Date: Mon, 9 Feb 2004 13:59:08 -0700 (MST)
From:"John Boletta" <jboletta@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #170

SecurityFocus Linux Newsletter #170
------------------------------------

This issue sponsored by: Astaro

Free trial: Astaro Security Linux -- firewall with Spam/Virus 
Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.  - Firewall 
-
Virus protection - Spam protection - URL blocking - VPN - Wireless
security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_linux-secnews_040209
------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Nessus, Part 3: Analysing Reports
     2. We are pleased to announce a new search engine on 
SecurityFocus.
II. LINUX VULNERABILITY SUMMARY
     1. GNU LibTool Local Insecure Temporary Directory Creation Vuln...
     2. Suidperl Unspecified Information Disclosure Vulnerability
     3. 0verkill Game Client Multiple Local Buffer Overflow Vulnerab...
     4. GNU Chess '-s' Local Buffer Overflow Vulnerability
     5. Niti Telecom Caravan Business Server Remote Directory Traver...
     6. Util-Linux Login Program Information Leakage Vulnerability
     7. Tunez Multiple Remote SQL Injection Vulnerabilities
     8. Linux Kernel R128 Device Driver Unspecified Privilege Escala...
     9. Multiple Check Point Firewall-1 HTTP Security Server Remote ...
     10. Check Point VPN-1/SecuRemote ISAKMP Large Certificate 
Reques...
III. LINUX FOCUS LIST SUMMARY
     1. exporting sudoers, good pratcice ? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Enigmail v0.83.2
     2. Dazuko  v2.0.0
     3. Fast OnlineUpdate for SuSE v0.11.2
     4. PHP Service Monitor  v2.1
     5. Animail v2.0.6
     6. OpenProtect  v5.0.1.4
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION


I. FRONT AND CENTER
-------------------
1. Nessus, Part 3: Analysing Reports
By Harry Anderson

This article, the last in the series about Nessus, will endeavor to
explain a Nessus report and how to analyze it. Nessus is a 
vulnerability
scanner, a program that looks for security bugs in software.

http://www.securityfocus.com/infocus/1759

2. We are pleased to announce a new search engine on SecurityFocus,
offering faster and more intuitive results. Features include site wide 
or
section specific searching by author, headline or entire document and
sorting by date, headline or URL. We have also added "email a friend"
functionality to allow users to share content that they feel is 
relevant
to others.


II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. GNU LibTool Local Insecure Temporary Directory Creation Vuln...
BugTraq ID: 9530
Remote: No
Date Published: Jan 30 2004
Relevant URL: http://www.securityfocus.com/bid/9530
Summary:
libtool is a freely available, open source library management script.  
It
is available for the Unix and Linux platforms.

A problem has been identified in the creation of temporary directories 
by
the libtool script.  Because of this, an attacker may be able to 
corrupt
arbitrary files on a system.

libtool does not securely create temporary directories.  When the 
script
is executed during compilation of a program, it creates a situation 
where
an attacker can potentially overwrite target files using predicted
symbolic links, potentially destroying data.

It should be noted that this issue only affects programs that use 
libtool
during compilation time.  Additionally, resolution of this issue only
limits scope to programs that use the system libtool, and does not 
resolve
the issue in programs that package their own version of libtool.

2. Suidperl Unspecified Information Disclosure Vulnerability
BugTraq ID: 9543
Remote: No
Date Published: Feb 01 2004
Relevant URL: http://www.securityfocus.com/bid/9543
Summary:
SuidPerl is the Perl interpreter for setuid Perl scripts. It is 
included
with distributions of the Perl package and is available for Linux and 
Unix
variant operating environments.

A vulnerability has been reported in Suidperl that may cause sensitive
information to be disclosed to unauthorized users.  This could 
potentially
permit users to enumerate the existence of files or determine other
attributes that should not be accessible to unprivileged users.

This issue may be exploited by a malicious local user.

