| Date: | 2 Nov 2004 18:14:11 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #208 |
SecurityFocus Linux Newsletter #208
------------------------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and
feature
articles! Sign up today!
http://www.securityfocus.com/htmlnewsletter/subscribe
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Trends in Web Application Security
2. Phishing For Savvy Users
II. LINUX VULNERABILITY SUMMARY
1. Mozilla Bugzilla Multiple Authentication Bypass and Informat...
2. Window Maker WMGLOBAL Font Specification Format String Vulne...
3. LinuxStat Remote Directory Traversal Vulnerability
4. Mozilla Temporary File Insecure Permissions Information Disc...
5. WVTFTP Server Remote Buffer Overflow Vulnerability
6. Libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilitie...
7. Kaffeine Remote Buffer Overflow Vulnerability
8. PostNuke Trojan Horse Vulnerability
9. Linux Kernel ReiserFS File System Local Denial Of Service Vu...
10. PPPD Remote Denial Of Service Vulnerability
11. PuTTY Remote SSH2_MSG_DEBUG Buffer Overflow Vulnerability
12. ID Software Quake II Server Multiple Remote Vulnerabilities
13. KDE Konqueror IFRAME Cross-Domain Scripting Vulnerability
14. RealNetworks RealOne Player/RealPlayer Skin File Remote
Stac...
15. ZGV Image Viewer Multiple Remote Integer Overflow
Vulnerabil...
16. PHP cURL Open_Basedir Restriction Bypass Vulnerability
17. Roaring Penguin Software MIMEDefang Multiple Unspecified
Vul...
III. LINUX FOCUS LIST SUMMARY
1. Linux security compliance (Thread)
2. Strange Attack On A Webserver I Work On (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Maillog View v1.03.3
2. BullDog Firewall 20040918
3. PIKT - Problem Informant/Killer Tool v1.17.0
4. ID-Synch 3.1
5. Nmap v3.70
6. THC-Hydra v4.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Trends in Web Application Security
By Kapil Raina
This article discusses current trends in penetration testing for web
application security, and in particular discusses a framework for
selecting
the best tool or tools to use for these increasingly common type of
application.
http://www.securityfocus.com/infocus/1809
2. Phishing For Savvy Users
By Scott Granneman
Recent "phishing" episodes are still often overlooked by tech-savvy
users,
but a lesson in history shows how entire nations have been fooled.
http://www.securityfocus.com/columnists/274
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Mozilla Bugzilla Multiple Authentication Bypass and Informat...
BugTraq ID: 11511
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11511
Summary:
Mozilla Bugzilla is affected by multiple authentication bypass and
information disclosure vulnerabilities. These issues are due to a failure
of the application to properly validate access permissions of a user
prior to revealing or altering information.
An attacker can leverage these issues to disclose bug details that are
marked private as well as edit bug reports without requiring
authorization.
2. Window Maker WMGLOBAL Font Specification Format String Vulne...
BugTraq ID: 11512
Remote: No
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11512
Summary:
A format string vulnerability has been reported in Window Maker related
to validation of font specifications in the WMGLOBAL configuration
file. A user could potentially include malicious format specifiers through
font specifications in the WMGLOBAL configuration file.
The vulnerability would be triggered when the configuration file is
read by the program, potentially allowing arbitrary code execution in the
context of the program.
3. LinuxStat Remote Directory Traversal Vulnerability
BugTraq ID: 11517
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11517
Summary:
It is reported that LinuxStat is vulnerable to a directory traversal
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input.
By including '../' directory traversal sequences in the affected URI
argument, attackers may reportedly cause the contents of arbitrary,
potentially sensitive web-server readable files to be included in the output
of the requested page. The resulting information disclosure may aid
malicious users in further attacks.
Versions prior to 2.3.1 are reported to be affected by this
vulnerability.
4. Mozilla Temporary File Insecure Permissions Information Disc...
BugTraq ID: 11522
Remote: No
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11522
Summary:
Mozilla, Mozilla Firefox, and Mozilla Thunderbird are all reported
susceptible to an information disclosure vulnerability. This issue is due
to a failure of the applications to properly ensure secure file
permissions on temporary files located in world-accessible locations.
This vulnerability allows local attackers to gain access to the
contents of potentially sensitive files. This may aid them in further attacks.
