Date: Tue, 17 Feb 2004 09:56:25 -0700 (MST)
From:"John Boletta" <jboletta@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #171


SecurityFocus Linux Newsletter #171
------------------------------------

This Issue is Sponsored by: Spidynamics

ALERT: Attacking SOAP Web Services and Methods of Protection White 
Paper.
Are you vulnerable?  This white paper will cover various types of 
attacks
based on the SOAP implementation of Web services over HTTP and 
describes
how you can shield your applications from these assaults. Learn how to
defend against Web services attacks with real step-by-step examples of
hacking methods such as: SQL Injection, Cross Site Scripting and 
Parameter
Manipulation.

http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_040216
------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Wireless Honeypot Trickery
II. LINUX VULNERABILITY SUMMARY
     1. Multiple Oracle Database Parameter/Statement Buffer Overflow...
     2. Linux VServer Project CHRoot Breakout Vulnerability
     3. PHP-Nuke 'News' Module Cross-Site Scripting Vulnerability
     4. ClamAV Daemon Malformed UUEncoded Message Denial Of Service ...
     5. PHP-Nuke 'Reviews' Module Cross-Site Scripting Vulnerability
     6. PHP-Nuke Public Message SQL Injection Vulnerability
     7. Computer Associates eTrust InoculateIT For Linux Vulnerabili...
     8. Linux Kernel Samba Share Local Privilege Elevation Vulnerabi...
     9. PHPNuke Category Parameter SQL Injection Vulnerability
     10. Mutt Menu Drawing Remote Buffer Overflow Vulnerability
     11. Monkey HTTP Daemon Missing Host Field Denial Of Service 
Vuln...
     12. SandSurfer Unspecified User Authentication Vulnerability
     13. Mailmgr Insecure Temporary File Creation Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
     1. exporting sudoers, good pratcice ? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Stunnel v4.05
     2. MailStripper Pro (Linux x86) v1.1.4
     3. iptables_p2p v0.3.0
     4. Junk Mail Buffering Agent  v0.3.0
     5. QtFprot v0.2.1b
     6. linksysmon v1.1.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION


I. FRONT AND CENTER
-------------------
1. Wireless Honeypot Trickery
By Laurent Oudot

This paper will introduce honeypots as a countermeasure for attacks on
wireless environments using WiFi-related technologies. They can be used 
to
identify and defeat unsuspecting blackhat attackers.

http://www.securityfocus.com/infocus/1761


II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Multiple Oracle Database Parameter/Statement Buffer Overflow...
BugTraq ID: 9587
Remote: Yes
Date Published: Feb 05 2004
Relevant URL: http://www.securityfocus.com/bid/9587
Summary:
Oracle is a commercial database product, which is available for a 
number
of platforms including Microsoft Windows and Unix and Linux variants.

Oracle database has been reported prone to multiple buffer overflow
vulnerabilities when processing certain parameters and functions.
Specifically the TIME_ZONE parameter lacks sufficient boundary checks.
Therefore an excessive value assigned to TIME_ZONE may potentially 
overrun
the bounds of a buffer in stack-based memory. This may result in the
corruption of memory adjacent to the affected buffer, and ultimately 
may
provide for arbitrary code execution.

Additionally the NUMTOYMINTERVAL function has been reported prone to a
buffer overflow vulnerability. The issue presents itself due to a lack 
of
sufficient boundary checks performed on char_expr parameters passed as 
an
argument to the function. Again this issue may be exploited by passing
excessive data as the second argument to a NUMTOYMINTERVAL statement 
call.

The NUMTODSINTERVAL function has also been reported prone to a buffer
overflow vulnerability. The issue again presents itself due to a lack 
of
sufficient boundary checks performed on char_expr parameters passed as 
an
argument to the function. This issue may be exploited in a similar 
manner
to the NUMTOYMINTERVAL issue, by passing excessive data as the second
argument to a NUMTODSINTERVAL statement call.

Finally the FROM_TZ function has been reported prone to a buffer 
overflow
vulnerability. The issue will present itself when excessive data is 
passed
as the third parameter of a properly formatted FROM_TZ statement call.

Any one of these issues may be exploited to execute arbitrary code with
elevated privileges.

