| Date: | 10 May 2004 21:54:47 -0000 |
From: | "John Boletta" <jboletta@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #183 |
SecurityFocus Linux Newsletter #183
------------------------------------------------------------------------
I. FRONT AND CENTER
1. This Issue is Sponsored By: SecurityFocus
II. LINUX VULNERABILITY SUMMARY
1. Midnight Commander Multiple Unspecified Vulnerabilities
2. Multiple LHA Buffer Overflow/Directory Traversal Vulnerabili...
3. LibPNG Broken PNG Out Of Bounds Access Denial Of Service Vul...
4. SquirrelMail Folder Name Cross-Site Scripting Vulnerability
5. ProFTPD CIDR Access Control Rule Bypass Vulnerability
6. Emacs flim Library Insecure Temporary File Creation Vulnerab...
7. PaX 2.6 Kernel Patch Denial Of Service Vulnerability
8. IPMenu Log File Symbolic Link Vulnerability
9. Verity Ultraseek Error Message Path Disclosure Vulnerability
10. SuSE Linux Kernel HbaApiNode Improper File Permissions
Denia...
11. Simple Machines Forum Size Tag HTML Injection Vulnerability
12. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
13. Exim Sender Verification Remote Stack Buffer Overrun
Vulnera...
14. Exim Header Syntax Checking Remote Stack Buffer Overrun
Vuln...
15. KAME Racoon Remote IKE Message Denial Of Service
Vulnerabili...
16. SuSE LINUX 9.1 Personal Edition Live CD-ROM SSH Server
Defau...
III. LINUX FOCUS LIST SUMMARY
1. Secure Form Script? (Thread)
2. decent loadbalancing with 2 different ISP's with min...
(Thread)
3. decent loadbalancing with 2 different ISP's with min...
(Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. yaSSL 0.1.0
2. DNS Blacklist Packet Filter v0.5
3. PCX Firewall (CGI Web Frontend) 1.3
4. GNUnet v0.6.2a
5. FTimes v3.4.0
6. tinysofa enterprise server 1.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Midnight Commander Multiple Unspecified Vulnerabilities
BugTraq ID: 10242
Remote: Unknown
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10242
Summary:
It has been reported that Midnight Commander is prone to multiple,
unspecified vulnerabilities. These issues are due to various design and
boundary condition errors.
These issues could be leveraged by an attacker to execute arbitrary
code on an affected system, which may facilitate unauthorized access. It
is also possible for an attacker to carry out symbolic link attacks
against an affected system, potentially facilitating a system wide denial
of service.
2. Multiple LHA Buffer Overflow/Directory Traversal Vulnerabili...
BugTraq ID: 10243
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10243
Summary:
LHA has been reported prone to multiple vulnerabilities that may allow
a malicious archive to execute arbitrary code or corrupt arbitrary
files when the archive is operated on.
The first issues reported have been assigned the CVE candidate
identifier (CAN-2004-0234). It is reported that LHA is prone to two stack based
buffer overflow vulnerabilities. These vulnerabilities may be exploited
to execute supplied instructions with the privileges of the user who
invoked the affected LHA utility.
The second set of issues has been assigned CVE candidate identifier
(CAN-2004-0235). In addition to the buffer overflow vulnerabilities that
were reported, LHA has been reported prone to a several directory
traversal issues. These directory traversal vulnerabilities may likely be
exploited to corrupt/overwrite files in the context of the user who is
running the affected LHA utility.
3. LibPNG Broken PNG Out Of Bounds Access Denial Of Service Vul...
BugTraq ID: 10244
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10244
Summary:
The libpng graphics library is reported to be prone to a denial of
service vulnerability when handling certain types of broken images.
It is conjectured that this issue will cause an access violation on
certain systems if software that is linked to the vulnerable library is
used to handle a malicious broken PNG image that is sufficient to trigger
the vulnerability.
4. SquirrelMail Folder Name Cross-Site Scripting Vulnerability
BugTraq ID: 10246
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10246
Summary:
It has been reported that SquirrelMail is affected by a cross-site
scripting vulnerability in the handling of folder name displays. This
issue is due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamic web content.
This issue may allow for theft of cookie-based authentication
credentials. Other attacks are also possible.
5. ProFTPD CIDR Access Control Rule Bypass Vulnerability
BugTraq ID: 10252
Remote: Yes
Date Published: Apr 30 2004
Relevant URL: http://www.securityfocus.com/bid/10252
Summary:
ProFTPD has been reported prone to an access control rule bypass
vulnerability. The issue was reportedly introduced when a "portability
workaround" was applied to ProFTPD version 1.2.9.
