Date: Mon, 8 Mar 2004 16:42:37 -0700 (MST)
From:"John Boletta" <jboletta@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #174


SecurityFocus Linux Newsletter #174
------------------------------------

This issue is sponsored by: Reasoning Inc.

Enter to win a free application-level software security inspection -- a
$20,000 value!

Reasoning will inspect up to 100,000 lines of your toughest C/C++ code,
pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power that application 
scanning
and dynamic testing tools can't match.

Enter to win a free software security inspection now:

http://sic-em.steelbrick.com/REA2302/securityfocus-linux.jsp
------------------------------------------------------------------------
I. FRONT AND CENTER
     1. HIPAA Security Rule
     2. Is password-lending a cybercrime?
II. LINUX VULNERABILITY SUMMARY
     1. Calife Password Heap Overrun Vulnerability
     2. xboing Local Buffer Overflow Vulnerabilities
     3. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
     4. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
     5. YABB SE Multiple Input Validation Vulnerabilities
     6. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
     7. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
III. LINUX FOCUS LIST SUMMARY
     1. Administrivia X-Post:  Farewell (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Prismstumbler  v0.7.0
     2. Rule-based Intrusion Detection System 1.0 (Default) v1.0
     3. The SSH library v0.1
     4. OpenCA v0.9.2 RC3
     5. MIMEDefang v2.40
     6. MasarLabs NoArp v2.0.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION


I. FRONT AND CENTER
-------------------
1. HIPAA Security Rule
By Steven Weil

This article presents a detailed overview of the American HIPAA (Health
Insurance Portability and Accountability Act) Security Rule and key
factors you should consider when preparing to comply with the rule.

http://www.securityfocus.com/infocus/1764

2. Is password-lending a cybercrime?
By Mark Rasch

A judge's wrongheaded interpretation of the federal Computer Fraud and
Abuse Act illustrates the problems of allowing civil enforcement of a
criminal law.

http://www.securityfocus.com/columnists/222


II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Calife Password Heap Overrun Vulnerability
BugTraq ID: 9756
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9756
Summary:
Calife is reportedly prone to a locally exploitable heap overrun
vulnerability.  This issue is due to insufficient bounds checking of
password input.  If this issue was successfully exploited to execute
arbitrary code, it could potentially allow an unprivileged local user 
to
gain root access.

It has been reported that this issue may actually be indicative of a 
more
serious problem in the glibc implementation of the getpass() function.
This has not been confirmed.  This BID will be updated as more 
information
is provided.

2. xboing Local Buffer Overflow Vulnerabilities
BugTraq ID: 9764
Remote: No
Date Published: Feb 27 2004
Relevant URL: http://www.securityfocus.com/bid/9764
Summary:
xboing is prone to multiple buffer overflows that could be exploited to
allow a local user to elevate their privileges.

3. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
BugTraq ID: 9765
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9765
Summary:
It has been reported that one of the scripts included with phpBB is 
prone
to a cross-site scripting vulnerability.  According to the author of 
the
report, the script "viewtopic.php" returns the value of the HTML 
variable
"postorder" to the client as its output without encoding it or 
otherwise
removing potentially hostile content.  This can be exploited by
constructing malicious links with the malicious "postorder" variable 
value
embedded as a GET request style HTML variable.  If the target user 
visits
such a link, the malicious, externally created content supplied in the
link will be rendered (or executed, in the case of script code) as part 
of
the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).

4. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi...
BugTraq ID: 9766
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9766
Summary:
It has been reported that an input validation error with the potential 
for
use in a SQL injection attack is present in the "search.php" script.
Consequently, malicious users may corrupt the resulting SQL queries 
(there
are at least two) by specially crafting a value for the "st" variable.
The impact of this vulnerability depends on the underlying database.  
It
may be possible to corrupt/read sensitive data, execute
commands/procedures on the database server or possibly exploit
vulnerabilities in the database itself through this condition.

5. YABB SE Multiple Input Validation Vulnerabilities
BugTraq ID: 9774
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9774
Summary:
It has been reported that YaBB SE may be prone to multiple 
vulnerabilities
due to improper input validation.  The issues may allow an attacker to
carry out SQL injection and directory traversal attacks.  Successful
exploitation of these issues may allow an attacker to gain access to
sensitive information that may be used to mount further attacks against 
a
vulnerable system.  The SQL injection vulnerabilities can be exploited 
to
gain access to user authentication credentials and corrupt user
information in the underlying database.

YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected 
by
these issues, however it is possible that other versions are vulnerable 
as
well.

6. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi...
BugTraq ID: 9778
Remote: Yes
Date Published: Mar 01 2004
Relevant URL: http://www.securityfocus.com/bid/9778
Summary:
It has been reported that Squid Proxy may be prone to an unauthorized
access vulnerability that may allow remote users to bypass access 
controls
resulting in unauthorized access to attacker-specified resources.  The
vulnerability presents itself when a URI that is designed to access a
specific location with a supplied username, contains '%00' characters.
This sequence may be placed as part of the username value prior to the 
@
symbol in the malicious URI.

