"Peter Laborge" <plaborge@securityfocus.com>
To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #184 |
SecurityFocus Linux Newsletter #184
------------------------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other
resources.
Try it today! Sign up for your FREE 14-day trial below!
http://www.securityfocus.com/sponsor/TruSecure_linux-secnews_040517
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Secure by Default
2. TCP/IP Skills Required for Security Analysts
II. LINUX VULNERABILITY SUMMARY
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
2. Linux Kernel Local IO Access Inheritance Vulnerability
3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
4. National Science Foundation Squid Proxy Internet Access Cont...
5. EMule Web Control Panel Denial Of Service Vulnerability
6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
7. Linux Kernel Serial Driver Proc File Information Disclosure ...
8. Linux Kernel STRNCPY Information Leak Vulnerability
9. Opera Web Browser Address Bar Spoofing Weakness
10. Triornis ZoneMinder Multiple Remote Buffer Overflow
Vulnerab...
11. Opera Web Browser Telnet URI handler Arbitrary File
Creation...
III. LINUX FOCUS LIST SUMMARY
1. Secure Form Script? (Thread)
2. decent loadbalancing with 2 different ISP's with min...
(Thread)
3. decent loadbalancing with 2 different ISP's with min...
(Thread)
4. Did RedHat's OpenSSL patch miss Apache? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Astaro Security Linux (Stable 5.x) v5.007
2. TinyCA v0.6.0
3. OS-SIM v0.9.4
4. Automatic Firewall v0.3
5. MIMEDefang v2.43
6. WallFire wfconvert v0.3.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Secure by Default
By Jason Miller
Why "Secure By Default" is a step in the right direction.
http://www.securityfocus.com/columnists/241
2. TCP/IP Skills Required for Security Analysts
By Don Parker
This article guides users new to the security field through some of the
key skills required to work as a security analyst. The focus is on core
TCP/IP competency and related technologies such as intrusion detection
systems, firewalls and routers.
http://www.securityfocus.com/infocus/1779
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
BugTraq ID: 10301
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10301
Summary:
It has been reported that Sun's Java Runtime Environment, as well as
the Java Software Development Kit are affected by an unspecified, remote
denial of service vulnerability.
This issue would allow an attacker to cause the affected JRE to become
unresponsive, denying service to legitimate users.
2. Linux Kernel Local IO Access Inheritance Vulnerability
BugTraq ID: 10302
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10302
Summary:
It has been reported that the Linux Kernel is affected by an IO access
inheritance vulnerability. This issue is due to an access validation
error that fails to invalidate all io_bitmap pointers before a process
exits.
This issue could allow local users to lock up the affected system,
denying service to legitimate users. This issue might also allow an
attacker to gain escalated privileges.
3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote
buffer overflow vulnerability when processing an excessively long base64
authentication request. A remote attacker could execute arbitrary code in
the context of the server leading to unauthorized access.
This issue is reported to exist in Icecast 2.0.0, however, it is
possible that previous versions are affected as well.
4. National Science Foundation Squid Proxy Internet Access Cont...
BugTraq ID: 10315
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10315
Summary:
Squid proxy has been reported to be affected by an Internet access
control bypass vulnerability. This issue is caused by a failure of the
application to properly handle access controls when evaluating malformed
URI requests.
This issue is reported to affect version 2.3.STABLE5 of the software,
it is likely however that other versions are also affected.
This issue would allow users that are restricted from accessing
Internet-based resources to access arbitrary web sites.
5. EMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to a
remote denial of service vulnerability.
This issue is reportedly triggered by sending malformed requests to the
web interface. Upon processing malformed requests, the affected
application will crash, denying service to legitimate users.
6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
BugTraq ID: 10326
Remote: No
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10326
Summary:
An integer overflow vulnerability has been reported in the
sctp_setsockopt() system call of the Linux kernel. This issue is related to the
code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option.
The issue presents itself in the sctp_setsockopt() function of the
net/sctp/socket.c source file, due to a lack of sufficient validation
performed on user supplied integer values.
This vulnerbaility may result in the allocation of a zero byte chunk in
kernel memory space. Likely resulting in a kernel panic. The issue may
also potentially be exploited however to compromise the system.
This vulnerability is reported to affect Linux kernel versions up to
and including version 2.4.25.
7. Linux Kernel Serial Driver Proc File Information Disclosure ...
BugTraq ID: 10330
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10330
Summary:
It has been reported that the Linux kernel is prone to a serial driver
proc file information disclosure vulnerability. This issue is due to a
design error that allows unprivileged access to potentially sensitive
information.
