| Date: | 8 Sep 2004 15:31:03 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #200 |
SecurityFocus Linux Newsletter #200
------------------------------------
This issue sponsored by: SPI Dynamics
New Webcast: "The Hacking Evolution: New Trends in Exploits and
Vulnerabilities" Watch as Caleb Sima, CTO & Founder of SPI Dynamics
shows
you how to defend against these new attacks in a FREE Web Cast that
will
cover real examples of recent hacking methods such as: Google Hacking,
SQL
Injection and Cell Phone Attacks.
http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_040907
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework, Part 2
2. Simple and Secure isn't so Simple
II. LINUX VULNERABILITY SUMMARY
1. Bsdmainutils Calendar Information Disclosure Vulnerability
2. MIT Kerberos 5 Multiple Double-Free Vulnerabilities
3. MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability
4. SuSE Linux PTMX Unspecified Local Denial Of Service Vulnerab...
5. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vul...
6. PHPWebSite Multiple Input Validation Vulnerabilities
7. IBM DB2 Universal Database Multiple Remote Buffer Overflow A...
8. Opera Web Browser Empty Embedded Object JavaScript Denial Of...
9. LHA Multiple Code Execution Vulnerabilities
10. Squid Proxy NTLM Authentication Denial Of Service
Vulnerabil...
11. Dynalink RTA 230 ADSL Router Default Backdoor Account
Vulner...
III. LINUX FOCUS LIST SUMMARY
1. How to make a core dump? (Thread)
2. redhat patch problem? (Thread)
3. Reverse SSH tunelling (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. THC-Hydra v4.3
2. Pads 1.1
3. cenfw 0.3b
4. Firewall Builder 2.0
5. Lepton's Crack 20031130
6. popa3d v0.6.4.1
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework, Part 2
By Pukhraj Singh and K.K. Mookhey
Newly updated. This article provides insight into the Metasploit
Framework,
a very useful tool for the penetration tester. Part two of three.
http://www.securityfocus.com/infocus/1790
2. Simple and Secure isn't so Simple
By Daniel Hanson
Simple to code does not always mean simple for the user. And simple for
the
user is often not easy to code.
http://www.securityfocus.com/columnists/264
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Bsdmainutils Calendar Information Disclosure Vulnerability
BugTraq ID: 11077
Remote: No
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11077
Summary:
The calendar utility contained in the bsdmainutils package on Debian
GNU/Linux systems is reported susceptible to an information disclosure
vulnerability. This is due to a lack of proper file authorization checks
by the application.
The application fails to enforce permissions of included files when run
as the superuser with the '-a' argument, therefore it is possible for a
local attacker to create a calendar file that will disclose the
contents of arbitrary, potentially sensitive files. This may aid them in
further attacks against the affected computer.
By default, the package is installed with a crontab file that will not
call the calendar utility. Systems are only affected if the crontab is
enabled by administrators.
Debian GNU/Linux computers with bsdmainutils versions prior to 6.0.15
are reported to be vulnerable.
2. MIT Kerberos 5 Multiple Double-Free Vulnerabilities
BugTraq ID: 11078
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11078
Summary:
There are multiple double-free vulnerabilities reported to exist in MIT
Kerberos 5.
All vulnerabilities stem from inconsistent memory handling routines in
the krb5 library.
These vulnerabilities are exploitable in various ways:
- An attacker can execute arbitrary code in the context of a KDC server
process, potentially compromising the entire Kerberos realm.
- An attacker can execute arbitrary code in the context of a krb524d
server process, potentially compromising the entire Kerberos realm if it
is running on the same computer as a KDC.
- An attacker can execute arbitrary code in the context of various
other server processes utilizing the krb5 library.
- An attacker impersonating a KDC or application server may be able to
execute arbitrary code in the context of a client process attempting to
authenticate.
Versions up to and including 1.3.4 are reported vulnerable.
3. MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability
BugTraq ID: 11079
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11079
Summary:
It is reported that MIT Kerberos V is susceptible to a denial of
service vulnerability in its ASN.1 decoder.
