| Date: | 15 Feb 2005 22:48:12 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #223 |
SecurityFocus Linux Newsletter #223
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. More Advisories, More Security
II. LINUX VULNERABILITY SUMMARY
1. SuSE Linux Open-Xchange Unspecified Path Traversal Vulnerabi...
2. Linux Kernel ntfs_warning() and ntfs_error() Local Denial of...
3. Multiple Web Browser International Domain Name Handling Site...
4. Mozilla Firefox About Configuration Hidden Frame Remote Conf...
5. XGB Authentication Bypass Vulnerability
6. BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffe...
7. XView Multiple Unspecified Local Buffer Overflow Vulnerabili...
8. GNU Mailman Remote Directory Traversal Vulnerability
9. IBM DB2 Universal Database Unspecified Vulnerability
10. IBM DB2 XML Extender UDF Unauthorized File Access
Vulnerabil...
11. IBM DB2 Universal Database Server Network Message
Processing...
12. IBM DB2 Unspecified XML Functions Remote Arbitrary Code
Exec...
13. IBM DB2 Universal Database Server Object Creation Remote
Cod...
14. F-Secure ARJ Handling Buffer Overflow Vulnerability
15. Yongguang Zhang HZTTY Local Arbitrary Command Execution
Vuln...
16. Apache mod_python Module Publisher Handler Information
Discl...
17. Armagetron Advanced Multiple Remote Denial Of Service
Vulner...
18. BrightStor ARCserve/Enterprise Backup Default Backdoor
Accou...
19. XPCD PCDSVGAView Local Buffer Overflow Vulnerability
20. Netkit RWho Packet Size Denial Of Service Vulnerability
21. Gentoo Portage-Built Webmin Binary Package Build Host Root
P...
III. LINUX FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2005-02-08 to 2005-02-15.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. KSB - Kernel Socks Bouncer 2.6.10
2. DigSig 1.3.2
3. Firestarter 1.0.0
4. Network Equipment Performance Monitor 2.2
5. BitDefender for qmail v1.5.5-2
6. Bilbo 0.11
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. More Advisories, More Security
By Thierry Carrez
More and more, we see articles questioning the security of a given
platform
based solely on the number of advisories published -- and this approach
is
simply wrong.
http://www.securityfocus.com/columnists/299
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. SuSE Linux Open-Xchange Unspecified Path Traversal Vulnerabi...
BugTraq ID: 12448
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12448
Summary:
SuSE Linux Open-Xchange (SLOX) is reported prone to an unspecified path
traversal vulnerability. It is likely that this vulnerability may be
exploited remotely to disclose restricted information outside of a root
directory, this is not confirmed.
This BID will be updated as soon as further information regarding this
vulnerability is made available.
2. Linux Kernel ntfs_warning() and ntfs_error() Local Denial of...
BugTraq ID: 12460
Remote: No
Date Published: Feb 07 2005
Relevant URL: http://www.securityfocus.com/bid/12460
Summary:
Linux Kernel is reported prone to a local denial of service
vulnerability.
It is reported that this vulnerability exists in the 'ntfs_warning()'
and 'ntfs_error()' functions when compiled without debug.
Further details are not currently available. This BID will be updated
when more information becomes available.
Linux Kernel 2.6.11-rc2 is reported vulnerable to this issue. All 2.6
versions are likely vulnerable as well.
3. Multiple Web Browser International Domain Name Handling Site...
BugTraq ID: 12461
Remote: Yes
Date Published: Feb 07 2005
Relevant URL: http://www.securityfocus.com/bid/12461
Summary:
Multiple Web browsers are reported prone to vulnerabilities that
surround the handling of International Domain Names.
The vulnerabilities exist due to inconsistencies in how International
Domain Names are processed. Reports indicate that this inconsistency can
be leveraged to spoof address bar, status-bar, and SSL certificate
values.
These vulnerabilities may be exploited by a remote attacker to aid in
phishing style attacks. This may result in the voluntary disclosure of
sensitive information to a malicious website due to a false sense of
trust.
Although these vulnerabilities are reported to affect Web browsers,
mail clients that depend on the Web browser to generate HTML code may also
be affected.
4. Mozilla Firefox About Configuration Hidden Frame Remote Conf...
BugTraq ID: 12466
Remote: Yes
Date Published: Feb 07 2005
Relevant URL: http://www.securityfocus.com/bid/12466
Summary:
A remote configuration manipulation vulnerability affects Mozilla
Firefox. This issue is due to a failure of the application to properly
secure sensitive configuration scripts from being activated by remote
attackers.
An attacker may leverage this issue to alter an unsuspecting user's
configuration settings; this may lead to a false sense of security as
sensitive settings may be manipulated without the user's knowledge.
5. XGB Authentication Bypass Vulnerability
BugTraq ID: 12489
Remote: Yes
Date Published: Feb 08 2005
Relevant URL: http://www.securityfocus.com/bid/12489
Summary:
xGB is reportedly affected by a vulnerability that could permit
unauthorized administrator access. This issue is due to the application
failing to properly verify user credentials.
