| Date: | 25 May 2004 21:35:38 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #185 |
SecurityFocus Linux Newsletter #185
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Malware Analysis for Administrators
2. Protecting Road Warriors: Managing Security for Mobile Users
(Part Two)
II. LINUX VULNERABILITY SUMMARY
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
2. WGet Insecure File Creation Race Condition Vulnerability
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
4. PHP-Nuke Multiple Input Validation Vulnerabilities
5. LibUser Multiple Unspecified Vulnerabilities
6. Mandrake Linux passwd Potential Vulnerabilities
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
10. Subversion Date Parsing Function Buffer Overflow
Vulnerabili...
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
12. SquirrelMail Unspecified SQL Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. looking for wireless linux security book (Thread)
2. Problem with my wireless network(To all LinkSys user...
(Thread)
3. Problem with my wireless network (Thread)
4. Secure Form Script? (Thread)
5. iptables firewall script for debian-woody, 2.4.24 (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Ettercap v0.7.0 pre2
2. Linux Intrusion Detection System (LIDS) v2.6.6
3. Astaro Security Linux (Stable 5.x) v5.007
4. TinyCA v0.6.0
5. OS-SIM v0.9.4
6. Automatic Firewall v0.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Malware Analysis for Administrators
By S. G. Masood
The purpose of this article is to help administrators and power users
use
behavioral analysis to determine if a binary is harmful malware, by
analyzing it in a lab environment without the use of anti-virus
software,
debuggers, or code disassembly.
http://www.securityfocus.com/infocus/1780
2. Protecting Road Warriors: Managing Security for Mobile Users (Part
Two)
By Bob Rudis
This is the second of a two-part series that focuses on the centralized
management of security for mobile users. Part two completes the
discussion by presenting additional layers of defence to help protect
valuable, mobile data.
http://www.securityfocus.com/infocus/1781
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
BugTraq ID: 10359
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10359
Summary:
It has been reported that TurboTrafficTrader C does not properly
sanitize input received from users. It has been conjectured that this may
allow a remote user to launch cross-site scripting and HTML injection
attacks.
The cross-site scripting issues could permit a remote attacker to
create a malicious link to the vulnerable application that includes hostile
HTML and script code. If this link were followed, the hostile code may
be rendered in the web browser of the victim user.
The HTML injection issues could allow an attacker to post malicious
HTML and script code that would then later be rendered in the web browser
of further visitors to the affected site.
These attacks would occur in the security context of the affected web
site and may allow for theft of cookie-based authentication credentials.
Other attacks are also possible.
2. WGet Insecure File Creation Race Condition Vulnerability
BugTraq ID: 10361
Remote: No
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10361
Summary:
wget has been reported prone to a race condition vulnerability. The
issue exists because wget does not lock files that it creates and writes
to during file downloads.
A local attacker may exploit this condition to corrupt files with the
privileges of the victim who is running the vulnerable version of wget.
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
BugTraq ID: 10365
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10365
Summary:
PHP-Nuke is prone to a potential file include vulnerability. This
issue could allow a remote attacker to include malicious files containing
aribtrary code to be executed on a vulnerable system. This issue can be
exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be
executed in the context of the web server hosting the vulnerable
software.
4. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10367
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10367
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from
insufficient sanitization of user-supplied data. An attacker can carry
out cross-site scripting and path disclosure attacks.
5. LibUser Multiple Unspecified Vulnerabilities
BugTraq ID: 10368
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10368
Summary:
Libuser implements a standardized interface for manipulating and
administering user and group accounts one Unix systems.
It has been reported that several vulnerabilities exist in this
library. Attackers could possibly crash applications that are linked to this
library, or possibly cause the applications to write 4GB files
containing garbage to disk.
These issues could possibly lead to a denial of service condition,
causing legitimate users to be unable to access resources.
6. Mandrake Linux passwd Potential Vulnerabilities
BugTraq ID: 10370
Remote: Unknown
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10370
Summary:
Two potential security issues reportedly affect the implementation of
passwd included with Mandrake Linux, according to Mandrake advisory
MDKSA-2004:045. According to the report, passwords supplied to passwd via
stdin are incorrectly one character shorter than they should be. It is
not known whether this behavior occurs at the interactive prompt or if
the implementation allows for passwords to be "piped" to passwd through
stdin. This may or may not have security implications as the user's
password will not be stored correctly and the user will not be able to
login. It is conceivable that this could result in a less secure
password. The second issue reported by Mandrake is that PAM may not be
initialized correctly and "safe and proper" operation may not be ensured.
Further technical details are not known.
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
BugTraq ID: 10383
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10383
Summary:
It is reported that KDE Konqueror is prone to a URI obfuscation
weakness that may hide the true contents of a URI link. The issue occurs when
an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a
malicious link.
