Date: | 13 Jul 2004 20:55:11 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #192 |
SecurityFocus Linux Newsletter #192
------------------------------------
This issue sponsored by: WhiteHat Security
Free Web Security Checkup
Find out if your web site is vulnerable to common web site
vulnerabilities
such as Cross Site Scripting, SQL Injection or Directory Traversal with
a
free web security checkup from WhiteHat Security.
Sign up for a free checkup at
http://www.securityfocus.com/sponsor/WhiteHat_linux-secnews_040713
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework (Part One)
II. LINUX VULNERABILITY SUMMARY
1. IBM Websphere Edge Server Denial Of Service Vulnerability
2. 12Planet Chat Server Cross-Site Scripting Vulnerability
3. Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
4. Linux Kernel chown() System Call Group Ownership Alteration ...
5. PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
6. IlohaMail Email Header HTML Injection Vulnerability
7. Ethereal Multiple Unspecified iSNS, SMB and SNMP Protocol D...
8. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
9. Linux Kernel Floating Point Register Contents Leak Vulnerabi...
III. LINUX FOCUS LIST SUMMARY
1. Visited by a cracker (Thread)
2. Weird! (Thread)
3. Re[2]: Weird! (Thread)
4. Last login missing (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Ettercap v0.7.0 pre2
2. SnortNotify 1.02
3. Devil-Linux v1.2 Beta 1
4. GNU Anubis v3.9.94
5. DNSSEC Walker v3.4
6. Linux Intrusion Detection System (LIDS) v2.6.6
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part One)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the
future of
penetration testing once and for all. Part one of three.
http://www.securityfocus.com/infocus/1789
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. IBM Websphere Edge Server Denial Of Service Vulnerability
BugTraq ID: 10651
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10651
Summary:
A denial of service vulnerability is reported in the Caching Proxy
component bundled with the IBM Websphere Edge Server.
It is reported that if the proxy is configured with the JunctionRewrite
directive in conjunction with the UseCookie option, an attacker may be
able to crash the application.
A remote attacker reportedly is able to cause a denial of service
condition with one request.
IBM has released a patch dealing with this issue. This patch is
available only to customers with support levels 2 or 3.
2. 12Planet Chat Server Cross-Site Scripting Vulnerability
BugTraq ID: 10659
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10659
Summary:
It is reported that 12Planet Chat Server is prone to a cross-site
scripting vulnerability. This issue is due to a lack of sanitization of
user-supplied data.
The problem presents itself when malicious HTML or script code is
passed in a URI argument to one of the servlets in the application.
A remote attacker can exploit this issue by creating a malicious link
to the vulnerable application that includes hostile HTML and script
code. If this link were followed by an unsuspecting user, the hostile code
may be rendered in the their web browser. This would occur in the
security context of the web server and may allow for theft of cookie-based
authentication credentials or other attacks.
Although version 2.9 of the software was reported vulnerable, other
versions may also be affected.
3. Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
BugTraq ID: 10660
Remote: No
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10660
Summary:
It is reported that VServer may be used in order to disclose memory
contents and to deny service to the host operating system and other
virtual servers. The vulnerability exists due to weak sharing permissions on
procfs mounted directories. It is reported that a user residing in a
VServer may make changes to a procfs mounted directory any changes made
will affect the host operating system and all VServers that exist.
An attacker may exploit this issue to disclose information or initiate
a denial of service.
4. Linux Kernel chown() System Call Group Ownership Alteration ...
BugTraq ID: 10662
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10662
Summary:
It is reported that the Linux kernel version 2.6 contains a flaw which
allows users to improperly change the group ownership on arbitrary
files that they do not own. For the Linux kernel 2.4.X this issue is only
exploitable when the kernel NFS server is active, for the 2.6.X kernel
this issue is always exploitable.
An attacker may reportedly be able to exploit this issue to gain
superuser privileges.
This issue was reported in version 2.6.6, but other versions, including
2.4.X, are also likely vulnerable.
5. PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
BugTraq ID: 10664
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10664
Summary:
PureFTPd is reported prone to a remote undisclosed denial of service
vulnerability. The vulnerability is reported to exist due to a bug in the
accept_client function used to setup new connections. It is reported
that when the maximum number of connections is reached an attacker may be
able to deny service to the affected daemon.
It is reported that all versions of cPanel are also affected by this
issue because cPanel ships with PureFTPd 1.0.12.
