Date: Mon, 1 Mar 2004 15:35:22 -0700 (MST)
From:"John Boletta" <jboletta@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #173

SecurityFocus Linux Newsletter #173
------------------------------------

This issue sponsored by: Tenable Security

How do you manage your VULNERABILITIES?  Tenable Network Security can 
help
you actively and passively detect them with NeWT and NeVO as well as
communicate this information to the people who need to fix them through
the Lightning Console. Make recommendations, track remediations, 
correlate
vulnerabilities with IDS events, and create executive reports based on
organization, asset type or region. Visit us at:
http://www.securityfocus.com/sponsor/TenableSecurity_focus-linux_040301
------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Anti-Spam Solutions and Security
II. LINUX VULNERABILITY SUMMARY
     1. W3C Jigsaw Unspecified Remote URI Parsing Vulnerability
     2. LGames LBreakout2 Multiple Environment Variable Buffer Overf...
     3. Samhain Labs HSFTP Remote Format String Vulnerability
     4. Platform Load Sharing Facility EAuth Component Buffer Overfl...
     5. Platform Load Sharing Facility EAuth Privilege Escalation Vu...
     6. Apple QuickTime/Darwin Streaming Server DESCRIBE Request Rem...
     7. Digital Reality Haegemonia Remote Denial Of Service Vulnerab...
     8. MTools MFormat Privilege Escalation Vulnerability
     9. Mozilla Browser Zombie Document Cross-Site Scripting Vulnera...
III. LINUX FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2004-02-23 to 2004-03-01.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Big Sister   v0.99b1
     2. suPHP   v0.5.1
     3. Sentry Firewall CD-ROM v1.5.0-rc10(dev)
     4. Portable OpenSSH v3.8p1
     5. BitDefender Linux Edition v7.0.1-3
     6. pasmal v0.6 beta
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION


I. FRONT AND CENTER
-------------------
1. Anti-Spam Solutions and Security
By Dr. Neal Krawetz

This article is the first of a two-part series that discusses the 
security
issues of spam as well as several current anti-spam methodologies.

http://www.securityfocus.com/infocus/1763


II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. W3C Jigsaw Unspecified Remote URI Parsing Vulnerability
BugTraq ID: 9711
Remote: Yes
Date Published: Feb 21 2004
Relevant URL: http://www.securityfocus.com/bid/9711
Summary:
Jigsaw is prone to an unspecified remote URI parsing vulnerability.  
This
issue is reportedly due to a failure of the application to properly 
parse
and sanitize user supplied URI input.

The results of successful exploitation of this issue are currently
unknown, however it is conjectured that this issue may be leveraged to
compromise web server readable files outside of the server root 
directory.

2. LGames LBreakout2 Multiple Environment Variable Buffer Overf...
BugTraq ID: 9712
Remote: No
Date Published: Feb 21 2004
Relevant URL: http://www.securityfocus.com/bid/9712
Summary:
Multiple buffer overflow vulnerabilities exist in the environment 
variable
handling of LBreakout2.  The issue is due to an insufficient boundary
checking of certain environment variables used by the affected
application.

A malicious user may exploit this condition to potentially corrupt
sensitive process memory in the affected process and ultimately execute
arbitrary code with the privileges of the game process.

3. Samhain Labs HSFTP Remote Format String Vulnerability
BugTraq ID: 9715
Remote: No
Date Published: Feb 23 2004
Relevant URL: http://www.securityfocus.com/bid/9715
Summary:
hsftp has been found to be prone to a remote print format string
vulnerability.  This issue is due to the application improper use of a
format printing function.

Ultimately this vulnerability could allow for execution of arbitrary 
code
on the system implementing the affected software, which would occur in 
the
security context of the server process.

