Date: | 20 Oct 2004 20:40:02 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #206 |
SecurityFocus Linux Newsletter #206
------------------------------------
This issue sponsored by: SPI Dynamics
Pen Test for the Top Web Application Vulnerabilities- FREE Product
Trial
Hackers are exploiting web apps with attacks such as; SQL Injection,
XSS
and Session Hijacking, all undetectable by Firewalls and IDS! Are you
vulnerable? Run a FREE Test of your Web Apps via our FREE 15 Day
Product
Trial that delivers a comprehensive Vulnerability Report.
http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_041020
------------------------------------------------------------------------
I. FRONT AND CENTER
1. SSH Host Key Protection
II. LINUX VULNERABILITY SUMMARY
1. MySQL Multiple Local Vulnerabilities
2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
3. Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerabilit...
4. phpMyAdmin Remote Command Execution Vulnerability
5. LibTIFF Multiple Buffer Overflow Vulnerabilities
6. Macromedia JRun Management Console HTML Injection Vulnerabil...
7. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
8. Macromedia JRun Management Console Administrative Session Fi...
9. KDocker Unspecified Vulnerability
10. Veritas Cluster Server Superuser Compromise Vulnerability
11. ProFTPD Authentication Delay Username Enumeration
Vulnerabil...
III. LINUX FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-10-12 to 2004-10-19.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. PIKT - Problem Informant/Killer Tool v1.17.0
2. ID-Synch 3.1
3. Nmap v3.70
4. THC-Hydra v4.3
5. Pads 1.1
6. cenfw 0.3b
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. SSH Host Key Protection
By Brian Hatch
This is the first in a series of articles on SSH in-depth. We start
with
looking at standard SSH host keys by examining the verification process
to
ensure you have not been the victim of an attack.
http://www.securityfocus.com/infocus/1806
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. MySQL Multiple Local Vulnerabilities
BugTraq ID: 11357
Remote: No
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11357
Summary:
MySQL is reported prone to multiple local vulnerabilities. These
issues may allow an attacker to bypass security restrictions or cause a
denial of service condition in the application.
It is reported that an attacker can bypass certain security
restrictions and gain access to and corrupt potentially sensitive data due to an
error in 'ALTER TABLE ... RENAME' operations.
A denial of service condition presents itself when multiple threads
ALTER MERGE tables to change the UNION.
Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes available.
2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
BugTraq ID: 11364
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11364
Summary:
It is reported that ColdFusion MX contains a weakness that allows all
developers to utilize the CFOBJECT tag and the CreateObject function to
execute potentially malicious code in the context of the affected
application server.
This weakness allows malicious developers to execute code that is not
appropriate for a shared server environment, or to perform
administrative actions in the context of the affected application server. Malicious
developers may possibly exploit this weakness to aid them in further
application or system attacks.
Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be
affected by this weakness.
3. Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerabilit...
BugTraq ID: 11385
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11385
Summary:
It is reported that Squid is susceptible to a denial of service
vulnerability in its SNMP ASN.1 parser. SNMP support is not enabled by default
as provided by the vendor. It may be enabled by default when Squid is
included as a binary application in certain unconfirmed operating
systems.
This vulnerability allows remote attackers to crash affected Squid
proxies with single UDP datagrams that may be spoofed. Squid will attempt
to restart itself automatically, but an attacker sending repeated
malicious SNMP packets can effectively deny service to legitimate users.
Squid versions 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702
are reported vulnerable to this issue.
4. phpMyAdmin Remote Command Execution Vulnerability
BugTraq ID: 11391
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11391
Summary:
phpMyAdmin is reported prone to a remote command execution
vulnerability. This vulnerability likely arises due to insufficient sanitization
of user-supplied data.
A successful attack may allow an attacker to execute arbitrary commands
on a vulnerable server resulting in a compromise of the server.
phpMyAdmin 2.6.0-pl1 and prior versions are affected by this issue.
5. LibTIFF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11406
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11406
Summary:
LibTIFF is affected by multiple buffer overflow vulnerabilities. This
issue is due to a failure of the application to properly perform
boundary checks prior to copying user-supplied strings into finite process
buffers.
