| Date: | 22 Jun 2004 17:20:48 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #189 |
SecurityFocus Linux Newsletter #189
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to visit a myriad of mailing lists and websites to read the news? Just
add the new SecurityFocus RSS feeds to your freeware RSS reader, and
see
all the latest posts for Bugtraq and the SF Vulnernability database in
one convenient place. Or, pull in the latest news, columnists and
feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Securing Apache 2: Step-by-Step
II. LINUX VULNERABILITY SUMMARY
1. Horde Chora Viewer Remote Command Execution Vulnerability
2. Multiple Vendor Anti-Virus Scanner Remote Denial Of Service ...
3. Linux Kernel Assembler Inline Function Local Denial Of Servi...
4. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
5. KAME Racoon IDE Daemon X.509 Improper Certificate Verificati...
6. Check Point Firewall-1 Internet Key Exchange Information Dis...
7. Invision Power Board Potential IP Address Spoofing Vulnerabi...
8. Linux Kernel Inter Intergrated Circuit Bus Driver Integer Ov...
9. Linux Kernel Multiple Device Driver Vulnerabilities
10. Nmap Potential Insecure File Creation Vulnerability
11. MoinMoin Group Name Privilege Escalation Vulnerability
12. Asterisk PBX Multiple Logging Format String Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. OpenVPN? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. SecretAgent
2. Cyber-Ark Inter-Business Vault
3. EnCase Forensic Edition
4. KeyGhost SX
5. SafeKit
6. Astaro Linux Firewall
V. NEW TOOLS FOR LINUX PLATFORMS
1. SnortNotify 1.02
2. Devil-Linux v1.2 Beta 1
3. GNU Anubis v3.9.94
4. DNSSEC Walker v3.4
5. Ettercap v0.7.0 pre2
6. Linux Intrusion Detection System (LIDS) v2.6.6
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Securing Apache 2: Step-by-Step
By Artur Maj
Continuing the very popular "Securing" series from last year, this
article discusses step-by-step how to compile, install, chroot and
configure a secure Apache 2 web server.
http://www.securityfocus.com/infocus/1786
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Horde Chora Viewer Remote Command Execution Vulnerability
BugTraq ID: 10531
Remote: Yes
Date Published: Jun 13 2004
Relevant URL: http://www.securityfocus.com/bid/10531
Summary:
Horde Chora Viewer is reported to be prone to a remote command
execution vulnerability. The vulnerability is reported to exist due to a lack
of sanitization performed on values that may be user-supplied.
Shell metacharacters that are included as a value for the affected URI
parameter may result in attacker specified shell commands being
executed in an exec() call. Command execution will occur in the context of the
affected web server.
Chora versions up to an including version 1.2.1 are reported to be
affected by this vulnerability.
2. Multiple Vendor Anti-Virus Scanner Remote Denial Of Service ...
BugTraq ID: 10537
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10537
Summary:
Multiple vendor anti-virus scanning software is reported prone to a
remote denial of service vulnerability.
The issue is reported to present itself when certain malicious archives
containing large quantities of data are scanned.
In the supplied example approximately 300 Gigabytes of data is archived
in many different archive types. This archive may be transmitted to a
client or submitted to an online anti-virus scanning service in order to
crash the anti-virus software.
3. Linux Kernel Assembler Inline Function Local Denial Of Servi...
BugTraq ID: 10538
Remote: No
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10538
Summary:
The Linux Kernel is reportedly to be affected by a local denial of
service vulnerability surrounding inline assembly functions. This issue is
due to a design error that causes the application to fail to properly
handle stack frame management.
This issue may be leveraged by an attacker to cause the affected system
to crash, denying service to legitimate users.
Although only select linux kernels are reported to be affected, it is
likely that various other versions are vulnerable as well.
4. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
BugTraq ID: 10539
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10539
Summary:
Invision Power Board 'ssi.php' script reported prone to a cross-site
scripting vulnerability. The issue presents itself due to a lack of
sufficient sanitization performed by functions in the 'ssi.php' script on
user-influenced 'f' parameter. This can permit the theft of
cookie-based authentication credentials; other attacks may also be possible.
5. KAME Racoon IDE Daemon X.509 Improper Certificate Verificati...
BugTraq ID: 10546
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10546
Summary:
It is reported that racoon improperly validates X.509 certificates when
negotiating IPSec connections.
When checking certificate validity, racoon ignores many errors from
OpenSSL and grants access to invalid certificates.
When ignoring these errors, racoon would allow improper certificates to
be used when authenticating connections. This vulnerability would allow
attackers to forge certificates and potentially gain access to IPSec
VPNs. This would also effectively make all certificates permanent.
It is unknown the exact versions of racoon that are vulnerable at this
time.
6. Check Point Firewall-1 Internet Key Exchange Information Dis...
BugTraq ID: 10558
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10558
Summary:
Check Point Firewall-1 is affected by an information disclosure
vulnerability during an Internet Key Exchange (IKE) phase. This issue is due
to a design error that may present sensitive information to an
attacker.
An attacker can leverage this issue to disclose information about the
affected firewall product including the version number and various
details about the firewall's capabilities. Furthermore this issue would
facilitate fingerprinting or identifying a firewall by carrying out active
scans.
7. Invision Power Board Potential IP Address Spoofing Vulnerabi...
BugTraq ID: 10559
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10559
Summary:
It is reported that Invision Power Board is prone to an IP address
spoofing vulnerability. If an attacker is using a proxy to access a remote
forum, the application logs the attacker's internal IP address on the
LAN, instead of the real IP address of the proxy.
