| Date: | 14 Dec 2004 21:30:31 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #214 |
SecurityFocus Linux Newsletter #214
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Extortion Works
2. WEP:Dead Again, Part 1
II. LINUX VULNERABILITY SUMMARY
1. IBM WebSphere Commerce Default User Information Disclosure V...
2. ViewCVS Multiple Information Disclosure Vulnerabilities
3. KDE Konqueror FTP URI Arbitrary FTP Server Command Execution...
4. IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabil...
5. Gentoo MirrorSelect Local Insecure File Creation Vulnerabili...
6. IMLib Multiple Remote Integer Overflow Vulnerabilities
7. Linux Kernel AIO_Free_Ring Local Denial Of Service Vulnerabi...
8. Linux Kernel 64 Bit ELF Header Local Denial Of Service Vulne...
9. KDE Plaintext Password Disclosure Vulnerability
10. GNU WGet Multiple Remote Vulnerabilities
11. IlohaMail Unspecified Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. which distribution to choose (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. pasmal 1.5
2. PatchLink Update 6.01.78
3. AutoScan b0.92 R6
4. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
5. rootsh 0.2
6. Maillog View v1.03.3
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Online Extortion Works
By Scott Granneman
Online extortion is quietly affecting thousands of businesses, for a
very
simple reason: it works. The big question then becomes, how will you
and
your company decide to respond?
http://www.securityfocus.com/columnists/283
2. WEP:Dead Again, Part 1
By Michael Ossmann
This article is the first of a two-part series that looks at the new
generation of WEP cracking tools for WiFi networks, which offer
dramatically faster speeds for penetration testers over the previous
generation of tools. In many cases, a WEP key can be determined in
seconds
or minutes.
http://www.securityfocus.com/infocus/1814
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. IBM WebSphere Commerce Default User Information Disclosure V...
BugTraq ID: 11816
Remote: Yes
Date Published: Dec 03 2004
Relevant URL: http://www.securityfocus.com/bid/11816
Summary:
It is reported that WebSphere Commerce is susceptible to an information
disclosure vulnerability.
This vulnerability may result in potentially sensitive customer data
being available to the default user, possibly allowing unintended users
to gain access to it.
This vulnerability is reported to affect versions 5.1, 5.4, 5.5, and
5.6.
2. ViewCVS Multiple Information Disclosure Vulnerabilities
BugTraq ID: 11819
Remote: Yes
Date Published: Dec 06 2004
Relevant URL: http://www.securityfocus.com/bid/11819
Summary:
ViewCVS is reportedly prone to multiple information disclosure
vulnerabilities when repositories are exported to tar archives.
Reportedly, certain configuration directives are not properly honored
when creating tar archives for users to download. This allows remote
attackers to gain access to potentially sensitive files located in
restricted directories. The contents of these files may aid them in further
attacks.
This issue is only exploitable if the package is configured to allow
tar archive generation. This is enabled by setting the 'tar_archive'
configuration directive to '1'.
3. KDE Konqueror FTP URI Arbitrary FTP Server Command Execution...
BugTraq ID: 11827
Remote: Yes
Date Published: Dec 06 2004
Relevant URL: http://www.securityfocus.com/bid/11827
Summary:
KDE Konqueror is reported prone to an arbitrary FTP server command
execution vulnerability. This issue is due to a failure of the application
to properly sanitize user-supplied URI input prior to utilizing it to
execute FTP commands on remote servers.
This vulnerability allows attackers to embed arbitrary FTP server
commands in malicious URIs. Upon following this malicious URI, the victim
users Web browser will reportedly connect to the attacker-specified FTP
server, and the malicious commands will be sent to the server. This may
allow malicious files to be downloaded to the victims computer without
their knowledge. Other attacks are also likely possible.
4. IMLib Multiple XPM Image Decoding Buffer Overflow Vulnerabil...
BugTraq ID: 11830
Remote: Yes
Date Published: Dec 06 2004
Relevant URL: http://www.securityfocus.com/bid/11830
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the
IMLib library. These issues may be triggered when handling malformed XPM
images.
These vulnerabilities could be exploited by a remote attacker to cause
a denial of service in applications that use the vulnerable library to
render images. It is also reported that these vulnerabilities may be
exploited to execute code arbitrary code.
These issues may be related to BID 11084. This BID will be updated as
further information is disclosed.
5. Gentoo MirrorSelect Local Insecure File Creation Vulnerabili...
BugTraq ID: 11835
Remote: No
Date Published: Dec 07 2004
Relevant URL: http://www.securityfocus.com/bid/11835
Summary:
A local insecure file creation vulnerability affects Gentoo
mirrorselect. This issue is likely due to a design error that causes the
application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
utility.
6. IMLib Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 11837
Remote: Yes
Date Published: Dec 07 2004
Relevant URL: http://www.securityfocus.com/bid/11837
Summary:
Multiple remote integer overflow vulnerabilities affect the IMLib
graphics library. These issues are due to a failure of the application to
properly handle the management of numeric data found in image files.
An attacker may leverage these issues to gain local access to a
computer running an application that implements the vulnerable library. This
issue may also be used to facilitate privilege escalation.
