------

type Status report

message /nps/imanager

description The requested resource (/nps/imanager) is not available.

--------------------------------------------------------------------------------

Apache Tomcat/4.1.30

[Владимир Занадворов]

Что касается моей проблемы с iManager, то при обращании не с самого сервера выдается :

Код: Выделить всё

HTTP Status 404 - /nps/imanager

--------------------------------------------------------------------------------

type Status report

message /nps/imanager

description The requested resource (/nps/imanager) is not available.

--------------------------------------------------------------------------------

Apache Tomcat/4.1.30

Он ведь case-sensitive вроде, нет?