This issue might allow an attacker to gain access to sensitive
information such as user password lengths.
8. Linux Kernel STRNCPY Information Leak Vulnerability
BugTraq ID: 10331
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10331
Summary:
This issue is reported to affect the vulnerable kernel only on
platforms other than x86.
It has been reported that the Linux kernel is prone to a 'strncpy()'
information leak vulnerability. This issue is due to a failure of the
libc code to properly implement the offending function on platforms other
than x86.
This issue might lead to information leakage, potentially facilitating
further attacks against an affected system or process.
9. Opera Web Browser Address Bar Spoofing Weakness
BugTraq ID: 10337
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10337
Summary:
Opera Web Browser is prone to a security weakness that may permit
malicious web pages to spoof address bar information.
This is reportedly possible through malicious use of the JavaScript
"unOnload" event handler when the browser is redirected to another page.
This issue could be exploited to spoof the domain of a malicious web
page, potentially causing the victim user to trust the spoofed domain.
The vulnerability reportedly affects Opera 7.23 releases on Windows and
Linux platforms. Earlier versions may also be affected.
10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab...
BugTraq ID: 10340
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10340
Summary:
Reportedly ZoneMinder is affected by multiple remote buffer overflow
vulnerabilities, potentially leading to unauthorized access. These
issues are due to a failure of the application to properly validate buffer
boundaries when processing user input.
These issues could allow a remote attacker to execute arbitrary code in
the context of the affected software, which could lead to unauthorized
access.
11. Opera Web Browser Telnet URI handler Arbitrary File Creation...
BugTraq ID: 10341
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10341
Summary:
It has been reported that Opera web browser is prone to a vulnerability
that may allow a remote attacker to create and modify arbitrary files
on a system. The vulnerability presents itself because the telnet URI
handler in Opera fails to sanitize user-supplied input. Specifically,
if a '-' character is present at the beginning of a host name, options
may be passed to the telnet program to carry out an attack remotely.
Opera version 7.23 is reported to be affected by this issue. Earlier
versions may also be affected.
**It has been reported that various web browsers are affected by this
issue. The affected products include Apple Safari, Microsoft Internet
Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly
others. These applications are currently undergoing further review and
individual BIDs will be created when more information becomes available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363468
2. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362894
3. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362893
4. Did RedHat's OpenSSL patch miss Apache? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362892
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet
inspection filtering, content filtering, user authentication, virus
scanning, VPN with IPSec and PPTP, and much more. With its Web-based
management tool, WebAdmin, and the ability to pull updates via the Internet,
it is pretty easy to manage. It is based on a special hardened Linux
2.4 distribution where most daemons are running in change-roots and are
protected by kernel capabilities.
2. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small
certification authority. It is based on OpenSSL and Perl modules from the OpenCA
project. TinyCA lets you manage x509 certificates. It is possible to
export data in PEM or DER format for use with servers, as PKCS#12 for use
with clients, or as S/MIME certificates for use with email programs. It
is also possible to import your own PKCS#10 requests and generate
certificates from them.
3. OS-SIM v0.9.4
By: Dominique Karg
Relevant URL: http://www.ossim.net/
Platforms: Linux, MacOS, POSIX
Summary:
OSSIM pretends to unify network monitoring, security, correlation, and
qualification in one single tool. It combines Snort, Acid, HotSaNIC,
NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full
control over every aspect of networking or security.
4. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your
environment and deciding what is a good fit for your needs. It is intended for
the novice broadband user to install and forget about, but still be
fairly well protected.
5. MIMEDefang v2.43
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect
Windows clients from viruses. It can alter or delete various parts of a MIME
message according to a very flexible configuration file. It can also
bounce messages with unnaceptable attachments. MIMEDefang works with
Sendmail 8.11's new "Milter" API, which gives it much more flexibility than
procmail-based approaches.
6. WallFire wfconvert v0.3.1
By: Hervé Eychenne
Relevant URL: http://www.wallfire.org/wfconvert/
Platforms: Linux, POSIX
Summary:
The goal of the WallFire project is to create a very general and
modular firewalling application based on Netfilter or any kind of low-level
framework. Wfconvert is a tool which imports/translates rules from/to
any supported firewalling language.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other
resources.
Try it today! Sign up for your FREE 14-day trial below!
http://www.securityfocus.com/sponsor/TruSecure_linux-secnews_040517
------------------------------------------------------------------------