This issue is reported to affect Invision Power Board version 1.3,
however, it is likely that other versions are affected as well.
8. Linux Kernel Inter Intergrated Circuit Bus Driver Integer Ov...
BugTraq ID: 10563
Remote: No
Date Published: Jun 17 2004
Relevant URL: http://www.securityfocus.com/bid/10563
Summary:
The Linux kernel has been reported to be vulnerable to an integer
overflow in the inter integrated circuit (I2C) bus driver. This issue is
due to a failure of the offending driver to properly validate
user-reported size values.
This issue could be leveraged by an attacker to execute machine code
with the privileges of the affected driver; potentially leading to
privilege escalation and ring 0 access.
It should be noted that in most cases I2C device files are by default
only readable and writable by superusers; in such a case an attacker
would have to have superuser privileges.
9. Linux Kernel Multiple Device Driver Vulnerabilities
BugTraq ID: 10566
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10566
Summary:
It has been reported that the Linux kernel is vulnerable to multiple
device driver issues. These issues were found during a recent audit of
the Linux kernel source.
Drivers reportedly affected by these issues are: aironet, asus_acpi,
decnet, mpu401, msnd, and pss.
These issues may reportedly allow attackers to gain access to kernel
memory or gain escalated privileges on the affected computer.
10. Nmap Potential Insecure File Creation Vulnerability
BugTraq ID: 10567
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10567
Summary:
Nmap is reportedly prone to a potential insecure file creation
vulnerability. A local user may exploit this vulnerability to cause files to
be overwritten with the privileges of the user running Nmap. This issue
occurs when Nmap is launched with the '-oN' option.
All versions of Nmap are considered to be vulnerable to this issue.
Further analysis has showed that this issue is not a vulnerability.
This BID is being retired.
11. MoinMoin Group Name Privilege Escalation Vulnerability
BugTraq ID: 10568
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10568
Summary:
It is reported that MoinMoin contains a privilege escalation
vulnerability whereby regular users can gain administrative privileges.
MoinMoin allows remote web clients to create their own user accounts
without administrative intervention or approval. It is reported that if a
user creates an account with the same name as an administrative group,
the user will inherit the privileges of that same administrative group.
An attacker would use this vulnerability to gain complete access to the
MoinMoin Wiki, and could gain access to sensitive information, or
destroy information.
Versions before 1.2.2 are reported vulnerable.
12. Asterisk PBX Multiple Logging Format String Vulnerabilities
BugTraq ID: 10569
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10569
Summary:
It is reported that Asterisk is susceptible to format string
vulnerabilities in its logging functions.
An attacker may use these vulnerabilities to corrupt memory, and read
or write arbitrary memory. Remote code execution is likely possible.
Due to the nature of these vulnerabilities, there may exist many
different avenues of attack. Anything that can potentially call the logging
functions with user-supplied data is vulnerable.
Versions 0.7.0 through to 0.7.2 are reported vulnerable.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. OpenVPN? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/366447
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
2. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
3. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
4. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
5. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
6. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:
Running from cron at a specified interval SnortNotify will search a
snort database for new alerts. If new alerts match a pre configured
priority level, an email will be sent to the contact. The email will include
Sensor name, the signaturename, and the timestamp.
2. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko@devil-linux.org>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:
Devil-Linux is a special Linux distribution which is used for
firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and
secure Linux system. Configuration is saved on a floppy disk, and it
has several optional packages.
3. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary:
GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail
User Agent) and the MTA (Mail Transport Agent), and can perform various
sorts of processing and conversion on-the-fly in accordance with the
sender's specified rules, based on a highly configurable regular
expressions system. It operates as a proxy server, and can edit outgoing mail
headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels
using the TLS/SSL encryption even if your mail user agent doesn't
support it, or tunnel a connection through a SOCKS proxy server.
4. DNSSEC Walker v3.4
By: Simon Josefsson
Relevant URL: http://josefsson.org/walker/
Platforms: Linux, UNIX
Summary:
DNSSEC Walker is a tool to recover DNS zonefiles using the DNS
protocol. The server does not have to support zonetransfer, but the zone must
contain DNSSEC "NXT" records.
5. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT,
Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It
supports active and passive dissection of many protocols (even ciphered
ones, like SSH and HTTPS). Data injection in an established connection
and filtering on the fly is also possible, keeping the connection
synchronized. Many sniffing modes were implemented to give you a powerful
and complete sniffing suite. Plugins are supported. It has the ability to
check whether you are in a switched LAN or not, and to use OS
fingerprints (active or passive) to let you know the geometry of the LAN.
6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the
kernel's security. When it is in effect, chosen files access, all
system/network administration operations, any capability use, raw device, mem,
and I/O access can be made impossible even for root. You can define
which program can access which file. It uses and extends the system
capabilities bounding set to control the whole system and adds some network
and filesystem security features to the kernel to enhance the security.
You can finely tune the security protections online, hide sensitive
processes, receive security alerts through the network, and more.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to visit a myriad of mailing lists and websites to read the news? Just
add the new SecurityFocus RSS feeds to your freeware RSS reader, and
see
all the latest posts for Bugtraq and the SF Vulnernability database in
one convenient place. Or, pull in the latest news, columnists and
feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------