A malicious user could exploit this vulnerability to bypass user
authentication and gain administrative access.
This vulnerability is reported to affect xGB version 2.0; earlier
versions may also be vulnerable.
6. BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffe...
BugTraq ID: 12491
Remote: Yes
Date Published: Feb 08 2005
Relevant URL: http://www.securityfocus.com/bid/12491
Summary:
Various Computer Associates BrightStor ARCserve/Enterprise Backup
products are prone to a remote buffer overflow vulnerability. This issue
presents itself because the affected applications do not perform boundary
checks prior to copying user-supplied data into sensitive process
buffers.
A remote attacker may execute arbitrary code on a vulnerable computer
to gain unauthorized access to it.
7. XView Multiple Unspecified Local Buffer Overflow Vulnerabili...
BugTraq ID: 12500
Remote: No
Date Published: Feb 09 2005
Relevant URL: http://www.securityfocus.com/bid/12500
Summary:
It is reported that a number of unspecified buffer overflow
vulnerabilities exist in the xview library. These issues could allow a local user
to execute arbitrary code via linked executables that are installed
with setuid privileges.
Debian has identified these issues in xview-3.2p1.4. Other versions
affecting various platforms may be vulnerable as well.
8. GNU Mailman Remote Directory Traversal Vulnerability
BugTraq ID: 12504
Remote: Yes
Date Published: Feb 09 2005
Relevant URL: http://www.securityfocus.com/bid/12504
Summary:
Mailman, when hosted on a web server that does not strip extra slashes
from URLs (i.e. Apache 1.3.x), is reported prone to a remote directory
traversal vulnerability.
The remote attacker may exploit this vulnerability to disclose the
contents of web server readable files. Symantec has received reports of the
username and password databases of public mailing lists being
compromised through the exploitation of this vulnerability.
Information that is harvested by leveraging this vulnerability may be
used to aid in further attacks against a target computer or victim user.
9. IBM DB2 Universal Database Unspecified Vulnerability
BugTraq ID: 12508
Remote: Yes
Date Published: Feb 09 2005
Relevant URL: http://www.securityfocus.com/bid/12508
Summary:
IBM DB2 Universal Database is reported prone to a vulnerability. The
details of this issue are unspecified.
The discoverer of this issue has reported that further details
regarding this vulnerability will be released on the 9th of May 2005. When
these details are released this BID will be updated with the additional
details.
This vulnerability is reported to exist in IBMDB2 Universal Database
version 8.1 and previous versions.
10. IBM DB2 XML Extender UDF Unauthorized File Access Vulnerabil...
BugTraq ID: 12510
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12510
Summary:
IBM DB2 is prone to a security vulnerability that may allow
unauthorized read or write access to files on the computer in the context of the
server process. This issue exists in the XML Extender UDFs
(User-Defined Functions). This could result in information disclosure as well as
corruption of files on the computer. There is a theoretical possibility
of code execution.
This vulnerability appears similar in nature to BID 12170 IBM DB2 XML
Function Unauthorized File Creation and Disclosure Vulnerability.
This issue may be related to BID 12508 IBM DB2 Universal Database
Unspecified Vulnerability.
11. IBM DB2 Universal Database Server Network Message Processing...
BugTraq ID: 12511
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12511
Summary:
A remote code execution vulnerability affects IBM DB2 Universal
Database Server. This issue is due to a failure of the application to
properly handle network messages under certain circumstances.
This issue may be related to BID 12508 IBM DB2 Universal Database
Unspecified Vulnerability.
An attacker with a database connection may leverage this issue to
execute arbitrary code within the context of the affected database instance,
potentially facilitating unauthorized access or privilege escalation.
12. IBM DB2 Unspecified XML Functions Remote Arbitrary Code Exec...
BugTraq ID: 12512
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12512
Summary:
IBM DB2 is reported prone to a remote arbitrary code execution
vulnerability. This issue can allow a remote attacker to completely compromise
a vulnerable database server.
IBM DB2 version 8 FixPak 7 and FixPak 7a are reported vulnerable to
this issue.
Further details are not available currently. It is possible that this
issue results from an overflow condition, however, this is not
confirmed at the moment. It is also possible that an SQL injection type attack
may be used to leverage this issue. This BID will be updated when more
information becomes available.
This issue may be related to BID 12508 IBM DB2 Universal Database
Unspecified Vulnerability.
13. IBM DB2 Universal Database Server Object Creation Remote Cod...
BugTraq ID: 12514
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12514
Summary:
A remote code execution vulnerability affects IBM DB2 Universal
Database Server. This issue is due to a failure of the application to
properly handle the creation of new objects.
This issue may be related to BID 12508 IBM DB2 Universal Database
Unspecified Vulnerability.
An attacker with a database connection may leverage this issue to
execute arbitrary code within the context of the affected database instance,
potentially facilitating unauthorized access or privilege escalation.
