| Date: | 3 May 2004 18:59:29 -0000 |
From: | "John Boletta" <jboletta@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #182 |
SecurityFocus Linux Newsletter #182
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. WiFi High Crimes
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerabi...
2. Linux kernel i810 DRM driver Unspecified Vulnerability
3. Linux kernel Framebuffer Code Unspecified Vulnerability
4. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis...
5. Linux kernel do_fork() Memory Leakage Vulnerability
6. HP Web Jetadmin Multiple Vulnerabilities
7. Veritas NetBackup Multiple Unspecified Local Memory Corrupti...
8. Linux Kernel Panic Function Call Undisclosed Buffer Overflow...
III. LINUX FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-04-26 to 2004-05-03.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Sentry Firewall CD-ROM v1.5.0-rc12(dev)
2. Automatic Firewall v0.1
3. DNS Blacklist Packet Filter v0.5
4. SSpamM v0.8
5. Qryptix v0.2.2
6. Astaro Security Linux (Stable 5.x) v5.003
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. WiFi High Crimes
By Mark Rasch
Before WiFi can entirely fulfill its promise, we'll have to confront an
oppressive latticework of outdated criminal laws.
http://www.securityfocus.com/columnists/237
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerabi...
BugTraq ID: 10201
Remote: No
Date Published: Apr 23 2004
Relevant URL: http://www.securityfocus.com/bid/10201
Summary:
A local integer handling vulnerability has been announced in the Linux
kernel. It is reported that this vulnerability may be exploited by an
unprivileged local user to obtain kernel memory contents. Additionally
it is reported that a root user may exploit this issue to write to
arbitrary regions of kernel memory, which may be a vulnerability in
non-standard security enhanced systems where uid 0 does not have this
privilege.
The vulnerability presents itself due to integer handling errors in the
proc handler for cpufreq.
2. Linux kernel i810 DRM driver Unspecified Vulnerability
BugTraq ID: 10210
Remote: No
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10210
Summary:
An unspecified vulnerability has been identified in the Linux kernel
that may allow an attacker to potentially cause a denial of service
vulnerability or gain elevated privileges.
Due to a lack of details, further information cannot be provided at the
moment. This BID will be updated as more information becomes
available.
This issue has been identified in kernel version 2.4.22.
3. Linux kernel Framebuffer Code Unspecified Vulnerability
BugTraq ID: 10211
Remote: No
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10211
Summary:
An unspecified vulnerability has been identified in the Linux kernel.
This vulnerability was reported in a security advisory
(FEDORA-2004-111) issued by RedHat for the Fedora operating system. It has been
reported that the issue exists in the framebuffer code accessing userspace
directly instead of using correct interfaces. The impact of this issue
cannot be confirmed at the moment due to a lack of information.
This issue has been identified in kernel version 2.4.22.
4. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis...
BugTraq ID: 10220
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10220
Summary:
It has been reported that phpwsBB and phpwsContacts modules for
phpWebSite are prone to a vulnerability that could allow an attacker to gather
sensitive information.
Due to a lack of details, further information cannot be provided at the
moment. This BID will be updated as more information becomes
available.
phpwsBB version 0.9.1 and phpwsContacts version 0.8.2 and prior
versions are reported to be affected by this issue.
5. Linux kernel do_fork() Memory Leakage Vulnerability
BugTraq ID: 10221
Remote: No
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10221
Summary:
It has been reported that the Linux kernel may be prone to a memory
leakage vulnerability. The issue exists because memory is allocate for
child processes but never freed.
This issue has been identified in kernel versions 2.4 and 2.6.
6. HP Web Jetadmin Multiple Vulnerabilities
BugTraq ID: 10224
Remote: Yes
Date Published: Apr 27 2004
Relevant URL: http://www.securityfocus.com/bid/10224
Summary:
Multiple vulnerabilities have been identified in the application that
may allow remote attackers to disclose sensitive information, carry out
denial of service attacks, and gain unauthorized access to a vulnerable
server.
These issues are reported to affect HP Web JetAdmin 6.5 and prior,
however, version 7.0 may be affected by most of these issues as well.
7. Veritas NetBackup Multiple Unspecified Local Memory Corrupti...
BugTraq ID: 10226
Remote: No
Date Published: Apr 27 2004
Relevant URL: http://www.securityfocus.com/bid/10226
Summary:
Multiple unspecified local buffer overrun and format string
vulnerabilities have been reported to exist in various setuid Veritas NetBackup
binaries. These issues may be exploited to execute arbitrary code with
root privileges.
It should be noted that these issues are confirmed to exist and be
exploitable on Linux platforms, however, releases of the software on other
Unix-based platforms are also believed to be similarly affected.
It is also not known at this point which specific NetBackup releases or
distributions are affected.
8. Linux Kernel Panic Function Call Undisclosed Buffer Overflow...
BugTraq ID: 10233
Remote: No
Date Published: Apr 29 2004
Relevant URL: http://www.securityfocus.com/bid/10233
Summary:
The panic() function call of the Linux kernel has been reported prone
to a buffer overflow vulnerability. The exact details of the overflow
are currently unspecified, however it has been reported that this issue
cannot be exploited. Other reports suggest that the issue may be
exploited to reveal portions of kernel memory space.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-04-26 to 2004-05-03.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Sentry Firewall CD-ROM v1.5.0-rc12(dev)
By: Obsid
Relevant URL: http://www.SentryFirewall.com/
Platforms: Linux
Summary:
Sentry Firewall CD-ROM Version 1.0 is a Linux based bootable CD-ROM
suitable for use as an inexpensive and easy to maintain Firewall or
IDS(Intrusion Detection System) Node. The system is designed to be
immediately configurable for a variety of different operating environments via a
configuration file located on a floppy disk or a local hard drive.
2. Automatic Firewall v0.1
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/projects.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your
environment and deciding what is a good fit for your needs. It is intended for
the novice broadband user to install and forget about, but still be
fairly well protected.
3. DNS Blacklist Packet Filter v0.5
By: Russell Miller
Relevant URL:
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX
Summary:
DNS Blacklist Packet Filter is a BSD/Linux netfilter client that
decides whether to accept or drop packets based on the results of a DNS
blacklist query (such as MAPS, SORBS, or SPEWS, to name a few). One use is
to filter all incoming SMTP SYN packets for spam filtering.
4. SSpamM v0.8
By: Sami-Pekka Hallikas
Relevant URL: http://sourceforge.net/projects/sspamm/
Platforms: Linux, Os Independent, POSIX, UNIX
Summary:
Semi's Spam Milter (sspamm) is a spam filter for Sendmail that utilizes
spambayes, heurestic spam filtering, and virus scanning (BitDefender,
not included).
5. Qryptix v0.2.2
By: Sivasankar Chander
Relevant URL: http://www.sourceforge.net/projects/qryptix
Platforms: Linux
Summary:
Qryptix consists of a PAM object and utilities for session- and
key-management for encrypted home directories using the International Kernel
(CryptoAPI) patches for Linux. It simplifies login/logout,
mounting/unmounting, and key generation and changing.
6. Astaro Security Linux (Stable 5.x) v5.003
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet
inspection filtering, content filtering, user authentication, virus
scanning, VPN with IPSec and PPTP, and much more. With its Web-based
management tool, WebAdmin, and the ability to pull updates via the Internet,
it is pretty easy to manage. It is based on a special hardened Linux
2.4 distribution where most daemons are running in change-roots and are
protected by kernel capabilities.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------