An attacker can exploit this issue by supplying a malicious image that
appears to be a URI link pointing to a page designed to mimic that of a
trusted site. If an unsuspecting victim is to mouseover the link in an
attempt to verify the authenticity of where it references, they may be
deceived into believing that the link references the actual trusted
site.
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
BugTraq ID: 10384
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10384
Summary:
CVS is prone to a remote heap overflow vulnerability. This issue
presents itself during the handling of user-supplied input for entry lines
with 'modified' and 'unchanged' flags. This vulnerability can allow an
attacker to overflow a vulnerable buffer on the heap, possibly leading
to arbitrary code execution.
CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and
prior are prone to this issue.
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
BugTraq ID: 10385
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10385
Summary:
Neon WebDAV client library is prone to a heap overflow vulnerability.
This issue exists due to improper boundary checks performed on
user-supplied data. Reportedly a malformed string value may cause a sscanf()
string overflow into static heap variables.
Neon 0.24.5 and prior are prone to this issue.
10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
BugTraq ID: 10386
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10386
Summary:
Subversion is prone to a buffer overflow vulnerability. This issue
exists in one of the data parsing functions of the application.
Specifically, Subversion calls an sscanf() function when converting data strings
to different formats. This causes user-supplied data to be copied into
an unspecified buffer without proper boundary checks performed by the
application.
Subversion versions 1.0.2 and prior are prone to this issue.
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
BugTraq ID: 10389
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10389
Summary:
It is reported that Netscape Navigator is prone to a URI obfuscation
weakness that may hide the true contents of a URI link. The issue occurs
when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a
malicious link.
An attacker can exploit this issue by supplying a malicious image that
appears to be a URI link pointing to a page designed to mimic that of a
trusted site. If an unsuspecting victim is to mouseover the link in an
attempt to verify the authenticity of where it references, they may be
deceived into believing that the link references the actual trusted
site.
12. SquirrelMail Unspecified SQL Injection Vulnerability
BugTraq ID: 10397
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10397
Summary:
Reportedly, SquirrelMail is prone to an unspecified SQL injection
vulnerability. The vulnerability results from insufficient sanitization of
user-supplied data.
This issue may allow a remote attacker to manipulate query logic,
potentially leading to unauthorized access to sensitive information such as
the user password hashes or corruption of database data. SQL injection
attacks may also potentially be used to exploit latent vulnerabilities
in the underlying database implementation.
Due to a lack of information, further details are not currently
available. This BID will be updated as more information becomes available.
SquirrelMail 1.4.2 and prior versions are affected by this issue.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364172
2. Problem with my wireless network(To all LinkSys user... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364171
3. Problem with my wireless network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364058
4. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364050
5. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363883
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT,
Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It
supports active and passive dissection of many protocols (even ciphered
ones, like SSH and HTTPS). Data injection in an established connection
and filtering on the fly is also possible, keeping the connection
synchronized. Many sniffing modes were implemented to give you a powerful
and complete sniffing suite. Plugins are supported. It has the ability to
check whether you are in a switched LAN or not, and to use OS
fingerprints (active or passive) to let you know the geometry of the LAN.
2. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the
kernel's security. When it is in effect, chosen files access, all
system/network administration operations, any capability use, raw device, mem,
and I/O access can be made impossible even for root. You can define
which program can access which file. It uses and extends the system
capabilities bounding set to control the whole system and adds some network
and filesystem security features to the kernel to enhance the security.
You can finely tune the security protections online, hide sensitive
processes, receive security alerts through the network, and more.
3. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet
inspection filtering, content filtering, user authentication, virus
scanning, VPN with IPSec and PPTP, and much more. With its Web-based
management tool, WebAdmin, and the ability to pull updates via the Internet,
it is pretty easy to manage. It is based on a special hardened Linux
2.4 distribution where most daemons are running in change-roots and are
protected by kernel capabilities.
4. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small
certification authority. It is based on OpenSSL and Perl modules from the OpenCA
project. TinyCA lets you manage x509 certificates. It is possible to
export data in PEM or DER format for use with servers, as PKCS#12 for use
with clients, or as S/MIME certificates for use with email programs. It
is also possible to import your own PKCS#10 requests and generate
certificates from them.
5. OS-SIM v0.9.4
By: Dominique Karg
Relevant URL: http://www.ossim.net/
Platforms: Linux, MacOS, POSIX
Summary:
OSSIM pretends to unify network monitoring, security, correlation, and
qualification in one single tool. It combines Snort, Acid, HotSaNIC,
NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full
control over every aspect of networking or security.
6. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your
environment and deciding what is a good fit for your needs. It is intended for
the novice broadband user to install and forget about, but still be
fairly well protected.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------