5. WVTFTP Server Remote Buffer Overflow Vulnerability
BugTraq ID: 11525
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11525
Summary:
A remote buffer overflow vulnerability affects WvTftp. This issue is
due to a failure of the application to properly to do proper sanity
checking on string value pairs in TFTP packets.
An attacker may leverage this issue to corrupt process heap memory,
facilitating code execution and a compromise of the affected computer. It
is also reported that the affected TFTP server runs with superuser
privileges by default.
6. Libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilitie...
BugTraq ID: 11526
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11526
Summary:
Libxml2 is reported prone to multiple remote stack buffer overflow
vulnerabilities. These issues occur due to insufficient boundary checks
performed by the application and may allow remote attackers to execute
arbitrary code on a vulnerable computer.
Multiple buffer overflow vulnerabilities exist in the URI parsing
functionality of the application. Multiple buffer overflow vulnerabilities
also affect the DNS name resolving code of Libxml2.
Libxml2 versions between 2.6.12 and 2.6.14 are reported vulnerable.
Other versions may also be affected.
7. Kaffeine Remote Buffer Overflow Vulnerability
BugTraq ID: 11528
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11528
Summary:
Kaffiene is reportedly affected by a remote buffer overflow
vulnerability. The problem presents itself due to insufficient boundary checks on
user-supplied strings prior to copying them into finite stack-based
buffers.
An attacker can leverage this issue remotely to execute arbitrary code
on an affected computer with the privileges of an unsuspecting user
that executed the vulnerable software.
8. PostNuke Trojan Horse Vulnerability
BugTraq ID: 11529
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11529
Summary:
It is reported that the server hosting PostNuke, www.postnuke.com, was
compromised recently. Additionally, it is reported that the attacker
modified the download address of the archive 'PostNuke-0.750.zip'. The
new download location contained a trojaned version of the PostNuke
archive.
It is reported that users that downloaded the PostNuke archive between
Sunday the 24th of Oct 2004 at 23:50 GMT and Tuesday the 26th of Oct
2004 at 8:30 GMT are likely to be affected by this vulnerability.
9. Linux Kernel ReiserFS File System Local Denial Of Service Vu...
BugTraq ID: 11533
Remote: No
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11533
Summary:
The Linux kernel is affected by a local denial of service vulnerability
in its ReiserFS file system functionality. This issue is due to a
failure of the application to properly handle files under certain
conditions.
An attacker may leverage this issue to trigger a livelock in the
affected file system, forcing a user to restart the computer to return it to
proper functionality.
10. PPPD Remote Denial Of Service Vulnerability
BugTraq ID: 11534
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11534
Summary:
It is reported that pppd is susceptible to a remote denial of service
vulnerability. This is due to a failure of the application to properly
handle invalid input.
Due to the nature of this design flaw, it is very likely that the
application will crash when handed an invalid CBCP packet. This will result
in the denial of service to legitimate users of the network
application.
Version 2.4.1 of the package was reported vulnerable, but other
versions may also be affected.
11. PuTTY Remote SSH2_MSG_DEBUG Buffer Overflow Vulnerability
BugTraq ID: 11549
Remote: Yes
Date Published: Oct 27 2004
Relevant URL: http://www.securityfocus.com/bid/11549
Summary:
A remote SSH2_MSG_DEBUG buffer overflow vulnerability affects PuTTY.
This issue is due to insufficient bounds checking on network data prior
to copying the data into process buffers.
An attacker may leverage this issue to execute arbitrary code on a
computer running the affected software with the privileges of the user that
activated it, facilitating unauthorized access.
12. ID Software Quake II Server Multiple Remote Vulnerabilities
BugTraq ID: 11551
Remote: Yes
Date Published: Oct 27 2004
Relevant URL: http://www.securityfocus.com/bid/11551
Summary:
Multiple remote vulnerabilities have been reported to affect Quake II.
These issues are due to boundary condition checking failures, access
validation failures and failures to handle exceptional conditions.
An attacker may leverage these issues to trigger a denial of service
condition, execute arbitrary code, gain access to sensitive server files
and rejoin a server that they have been banned from.
13. KDE Konqueror IFRAME Cross-Domain Scripting Vulnerability
BugTraq ID: 11552
Remote: Yes
Date Published: Oct 27 2004
Relevant URL: http://www.securityfocus.com/bid/11552
Summary:
Konqueror is reported prone to a cross-domain scripting vulnerability.
