Date: 3 May 2004 18:59:29 -0000
From:"John Boletta" <jboletta@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #182
SecurityFocus Linux Newsletter #182
------------------------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see 
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. WiFi High Crimes
II. LINUX VULNERABILITY SUMMARY
     1. Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerabi...
     2. Linux kernel i810 DRM driver Unspecified Vulnerability
     3. Linux kernel Framebuffer Code Unspecified Vulnerability
     4. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis...
     5. Linux kernel do_fork() Memory Leakage Vulnerability
     6. HP Web Jetadmin Multiple Vulnerabilities
     7. Veritas NetBackup Multiple Unspecified Local Memory Corrupti...
     8. Linux Kernel Panic Function Call Undisclosed Buffer Overflow...
III. LINUX FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2004-04-26 to 2004-05-03.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Sentry Firewall CD-ROM v1.5.0-rc12(dev)
     2. Automatic Firewall v0.1
     3. DNS Blacklist Packet Filter v0.5
     4. SSpamM v0.8
     5. Qryptix v0.2.2
     6. Astaro Security Linux (Stable 5.x) v5.003
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. WiFi High Crimes
By Mark Rasch 

Before WiFi can entirely fulfill its promise, we'll have to confront an 
oppressive latticework of outdated criminal laws.

http://www.securityfocus.com/columnists/237

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerabi...
BugTraq ID: 10201
Remote: No
Date Published: Apr 23 2004
Relevant URL: http://www.securityfocus.com/bid/10201
Summary:
A local integer handling vulnerability has been announced in the Linux 
kernel. It is reported that this vulnerability may be exploited by an 
unprivileged local user to obtain kernel memory contents. Additionally 
it is reported that a root user may exploit this issue to write to 
arbitrary regions of kernel memory, which may be a vulnerability in 
non-standard security enhanced systems where uid 0 does not have this 
privilege.

The vulnerability presents itself due to integer handling errors in the 
proc handler for cpufreq.

2. Linux kernel i810 DRM driver Unspecified Vulnerability
BugTraq ID: 10210
Remote: No
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10210
Summary:
An unspecified vulnerability has been identified in the Linux kernel 
that may allow an attacker to potentially cause a denial of service 
vulnerability or gain elevated privileges.

Due to a lack of details, further information cannot be provided at the 
moment.  This BID will be updated as more information becomes 
available.

This issue has been identified in kernel version 2.4.22.

3. Linux kernel Framebuffer Code Unspecified Vulnerability
BugTraq ID: 10211
Remote: No
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10211
Summary:
An unspecified vulnerability has been identified in the Linux kernel.  
This vulnerability was reported in a security advisory 
(FEDORA-2004-111) issued by RedHat for the Fedora operating system. It has been 
reported that the issue exists in the framebuffer code accessing userspace 
directly instead of using correct interfaces.  The impact of this issue 
cannot be confirmed at the moment due to a lack of information. 

This issue has been identified in kernel version 2.4.22.

4. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis...
BugTraq ID: 10220
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10220
Summary:
It has been reported that phpwsBB and phpwsContacts modules for 
phpWebSite are prone to a vulnerability that could allow an attacker to gather 
sensitive information.  

Due to a lack of details, further information cannot be provided at the 
moment.  This BID will be updated as more information becomes 
available.

phpwsBB version 0.9.1 and phpwsContacts version 0.8.2 and prior 
versions are reported to be affected by this issue.

5. Linux kernel do_fork() Memory Leakage Vulnerability
BugTraq ID: 10221
Remote: No
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10221
Summary:
It has been reported that the Linux kernel may be prone to a memory 
leakage vulnerability.  The issue exists because memory is allocate for 
child processes but never freed.

This issue has been identified in kernel versions 2.4 and 2.6.

6. HP Web Jetadmin Multiple Vulnerabilities
BugTraq ID: 10224
Remote: Yes
Date Published: Apr 27 2004
Relevant URL: http://www.securityfocus.com/bid/10224
Summary:
Multiple vulnerabilities have been identified in the application that 
may allow remote attackers to disclose sensitive information, carry out 
denial of service attacks, and gain unauthorized access to a vulnerable 
server.

These issues are reported to affect HP Web JetAdmin 6.5 and prior, 
however, version 7.0 may be affected by most of these issues as well.

