| Date: | 1 Feb 2005 23:02:59 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #221 |
SecurityFocus Linux Newsletter #221
------------------------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_linux-secnews_050201
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Mobile Viruses
2. Apache 2 with SSL/TLS: Step-by-Step, Part 2
II. LINUX VULNERABILITY SUMMARY
1. SquirrelMail Multiple Remote Input Validation Vulnerabilitie...
2. Linux Kernel Device Driver Virtual Memory Flags Unspecified ...
3. Help Desk Reloaded Unspecified Remote Vulnerability
4. ZHCon Unauthorized File Disclosure Vulnerability
5. Citadel/UX select() Bitmap Remote Buffer Overflow Vulnerabil...
6. RinetD select() Bit-Array Remote Buffer Overflow Vulnerabili...
7. NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnera...
8. DataRescue IDA Pro Malformed PE File Remote Buffer Overflow ...
9. Novell Evolution Camel-Lock-Helper Application Remote Intege...
10. Libdbi-perl Unspecified Insecure Temporary File Creation
Vul...
11. PHPEventCalendar Multiple Remote HTML Injection
Vulnerabilit...
12. BIND Validator Self Checking Remote Denial Of Service
Vulner...
13. Berlios GPSD Remote Format String Vulnerability
14. SCO scosession Local Command Line Buffer Overflow
Vulnerabil...
15. Debian Pam Radius Auth File Information Disclosure
Vulnerabi...
16. X.org X Window Server Local Socket Hijacking Vulnerability
17. Xelerance Corporation Openswan XAUTH/PAM Remote Buffer
Overf...
18. F2C Multiple Local Insecure Temporary File Creation
Vulnerab...
19. Threaded Read News Local Buffer Overflow Vulnerability
20. University Of Washington IMAP Server CRAM-MD5 Remote
Authent...
III. LINUX FOCUS LIST SUMMARY
1. Encrypted Filesystems (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. DigSig 1.3.2
2. Firestarter 1.0.0
3. Network Equipment Performance Monitor 2.2
4. BitDefender for qmail v1.5.5-2
5. Bilbo 0.11
6. Ipanto Secure 2.0
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Mobile Viruses
By Kelly Martin
Mobile viruses that spread through mobile phones are starting to
appear,
but the big mobile virus epidemic is still a long ways off.
http://www.securityfocus.com/columnists/294
2. Apache 2 with SSL/TLS: Step-by-Step, Part 2
By Artur Maj
This article is part two of a three part series dedicated to
configuring
Apache 2.0 with SSL/TLS support, for maxiumum security and optimal
performance. This article offers mod_ssl recommendations and then
discusses
three different ways to sign a certificate, including setting up a
local
Certificate Authority using OpenSSL.
http://www.securityfocus.com/infocus/1820
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. SquirrelMail Multiple Remote Input Validation Vulnerabilitie...
BugTraq ID: 12337
Remote: Yes
Date Published: Jan 22 2005
Relevant URL: http://www.securityfocus.com/bid/12337
Summary:
SquirrelMail is reported prone to multiple vulnerabilities resulting
from input validation errors. These issues may allow an attacker to
carry out cross-site scripting and file include attacks. An attacker may
also include arbitrary web pages in the SquirrelMail frameset to carry
out phishing type attacks.
The following specific issues were identified:
SquirrelMail is reported prone to a cross-site scripting vulnerability.
Attacker-supplied code may be rendered in a user's browser facilitating
theft of cookie-based authentication credentials and other attacks.
It is reported that an attacker may influence Web content through
certain unspecified variables. It is conjectured that this may allow
attackers to misrepresent Web content and potentially carry out phishing type
attacks.
The application is reported prone to a file include vulnerability as
well. Reportedly, an affected script can allow remote attackers to
include local scripts. This may eventually lead to unauthorized access in
the context of the affected server.
2. Linux Kernel Device Driver Virtual Memory Flags Unspecified ...
BugTraq ID: 12338
Remote: No
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12338
Summary:
An unspecified vulnerability affects unspecified Linux kernel device
drivers. This issue is due to a failure of certain unspecified drivers
to implement all the required virtual memory access flags.
The potential impact of this issue is currently unknown, however it is
likely that when successfully exploited it may give an attacker access
to the virtual memory space of a device's I/O.
3. Help Desk Reloaded Unspecified Remote Vulnerability
BugTraq ID: 12339
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12339
Summary:
A remote unspecified vulnerability affects Help Desk Reloaded.