3. 0verkill Game Client Multiple Local Buffer Overflow Vulnerab...
BugTraq ID: 9550
Remote: Yes
Date Published: Feb 02 2004
Relevant URL: http://www.securityfocus.com/bid/9550
Summary:
0verkill is a client-server game. It is available for the Linux, OS/2 
and
Windows operating systems.

The 0verkill game client has been reported prone to multiple instances 
of
exploitable buffer overrun vulnerabilities. The functions that have 
been
reported to be affected are load_cfg(), save_cfg() and send_message().
These functions are implemented in client.c. It has been reported that 
due
to a lack of sufficient boundary checks performed on data contained in
HOME environment variables, a local attacker may overrun a 256 bytes 
stack
based buffer. Additionally excessive data supplied as values for the
players name and also the hostname, may also be used to corrupt 
sensitive
process memory. Finally, the potential buffer overflow reported to 
exist
in the network 'chat' routines may be exploited to overwrite 2 bytes of
data beyond the affected buffer.

An attacker may exploit any one of these issues to potentially execute
arbitrary instructions in the security context of the 0verkill game
client.

4. GNU Chess '-s' Local Buffer Overflow Vulnerability
BugTraq ID: 9553
Remote: No
Date Published: Feb 02 2004
Relevant URL: http://www.securityfocus.com/bid/9553
Summary:
GNU Chess is a chess game developed for Linux and Unix based systems.

It has been reported that GNU Chess is prone to a buffer overflow issue
that may allow an attacker to gain elevated privileges.

The problem is present due to improper handling of user-supplied data 
from
'-s' command line parameters. A buffer overflow condition may be caused 
by
supplying more than 652 bytes of data as a value for this parameter. 
The
condition is present due to insufficient boundary checking. A local
attacker may leverage the issue by exploiting an unbounded memory copy
operation to overwrite the saved return address/base pointer, causing 
the
affected procedures to return to an address of their choice.

Successful exploitation may allow an attacker to ultimately execute
arbitrary code in the context of the affected application, although
unconfirmed GNU Chess is likely installed with setgid games privileges 
on
most system.

5. Niti Telecom Caravan Business Server Remote Directory Traver...
BugTraq ID: 9555
Remote: Yes
Date Published: Feb 02 2004
Relevant URL: http://www.securityfocus.com/bid/9555
Summary:
Caravan Business Server is a collection of web site development tools,
including a web server, database engine, application server and 
scripting
language.  It is designed for Unix based systems, Linux and Windows.

Caravan Business Server by default contains a collection of sample 
script
files.  One such sample script is Sample_showcode.html, which is 
designed
to display web based script text to remote users.

This sample activates the 'showcode.asp' script, which does not 
adequately
sanitize user input.  The script accepts a single value passed via a 
URL
parameter called 'fname', which specifies the file to be displayed.  A
malicious user may be able to specify and view any file readable by the
web server using '../' character sequences.

Furthermore, the script fails to properly check for the existence of
requested files. This could potentially allow a malevolent user to 
create
arbitrary files on a system by requesting to view a file that does not
exist.

This issue has been reported to affect version Caravan Business Server
2.00/03D, however it may affect previous versions as well.

6. Util-Linux Login Program Information Leakage Vulnerability
BugTraq ID: 9558
Remote: Yes
Date Published: Feb 03 2004
Relevant URL: http://www.securityfocus.com/bid/9558
Summary:
Login is a component of the util-linux package.  It is available for 
the
Linux platform.

A problem has been identified in the handling of information by the 
login
component of the util-linux package.  Because of this, an attacker may 
be
able to gain access to sensitive information.

The problem is an issue in the handling of pointers within the program.
In some situations, a function within the program may attempt to use a
pointer in system memory that has already been freed and reallocated by
another function.  Under these circumstances, it would be possible for 
an
attacker to gain access to potentially sensitive information.

It is conjectured that this issue requires specific circumstances and
numerous attempts to glean useful information.  However, no proof of
proof-of-concept exists upon which further analysis can be made.