6. IlohaMail Email Header HTML Injection Vulnerability
BugTraq ID: 10668
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10668
Summary:
IlohaMail is reported to be prone to an email header HTML injection
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied email header strings.
An attacker can exploit this issue to gain access to an unsuspecting
user's cookie based authentication credentials; disclosure of personal
email is possible. Other attacks are also possible.
IlohaMail 0.8.12 and prior are prone to this issue.
7. Ethereal Multiple Unspecified iSNS, SMB and SNMP Protocol D...
BugTraq ID: 10672
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10672
Summary:
Ethereal 0.10.5 has been released to address multiple vulnerabilities,
including an iSNS protocol dissector vulnerability, a SMB protocol
dissector vulnerability, and a SNMP protocol dissector vulnerability.
These issues are due to a failure of the application to properly handle
malformed packets.
Successful exploitation of these issues will allow an attacker to cause
a denial of service condition in the affected application, it has also
been reported that these issues may facilitate arbitrary code
execution.
8. Sun Java Virtual Machine Font.createFont Method Insecure Tem...
BugTraq ID: 10685
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10685
Summary:
Sun Java Virtual Machine is a component of the Sun Java infrastructure
that performs the handling of Java applets and other programs. It is
available for Unix, Linux, and Microsoft platforms.
Sun Java Virtual Machine is prone to an insecure temporary file
creation weakness. It is reported that this file is created by the
'Font.createFont' method with the following name:
+~JFxxxxx.tmp
where xxxxx is a random number.
This issue can be combined with various other vulnerabilities in
Internet Explorer to ultimately allow for code execution on a vulnerable
computer.
9. Linux Kernel Floating Point Register Contents Leak Vulnerabi...
BugTraq ID: 10687
Remote: No
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10687
Summary:
The Linux kernel is reported prone to a data disclosure vulnerability.
It is reported that this issue may permit a malicious executable to
disclose the contents of Floating Point registers that belong to another
process.
It is reported that this vulnerability will only affect ia64 systems.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Visited by a cracker (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368736
2. Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368598
3. Re[2]: Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368597
4. Last login missing (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368070
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT,
Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It
supports active and passive dissection of many protocols (even ciphered
ones, like SSH and HTTPS). Data injection in an established connection
and filtering on the fly is also possible, keeping the connection
synchronized. Many sniffing modes were implemented to give you a powerful
and complete sniffing suite. Plugins are supported. It has the ability to
check whether you are in a switched LAN or not, and to use OS
fingerprints (active or passive) to let you know the geometry of the LAN.
2. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:
Running from cron at a specified interval SnortNotify will search a
snort database for new alerts. If new alerts match a pre configured
priority level, an email will be sent to the contact. The email will include
Sensor name, the signaturename, and the timestamp.
3. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko@devil-linux.org>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:
Devil-Linux is a special Linux distribution which is used for
firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and
secure Linux system. Configuration is saved on a floppy disk, and it
has several optional packages.
4. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary:
GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail
User Agent) and the MTA (Mail Transport Agent), and can perform various
sorts of processing and conversion on-the-fly in accordance with the
sender's specified rules, based on a highly configurable regular
expressions system. It operates as a proxy server, and can edit outgoing mail
headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels
using the TLS/SSL encryption even if your mail user agent doesn't
support it, or tunnel a connection through a SOCKS proxy server.
5. DNSSEC Walker v3.4
By: Simon Josefsson
Relevant URL: http://josefsson.org/walker/
Platforms: Linux, UNIX
Summary:
DNSSEC Walker is a tool to recover DNS zonefiles using the DNS
protocol. The server does not have to support zonetransfer, but the zone must
contain DNSSEC "NXT" records.
6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the
kernel's security. When it is in effect, chosen files access, all
system/network administration operations, any capability use, raw device, mem,
and I/O access can be made impossible even for root. You can define
which program can access which file. It uses and extends the system
capabilities bounding set to control the whole system and adds some network
and filesystem security features to the kernel to enhance the security.
You can finely tune the security protections online, hide sensitive
processes, receive security alerts through the network, and more.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: WhiteHat Security
Free Web Security Checkup
Find out if your web site is vulnerable to common web site
vulnerabilities
such as Cross Site Scripting, SQL Injection or Directory Traversal with
a
free web security checkup from WhiteHat Security.
Sign up for a free checkup at
http://www.securityfocus.com/sponsor/WhiteHat_linux-secnews_040713
------------------------------------------------------------------------