Squid Proxy versions 2.0 to 2.5 STABLE4 are reported to be prone to 
this
vulnerability.

7. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera...
BugTraq ID: 9801
Remote: Yes
Date Published: Mar 03 2004
Relevant URL: http://www.securityfocus.com/bid/9801
Summary:
It has been reported that a number of undisclosed SandSurfer scripts 
are
prone to cross-site scripting vulnerabilities.

This could permit a remote attacker to create a malicious link to the
vulnerable application that includes hostile HTML and script code. If 
this
link were followed, the hostile code may be rendered in the web browser 
of
the victim user.


III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Administrivia X-Post:  Farewell (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/356494


IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:

Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.

Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to 
become
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:

SecretAgent is a file encryption and digital signature utility, 
supporting
cross-platform interoperability over a wide range of platforms: 
Windows,
Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless
of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely 
share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris,
UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:

EnCase Forensic Edition Version 4 delivers the most advanced features 
for
computer forensics and investigations. With an intuitive GUI and 
superior
performance, EnCase Version 4 provides investigators with the tools to
conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields 
completely
non-invasive computer forensic investigations while allowing examiners 
to
easily manage large volumes of computer evidence and view all relevant
files, including "deleted" files, file slack and unallocated space.

The integrated functionality of EnCase allows the examiner to perform 
all
functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:

KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely 
undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data
in it?s own internal memory (not on the hard drive), it is impossible 
for
a network intruder to gain access to any sensitive data stored within 
the
device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:

Evidian's SafeKit technology makes it possible to render any 
application
available 24 hours per day. With no extra hardware: just use your 
existing
servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to 
serve
your users.


V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Prismstumbler  v0.7.0
By: Florian Boor
Relevant URL: http://prismstumbler.sourceforge.net/
Platforms: Linux, POSIX
Summary:

Prismstumbler is software which finds 802.11 (W-LAN) networks. It comes
with an easy to use GTK2 frontend and is small enough to fit on a small
portable system. It is designed to be a flexible tool to find as much
information about wireless LAN installations as possible. Because of 
its
client-server architecture the scanner engine may be used for different
frontends.

2. Rule-based Intrusion Detection System 1.0 (Default) v1.0
By: Pankaj Kumar Madhukar
Relevant URL: http://students.iiit.net/~pankaj_n/rids/index.html
Platforms: Linux
Summary:

RIDS is a machine learning rule-based intrusion detection system for
Linux.

3. The SSH library v0.1
By: Aris Adamantiadis
Relevant URL: http://www.0xbadc0de.be/projects/sshlib.html
Platforms: FreeBSD, Linux, NetBSD, OpenBSD
Summary:

The SSH library is a C library to authenticate in a simple manner to 
one
or more SSH servers. The goal of this project is to provide a library 
much
simpler to use than OpenSSH's one. A sample SSH client is provided.

4. OpenCA v0.9.2 RC3
By: Massimiliano Pala <madwolf@openca.org>
Relevant URL: http://www.openca.org/openca/
Platforms: FreeBSD, Linux, NetBSD, OpenBSD, Solaris
Summary:

The OpenCA Project is a collaborative effort to develop a robust,
full-featured and Open Source out-of-the-box Certification Authority
implementing the most used protocols with full-strength cryptography
world-wide. OpenCA is based on many Open-Source Projects. Among the
supported software is OpenLDAP, OpenSSL, Apache Project, Apache 
mod_ssl.

5. MIMEDefang v2.40
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:

MIMEDefang is a flexible MIME e-mail scanner designed to protect 
Windows
clients from viruses. It can alter or delete various parts of a MIME
message according to a very flexible configuration file. It can also
bounce messages with unnaceptable attachments. MIMEDefang works with
Sendmail 8.11's new "Milter" API, which gives it much more flexibility
than procmail-based approaches.

6. MasarLabs NoArp v2.0.0
By: Masar
Relevant URL: http://www.masarlabs.com/noarp/
Platforms: Linux, POSIX
Summary:

MasarLabs NoArp is a Linux kernel module that filters and drops 
unwanted
ARP requests. It is useful when you need to add an alias to the 
loopback
interface to use a load balancer.

VII. SPONSOR INFORMATION
-----------------------
This issue is sponsored by: Reasoning Inc.

Enter to win a free application-level software security inspection. A
$20,000 value!

Reasoning will inspect up to 100,000 lines of your toughest C/C++ code.
Pinpointing the exact location of security vulnerabilities that are the
leading target of hackers. Experience the power application scanning 
and
dynamic testing tools can't match.

Enter to win a free software security inspection now:

http://sic-em.steelbrick.com/REA2302/securityfocus-linux.jsp
------------------------------------------------------------------------