2. Linux VServer Project CHRoot Breakout Vulnerability
BugTraq ID: 9596
Remote: No
Date Published: Feb 06 2004
Relevant URL: http://www.securityfocus.com/bid/9596
Summary:
The Linux VServer Project is implemented with a linux kernel patch and 
a
group of tools that facilitate the partition of a single linux server 
into
multiple virtual servers.  It is implemented with a combination of
"security contexts", chroot, segmented routing, extended quotas and  
other
standard tools.

It has been reported that VServer is prone to a breakout vulnerability
that would allow a malicious user to escape from the context of the
virtual server.  This issue is due to the VServer application failing 
to
secure itself against a "chroot-again" style vulnerability.  Successful
exploitation of this issue may allow an attacker to gain access to the
file system outside of the chrooted root directory.

This issue is leveraged when processes running in the context of the
virtual server utilize the chroot function. The process would change 
its
current directory to the root directory of the virtual server.  It 
would
then create a temporary directory and chroot itself to the temporary
directory.  The process, however still resides in the directory that is
outside of the one that it has chrooted itself to, and so, by making
multiple calls to chdir( ".." ) it is able to move to the true root
directory of the vulnerable system.

This problem makes it possible for a local user with superuser access 
in
the virtual server environment to execute commands outside of the 
VServer
context, and possibly gain unrestricted access to the system.

3. PHP-Nuke 'News' Module Cross-Site Scripting Vulnerability
BugTraq ID: 9605
Remote: Yes
Date Published: Feb 09 2004
Relevant URL: http://www.securityfocus.com/bid/9605
Summary:
PHP-Nuke is a freeware content management system.  Implemented in PHP, 
it
is available for a range of systems, including Unix, Linux, and 
Microsoft
Windows.

It has been reported that the PHP-Nuke 'News' module is prone to a
cross-site scripting vulnerability.  The issue arises due to the module
failing to properly sanitize user-supplied information.  The URI 
parameter
'title' is not properly sanitized of HTML tags.  This could allow for
execution of hostile HTML and script code in the web client of a user 
who
visits a vulnerable web page. This would occur in the security context 
of
the site hosting the software.

Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible.

It has been reported that this issue affects versions 6.x - 7.x of the
software, however earlier versions may also be vulnerable.

4. ClamAV Daemon Malformed UUEncoded Message Denial Of Service ...
BugTraq ID: 9610
Remote: Yes
Date Published: Feb 09 2004
Relevant URL: http://www.securityfocus.com/bid/9610
Summary:
ClamAV is a freely available, open source virus scanning utility.  It 
is
available for the Unix and Linux platforms.

A problem in the handling of specially crafted UUEncoded messages has 
been
identified in ClamAV.  Because of this, an attacker may prevent the
delivery of e-mail to users.

The problem is in the handling of malformed UUEncoded messages.  When 
an
attacker sends an e-mail containing UUEncoded content and the line 
length
is a value that does not conform to UUEncoding conventions, the ClamAV
program terminates.  Because of this, mail delivered to the system  
that
is routed through the scanner will not arrive at its destination,
resulting in a denial of service.

It should be noted that earlier versions of the software may also be
affected, though no information concerning the scope of the issue is
available.

5. PHP-Nuke 'Reviews' Module Cross-Site Scripting Vulnerability
BugTraq ID: 9613
Remote: Yes
Date Published: Feb 09 2004
Relevant URL: http://www.securityfocus.com/bid/9613
Summary:
PHP-Nuke is a freeware content management system.  Implemented in PHP, 
it
is available for a range of systems, including Unix, Linux, and 
Microsoft
Windows.

It has been reported that the PHP-Nuke 'Reviews' module is prone to a
cross-site scripting vulnerability.  The issue arises due to the module
failing to properly sanitize user-supplied information.  The URI 
parameter
'title' is not properly sanitized of HTML tags.  This could allow for
execution of hostile HTML and script code in the web client of a user 
who
visits a vulnerable web page. This would occur in the security context 
of
the site hosting the software.

Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible.

It has been reported that this issue affects versions 6.x - 7.x of the
software, however earlier versions may also be vulnerable.

6. PHP-Nuke Public Message SQL Injection Vulnerability
BugTraq ID: 9615
Remote: Yes
Date Published: Feb 09 2004
Relevant URL: http://www.securityfocus.com/bid/9615
Summary:
PHP-Nuke is a freeware content management system.  Implemented in PHP, 
it
is available for a range of systems, including Unix, Linux, and 
Microsoft
Windows.

