| Date: | 27 Jul 2004 22:34:12 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #194 |
SecurityFocus Linux Newsletter #194
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Wireless Attacks and Penetration Testing (part 3 of 3)
2. A Promise Falls in the Forest
3. Mac OS X ? Unix? Secure?
II. LINUX VULNERABILITY SUMMARY
1. Medal Of Honor Allied Assault Remote Buffer Overflow Vulnera...
2. Extropia WebStore Remote Command Execution Vulnerability
3. PHPNuke Multiple Input Validation Vulnerabilities
4. CuteNews Comment HTML Injection Vulnerability
5. PHPBB Multiple HTTP Response Splitting Vulnerabilities
6. PHPBB Search.PHP "search_author" Cross-Site Scripting Vulner...
7. PHP-Nuke Reviews Module "title" Parameter Cross-Site Scripti...
8. APC PowerChute Business Edition Unspecified Denial Of Servic...
9. Imatix Xitami Server Side Includes Cross-Site Scripting Vuln...
10. Linux Kernel Multiple Unspecified Local Privilege
Escalation...
11. Samba Web Administration Tool Base64 Decoder Buffer
Overflow...
12. Samba Filename Mangling Method Buffer Overrun Vulnerability
13. Linux Kernel Unspecified Local Denial of Service
Vulnerabili...
14. Nessus Insecure Temporary File Creation Vulnerabiliry
15. Imatix Xitami Malformed Header Remote Denial of Service
Vuln...
III. LINUX FOCUS LIST SUMMARY
1. Hack attempt (Thread)
2. Access to nfs server, Part 2 (Thread)
3. SSO on linux (Thread)
4. Access control for a NFS server (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Lepton's Crack 20031130
2. popa3d v0.6.4.1
3. tinysofa enterprise server 2.0-rc1
4. cenfw 0.2 beta
5. TinyCA v0.6.4
6. MIMEDefang v2.44
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Wireless Attacks and Penetration Testing (part 3 of 3)
By Jonathan Hassell
This third and final part of the wireless pen-test series looks at how
to
mitigate the security risks outlined in the previous articles, and then
looks at some proposed solutions currently in front of the IETF.
http://www.securityfocus.com/infocus/1792
2. A Promise Falls in the Forest
By Mark Rasch
A federal court recently ruled that website privacy policies aren't
binding, because nobody reads them. The implications are far reaching
for
contract law and the Internet.
http://www.securityfocus.com/columnists/257
3. Mac OS X ? Unix? Secure?
By Daniel Hanson
Apple's OS X is not safer or less susceptible to vulnerabilities and
viruses than other OSes, and Apple's secretive culture is bad for the
security world.
http://www.securityfocus.com/columnists/256
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Medal Of Honor Allied Assault Remote Buffer Overflow Vulnera...
BugTraq ID: 10743
Remote: Yes
Date Published: Jul 17 2004
Relevant URL: http://www.securityfocus.com/bid/10743
Summary:
A remote buffer overflow vulnerability was reported in Medal of Honor
Allied Assault.
This issue may permit remote code execution in vulnerable game servers
and clients. However, it is reported that clients will only be
affected in LAN games as Internet games use the Gamespy protocol. The issue
also affects various expansion packs for the game.
2. Extropia WebStore Remote Command Execution Vulnerability
BugTraq ID: 10744
Remote: Yes
Date Published: Jul 17 2004
Relevant URL: http://www.securityfocus.com/bid/10744
Summary:
eXtropia WebStore is prone to a remote command execution vulnerability.
This issue is due to insufficient input validation and may permit
execution of commands in the context of the hosting Web server.
3. PHPNuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10749
Remote: Yes
Date Published: Jul 19 2004
Relevant URL: http://www.securityfocus.com/bid/10749
Summary:
It is reported that PHPNuke is susceptible to multiple cross-site
scripting and SQL injection vulnerabilities.
This can allow for theft of cookie-based authentication credentials and
other attacks. Attackers may supply malicious parameters to manipulate
the structure and logic of SQL queries.
These vulnerabilities were reported in version 7.3 of PHPNuke. Other
versions may also be affected.
4. CuteNews Comment HTML Injection Vulnerability
BugTraq ID: 10750
Remote: Yes
Date Published: Jul 19 2004
Relevant URL: http://www.securityfocus.com/bid/10750
Summary:
CutePHP is reported prone to an HTML injection vulnerability.
The vulnerability exists due to insufficient sanitization of
user-supplied input. Specifically, user-supplied input to comment posts are not
sufficiently sanitized of malicious HTML code.
An attacker can exploit this vulnerability by adding HTML code within
URI arguments. The hostile code may be rendered in the user's browser
when the user views the entry.