7. Linux Kernel AIO_Free_Ring Local Denial Of Service Vulnerabi...
BugTraq ID: 11842
Remote: No
Date Published: Dec 07 2004
Relevant URL: http://www.securityfocus.com/bid/11842
Summary:
The Linux Kernel is reported prone to a local denial of service
vulnerability. It is reported that the vulnerability exists due to a failure
by 'aio_free_ring' to handle exceptional conditions.
This vulnerability requires that mmap() is employed to map the maximum
amount of process memory that is possible, before the vulnerability can
be triggered.
It is reported that when handing 'io_setup' syscalls that are passed
large values, the Linux kernel 'aio_setup_ring' will attempt to allocate
a structure of page pointers.
When a subsequent 'aio_setup_ring' mmap() call fails, 'aio_free_ring'
attempts to clean up the page pointers, it will crash during this
procedure triggering a kernel panic.
8. Linux Kernel 64 Bit ELF Header Local Denial Of Service Vulne...
BugTraq ID: 11846
Remote: No
Date Published: Dec 07 2004
Relevant URL: http://www.securityfocus.com/bid/11846
Summary:
A local denial of service vulnerability affects the ELF header
processing functionality on 64 bit systems of the Linux kernel. This issue is
due to a failure of the affected kernel to properly handle malformed
ELF headers.
A local attacker may leverage this issue to cause a computer running
the affected kernel to crash, denying service to legitimate users.
9. KDE Plaintext Password Disclosure Vulnerability
BugTraq ID: 11866
Remote: No
Date Published: Dec 09 2004
Relevant URL: http://www.securityfocus.com/bid/11866
Summary:
KDE is reported prone to a plaintext password disclosure vulnerability.
This issue presents itself when a link to a remote file is created by
various KDE applications including Konqueror Web browser. The URI may
contain authentication credentials to access the remote resource such as
a Samba share.
An attacker can disclose these credentials by accessing the potentially
world readable link reference file created by KDE.
10. GNU WGet Multiple Remote Vulnerabilities
BugTraq ID: 11871
Remote: Yes
Date Published: Dec 10 2004
Relevant URL: http://www.securityfocus.com/bid/11871
Summary:
Mutliple remote vulnerabilities reported affects GNU wget. These
issues are due to a failure of the application to properly sanitize
user-supplied input and to properly validate the existence of files prior to
writing to them..
The first issue is a potential directory traversal issue. The second
issue is an arbitrary file overwriting vulnerability. The final issue is
weakness caused by a failure of the application to filter potentially
malicious characters from server-supplied input.
These issues may be exploited by a malicious server to arbitrarily
overwrite files in the current directory and potentially write outside of
the current directory. This may facilitate file corruption, denial of
service and further attacks against the affected computer. Any file
overwriting would take place with the privileges of the user that
activates the vulnerable application.
11. IlohaMail Unspecified Vulnerability
BugTraq ID: 11872
Remote: Yes
Date Published: Dec 08 2004
Relevant URL: http://www.securityfocus.com/bid/11872
Summary:
IlohaMail is reported prone to an unspecified vulnerability. The cause
and impact of this issue is currently unknown.
Due to the nature of the software, this issue is likely remotely
exploitable. It is conjectured that the issue could be exploited to
compromise the Web application.
IlohaMail versions 0.8.13 and prior are reported vulnerable to this
issue.
This BID will be updated if further information is made available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. which distribution to choose (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/383874
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. pasmal 1.5
By: James Meehan
Relevant URL: http://www.elitelabs.org/
Platforms: Linux
Summary:
pasmal 1.5 is a port knocking authentification system using simple or
encrypted tcp/udp/icmp packets. pasmal can be used with
iptables/ipchains (firewall purposes) or any other program (remote shell, reboot,
etc)It is packaged with a php web admin, a command line client
pasmal.client, start/stop rc.d scripts.pasmal 1.5 also feature an intrusion/attempts
detection system due to its sniffers capabilities, running with syslogd
and custom log files.
2. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL:
http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux,
MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX,
Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware,
Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and
preventative process it should be. PATCHLINK UPDATE scans networks for
security holes and closes them with the click of a mouse, no matter the
operating system, the vendor applications, the mix, or the size of the
environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works
quickly, accurately and safely to ensure desktops and servers are patched
correctly and completely the first time around.
3. AutoScan b0.92 R6
By: Lagarde Thierry
Relevant URL: http://autoscan.free.fr/
Platforms: Linux
Summary:
AutoScan is an application designed to explore and to manage your
network. Entire subnets can be scanned simultaneously without human
intervention. It features OS detection, automatic network discovery, a port
scanner, a Samba share browser, and the ability to save the network state.
4. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
5. rootsh 0.2
By: Gerhard Lausser
Relevant URL: http://sourceforge.net/projects/rootsh/
Platforms: AIX, HP-UX, Linux, POSIX, SINIX, Solaris, UNIX
Summary:
Rootsh is a wrapper for shells which logs all echoed keystrokes and
terminal output to a file and/or to syslog. It's main purpose is the
auditing of users who need a shell with root privileges. They start rootsh
through the sudo mechanism. I's in heavy use here at a big bavarian car
manufacturer (three letters, fast, cool,...) for project users whom you
can't deny root privileges.
6. Maillog View v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary:
Maillog View is a Webmin module that allows you to easily view all your
/var/log/maillog.* files. It features autorefresh, message size
indication, ascending/descending view order, compressed file support, and a
full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are
supported. Courier MTA support is experimental.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------