It has been reported that the 'public message' feature of PHP-Nuke is
vulnerable to an SQL injection vulnerability.  The issue is due to a
failure to properly sanitize the '$p_msg' parameter in the
'public_message()' function of the '/mainfile.php' script.

As PHP-Nuke forces all variables to be global within the context of the
application, the '$p_msg' parameter may be specified in either POST, 
GET
or COOKIE data.  Within the 'public_message()' function, the '$p_msg'
parameter is decoded into the '$c_mid' parameter, which is directly 
used
in the generation of the SQL query. An attacker could use an SQL Union
command passed via the '$p_msg' parameter to mine data from the 
database.

As a result of this issue an attacker could modify the logic and 
structure
of database queries. Other attacks may also be possible, such as 
gaining
access to sensitive information.

It has been reported that this issue affects versions 6.x - 7.x of the
software, however earlier versions may also be vulnerable.

7. Computer Associates eTrust InoculateIT For Linux Vulnerabili...
BugTraq ID: 9616
Remote: No
Date Published: Feb 09 2004
Relevant URL: http://www.securityfocus.com/bid/9616
Summary:
Multiple vulnerabilities have been reported in eTrust InoculateIT for
Linux operating systems, including issues with temporary files that 
could
allow for symbolic link attacks and permissions problems that could 
permit
local attackers to modify sensitive information.

The following specific vulnerabilities were reported:

The insecure temporary file issues are reported to exist in the 
following
scripts:
ino/scripts/inoregupdate
scripts/uniftest
scripts/unimove

Due to the way in which these scripts create temporary files, it will 
be
possible to for a remote attacker to create a symbolic link in the
location that temporary files will be created.  This will cause 
operations
that are intended to be performed on temporary files to be performed on
files pointed to by the malicious symbolic link.  The most likely
consequences will be destruction of sensitive files, though in some
circumstances, if the attacker can control the data written in the 
attack,
it may be possible to gain elevated privileges.

There are insecure permissions on the eTrustAE.lnx/tmp/.caipcs/.sem
directory, allowing local attackers to modify sensitive configuration
files for the software.

The software installs several registry files that contain various 
software
settings.  These registry files are included to simulate software 
settings
in the Windows Registry on Linux installations of the software.  Some 
of
these files are reported to allow modification by unprivileged local
users, which could be exploited to lower security settings for the
software, such as removing scanned file types from the current user's
registry setting.  Hard-coded search paths for executables may also be
embedded in user-modifiable registry files, allowing for execution of
arbitrary code with elevated privileges in some circumstances.

8. Linux Kernel Samba Share Local Privilege Elevation Vulnerabi...
BugTraq ID: 9619
Remote: No
Date Published: Feb 09 2004
Relevant URL: http://www.securityfocus.com/bid/9619
Summary:
A local privilege escalation vulnerability has been reported to affect 
the
2.6 Linux kernel.

The issue appears to exist due to a lack of sufficient sanity checks
performed when executing a file that is hosted on a remote Samba share.
This issue has been reported to occur when a setuid or setgid file is 
made
available as a shared network resource through the samba service. An
attacker, who has local interactive access to an affected host, may 
mount
the remote share and execute the remote setuid/setgid application. This
will reportedly result in elevated privileges, as the setuid/setgid bit 
of
the remote file is honored on the local system. The problem exist 
because
smb file system is not mounted using mount and ignores the 
setuid/setgid
permissions from smbmnt.

It should be noted that although this vulnerability has been reported 
to
affect 2.6 versions of the Linux kernel, other versions might also be
affected.

Conflicting reports suggest that this is expected behavior that results
from the smbmnt utility being setuid root.

It has been reported that the attacker does not have to mount the file
system as a local user.  The vulnerability still exists if root mounts 
the
file system and the attacker can execute a setuid binary on the server.
Unix extensions have to be enabled on both the client and the server 
for
this issue to occur.

9. PHPNuke Category Parameter SQL Injection Vulnerability
BugTraq ID: 9630
Remote: Yes
Date Published: Feb 10 2004
Relevant URL: http://www.securityfocus.com/bid/9630
Summary:
PHPNuke is a freely available, open source web content management 
system.
It is maintained by Francisco Burzi, and available for the Unix, Linux,
and Microsoft Operating Systems.