This vulnerability presents itself when the krb5 library attempts to
decode a malformed ASN.1 buffer.
As a result of this vulnerability, a remote attacker may be able to
deny all Kerberos service in a realm by sending malicious UDP packets to
all KDCs (Key Distribution Center). The affected KDCs would then stop
servicing further authentication requests. All services utilizing
Kerberos for authentication would fail to allow further requests.
MIT Kerberos V versions 1.2.2 through to 1.3.4 are reportedly affected
by this vulnerability.
4. SuSE Linux PTMX Unspecified Local Denial Of Service Vulnerab...
BugTraq ID: 11081
Remote: No
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11081
Summary:
Reportedly SuSE Linux is vulnerable to a local ptmx denial of service
vulnerability; fixes are available. The underlying cause of this issue
is currently unknown; this BID will be updated as more information is
released.
An attacker may leverage this issue to cause the affected computer to
hang or crash, denying service to legitimate users.
5. IMLib/IMLib2 Multiple BMP Image Decoding Buffer Overflow Vul...
BugTraq ID: 11084
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11084
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the
Iimlib/Imlib2 libraries. These issues may be triggered when handling
malformed bitmap images.
These vulnerabilities could be exploited by a remote attacker to cause
a denial of service in applications that use the vulnerable library to
render images. It is also reported that these vulnerabilities may be
exploited to execute code arbitrary code.
6. PHPWebSite Multiple Input Validation Vulnerabilities
BugTraq ID: 11088
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11088
Summary:
It is reported that phpWebSite is susceptible to multiple cross-site
scripting, HTML injection and SQL injection vulnerabilities.
The cross-site scripting issue is present in a parameter of the
comments module script. An attacker can exploit these issues by creating a
malicious link to the vulnerable module containing HTML and script code
and send this link to a vulnerable user. When the user follows the link,
the attacker-supplied code renders in the user's browser.
An SQL injection issue exists in the application as well. This issue
affects a parameter of the calendar module script. This issue may be
exploited to cause sensitive information to be disclosed to a remote
attacker.
Finally, a HTML Injection vulnerability is reported to affect the
application. The problem is said to occur in the notes module due to a lack
of sufficient sanitization performed on user supplied data.
Attackers may potentially exploit this issue to manipulate web content,
take unauthorized site actions in the context of the victim, or to
steal cookie-based authentication credentials.
These vulnerabilities were reported in phpWebsite 0.9.3-4, previous
versions are also reported to be vulnerable.
7. IBM DB2 Universal Database Multiple Remote Buffer Overflow A...
BugTraq ID: 11089
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11089
Summary:
NGSSoftware have reported that multiple remote buffer overflow and
unspecified vulnerabilities exist in IBM DB2 Universal Database.
Details about any of the vulnerabilities are not known at this time.
8. Opera Web Browser Empty Embedded Object JavaScript Denial Of...
BugTraq ID: 11090
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11090
Summary:
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
Opera Web Browser is reported to be susceptible to a JavaScript denial
of service vulnerability. This vulnerability presents itself when Opera
attempts to execute a specific JavaScript command. Upon executing this
command, Opera will reportedly crash.
This vulnerability was reported to exist in version 7.23 of Opera for
Microsoft Windows. Other versions are also likely affected. Version 7.54
does not seem to be susceptible.
9. LHA Multiple Code Execution Vulnerabilities
BugTraq ID: 11093
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11093
Summary:
LHA is reported prone to multiple vulnerabilities. These issues
include multiple local and remote buffer overflow vulnerabilities and a
remote command execution vulnerability. Successful exploitation of these
issues may allow an attacker to execute arbitrary code and gain
unauthorized access to a vulnerable computer.
The following specific issues were reported:
The application is prone to a stack overflow vulnerability when
processing a malicious archive.
Multiple local buffer overflow vulnerabilities were reported as well.
These issues can be triggered by supplying an excessive string value to
the application through the command line.