Although the underlying issue causing this vulnerability is unknown, due to
the nature of the affected software it is likely due to input validation
failure. It may facilitate cross-site scripting, HTML injection, remote
file include, or SQL injection attacks. It should be noted that this
is not confirmed.
This BID will be updated as more details are released.
4. ZHCon Unauthorized File Disclosure Vulnerability
BugTraq ID: 12343
Remote: No
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12343
Summary:
zhcon is reportedly affected by a vulnerability allowing reading of
arbitrary files with escalated privileges. This could permit an
unauthorized user to read arbitrary files owned by other users without
authorization. Disclosure of sensitive information may lead to a system
compromise, or aid in other attacks.
This issue is reported to affect zhcon version 0.2.3; earlier versions
may also be affected.
5. Citadel/UX select() Bitmap Remote Buffer Overflow Vulnerabil...
BugTraq ID: 12344
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12344
Summary:
Citadel/UX is prone to a remote buffer overflow due to implementation
of the select() system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
This vulnerability is reported to affect Citadel/UX versions prior to
6.29.
6. RinetD select() Bit-Array Remote Buffer Overflow Vulnerabili...
BugTraq ID: 12345
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12345
Summary:
rinetd is prone to a remote buffer overflow due to implementation of
the 'select()' system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
7. NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnera...
BugTraq ID: 12350
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12350
Summary:
NEC Socks5 is prone to a remote buffer overflow due to implementation
of the 'select()' system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
8. DataRescue IDA Pro Malformed PE File Remote Buffer Overflow ...
BugTraq ID: 12353
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12353
Summary:
IDA Pro is reported prone to a remote buffer overflow vulnerability.
This issue may allow a remote attacker to execute arbitrary code on a
vulnerable computer to gain unauthorized access.
An attacker can exploit this issue by crafting a PE file and enticing a
user to process the file through IDA Pro.
A successful attack may facilitate unauthorized access to the affected
computer.
IDA Pro 4.6 SP 1 and 4.7 running on both Windows and Linux platforms
are reported vulnerable to this issue. It is possible that other
versions are affected as well.
9. Novell Evolution Camel-Lock-Helper Application Remote Intege...
BugTraq ID: 12354
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12354
Summary:
The Evolution camel-lock-helper application is reported prone to an
integer overflow vulnerability. The issue is reported to exist in the
main() function of the 'camel-lock-helper.c' source file.
A remote attacker may exploit this vulnerability to execute arbitrary
code.
10. Libdbi-perl Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 12360
Remote: No
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12360
Summary:
libdbi-perl is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error that
causes the application to fail to verify the existence of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.
Debian has reported that this vulnerability affects libdbi-perl 1.21
running on Debian GNU/Linux 3.0 alias woody. It is possible that other
versions are affected as well.
11. PHPEventCalendar Multiple Remote HTML Injection Vulnerabilit...
BugTraq ID: 12363
Remote: Yes
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12363
Summary:
Multiple remote HTML injection vulnerabilities affect phpEventCalendar.
These issues are due to a failure of the application to sanitize user
supplied input prior to including it in dynamically generated Web
content.
An attacker may leverage these issues to execute arbitrary HTML and
script code in the browser of an unsuspecting user. This may facilitate
the theft of cookie-based authentication credentials as well as other
attacks.
12. BIND Validator Self Checking Remote Denial Of Service Vulner...
BugTraq ID: 12365
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12365
Summary:
A remote denial of service vulnerability affects BIND. This issue is
due to a failure of the application to handle exceptional network data.
It should be noted that this issue requires that DNSSEC validation is
enabled, which is not the case by default.
A remote attacker may leverage this issue to cause the affected server
to crash, denying service to legitimate users.
13. Berlios GPSD Remote Format String Vulnerability
BugTraq ID: 12371
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12371
Summary:
Multiple instances of format string handling bugs are reported to exist
in gpsd, but only one of these issues is reported to be an exploitable
vulnerability.
Ultimately this issue may be leveraged by a remote attacker to
influence execution flow of the affected daemon and reliably execute arbitrary
code.
14. SCO scosession Local Command Line Buffer Overflow Vulnerabil...
BugTraq ID: 12372
Remote: No
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12372
Summary:
A local buffer overflow vulnerability affects SCO scosession. This
issue is due to a failure of the application to properly validate
user-supplied input strings prior to copying them to finite process buffers.
