| Date: | 26 Apr 2004 22:00:00 -0000 |
From: | "John Boletta" <jboletta@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #181 |
SecurityFocus Linux Newsletter #181
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Common Security Vulnerabilities in e-commerce systems
2. Protecting Road Warriors: Managing Security for Mobile Users
(Part One)
3. Consumer Grade *nix
II. LINUX VULNERABILITY SUMMARY
1. Logcheck Insecure Temporary Directory Vulnerability
2. BSD-Games Mille Local Save Game File Name Buffer Overrun Vul...
3. PHPBB Common.php IP Address Spoofing Vulnerability
4. SSMTP Mail Transfer Agent Symbolic Link Vulnerability
5. KAME Racoon Malformed ISAKMP Packet Denial of Service Vulner...
6. PHPBB album_portal.php Remote File Include Vulnerability
7. UTempter Multiple Local Vulnerabilities
8. Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vuln...
9. Journalness Unspecified Post Access Vulnerability
10. PostNuke Pheonix Multiple Cross-Site Scripting And Path
Disc...
11. Xine And Xine-Lib Multiple Remote File Overwrite
Vulnerabili...
12. Epic Games Unreal Tournament Engine UMOD Manifest.INI
Remote...
III. LINUX FOCUS LIST SUMMARY
1. decent loadbalancing with 2 different ISP's with min...
(Thread)
2. Issue with Ldap group and too many users (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. OpenProtect v5.0.1.6
2. radmind v1.3.0
3. Fast Logging Project for Snort v1.2.1
4. SSpamM v0.2
5. network traffic volume capture to postgresql v2.1
6. N-Stealth HTTP Security Scanner v5.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Common Security Vulnerabilities in e-commerce systems
By K. K. Mookhey
This article discusses common attacks and vulnerabilities in e-commerce
shopping cart systems, with reference to SecurityFocus vulnerability
reports where relevant.
http://www.securityfocus.com/infocus/1775
2. Protecting Road Warriors: Managing Security for Mobile Users (Part
One)
By Bob Rudis
This is the first of a two-part series that focuses on the centralized
management of security for mobile users. Part one introduces vendor-
neutral questions you should consider about firewalls and anti-virus
software for your mobile users.
http://www.securityfocus.com/infocus/1777
3. Consumer Grade *nix
By Daniel Hanson
Consumer grade *nix is a powder keg looking for a place to happen.
http://www.securityfocus.com/columnists/235
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Logcheck Insecure Temporary Directory Vulnerability
BugTraq ID: 10162
Remote: No
Date Published: Apr 17 2004
Relevant URL: http://www.securityfocus.com/bid/10162
Summary:
Logcheck performs operations on temporary directories in the /var/tmp
directory in an insecure manner.
This issue may only be exploited when the program removes said
directories. The issue could be exploited by a local attacker to corrupt root
owned files. This will most likely result in destruction of data and
denial of service.
2. BSD-Games Mille Local Save Game File Name Buffer Overrun Vul...
BugTraq ID: 10165
Remote: No
Date Published: Apr 17 2004
Relevant URL: http://www.securityfocus.com/bid/10165
Summary:
bsd-games mille is prone to a locally exploitable buffer overrun
vulnerability. This issue is due to insufficient bounds checking when the
user inputs a file name when saving a game.
This game is typically installed setgid games so may allow privileges
to be escalated to this level if exploited.
3. PHPBB Common.php IP Address Spoofing Vulnerability
BugTraq ID: 10170
Remote: Yes
Date Published: Apr 19 2004
Relevant URL: http://www.securityfocus.com/bid/10170
Summary:
It has been reported that phpBB may be prone to a vulnerability that
may allow a remote attacker to spoof their IP address. As a result, an
attacker would hide their identity and bypass IP restrictions enabled by
an administrator.
phpBB versions 2.0.8a and prior are reported to be affected by this
issue.
4. SSMTP Mail Transfer Agent Symbolic Link Vulnerability
BugTraq ID: 10171
Remote: Yes
Date Published: Apr 19 2004
Relevant URL: http://www.securityfocus.com/bid/10171
Summary:
It has been reported that ssmtp is prone to a symbolic link
vulnerability. This issue is due to a design error that causes the application to
fail to validate files before writing to them.
