| Date: | 20 Jul 2004 19:14:43 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #193 |
SecurityFocus Linux Newsletter #193
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework (Part 2 of 3)
2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
II. LINUX VULNERABILITY SUMMARY
1. Multiple Mozilla Bugzilla Vulnerabilities
2. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
3. PHP Strip_Tags() Function Bypass Vulnerability
4. PHP memory_limit Remote Code Execution Vulnerability
5. Linux Kernel Equalizer Load Balancer Device Driver Local Den...
6. PHPBB Multiple Cross-Site Scripting Vulnerabilities
7. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
III. LINUX FOCUS LIST SUMMARY
1. Access control for a NFS server (Thread)
2. Certifying a RedHat Install (Thread)
3. Visited by a cracker (Thread)
4. Administrivia (Thread)
5. Fwd: Certifying a RedHat Install (Thread)
6. Weird! (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. cenfw 0.2 beta
2. TinyCA v0.6.4
3. MIMEDefang v2.44
4. Ettercap v0.7.0 pre2
5. SnortNotify 1.02
6. Devil-Linux v1.2 Beta 1
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part 2 of 3)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the
future of
penetration testing once and for all. Part two of three.
http://www.securityfocus.com/infocus/1790
2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
By Don Parker
This article is the second of a two-part series that will discuss
various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques.
http://www.securityfocus.com/infocus/1791
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Multiple Mozilla Bugzilla Vulnerabilities
BugTraq ID: 10698
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10698
Summary:
Multiple vulnerabilities are reported to exist in the Bugzilla
software. The issues include cross-site scripting, SQL injection, privilege
escalation, and information disclosure.
An information disclosure vulnerability is reported to affect Bugzilla
installations under certain circumstances. It is reported that when the
SQL server is halted, and the HTTP server continues to run, a remote
attacker may disclosure the database password.
An attacker, may employ the harvested password information to
authenticate to the SQL database.
A privilege escalation vulnerability is reported to affect Bugzilla.
A privileged attacker may exploit this vulnerability to gain membership
to other Bugzilla groups.
An additional information disclosure vulnerability is reported to
affect Bugzilla. It is reported that hidden products may be revealed using
vulnerable CGI scripts.
An attacker may employ the vulnerable scripts in order to disclose
product listings that are marked as confidential.
Bugzilla is reported prone to multiple cross-site scripting
vulnerabilities. These issues exist due to a lack of sanitization performed on
user supplied URI data before this data is incorporated into dynamically
generated error messages.
These cross-site scripting issues could permit a remote attacker to
create a malicious URI link that includes hostile HTML and script code.
If a user follows the malicious link, the attacker-supplied code
executes in the web browser of the victim computer.
An additional information disclosure vulnerability is reported to
affect Bugzilla. It is reported that a Bugzilla user's password may be
embedded as a part of an image URI, the password may be saved into and be
visible in web server or web proxy logs.
An attacker who has access to the web server logs may harvest
credentials.
Finally, Bugzilla is reported prone to an SQL injection vulnerability.
The issue is due to a failure of the application to properly sanitize
user-supplied input.
As a result of this issue a privileged attacker could modify the logic
and structure of database queries.
2. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 10722
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10722
Summary:
It is reported that phpBB contains multiple unspecified SQL injection
vulnerabilities.
One vulnerability is reported to exist in 'admin_board.php'. The other
pertains to improper characters in the session id variable.
These issues are due to a failure of the application to properly
sanitize user-supplied URI parameters before using them to construct SQL
queries to be issued to the underlying database.
Version 2.0.9 has been released addressing these, and other issues.
This BID will be updated when further information is known.
3. PHP Strip_Tags() Function Bypass Vulnerability
BugTraq ID: 10724
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10724
Summary:
It is reported that it is possible to bypass PHPs strip_tags()
function.
It is reported that under certain circumstances, PHPs strip_tags()
function will improperly leave malformed tags in place.
This vulnerability may mean that previously presumed-safe web
applications could contain multiple cross-site scripting and HTML injection
vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari
web browsers.
It is reported that 'magic_quotes_gpc' must be off for PHP to be
vulnerable to this issue.