7. Veritas NetBackup Multiple Unspecified Local Memory Corrupti...
BugTraq ID: 10226
Remote: No
Date Published: Apr 27 2004
Relevant URL: http://www.securityfocus.com/bid/10226
Summary:
Multiple unspecified local buffer overrun and format string 
vulnerabilities have been reported to exist in various setuid Veritas NetBackup 
binaries.  These issues may be exploited to execute arbitrary code with 
root privileges.

It should be noted that these issues are confirmed to exist and be 
exploitable on Linux platforms, however, releases of the software on other 
Unix-based platforms are also believed to be similarly affected.  

It is also not known at this point which specific NetBackup releases or 
distributions are affected.

8. Linux Kernel Panic Function Call Undisclosed Buffer Overflow...
BugTraq ID: 10233
Remote: No
Date Published: Apr 29 2004
Relevant URL: http://www.securityfocus.com/bid/10233
Summary:
The panic() function call of the Linux kernel has been reported prone 
to a buffer overflow vulnerability. The exact details of the overflow 
are currently unspecified, however it has been reported that this issue 
cannot be exploited. Other reports suggest that the issue may be 
exploited to reveal portions of kernel memory space.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-04-26 to 2004-05-03.

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary: 

Immunity CANVAS is 100% pure Python, and every license includes full 
access to the entire CANVAS codebase. Python is one of the easiest 
languages to learn, so even novice programmers can be productive on the 
CANVAS API, should they so chose. 

Immunity CANVAS is both a valuable demonstration tool for enterprise 
information security teams or system adminstrators, and an advanced 
development platform for exploit developers, or people learning to become 
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, 
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary: 

SecretAgent is a file encryption and digital signature utility, 
supporting cross-platform interoperability over a wide range of platforms: 
Windows, Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature technology, SecretAgent ensures the confidentiality, integrity, and 
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Sentry Firewall CD-ROM v1.5.0-rc12(dev)
By: Obsid
Relevant URL: http://www.SentryFirewall.com/
Platforms: Linux
Summary: 

Sentry Firewall CD-ROM Version 1.0 is a Linux based bootable CD-ROM 
suitable for use as an inexpensive and easy to maintain Firewall or 
IDS(Intrusion Detection System) Node. The system is designed to be 
immediately configurable for a variety of different operating environments via a 
configuration file located on a floppy disk or a local hard drive.

2. Automatic Firewall v0.1
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/projects.html
Platforms: Linux
Summary: 

Automatic Firewall configures your firewall by looking at your 
environment and deciding what is a good fit for your needs. It is intended for 
the novice broadband user to install and forget about, but still be 
fairly well protected.

3. DNS Blacklist Packet Filter v0.5
By: Russell Miller
Relevant URL: 
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX
Summary: 

DNS Blacklist Packet Filter is a BSD/Linux netfilter client that 
decides whether to accept or drop packets based on the results of a DNS 
blacklist query (such as MAPS, SORBS, or SPEWS, to name a few). One use is 
to filter all incoming SMTP SYN packets for spam filtering.

4. SSpamM v0.8
By: Sami-Pekka Hallikas
Relevant URL: http://sourceforge.net/projects/sspamm/
Platforms: Linux, Os Independent, POSIX, UNIX
Summary: 

Semi's Spam Milter (sspamm) is a spam filter for Sendmail that utilizes 
spambayes, heurestic spam filtering, and virus scanning (BitDefender, 
not included).

5. Qryptix v0.2.2
By: Sivasankar Chander 
Relevant URL: http://www.sourceforge.net/projects/qryptix
Platforms: Linux
Summary: 

Qryptix consists of a PAM object and utilities for session- and 
key-management for encrypted home directories using the International Kernel 
(CryptoAPI) patches for Linux. It simplifies login/logout, 
mounting/unmounting, and key generation and changing.

6. Astaro Security Linux (Stable 5.x) v5.003
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary: 

Astaro Security Linux is a firewall solution. It does stateful packet 
inspection filtering, content filtering, user authentication, virus 
scanning, VPN with IPSec and PPTP, and much more. With its Web-based 
management tool, WebAdmin, and the ability to pull updates via the Internet, 
it is pretty easy to manage. It is based on a special hardened Linux 
2.4 distribution where most daemons are running in change-roots and are 
protected by kernel capabilities.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see 
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------