This issue could be leveraged to corrupt arbitrary, attacker-specified
system files. It may be possible for an attacker to gain escalated
privileges on the affected system; it is certainly possible to cause a
system wide denial of service condition.
5. KAME Racoon Malformed ISAKMP Packet Denial of Service Vulner...
BugTraq ID: 10172
Remote: Yes
Date Published: Apr 19 2004
Relevant URL: http://www.securityfocus.com/bid/10172
Summary:
It has been reported that racoon is prone to a denial of service
vulnerability when handling malformed ISAKMP packets. This issue may allow a
remote attacker to cause the application to exhaust memory resources
leading to a crash or hang.
6. PHPBB album_portal.php Remote File Include Vulnerability
BugTraq ID: 10177
Remote: Yes
Date Published: Apr 19 2004
Relevant URL: http://www.securityfocus.com/bid/10177
Summary:
It has been reported that phpBB may be prone to a file include
vulnerability that may allow remote attackers to include a remote malicious
script to be executed on a vulnerable system.
7. UTempter Multiple Local Vulnerabilities
BugTraq ID: 10178
Remote: No
Date Published: Apr 19 2004
Relevant URL: http://www.securityfocus.com/bid/10178
Summary:
It has been reported that utempter is affected by multiple local
vulnerabilities. The first issue is due to an input validation error that
causes the application to exit improperly; facilitating symbolic link
attacks. The second issue is due to a failure of the application to
properly validate buffer boundaries.
The first issue results in a symbolic link vulnerability. Since
utempter runs with root privileges, this issue could be leveraged to corrupt
arbitrary, attacker-specified system files.
The second problem presents itself when utempter processes certain
strings. These errors may cause the affected process to crash. It has
been conjectured that this may be leveraged to execute arbitrary code on
the affected system, however this is currently unverified.
This BID will be updated as new information becomes available.
8. Linux Kernel Setsockopt MCAST_MSFILTER Integer Overflow Vuln...
BugTraq ID: 10179
Remote: No
Date Published: Apr 20 2004
Relevant URL: http://www.securityfocus.com/bid/10179
Summary:
An integer overflow vulnerability has been reported in the setsockopt()
system call. This was introduced as of the 2.4.22/2.6.1 kernel
releases.
The specific issue exists in the net/ipv4/ip_sockglue.c source file and
is present in the ip_setsockopt() subroutine of the setsockopt() system
call. Within this subroutine there is an integer overflow within the
IP_MSFILTER_SIZE macro, which is used when setting the MCAST_MSFILTER
socket option.
This issue may be exploited by a local user to compromise the system.
Exploitation could also result in a denial of service. It should be
noted that this type of vulnerability may provide a generic means of
privilege escalation across Linux distributions once a remote attacker has
gained unauthorized access as a lower privileged user.
9. Journalness Unspecified Post Access Vulnerability
BugTraq ID: 10187
Remote: Yes
Date Published: Apr 21 2004
Relevant URL: http://www.securityfocus.com/bid/10187
Summary:
An unspecified vulnerability has been reported in Journalness that may
permit unauthorized users to create or modify journal posts.
10. PostNuke Pheonix Multiple Cross-Site Scripting And Path Disc...
BugTraq ID: 10191
Remote: Yes
Date Published: Apr 21 2004
Relevant URL: http://www.securityfocus.com/bid/10191
Summary:
Multiple vulnerabilities were reported to exist in PostNuke Pheonix.
The following specific vulnerabilities were reported:
- Multiple path disclosure vulnerabilities that occur when a user
directly requests scripts in the "/includes/blocks/" and "pnadodb"
directories. This issue also affects scripts that are associated in multiple
modules.
- Multiple cross-site scripting vulnerabilities were reported in the
Downloads and Web_Links modules as well as the openwindow.php script.
These issues may permit remote attackers to cause hostile HTML and script
code to be interpreted by a victim user's browser.
11. Xine And Xine-Lib Multiple Remote File Overwrite Vulnerabili...
BugTraq ID: 10193
Remote: Yes
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10193
Summary:
It has been reported that the xine media player and the xine media
library are affected by multiple remote file overwrite vulnerabilities.
This is due to a design error that allows various media resource file
configurations to write to arbitrary files.