This vulnerability may lead a system administrator into a false sense
of security, where it is believed that access to the ProFTPD server is
restricted by access control rules. In reality the access control
restriction will not be enforced at all.
6. Emacs flim Library Insecure Temporary File Creation Vulnerab...
BugTraq ID: 10259
Remote: No
Date Published: May 02 2004
Relevant URL: http://www.securityfocus.com/bid/10259
Summary:
The Emacs flim library is prone to a symlink vulnerability. This could
allow files to be overwritten with the privileges of the user running
Emacs.
7. PaX 2.6 Kernel Patch Denial Of Service Vulnerability
BugTraq ID: 10264
Remote: No
Date Published: May 03 2004
Relevant URL: http://www.securityfocus.com/bid/10264
Summary:
PaX for 2.6 series Linux kernels has been reported prone to a local
denial of service vulnerability. The issue is reported to present itself
when PaX Address Space Layout Randomization Layout (ASLR) is enabled.
The vulnerability may be exploited by a local attacker to influence the
kernel into an infinite loop.
8. IPMenu Log File Symbolic Link Vulnerability
BugTraq ID: 10269
Remote: No
Date Published: May 04 2004
Relevant URL: http://www.securityfocus.com/bid/10269
Summary:
It has been reported that ipmenu is affected by a symbolic link
vulnerability. This issue is due to a design error that allows for the
creation of temporary files in an insecure fashion, facilitating symbolic
links attacks.
This issue may be leveraged to create a system wide denial of service
condition. This issue may also be leveraged to escalate privileges on
the affected system, although this is currently unverified.
9. Verity Ultraseek Error Message Path Disclosure Vulnerability
BugTraq ID: 10275
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10275
Summary:
It has been reported that Verity Ultraseek search application is prone
to a remote path disclosure vulnerability that may allow an attacker to
disclose the server document root.
Verity Ultraseek 5.2.1 and prior versions are reported to be vulnerable
to this issue.
10. SuSE Linux Kernel HbaApiNode Improper File Permissions Denia...
BugTraq ID: 10279
Remote: No
Date Published: May 03 2004
Relevant URL: http://www.securityfocus.com/bid/10279
Summary:
A vulnerability has been identified in the SuSE Linux kernel that may
allow a local attacker to cause a denial of service condition on a
vulnerable system. The issue is reported to be caused by improper file
permissions on '/proc/scsi/qla2300/HbaApiNode' file.
SuSE Linux Enterprise Server 8.0, SuSE Linux 8.1 and 9.0 are reported
to be affected by this issue.
Due to a lack of details, further information cannot be provided at the
moment. This BID will be updated as more information becomes
available.
11. Simple Machines Forum Size Tag HTML Injection Vulnerability
BugTraq ID: 10281
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10281
Summary:
It has been reported that Simple Machines Forum (SMF) may be prone to
an HTML injection vulnerability that may allow an attacker to execute
arbitrary HTML or script code in a user's browser. The issue exists due
to insufficient sanitization of user-supplied input via the font size
attribute.
Exploitation could allow for theft of cookie-based authentication
credentials. Other attacks are also possible.
12. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
BugTraq ID: 10282
Remote: Yes
Date Published: May 05 2004
Relevant URL: http://www.securityfocus.com/bid/10282
Summary:
Multiple SQL vulnerabilities have been identified in the 'modules.php'
module of the application. These vulnerabilities may allow a remote
attacker to manipulate query logic, potentially leading to unauthorized
access to sensitive information.
PHPNuke 7.2 and prior are reported to be prone to these issues.
13. Exim Sender Verification Remote Stack Buffer Overrun Vulnera...
BugTraq ID: 10290
Remote: Yes
Date Published: May 06 2004
Relevant URL: http://www.securityfocus.com/bid/10290
Summary:
Exim has been reported prone to a remotely exploitable stack-based
buffer overrun vulnerability.
This is exposed if sender verification has been enabled in the agent
and may be triggered by a malicious e-mail. Exploitation may permit
execution of arbitrary code in the content of the mail transfer agent.
This issue is reported in exist in Exim 3.35. Earlier versions may
also be affected.
It should be noted that the vulnerable functionality is not enabled in
the default install, though some Linux/Unix distributions that ship the
software may enable it.
14. Exim Header Syntax Checking Remote Stack Buffer Overrun Vuln...
BugTraq ID: 10291
Remote: Yes
Date Published: May 06 2004
Relevant URL: http://www.securityfocus.com/bid/10291
Summary:
Exim is reportedly prone to a remotely exploitable stack-based buffer
overrun vulnerability.