7. Tunez Multiple Remote SQL Injection Vulnerabilities
BugTraq ID: 9565
Remote: Yes
Date Published: Feb 03 2004
Relevant URL: http://www.securityfocus.com/bid/9565
Summary:
Tunez is a freely available, open source web MP3 jukebox.  It is 
available
for the Unix and Linux platforms.

Several problems in the handling of user-supplied input have been
identified in Tunez.  Because of this, an attacker may be able to gain
unauthorized access to the backend database.

Specific details concerning these issues are not currently available.
However, it has been disclosed by the project maintainers that numerous
SQL injection issues exist that can permit an attacker to submit SQL
directly to the database, potentially allowing an attacker to perform
unauthorized database functions.

8. Linux Kernel R128 Device Driver Unspecified Privilege Escala...
BugTraq ID: 9570
Remote: No
Date Published: Feb 03 2004
Relevant URL: http://www.securityfocus.com/bid/9570
Summary:
The Linux Kernel supports numerous driver modules; one such is the R128
ATI Rage 128 bit video card driver module.

It has been reported that the Linux Kernel is prone to an unspecified
local privilege escalation vulnerability.  The issue is reportedly due 
to
an R128 DRI limits checking issue and may lead to privilege escalation 
on
affected systems.

This BID will be updated with further technical details if more
information is made available.

9. Multiple Check Point Firewall-1 HTTP Security Server Remote ...
BugTraq ID: 9581
Remote: Yes
Date Published: Feb 05 2004
Relevant URL: http://www.securityfocus.com/bid/9581
Summary:
Firewall-1 is a commercially available enterprise firewall software
package.  It is distributed by Check Point, and available for the Unix,
Linux, and Microsoft Windows platforms.

Problems in the handling of some types of HTTP requests from remote 
users
have been identified in Check Point Firewall-1 HTTP Application
Intelligence and HTTP Security Server.  Because of this, it is possible
for a remote attacker to gain unauthorized access to a vulnerable 
system
with administrative privileges.

It has been reported that several occurrences of format string
vulnerabilities exist in the HTTP Application Intelligence and HTTP
Security Server components of Firewall-1.  One disclosed example cites
placing an invalid scheme in a URI and submitting it to the vulnerable
component, resulting an attacker passing an arbitrary format string to 
an
sprintf() call.

Other format string issues may result in heap corruption attacks.  
Since
the Firewall-1 software is most often executed as the administrative 
user
on systems, this issue has the potential to result in complete 
compromise
of an affected host.

10. Check Point VPN-1/SecuRemote ISAKMP Large Certificate Reques...
BugTraq ID: 9582
Remote: Yes
Date Published: Feb 05 2004
Relevant URL: http://www.securityfocus.com/bid/9582
Summary:
VPN-1, SecuRemote, and SecureClient are secure remote access components
distributed and maintained by Check Point Software.  They are available
for the Unix, Linux, and Microsoft Windows platforms.

A problem has been identified in the handling of large Certificate 
Request
payload exchanges in Check Point VPN-1, SecuRemote, and SecureClient.
Because of this, it is possible for a remote attacker to gain 
unauthorized
access to vulnerable systems.

During the establishing of an ISAKMP session, it is possible for one
system to send to another a Certificate Request payload to solicit
credentials.  However, bounds checking is not adequately performed on
received Certificate Request payload packets by clients or servers in 
the
Check Point implementations.

An attacker could take advantage of this issue to exploit a buffer
overflow in the client and server implementations, resulting in the
execution of attacker-supplied code with the privileges of the 
software,
run as the administrative user it typical configurations.


III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. exporting sudoers, good pratcice ? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/353133


IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:

Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.

Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to 
become
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:

SecretAgent is a file encryption and digital signature utility, 
supporting
cross-platform interoperability over a wide range of platforms: 
Windows,
Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless
of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely 
share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris,
UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:

EnCase Forensic Edition Version 4 delivers the most advanced features 
for
computer forensics and investigations. With an intuitive GUI and 
superior
performance, EnCase Version 4 provides investigators with the tools to
conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields 
completely
non-invasive computer forensic investigations while allowing examiners 
to
easily manage large volumes of computer evidence and view all relevant
files, including "deleted" files, file slack and unallocated space.