The issue is reported to exist because Konqueror fails to prevent
JavaScript that is rendered in one frame from accessing properties of a site
contained in an alternate frame.
This vulnerability may be exploited by a malicious web site to render
JavaScript in the context of an alternate domain.
14. RealNetworks RealOne Player/RealPlayer Skin File Remote Stac...
BugTraq ID: 11555
Remote: Yes
Date Published: Oct 27 2004
Relevant URL: http://www.securityfocus.com/bid/11555
Summary:
RealNetworks RealPlayer and RealOne Player are reported prone to a
remote stack based buffer overflow vulnerability.
It is reported that the buffer overflow exists due to a lack of
boundary checks performed on filenames contained in skin file archives.
A remote attacker may exploit this vulnerability to execute arbitrary
instructions in the context of a user that visits a malicious website,
or that applies a malicious skin file manually.
15. ZGV Image Viewer Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 11556
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11556
Summary:
zgv is reportedly affected by multiple remote integer overflow
vulnerabilities. These issues are due to a failure of the application to
perform adequate sanity checking on image values prior to copying image data
into process buffers.
An attacker may leverage these issues to execute arbitrary code on an
affected computer with the privileges of the user running the vulnerable
application.
16. PHP cURL Open_Basedir Restriction Bypass Vulnerability
BugTraq ID: 11557
Remote: Yes
Date Published: Oct 28 2004
Relevant URL: http://www.securityfocus.com/bid/11557
Summary:
It is reported that cURL allows malicious users to bypass
'open_basedir' restrictions in PHP scripts. This issue is due to a failure of the
cURL module to properly enforce PHPs 'open_basedir' restriction.
Users with the ability to create or modify PHP scripts on a server
computer hosting the vulnerable software can reportedly exploit this
vulnerability to bypass the 'open_basedir' restriction, and access arbitrary
files with the privileges of the web server. This may aid them in
further attacks.
This vulnerability possibly results in a false sense of security, as
administrators expect that the restrictions in place prevent malicious
users from gaining access to sensitive information.
17. Roaring Penguin Software MIMEDefang Multiple Unspecified Vul...
BugTraq ID: 11563
Remote: Yes
Date Published: Oct 29 2004
Relevant URL: http://www.securityfocus.com/bid/11563
Summary:
MIMEDefang is reported prone to multiple remote vulnerabilities. The
cause and impact of these issues is currently unknown. It is
conjectured that these issues are caused by insufficient sanitization of
user-supplied data and may exist in 'mimedefang.pl.in' and 'mimedefang.c'
files.
MIMEDefang 2.47 and prior versions are affected by these
vulnerabilities.
This BID will be updated as more information becomes available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Linux security compliance (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/380078
2. Strange Attack On A Webserver I Work On (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/379937
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Maillog View v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary:
Maillog View is a Webmin module that allows you to easily view all your
/var/log/maillog.* files. It features autorefresh, message size
indication, ascending/descending view order, compressed file support, and a
full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are
supported. Courier MTA support is experimental.
2. BullDog Firewall 20040918
By: Robert APM Darin
Relevant URL: http://tanaya.net/BullDog
Platforms: Linux
Summary:
Bulldog is a powerful but lightweight firewall for heavy use systems.
With many features, this firewall can be used by anyone who wants to
protect his/her systems.
This system allow dynamic and static rules sets for maximum protection
and has several advance features.
This firewall will work for the hobbyist or a military base. Generation
7 is a complete rewrite and redesign from scratch.
Be prepared to spend some time setting this up.
3. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and
configure computer systems, organize system security, format documents,
assist command-line work, and perform other common systems administration
tasks.
PIKT's primary purpose is to report and fix problems, but its
flexibility and extendibility evoke many other uses limited only by your
imagination.
4. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux,
MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris,
SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost
of user administration, helps new and reassigned users get to work more
quickly, and ensures prompt and reliable access termination. This is
accomplished through automatic propagation of changes to user profiles
from systems of record to managed systems, with self service workflow for
security change requests, through consolidated and delegated user
administration, and with federation.
5. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD,
Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works
fine for single hosts. Sometimes you need speed, other times you may
need stealth. In some cases, bypassing firewalls may be required. Not to
mention the fact that you may want to scan different protocols (UDP,
TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN
(half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp
proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
6. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe@securityfocus.com from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and
feature
articles! Sign up today!
http://www.securityfocus.com/htmlnewsletter/subscribe
------------------------------------------------------------------------