Exploitation could permit an attacker to steal cookie-based
authentication credentials or launch other attacks.
5. PHPBB Multiple HTTP Response Splitting Vulnerabilities
BugTraq ID: 10753
Remote: Yes
Date Published: Jul 19 2004
Relevant URL: http://www.securityfocus.com/bid/10753
Summary:
phpBB is reported prone to multiple HTTP response splitting
vulnerabilities. The issues exist in the "privmsg.php" script and the "login.php"
script. The vulnerabilities present themselves due to a flaw in the
affected scripts that will allow an attacker to manipulate how GET
requests are handled.
A remote attacker may exploit these vulnerabilities to influence or
misrepresent how web content is served, cached or interpreted.
6. PHPBB Search.PHP "search_author" Cross-Site Scripting Vulner...
BugTraq ID: 10754
Remote: Yes
Date Published: Jul 19 2004
Relevant URL: http://www.securityfocus.com/bid/10754
Summary:
It is reported that one of the scripts included with phpBB is prone to
a cross-site scripting vulnerability. According to the author of the
report, the script "search.php" returns the value of the HTML variable
"search_author" to the client as its output without encoding it or
otherwise removing potentially hostile content.
It is reported that gpc magic quotes must be turned off in php.ini for
this vulnerability to exist.
7. PHP-Nuke Reviews Module "title" Parameter Cross-Site Scripti...
BugTraq ID: 10755
Remote: Yes
Date Published: Jul 19 2004
Relevant URL: http://www.securityfocus.com/bid/10755
Summary:
PHP-Nuke 'reviews' module is prone to a cross-site scripting
vulnerability. This issue could allow an attacker to steal cookie-based
authentication credentials.
An attacker can exploit this issue by creating a malicious link
containing HTML and script code. The attacker sends this link to a vulnerable
user. When the user follows the link, HTML and script renders in the
user's browser.
8. APC PowerChute Business Edition Unspecified Denial Of Servic...
BugTraq ID: 10777
Remote: Unknown
Date Published: Jul 21 2004
Relevant URL: http://www.securityfocus.com/bid/10777
Summary:
It is reported that APC PowerChute Business Edition is susceptible to
an unspecified denial of service vulnerability.
Reportedly, all versions of the software between 6.0 and 7.0.1 contain
a denial of service vulnerability that affects servers and agents. It
does not affect the ability of the software to shutdown computers in the
event of a power failure.
APC has released version 7.0.2 addressing this issue.
This BID will be updated as further information is disclosed.
9. Imatix Xitami Server Side Includes Cross-Site Scripting Vuln...
BugTraq ID: 10778
Remote: Yes
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10778
Summary:
It is reported that Imatix Xitami is affected by a cross-site scripting
vulnerability in the server side includes test script. This issue is
due to a failure of the application to properly sanitize user-supplied
input.
Successful exploitation of this issue will allow an attacker to execute
arbitrary script code in the browser of an unsuspecting user. This may
potentially be exploited to hijack web content or steal cookie-based
authentication credentials from legitimate users.
10. Linux Kernel Multiple Unspecified Local Privilege Escalation...
BugTraq ID: 10779
Remote: No
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10779
Summary:
Linux Kernel is reported prone to multiple unspecified privilege
escalation vulnerabilities. These vulnerabilities may allow a local attacker
to gain elevated privileges or disclose kernel memory.
These vulnerabilities were referenced in a SuSe advisory, however,
further details are not currently available. It is possible that these
issues are related to BID 10566 (Linux Kernel Multiple Device Driver
Vulnerabilities). This BID will be updated or retired as more information
becomes available.
It is reported that these issues present themselves in Linux kernel
2.6.
11. Samba Web Administration Tool Base64 Decoder Buffer Overflow...
BugTraq ID: 10780
Remote: Yes
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10780
Summary:
It has been reported that Samba Web Administration Tool (SWAT) is
affected by a base64 decoder buffer overflow vulnerability. This issue is
due to a failure of the application to properly validate buffer
boundaries when copying user-supplied input into a finite buffer.
Successful exploitation of this issue will allow a remote,
unauthenticated attacker to execute arbitrary code on the affected computer with
the privileges of the affected process; Samba typically runs with
superuser privileges.
12. Samba Filename Mangling Method Buffer Overrun Vulnerability
BugTraq ID: 10781
Remote: Yes
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10781
Summary:
Samba is reported prone to an undisclosed buffer overrun vulnerability,
the buffer overrun is reported to exist when Samba is handling file
name mangling with the "hash" method.