A local attacker may leverage this issue to execute arbitrary code with
the privileges of the superuser, facilitating privilege escalation.
15. Debian Pam Radius Auth File Information Disclosure Vulnerabi...
BugTraq ID: 12375
Remote: No
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12375
Summary:
Debian Linux is reportedly affected by a local file information
disclosure vulnerability. This issue is due to the application setting a PAM
radius configuration file as world-readable during the installation of
the affected package.
This issue is specific to Debian Linux.
16. X.org X Window Server Local Socket Hijacking Vulnerability
BugTraq ID: 12376
Remote: No
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12376
Summary:
A local socket hijacking vulnerability affects X.org X Windows Server.
This issue is due to a failure of the application to securely create
socket directories.
An attacker may leverage this issue to hijack socket sessions,
potentially facilitating arbitrary read and write access with the privileges of
the user that started the vulnerable server.
17. Xelerance Corporation Openswan XAUTH/PAM Remote Buffer Overf...
BugTraq ID: 12377
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12377
Summary:
A remote buffer overflow vulnerability reportedly affects Xelerance
Corporation Openswan. This issue is due to a failure of the application
to properly validate the length of user-supplied strings prior to
copying them into finite process buffers.
It should be noted that Openswan is only affected by this issue when it
is compiled with XAUTH and PAM support, which is not the default
configuration.
An attacker may leverage this issue to execute arbitrary code with the
privileges of the affected application; this may facilitate
unauthorized access or privilege escalation.
18. F2C Multiple Local Insecure Temporary File Creation Vulnerab...
BugTraq ID: 12380
Remote: No
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12380
Summary:
Multiple local insecure temporary file creation vulnerabilities affect
f2c. These issues are due to a design error causing failure of the
application to write to temporary files securely.
An attacker may leverage these issues to corrupt arbitrary files with
the privileges of an unsuspecting user that executes the affected
applications.
19. Threaded Read News Local Buffer Overflow Vulnerability
BugTraq ID: 12389
Remote: No
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12389
Summary:
A local buffer overflow vulnerability reportedly affects trn. This
issue is due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into finite process
buffers.
An attacker may leverage this issue to execute arbitrary code with
superuser privileges, facilitating privilege escalation.
20. University Of Washington IMAP Server CRAM-MD5 Remote Authent...
BugTraq ID: 12391
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12391
Summary:
A remote authentication bypass vulnerability affects the CRAM-MD5
authentication functionality of the University of Washington IMAP server.
This issue is due to a logic error that fails to properly validate
authentication attempts.
It should be noted that this issue only affects servers with CRAM-MD5
authentication enabled, which is not the case by default.
A remote attacker may leverage this issue to authenticate to the
affected server as any user.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Encrypted Filesystems (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/388422
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before
running it. It inserts digital signatures inside the ELF binary and
verify this signature before loading the binary. Therefore, it improves
the security of the system by avoiding a wide range of malicious
binaries like viruses, worms, Torjan programs and backdoors from running on
the system.
2. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to
combine
ease of use with powerful features, serving both desktop users and
administrators.
3. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX,
Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system
that monitors any type of logged data from IP networked equipment and
reports it via E-mail and web pages. Current conditions and history from
systems based on Windows NT/2000 and UNIX can be tracked and reported.
Most major server, switch and router systems can be monitored, without
running agents on the target systems.
4. BitDefender for qmail v1.5.5-2
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary:
BitDefender for qmail is a powerful antivirus software for Linux mail
servers, which provides proactive protection of message traffic at the
email server level, eliminating the risk to the entire network that
could be caused by a negligent user. All messages, both sent and received,
are scanned in real time, avoiding the possible infections and
preventing anyone from sending an infected message. BitDefender claims 100%
detection rate for all viruses in the wild (ITW) through its powerful
scanning engines certified by the most prestigious testing labs (ICSA in
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August
2003).
5. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary:
Bilbo is an automated, multithreaded nmap-scanner and reporter, capable
of header fetching and matching the results against a database from
previous scans.
6. Ipanto Secure 2.0
By: Ipanto
Relevant URL: http://www.ipanto.com/secure
Platforms: HP-UX, Linux, Solaris, UNIX
Summary:
Ipanto Secure allows ISC based DHCP servers (UNIX, Linux) to send
signed dynamic DNS updates to a Microsoft DNS, using the GSS-TSIG protocol.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: CrossTec
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_linux-secnews_050201
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------