A vulnerability has been reported to exist in PHPNuke that may allow a
remote attacker to inject malicious SQL syntax into database queries. 
The
source of this issue is insufficient sanitization of user-supplied 
input.

The problem is reported to exist in the $category variable contained
within the 'index.php' page. It has been reported that $category is not
sanitized for user-supplied input before it is included in SQL queries
that are later executed by the database. A remote attacker may exploit
this issue while performing a search in 'index.php' to influence SQL 
query
logic.

A malicious user may influence database queries in order to view or 
modify
sensitive information, potentially compromising the software or the
database.  It has been reported that an attacker may be able to 
disclose
the administrator password hash by exploiting this issue.

PHPNuke versions 6.9 and prior have been reported to be prone to this
issue, however other versions may be affected as well.

10. Mutt Menu Drawing Remote Buffer Overflow Vulnerability
BugTraq ID: 9641
Remote: Yes
Date Published: Feb 11 2004
Relevant URL: http://www.securityfocus.com/bid/9641
Summary:
Mutt is a freely available, open source mail user agent (MUA).  It is
available for the Unix and Linux platforms.

A problem in the handling of some types of input has been identified in
Mutt.  Because of this, a remote attacker may be able to crash a
vulnerable client.

The problem is in the handling of specially-crafted strings.  Upon
embedding particular strings of arbitrary length in an e-mail, a remote
user can force a buffer overflow in the menu drawing function of mutt.
This problem could potentially also be exploited to overwrite arbitrary
structures in process memory, and potentially execute code with the
privileges of the mutt user.

Specifics concerning the mechanics of this bug are not currently
available.

11. Monkey HTTP Daemon Missing Host Field Denial Of Service Vuln...
BugTraq ID: 9642
Remote: Yes
Date Published: Feb 11 2004
Relevant URL: http://www.securityfocus.com/bid/9642
Summary:
Monkey is an open source Web server written in C, based on the HTTP/1.1
protocol. It is available for Linux platforms.

Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET
requests, which do not include a ?Host? header field, will trigger this
condition. This issue is reportedly due a programming error in the
get_real_string() function.

The server will need to be restarted to regain normal functionality.

12. SandSurfer Unspecified User Authentication Vulnerability
BugTraq ID: 9647
Remote: Yes
Date Published: Feb 08 2004
Relevant URL: http://www.securityfocus.com/bid/9647
Summary:
SandSurfer is a web-based time keeping application.  It is available 
for
Unix/Linux variants.

An unspecified vulnerability related to user authentication was 
reported
in SandSurfer that may allow remote attackers to gain unauthorized 
access
to the software.

There are no further technical details at the time of writing.

13. Mailmgr Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 9654
Remote: No
Date Published: Feb 12 2004
Relevant URL: http://www.securityfocus.com/bid/9654
Summary:
Mailmgr is an application for analyzing Sendmail logs and generating
reports in HTML.  It is available for Unix/Linux variants.

Mailmgr is reportedly to be prone to a vulnerability related to 
temporary
file handling.  The specific issue is that a number of temporary files 
are
created in an insecure manner, potentially providing malicious local 
users
with an opportunity to launch symbolic link attacks and cause files to 
be
corrupted.

The following temporary files are created in an insecure manner:
/tmp/mailmgr.unsort
/tmp/mailmgr.tmp
/tmp/mailmgr.sort

It is possible to create a symbolic link that is named after one of 
these
files.  When the program is run by another user, any operations that 
were
intended to be performed on these files (such as creating them or
appending to them), would actually be performed on the file pointed to 
by
the symbolic link.  The only caveat is that the user running the
application must have permission to write to the file pointed to by the
symbolic link.  This would most likely result in a denial of service or
destruction of data as critical or sensitive files may be corrupted, 
but
under some circumstances this type of vulnerability could lead to 
elevated
privileges.  The possibility of exploiting these particular issues to 
gain
elevated privileges has not been confirmed.

This issue was reported to exist in Mailmgr 1.2.3.  Other versions are
also likely affected.


III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. exporting sudoers, good pratcice ? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/353135


IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:

Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.

Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to 
become
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:

SecretAgent is a file encryption and digital signature utility, 
supporting
cross-platform interoperability over a wide range of platforms: 
Windows,
Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless
of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely 
share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris,
UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:

EnCase Forensic Edition Version 4 delivers the most advanced features 
for
computer forensics and investigations. With an intuitive GUI and 
superior
performance, EnCase Version 4 provides investigators with the tools to
conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields 
completely
non-invasive computer forensic investigations while allowing examiners 
to
easily manage large volumes of computer evidence and view all relevant
files, including "deleted" files, file slack and unallocated space.

The integrated functionality of EnCase allows the examiner to perform 
all
functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:

KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely 
undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data
in it?s own internal memory (not on the hard drive), it is impossible 
for
a network intruder to gain access to any sensitive data stored within 
the
device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:

Evidian's SafeKit technology makes it possible to render any 
application
available 24 hours per day. With no extra hardware: just use your 
existing
servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to 
serve
your users.


V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Stunnel v4.05
By: Michal Trojnara, <Michal.Trojnara@mirt.net>
Relevant URL: http://stunnel.mirt.net/
Platforms: FreeBSD, Linux, Windows 2000, Windows 95/98, Windows NT
Summary:

The stunnel program is designed to work as an SSL encryption wrapper
between remote client and local (inetd-startable) or remote server. It 
can
be used to add SSL functionality to commonly used inetd daemons like 
POP2,
POP3, and IMAP servers without any changes in the programs' code. It 
will
negotiate an SSL connection using the OpenSSL or SSLeay libraries. It
calls the underlying crypto libraries, so stunnel supports whatever
cryptographic algorithms you compiled into your crypto package.

2. MailStripper Pro (Linux x86) v1.1.4
By: Michael McConnell
Relevant URL: http://www.eridani.co.uk/MailStripper/
Platforms: Linux, Os Independent, POSIX
Summary:

MailStripper Pro is a mail scanner that aims to remove spam and viruses
from incoming mail using the F-Prot anti-virus. It is written in Tcl 
and
was designed to be MTA-independent.

3. iptables_p2p v0.3.0
By: Filipe Almeida
Relevant URL: http://mega.ist.utl.pt/~filipe/ipt_p2p/
Platforms: Linux
Summary:

ipt_p2p is a P2P match module for iptables. It supports the detection 
of
the following protocols: Kazaa, eDonkey, Direct Connect, Gnutella, and
BitTorrent.

4. Junk Mail Buffering Agent  v0.3.0
By: Andrew Wood
Relevant URL: http://www.ivarch.com/programs/jmba.shtml
Platforms: Linux, POSIX
Summary:

Junk Mail Buffering Agent is a tool for preventing delivery of email 
until
the sender has confirmed his address. It is intended for use in
conjunction with a spam filter to prevent delivery of suspected spam 
email
messages unless the sender is confirmed as valid.

5. QtFprot v0.2.1b
By: Christian Link
Relevant URL:
Platforms: Linux, POSIX
Summary:

QtFprot is a frontend for FPROT 4.x, a free (for personal use) Linux
virus-scanner. It's similar to XFprot, but written in Qt. It allows you 
to
set all FPROT paramters with a comfortable GUI.

6. linksysmon v1.1.3
By: Mike Wohlgemuth
Relevant URL: http://woogie.net/linksysmon/
Platforms: Linux, POSIX
Summary:

linksysmon is a tool for monitoring Linksys BEFSR41/BEFSR11 firewalls
under Linux and other Unix-like operating systems. It accepts log 
messages
from the Linksys, and logs the messages to /var/log/linksys.log. It
handles the standard activity logs, as well as the "secret" extended
logging, and can handle logs from multiple firewalls. When using 
extended
logging, it can detect external IP address changes (if you are using
either DHCP or PPPOE) and can call an external program to process the
change.


VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe@securityfocus.com from the subscribed 
address.
The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to 
answer.
Alternatively you can also visit 
http://www.securityfocus.com/newsletters
and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.


VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: Spidynamics

ALERT: Attacking SOAP Web Services and Methods of Protection- White 
Paper
Are you vulnerable? This white paper will cover various types of 
attacks
based on the SOAP implementation of Web services over HTTP and 
describes
how you can shield your applications from these assaults Learn how to
defend against Web services attacks with real step- by- step examples 
of
hacking methods such as: SQL Injection, Cross Site Scripting and 
Parameter
Manipulation.

http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_040216
------------------------------------------------------------------------