14. F-Secure ARJ Handling Buffer Overflow Vulnerability
BugTraq ID: 12515
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12515
Summary:
A buffer overflow vulnerability exists in the ARJ handling code in the
Anti-Virus library included in various F-Secure products. The
vulnerability is due to insufficient bounds check of ARJ header fields which
will be copied into a finite buffer on the heap. This vulnerability
could be exploited by a malicious ARJ archive to execute arbitrary code in
the context of the affected applications.
15. Yongguang Zhang HZTTY Local Arbitrary Command Execution Vuln...
BugTraq ID: 12518
Remote: No
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12518
Summary:
A local, arbitrary command execution vulnerability affects Yongguang
Zhang hztty. The underlying cause of this issue is currently unknown.
This BID will be updated as more information is released.
An attacker may leverage this issue to execute arbitrary commands with
the privileges of the 'utmp' group, potentially facilitating privilege
escalation.
16. Apache mod_python Module Publisher Handler Information Discl...
BugTraq ID: 12519
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12519
Summary:
The mod_python module publisher handler is prone to a remote
information disclosure vulnerability. This issue may allow remote unauthorized
attackers to gain access to sensitive objects.
Information disclosed through the exploitation of this issue may aid in
launching further attacks against an affected server.
All versions of mod_python are considered vulnerable at the moment.
17. Armagetron Advanced Multiple Remote Denial Of Service Vulner...
BugTraq ID: 12520
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12520
Summary:
Multiple denial of service vulnerabilities affect Armagetron Advanced.
These issues are due to a failure of the application to handle
malformed network data.
An attacker may leverage these issues to cause a remote denial of
service condition in affected applications.
18. BrightStor ARCserve/Enterprise Backup Default Backdoor Accou...
BugTraq ID: 12522
Remote: Yes
Date Published: Feb 10 2005
Relevant URL: http://www.securityfocus.com/bid/12522
Summary:
BrightStor ARCserve/Enterprise Backup products contain a backdoor
account.
It is reported that hard coded credentials are present in the
'UniversalAgent' service of BrightStor ARCserve/Enterprise Backup products for
UNIX platforms.
An attacker may carry out various attacks such as arbitrary command and
code execution by using the hard coded credentials. This may lead to a
complete compromise of an affected computer.
19. XPCD PCDSVGAView Local Buffer Overflow Vulnerability
BugTraq ID: 12523
Remote: No
Date Published: Feb 11 2005
Relevant URL: http://www.securityfocus.com/bid/12523
Summary:
A local buffer overflow vulnerability affects xpcd pcdsvgaview. This
issue is due to a failure of the application to securely copy
user-supplied input into finite process buffers.
An attacker may leverage this issue to execute arbitrary code with
superuser privileges.
20. Netkit RWho Packet Size Denial Of Service Vulnerability
BugTraq ID: 12524
Remote: Yes
Date Published: Feb 11 2005
Relevant URL: http://www.securityfocus.com/bid/12524
Summary:
The Netkit rwho daemon is prone to a denial of service vulnerability.
This condition occurs when the server processes packets with malformed
sizes.
The vulnerability is only reported to affect the software running on
little endian platforms.
It is not known if this condition is due to a boundary condition error
or if it may further be leveraged to execute arbitrary code.
21. Gentoo Portage-Built Webmin Binary Package Build Host Root P...
BugTraq ID: 12532
Remote: Yes
Date Published: Feb 11 2005
Relevant URL: http://www.securityfocus.com/bid/12532
Summary:
It is reported that the Gentoo Portage-built Webmin binary package
discloses the build host's root password to remote users.
Any users who build the affected Webmin binary and share it with other
users are at a risk of compromise.
Gentoo app-admin/webmin packages prior to 1.170-r3 are vulnerable to
this issue.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2005-02-08 to 2005-02-15.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
2. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before
running it. It inserts digital signatures inside the ELF binary and
verify this signature before loading the binary. Therefore, it improves
the security of the system by avoiding a wide range of malicious
binaries like viruses, worms, Torjan programs and backdoors from running on
the system.
3. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to
combine
ease of use with powerful features, serving both desktop users and
administrators.
4. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX,
Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system
that monitors any type of logged data from IP networked equipment and
reports it via E-mail and web pages. Current conditions and history from
systems based on Windows NT/2000 and UNIX can be tracked and reported.
Most major server, switch and router systems can be monitored, without
running agents on the target systems.
5. BitDefender for qmail v1.5.5-2
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary:
BitDefender for qmail is a powerful antivirus software for Linux mail
servers, which provides proactive protection of message traffic at the
email server level, eliminating the risk to the entire network that
could be caused by a negligent user. All messages, both sent and received,
are scanned in real time, avoiding the possible infections and
preventing anyone from sending an infected message. BitDefender claims 100%
detection rate for all viruses in the wild (ITW) through its powerful
scanning engines certified by the most prestigious testing labs (ICSA in
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August
2003).
6. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary:
Bilbo is an automated, multithreaded nmap-scanner and reporter, capable
of header fetching and matching the results against a database from
previous scans.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------