4. PHP memory_limit Remote Code Execution Vulnerability
BugTraq ID: 10725
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10725
Summary:
Reportedly PHP modules compiled with memory_limit support are affected
by a remote code execution vulnerability. This issue is due to a
failure of the PHP module to properly handle memory_limit request
termination.
This issue is reportedly exploitable by exploiting the Apache
ap_escape_html Memory Allocation Denial Of Service Vulnerability (BID 10619); an
attacker can cause premature termination during critical code
execution. It should be noted that although the above-mentioned Apache
vulnerability is the only known attack vector, there might be other attack
vectors that are currently unknown.
An attacker can exploit this issue to execute arbitrary code on an
affected computer within the context of the vulnerable application,
facilitating unauthorized access.
5. Linux Kernel Equalizer Load Balancer Device Driver Local Den...
BugTraq ID: 10730
Remote: No
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10730
Summary:
The Linux kernel is reported to be prone to a local denial of service
vulnerability. The issue is reported to exist in the 'eql.c' source
file.
An unprivileged local attacker may exploit this issue by crafting a
program that calls the vulnerable functions on a slave device name that
does not exist.
This vulnerability is reported to exist in version 2.6.7 of the Linux
kernel. It is likely that other versions are also affected.
6. PHPBB Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 10738
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10738
Summary:
It is reported that phpBB is affected by multiple cross-site scripting
vulnerabilities. These issues are due to a failure of the application
to properly sanitize user-supplied URI input.
The problems present themselves in the 'index.php' and 'faq.php'
scripts.
These issues could permit a remote attacker to create a malicious URI
link that includes hostile HTML and script code. If this link were
followed, the hostile code may be rendered in the web browser of the victim
user.
7. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
BugTraq ID: 10741
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10741
Summary:
It is reported that PHPNuke is susceptible to a cross-site scripting
vulnerability and an SQL injection vulnerability.
Both of these vulnerabilities are due to improper sanitization of
user-supplied data.
Attackers may supply malicious parameters to manipulate the structure
and logic of SQL queries. This may result in unauthorized operations
being performed on the underlying database. This issue may be exploited to
cause sensitive information to be disclosed to a remote attacker.
The cross-site scripting vulnerability is reported to exist in the same
script. As a result of this deficiency, it is possible for a remote
attacker to create a malicious link containing script code that will be
executed in the browser of a legitimate user.
This may allow for theft of cookie-based authentication credentials and
other attacks.
These vulnerabilities were reported in version 7.3 of PHPNuke. Other
versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Access control for a NFS server (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369388
2. Certifying a RedHat Install (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369156
3. Visited by a cracker (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369117
4. Administrivia (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369089
5. Fwd: Certifying a RedHat Install (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368985
6. Weird! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/368773
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT,
Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
2. TinyCA v0.6.4
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small
certification authority. It is based on OpenSSL and Perl modules from the OpenCA
project. TinyCA lets you manage x509 certificates. It is possible to
export data in PEM or DER format for use with servers, as PKCS#12 for use
with clients, or as S/MIME certificates for use with email programs. It
is also possible to import your own PKCS#10 requests and generate
certificates from them.
3. MIMEDefang v2.44
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect
Windows clients from viruses. It can alter or delete various parts of a MIME
message according to a very flexible configuration file. It can also
bounce messages with unnaceptable attachments. MIMEDefang works with
Sendmail 8.11's new "Milter" API, which gives it much more flexibility than
procmail-based approaches.
4. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT,
Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It
supports active and passive dissection of many protocols (even ciphered
ones, like SSH and HTTPS). Data injection in an established connection
and filtering on the fly is also possible, keeping the connection
synchronized. Many sniffing modes were implemented to give you a powerful
and complete sniffing suite. Plugins are supported. It has the ability to
check whether you are in a switched LAN or not, and to use OS
fingerprints (active or passive) to let you know the geometry of the LAN.
5. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:
Running from cron at a specified interval SnortNotify will search a
snort database for new alerts. If new alerts match a pre configured
priority level, an email will be sent to the contact. The email will include
Sensor name, the signaturename, and the timestamp.
6. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko@devil-linux.org>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:
Devil-Linux is a special Linux distribution which is used for
firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and
secure Linux system. Configuration is saved on a floppy disk, and it
has several optional packages.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------