Additionally, a remote command execution issue affects the application.
This issue is triggered when LHA processes a directory with a malformed
name.
LHA versions 1.14 and prior are affected by these issues.
10. Squid Proxy NTLM Authentication Denial Of Service Vulnerabil...
BugTraq ID: 11098
Remote: Yes
Date Published: Sep 02 2004
Relevant URL: http://www.securityfocus.com/bid/11098
Summary:
Squid is reported to be susceptible to a denial of service
vulnerability in its NTLM authentication module.
This vulnerability presents itself when attacker supplied input data is
passed to the affected NTLM module without proper sanitization.
This vulnerability allows an attacker to crash the NTLM helper
application. Squid will respawn new helper applications, but with a sustained,
repeating attack, it is likely that proxy authentication depending on
the NTLM helper application would fail. Failure of NTLM authentication
would result in the Squid application denying access to legitimate users
of the proxy.
Squid versions 2.x and 3.x are all reported to be vulnerable to this
issue. A patch is available from the vendor.
11. Dynalink RTA 230 ADSL Router Default Backdoor Account Vulner...
BugTraq ID: 11102
Remote: Yes
Date Published: Sep 03 2004
Relevant URL: http://www.securityfocus.com/bid/11102
Summary:
The Dynalink RTA 230 ADSL router is reported susceptible to a default
backdoor account vulnerability.
It is reported that the firmware contains a backdoor account. This
account is not visible or modifiable from the web administration interface.
Both the web configuration application and the telnet service are not
listening on the WAN interface by default.
Attackers with network access to internal interfaces of the device can
gain complete access to a vulnerable access point by using the default
credentials.
Other devices utilizing similar firmware may also be affected, but this
has not been confirmed. Other potential devices reported are:
- US Robotics 9105 and 9106
- Siemens SE515
- Buffalo WMR-G54
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. How to make a core dump? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/374319
2. redhat patch problem? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/374309
3. Reverse SSH tunelling (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/373984
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
2. Pads 1.1
By: Matt Shelton
Relevant URL:
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection
engine used to passively detect network assets. It is designed to
complement IDS technology by providing context to IDS alerts.
3. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
4. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary:
Firewall Builder consists of a GUI and set of policy compilers for
various firewall platforms. It helps users maintain a database of objects
and allows policy editing using simple drag-and-drop operations. The GUI
and policy compilers are completely independent, and support for a new
firewall platform can be added to the GUI without any changes to the
program (only a new policy compiler is needed). This provides for a
consistent abstract model and the same GUI for different firewall platforms.
It currently supports iptables, ipfilter, and OpenBSD pf.
5. Lepton's Crack 20031130
By: Lepton and Nekromancer
Relevant URL: http://www.nestonline.com/lcrack/lcrack-20031130-beta.zip
Platforms: Linux, MacOS, Os Independent, UNIX, Windows 2000, Windows
NT, Windows XP
Summary:
Lepton's Crack is a generic password cracker. It is easily-customizable
with a simple plugin system and allows system administrators to review
the quality of the passwords being used on their systems. It can
perform a dictionary-based (wordlist) attack as well as a brute force
(incremental) password scan. It supports standard MD4 hash, standard MD5 hash,
NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash
formats. LM (LAN Manager) plus appending and prepending
6. popa3d v0.6.4.1
By: Solar Designer, solar@openwall.com
Relevant URL: http://www.openwall.com/popa3d/
Platforms: Linux, Solaris
Summary:
popa3d is a POP3 daemon which attempts to be extremely secure,
reliable, RFC compliant, and fast (in that order).
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SPI Dynamics
New Webcast: "The Hacking Evolution: New Trends in Exploits and
Vulnerabilities" Watch as Caleb Sima, CTO & Founder of SPI Dynamics
shows
you how to defend against these new attacks in a FREE Web Cast that
will
cover real examples of recent hacking methods such as: Google Hacking,
SQL
Injection and Cell Phone Attacks.
http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_040907
------------------------------------------------------------------------