It is possible to set these configuration parameters to write to
arbitrary files on the affected system. It should be noted that this issue,
as it is currently known, only affects Sun based systems as well as
those using the DXR3 or Hollywood+ MPEG decoder audio card. It has been
conjectured however that similar configuration parameters exists that
affect other systems.
12. Epic Games Unreal Tournament Engine UMOD Manifest.INI Remote...
BugTraq ID: 10196
Remote: Yes
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10196
Summary:
Reportedly the Unreal Tournament Engine is affected by a local file
overwrite vulnerability due to the UMOD manifest.ini file. This issue is
due to an input validation error that allows a malicious user specify
arbitrary files for writing, potentially leading to a system wide denial
of service condition.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/360950
2. Issue with Ldap group and too many users (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/360818
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. OpenProtect v5.0.1.6
By: OpenProtect is a server-side email protector which guards against
spam and viruses in addition to pr
Relevant URL: http://opencomputing.sf.net
Platforms: Linux
Summary:
OpenProtect is a server-side email protector which guards against spam
and viruses in addition to providing content filtering, using a variety
of open- source packages. It supports Sendmail, Postfix, Exim and
qmail, and is easy to install and maintain.
2. radmind v1.3.0
By: UMich RSUG
Relevant URL: http://rsug.itd.umich.edu/software/radmind/
Platforms: FreeBSD, Linux, MacOS, OpenBSD, Solaris, SunOS, UNIX
Summary:
radmind is a suite of Unix command-line tools and a server designed to
remotely administer the file systems of multiple Unix machines. At its
core, radmind operates as a tripwire. It is able to detect changes to
any managed filesystem object, e.g. files, directories, links, etc.
However, radmind goes further than just integrity checking: once a change
is detected, radmind can optionally reverse the change. Each managed
machine may have its own loadset composed of multiple, layered overloads.
This allows, for example, the operating system to be described
separately from applications. Loadsets are stored on a remote server. By
updating a loadset on the server, changes can be pushed to managed machines.
3. Fast Logging Project for Snort v1.2.1
By: DG <Dirk@geschke.online.de>
Relevant URL: http://www.geschke-online.de/FLoP
Platforms: Linux, Solaris, SunOS
Summary:
FLoP is designed to gather alerts with a payload from distributed Snort
sensors at a central server, and to store them in a database
(PostgreSQL and MySQL are supported). On the sensor, the output is written via a
Unix domain socket to a process called sockserv. This process is
threaded; one receives and buffers the alert packets, and the other thread
forwards them to a central server. With this approach, the output is
decoupled from Snort, which can proceed in sniffing instead of waiting for
the output plugins. At the central server, a process called servsock
gathers all alerts from the remote sensors and feeds them via a Unix
domain socket to the database. All alerts are buffered to avoid blocking
due to a hanging database access (or a slow network on the senor side). A
short description of alerts with high priority together with the
database ID can be sent via email to a list of recipients.
4. SSpamM v0.2
By: Sami-Pekka Hallikas
Relevant URL: http://sourceforge.net/projects/sspamm/
Platforms: Linux, Os Independent, POSIX, UNIX
Summary:
Semi's Spam Milter (sspamm) is a spam filter for Sendmail that utilizes
spambayes, heurestic spam filtering, and virus scanning (BitDefender,
not included).
5. network traffic volume capture to postgresql v2.1
By: Rob Fowler
Relevant URL: http://gborg.postgresql.org/project/tcap/projdisplay.php
Platforms: Linux, POSIX
Summary:
This is a Unix daemon that captures traffic packet size, source,
destination, and times and saves this data into a postgres database in near
real time, from which traffic reports may be made. It does not save the
actual data or headers. Works on ethX or cooked devices like ppp0. It
uses Postgres embedded SQL to insert the data, pcap to capture traffic,
and pthreads to capure and write at the same time. It is written in C++
using STL. Pcap filters can be specified on the command line. Logs go
to syslog.
6. N-Stealth HTTP Security Scanner v5.2
By: qw erty <qw@erty.net >
Relevant URL: http://www.nstalker.com/products/nstealth/download.php
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
N-Stealth is a comprehensive web server security-auditing tool that
scans for over 30,000 vulnerabilities. It is ideal for system
administrators, security consultant and IT professionals.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------