It is conjectured that this vulnerability may present itself when the
affected server handles a filename that is sufficient to trigger the
vulnerability. To exploit this vulnerability, an attacker may require
sufficient access so that they may write a file to a published samba share.
It is reported that the vulnerability does not exist in default Samba
configurations; by default, Samba is configured to employ "hash2" name
mangling. The "hash2" method is not vulnerable.
This vulnerability is reported to affect Samba version 3.0.0 and later.
13. Linux Kernel Unspecified Local Denial of Service Vulnerabili...
BugTraq ID: 10783
Remote: No
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10783
Summary:
Linux kernel is reported prone to an unspecified local denial of
service vulnerability. It is reported that issue only affects ia64 systems.
A local attacker can exploit this issue by dereferencing a NULL pointer
and causing a kernel panic. Successful exploitation will lead to a
denial of service condition in a vulnerable computer.
No further details are available at this time. This issue will be
updated as more information becomes available.
14. Nessus Insecure Temporary File Creation Vulnerabiliry
BugTraq ID: 10784
Remote: No
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10784
Summary:
Nessus is reported to be vulnerable to an insecure temporary file
creation vulnerability.
This vulnerability presents itself in the 'nessus-adduser' script. This
script is used to add users to the Nessus application. These users are
independent of the system user database, and are used to define access
roles and limits in the application.
When creating new users, Nessus insecurely creates a temporary file.
A non-privileged user with interactive access could overwrite any file
on the system with superuser privileges. The attacker does not control
the data being written, just the location of the file.
An attacker could also exploit this issue to modify the rules assigned
to the new nessus user, allowing or denying access to scan hosts within
Nessus.
Versions of 2.0.x prior to 2.0.12 and the experimental version 2.1.0
are reported to be vulnerable to this issue.
15. Imatix Xitami Malformed Header Remote Denial of Service Vuln...
BugTraq ID: 10785
Remote: Yes
Date Published: Jul 22 2004
Relevant URL: http://www.securityfocus.com/bid/10785
Summary:
A vulnerability is identified in the handling of certain types of
requests by Xitami. Because of this, it is possible for a remote attacker to
deny service to legitimate users of a vulnerable server.
Xitami 2.5c1 is reported prone to this issue, however, other versions
may be affected as well.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Hack attempt (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369855
2. Access to nfs server, Part 2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369850
3. SSO on linux (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369843
4. Access control for a NFS server (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/369508
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Lepton's Crack 20031130
By: Lepton and Nekromancer
Relevant URL: http://www.nestonline.com/lcrack/lcrack-20031130-beta.zip
Platforms: Linux, MacOS, Os Independent, UNIX, Windows 2000, Windows
NT, Windows XP
Summary:
Lepton's Crack is a generic password cracker. It is easily-customizable
with a simple plugin system and allows system administrators to review
the quality of the passwords being used on their systems. It can
perform a dictionary-based (wordlist) attack as well as a brute force
(incremental) password scan. It supports standard MD4 hash, standard MD5 hash,
NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash
formats. LM (LAN Manager) plus appending and prepending
2. popa3d v0.6.4.1
By: Solar Designer, solar@openwall.com
Relevant URL: http://www.openwall.com/popa3d/
Platforms: Linux, Solaris
Summary:
popa3d is a POP3 daemon which attempts to be extremely secure,
reliable, RFC compliant, and fast (in that order).
3. tinysofa enterprise server 2.0-rc1
By: Omar Kilani
Relevant URL: http://www.tinysofa.org
Platforms: Linux, POSIX
Summary:
tinysofa enterprise server is a secure server targeted enterprise grade
operating system. It is based on Trustix Secure Linux and includes a
complete distribution port to Python 2.3 and RPM 4.2, an overhauled PAM
authentication system providing system-wide authentication
configuration, the latest upstream packages, the replacement of ncftp with lftp, the
addition of gdb and screen, feature additions to the swup updater that
provide multiple configuration file support, user login FTP support,
enable/disable support, variable expansion support (allows multiple
architectures), and many enhancements.
4. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT,
Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
5. TinyCA v0.6.4
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small
certification authority. It is based on OpenSSL and Perl modules from the OpenCA
project. TinyCA lets you manage x509 certificates. It is possible to
export data in PEM or DER format for use with servers, as PKCS#12 for use
with clients, or as S/MIME certificates for use with email programs. It
is also possible to import your own PKCS#10 requests and generate
certificates from them.
6. MIMEDefang v2.44
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect
Windows clients from viruses. It can alter or delete various parts of a MIME
message according to a very flexible configuration file. It can also
bounce messages with unnaceptable attachments. MIMEDefang works with
Sendmail 8.11's new "Milter" API, which gives it much more flexibility than
procmail-based approaches.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------