The integrated functionality of EnCase allows the examiner to perform 
all
functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:

KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely 
undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data
in it?s own internal memory (not on the hard drive), it is impossible 
for
a network intruder to gain access to any sensitive data stored within 
the
device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:

Evidian's SafeKit technology makes it possible to render any 
application
available 24 hours per day. With no extra hardware: just use your 
existing
servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to 
serve
your users.


V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Enigmail v0.83.2
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, 
Windows
95/98, Windows CE, Windows NT, Windows XP
Summary:

Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x
which allows users to access the authentication and encryption features
provided by the popular GnuPG software. Enigmail can encrypt/sign mail
when sending, and can decrypt/authenticate received mail. It can also
import/export public keys. Enigmail supports both the inline PGP format
and the PGP/MIME format, which can be used to encrypt attachments.
Enigmail is cross-platform, although binaries are supplied only for a
limited number of platforms. Enigmail uses inter-process communication 
to
execute GPG to carry out encryption/authentication.

2. Dazuko  v2.0.0
By: John Ogness
Relevant URL: http://www.dazuko.org/
Platforms: FreeBSD, Linux
Summary:

This project provides a kernel module which provides 3rd-party
applications with an interface for file access control. It was 
originally
developed for on-access virus scanning. Other uses include a 
file-access
monitor/logger or external security implementations. It operates by
intercepting file-access calls and passing the file information to a
3rd-party application. The 3rd-party application then has the 
opportunity
to tell the kernel module to allow or deny the file-access. The 
3rd-party
application also receives information about the file, such as type of
access, process ID, user ID, etc.

3. Fast OnlineUpdate for SuSE v0.11.2
By: Markus Gaugusch
Relevant URL: http://fou4s.gaugusch.at/
Platforms: Linux, POSIX
Summary:

Fast OnlineUpdate for SuSE (fou4s) is a bash script that provides the
functionality of YOU (YaST OnlineUpdate), but can also work in 
background
and check for updates every night. It supports resumed downloads and
proxies by using wget. GPG signatures are also checked.

4. PHP Service Monitor  v2.1
By: Vidyut Luther
Relevant URL: http://www.phpcult.com
Platforms: Linux
Summary:

PHP Service Monitor is a basic server/service monitor where you specify
what server and what services you want to monitor for each specific
server. It will monitor the services, and notify you via email and GUI 
if
the service is down.

5. Animail v2.0.6
By: Juanjo Álvarez Martínez <juanjux@yahoo.es>
Relevant URL: http://animail.sourceforge.net
Platforms: Linux, POSIX, Solaris, SunOS, UNIX
Summary:

Animail is a multiserver POP3/APOP/IMAP4Rev1 (with or without SSL) mail
retrieval utility. It features an advanced filtering system based on
blacklisting, whitelisting, or a combination of both. It is possible to
send an autoresponse which prompts people to reply and add themselves 
to
the 'autoaccept' file. It also allows filters based on a regular
expression which matches against the email headers. (If a message is
filtered, only the header is downloaded, not the entire body.) Animail
also features download ordering options. For example, you can configure 
it
to download the smaller messages first. Different delivery options are
available, including mailbox, maildir, local SMTP, and pipe to command.

6. OpenProtect  v5.0.1.4
By: OpenProtect is a server-side email protector which guards against 
spam
and viruses in addition to pr
Relevant URL: http://opencomputing.sf.net
Platforms: Linux
Summary:

OpenProtect is a server-side email protector which guards against spam 
and
viruses in addition to providing content filtering, using a variety of
open- source packages. It supports Sendmail, Postfix, Exim and qmail, 
and
is easy to install and maintain.

VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: Astaro

Free trial: Astaro Security Linux -- firewall with Spam/Virus 
Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.  - Firewall 
-
Virus protection - Spam protection - URL blocking - VPN - Wireless
security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_linux-secnews_040209
------------------------------------------------------------------------