An attacker may leverage these issues to execute arbitrary code on a
vulnerable computer with the privileges of the user running the
vulnerable application, facilitating unauthorized access. These issues may also
be leveraged to cause an affected application to crash.
6. Macromedia JRun Management Console HTML Injection Vulnerabil...
BugTraq ID: 11411
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11411
Summary:
Macromedia JRun is prone to an HTML injection vulnerability. This
issue exists in the Management Console and may allow hijacking of
administrative sessions.
7. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
BugTraq ID: 11413
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11413
Summary:
An HTTP response splitting vulnerability affects Macromedia JRun due to
Session ID handling. This issue is due to a failure of the application
to properly handle how POST requests are processed.
A remote attacker may exploit this vulnerability to influence or
misrepresent how web content is served, cached or interpreted. This could aid
in various attacks, which try to entice client users into a false sense
of trust.
8. Macromedia JRun Management Console Administrative Session Fi...
BugTraq ID: 11414
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11414
Summary:
Macromedia JRun is prone to session fixation vulnerability. This issue
exists in the Management Console.
The application is reported prone to session fixation vulnerability.
This attack can allow an attacker to set a session ID in a user's
browser and hijack the user's session upon authentication to JRun.
This issue can allow remote attackers to bypass authentication checks,
and possibly allow them to gain administrative access to the web
application.
This issue was originally reported in BID 11245 (Macromedia JRun
Multiple Remote Vulnerabilities). It is now being separated and assigned a
new BID.
9. KDocker Unspecified Vulnerability
BugTraq ID: 11419
Remote: No
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11419
Summary:
KDocker is reported prone to an unspecified vulnerability. The vendor
reported this issue in KDocker versions 0.8 and prior. The cause and
impact of this issue are currently unknown. It is conjectured that due
to the nature of this issue, it may allow a local attacker to gain
elevated privileges or compromise a computer locally.
Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes available.
10. Veritas Cluster Server Superuser Compromise Vulnerability
BugTraq ID: 11421
Remote: Unknown
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11421
Summary:
Veritas Cluster Server is affected by a superuser compromise
vulnerability. The underlying cause for this issue is currently unknown.
An attacker can leverage this issue to gain superuser access to an
affected computer, facilitating privileged unauthorized access. It is
currently not known if this issue is remotely or locally exploitable; this
BID will be updated as more details are released.
11. ProFTPD Authentication Delay Username Enumeration Vulnerabil...
BugTraq ID: 11430
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11430
Summary:
A timing attack is described in ProFTPD that could assist a remote user
in enumerating usernames.
A remote attacker may exploit this vulnerability to determine what
usernames are valid, privileged, or do not exist on the remote system.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-10-12 to 2004-10-19.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and
configure computer systems, organize system security, format documents,
assist command-line work, and perform other common systems administration
tasks.
PIKT's primary purpose is to report and fix problems, but its
flexibility and extendibility evoke many other uses limited only by your
imagination.
2. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux,
MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris,
SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost
of user administration, helps new and reassigned users get to work more
quickly, and ensures prompt and reliable access termination. This is
accomplished through automatic propagation of changes to user profiles
from systems of record to managed systems, with self service workflow for
security change requests, through consolidated and delegated user
administration, and with federation.
3. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD,
Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works
fine for single hosts. Sometimes you need speed, other times you may
need stealth. In some cases, bypassing firewalls may be required. Not to
mention the fact that you may want to scan different protocols (UDP,
TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN
(half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp
proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
4. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
5. Pads 1.1
By: Matt Shelton
Relevant URL:
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection
engine used to passively detect network assets. It is designed to
complement IDS technology by providing context to IDS alerts.
6. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SPI Dynamics
Pen Test for the Top Web Application Vulnerabilities- FREE Product
Trial
Hackers are exploiting web apps with attacks such as; SQL Injection,
XSS
and Session Hijacking, all undetectable by Firewalls and IDS! Are you
vulnerable? Run a FREE Test of your Web Apps via our FREE 15 Day
Product
Trial that delivers a comprehensive Vulnerability Report.
http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_041020