This issue is exposed if header syntax checking has been enabled in the
agent and may be triggered by a malicious e-mail. Though not confirmed
to be exploitable, if this condition were to be exploited, it would
result in execution of arbitrary code in the context of the mail transfer
agent. Otherwise, the agent would crash when handling malformed syntax
in an e-mail message.
The issue is reported to exist in both Exim 3.35 and 4.32, though the
vulnerable code exists in different source files in each of these
versions.
It should be noted that the vulnerable functionality is not enabled in
the default install, though some Linux/Unix distributions that ship the
software may enable it.
15. KAME Racoon Remote IKE Message Denial Of Service Vulnerabili...
BugTraq ID: 10296
Remote: Yes
Date Published: May 06 2004
Relevant URL: http://www.securityfocus.com/bid/10296
Summary:
It has been reported that KAME is affected by a remote denial of
service vulnerability when processing malformed IKE messages. This issue is
due to a failure of the daemon to properly handle malformed messages.
This issue can be leveraged to cause the affected daemon to enter an
infinite loop; effectively denying service to legitimate users.
16. SuSE LINUX 9.1 Personal Edition Live CD-ROM SSH Server Defau...
BugTraq ID: 10297
Remote: Yes
Date Published: May 06 2004
Relevant URL: http://www.securityfocus.com/bid/10297
Summary:
It has been reported that SuSE LINUX 9.1 Personal Edition Live CD-ROM
can allow an attacker to gain full access to a vulnerable system. The
issue presents itself when a user boots the machine with the affected
CD-ROM. It has been reported that due to a configuration error, the
system configures an SSH server on the host with a default root account.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362763
2. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362709
3. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362708
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. yaSSL 0.1.0
By: tao51
Relevant URL:
http://freshmeat.net/projects/yassl/?branch_id=48050&release_id=160245
Platforms: Linux, POSIX, Windows 2000, Windows NT, Windows XP
Summary:
The yaSSL software package is a fast, dual-licensed implementation of
SSL. It includes SSL client libraries and an SSL server implementation.
It supports multiple APIs, including those defined by SSL and TLS. It
also supports an OpenSSL compatibility interface.
2. DNS Blacklist Packet Filter v0.5
By: Russell Miller
Relevant URL:
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX
Summary:
DNS Blacklist Packet Filter is a BSD/Linux netfilter client that
decides whether to accept or drop packets based on the results of a DNS
blacklist query (such as MAPS, SORBS, or SPEWS, to name a few). One use is
to filter all incoming SMTP SYN packets for spam filtering.
3. PCX Firewall (CGI Web Frontend) 1.3
By: James A. Pattie
Relevant URL: http://pcxfirewall.sf.net/frontends/index.html
Platforms: Linux, POSIX
Summary:
PCX Firewall is an IPTables firewalling solution that uses Perl to
generate static shell scripts based upon the user's configuration settings.
This allows the firewall to startup quickly, as it does not have to
parse config files every time it starts.
4. GNUnet v0.6.2a
By: Christian Grothoff
Relevant URL: http://www.ovmj.org/GNUnet/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, POSIX
Summary:
GNUnet is a peer-to-peer framework with focus on providing security.
All link-to-link messages in the network are confidential and
authenticated. The framework provides a transport abstraction layer and can
currently encapsulate the peer-to-peer traffic in UDP, TCP, or SMTP messages.
GNUnet supports accounting to provide contributing nodes with better
service. The primary service build on top of the core GNUnet framework is
anonymous file sharing.
5. FTimes v3.4.0
By: Klayton Monroe
Relevant URL: http://ftimes.sourceforge.net/FTimes/
Platforms: AIX, FreeBSD, Linux, MacOS, POSIX, Solaris, SunOS, Windows
2000, Windows NT
Summary:
FTimes is a system baselining and evidence collection tool. Its primary
purpose is to gather and/or develop information about specified
directories and files in a manner conducive to intrusion analysis. It was
designed to support the following initiatives: content integrity
monitoring, incident response, intrusion analysis, and computer forensics.
6. tinysofa enterprise server 1.0
By: Omar Kilani
Relevant URL: http://www.tinysofa.org
Platforms: Linux, POSIX
Summary:
tinysofa enterprise server is a secure server targeted enterprise grade
operating system. It is based on Trustix Secure Linux and includes a
complete distribution port to Python 2.3 and RPM 4.2, an overhauled PAM
authentication system providing system-wide authentication
configuration, the latest upstream packages, the replacement of ncftp with lftp, the
addition of gdb and screen, feature additions to the swup updater that
provide multiple configuration file support, user login FTP support,
enable/disable support, variable expansion support (allows multiple
architectures), and many enhancements.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------