4. Platform Load Sharing Facility EAuth Component Buffer Overfl...
BugTraq ID: 9719
Remote: Yes
Date Published: Feb 23 2004
Relevant URL: http://www.securityfocus.com/bid/9719
Summary:
Load Sharing Facility eauth component has been reported prone to a 
buffer
overflow vulnerability. The issue presents itself due to a lack of 
bounds
checks performed on data that is passed to eauth. By supplying 
excessive
data, an attacker may corrupt data adjacent to the affected buffer and
thereby overwrite a saved instruction pointer. An attacker may leverage
this issue to influence program execution flow into attacker-supplied
instructions.

5. Platform Load Sharing Facility EAuth Privilege Escalation Vu...
BugTraq ID: 9724
Remote: Yes
Date Published: Feb 23 2004
Relevant URL: http://www.securityfocus.com/bid/9724
Summary:
Load Sharing Facility eauth component has been reported prone to 
privilege
escalation vulnerability. The eauth component is responsible for
controlling authentication procedures within Load Sharing Facility. An
issue has been reported where an attacker may send commands to Load
Sharing Facility as any user. The issue presents itself because eauth 
uses
an environment variable to determine the UID of the user invoking the
binary.

6. Apple QuickTime/Darwin Streaming Server DESCRIBE Request Rem...
BugTraq ID: 9735
Remote: Yes
Date Published: Feb 24 2004
Relevant URL: http://www.securityfocus.com/bid/9735
Summary:
It has been reported that QuickTime/Darwin Streaming Server may be 
prone
to a remote denial of service vulnerability that could allow an 
attacker
to cause the server to crash or hang.  The issue presents itself when 
the
software attempts to parse DESCRIBE requests with specially crafted
User-Agent fields.

QuickTime/Darwin Streaming Server version 4.1.3 is reported to be prone 
to
this issue.

This issue was originally described in Apple Security Update 2004-02-23
Released To Fix Multiple Vulnerabilities (BID 9731).

7. Digital Reality Haegemonia Remote Denial Of Service Vulnerab...
BugTraq ID: 9736
Remote: Yes
Date Published: Feb 24 2004
Relevant URL: http://www.securityfocus.com/bid/9736
Summary:
It has been reported that Haegemonia is prone to a remote denial of
service vulnerability.  This issue is due to a failure of the 
application
to validate packet data size input supplied by a client.

The immediate consequences of a successful attack will cause the 
affected
server to crash.  It has been conjectured that this issue may also be
leveraged to execute arbitrary code in the context of the affected
application, however this has not been verified.

8. MTools MFormat Privilege Escalation Vulnerability
BugTraq ID: 9746
Remote: No
Date Published: Feb 25 2004
Relevant URL: http://www.securityfocus.com/bid/9746
Summary:
It has been reported that mformat is prone to a privilege escalation
vulnerability when installed as a setUID application.  This issue is 
due
to a design error allowing a user to create any arbitrary files as the
root user.

A local attacker could exploit this issue by forcing the creation of
sensitive system files that already exist.  When the application 
formats
the specified files, the target system file will be overwritten,
destroying sensitive system data.  Since the files that are given
permissions 0666 and owned by root, the attacker may alter overwritten
system configuration files, allowing for a escalation of privileges.

9. Mozilla Browser Zombie Document Cross-Site Scripting Vulnera...
BugTraq ID: 9747
Remote: Yes
Date Published: Feb 25 2004
Relevant URL: http://www.securityfocus.com/bid/9747
Summary:
Mozilla has been reported to be prone to a cross-site scripting
vulnerability.  This issue is due to a design error that allows event
handlers in a web document from one domain to be executed in the 
context
of another.

This could permit a remote attacker to create a malicious web page that
includes hostile event handling script code. If this page were to 
redirect
to a target page when certain event handling code was activated, the
hostile code may be rendered in the web browser of the victim user. 
This
would occur in the security context of the new page and may allow for
theft of cookie-based authentication credentials or other attacks.


III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-02-23 to 2004-03-01.


IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:

Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.

Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to 
become
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:

SecretAgent is a file encryption and digital signature utility, 
supporting
cross-platform interoperability over a wide range of platforms: 
Windows,
Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless
of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely 
share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris,
UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:

EnCase Forensic Edition Version 4 delivers the most advanced features 
for
computer forensics and investigations. With an intuitive GUI and 
superior
performance, EnCase Version 4 provides investigators with the tools to
conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields 
completely
non-invasive computer forensic investigations while allowing examiners 
to
easily manage large volumes of computer evidence and view all relevant
files, including "deleted" files, file slack and unallocated space.

The integrated functionality of EnCase allows the examiner to perform 
all
functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:

KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely 
undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data
in it?s own internal memory (not on the hard drive), it is impossible 
for
a network intruder to gain access to any sensitive data stored within 
the
device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:

Evidian's SafeKit technology makes it possible to render any 
application
available 24 hours per day. With no extra hardware: just use your 
existing
servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to 
serve
your users.


V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Big Sister   v0.99b1
By: Thomas Aeby
Relevant URL: http://bigsister.sourceforge.net/
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:

Big Sister is an SNMP-aware monitoring program consisting of a 
Web-based
server and a monitoring agent. It runs under various Unixes and 
Windows.

2. suPHP   v0.5.1
By: Sebastian Marsching
Relevant URL: http://www.suphp.org/
Platforms: Linux
Summary:

suPHP is a combination of an Apache module (mod_suphp) and an 
executable
which provides a wrapper for PHP. With both together, it is possible to
execute PHP scripts with the permissions of their owner without having 
to
place a PHP binary in each user's cgi-bin directory. suPHP doesn't need
Apache's suExec, and provides a logging function.

3. Sentry Firewall CD-ROM v1.5.0-rc10(dev)
By: Obsid
Relevant URL: http://www.SentryFirewall.com/
Platforms: Linux
Summary:

Sentry Firewall CD-ROM Version 1.0 is a Linux based bootable CD-ROM
suitable for use as an inexpensive and easy to maintain Firewall or
IDS(Intrusion Detection System) Node. The system is designed to be
immediately configurable for a variety of different operating 
environments
via a configuration file located on a floppy disk or a local hard 
drive.

4. Portable OpenSSH v3.8p1
By: Damien Miller <djm@mindrot.org>
Relevant URL: http://www.openssh.com/
Platforms: Linux, UNIX
Summary:

This is a Unix/Linux port of OpenBSD's excellent OpenSSH. OpenSSH is a
full implementation of the SSH1 protocol and a 99% implementation of 
the
SSH 2 protocol, including sftp client and server support.

5. BitDefender Linux Edition v7.0.1-3
By: BitDefender
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=16
Platforms: Linux
Summary:

BitDefender Linux Edition is a powerful on-demand antivirus scanner for
command lines and shell scripts. It supports manual scanning of 
individual
files or entire file systems, malicious code detection, and 
disinfection.
After each scan, a detailed report of displayed positive virus 
detections
is displayed. It uses scanning engines that are certified by 
prestigious
testing labs.

6. pasmal v0.6 beta
By: James Meehan
Relevant URL: http://www.sourceforge.net/projects/pasmal/
Platforms: Linux, POSIX
Summary:

pasmal is a TCP/IP packet authentication system. When it receives a
sequence of ICMP or TCP packets to any port (open/closed), it will 
issue a
command on the server.

If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.


VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: Tenable Security

How do you manage your VULNERABILITIES?  Tenable Network Security can 
help
you actively and passively detect them with NeWT and NeVO as well as
communicate this information to the people who need to fix them through
the Lightning Console. Make recommendations, track remediations, 
correlate
vulnerabilities with IDS events, and create executive reports based on
organization, asset type or region. Visit us at:
http://www.securityfocus.com/sponsor/TenableSecurity_focus-linux_040301
------------------------------------------------------------------------