Date: 22 Jun 2004 17:20:48 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #189
SecurityFocus Linux Newsletter #189
------------------------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to visit a myriad of mailing lists and websites to read the news? Just 
add the new SecurityFocus RSS feeds to your freeware RSS reader, and 
see 
all the latest posts for Bugtraq and the SF Vulnernability database in 
one convenient place. Or, pull in the latest news, columnists and 
feature 
articles in the SecurityFocus aggregated news feed, and stay on top of 
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Securing Apache 2: Step-by-Step
II. LINUX VULNERABILITY SUMMARY
     1. Horde Chora Viewer Remote Command Execution Vulnerability
     2. Multiple Vendor Anti-Virus Scanner Remote Denial Of Service ...
     3. Linux Kernel Assembler Inline Function Local Denial Of Servi...
     4. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
     5. KAME Racoon IDE Daemon X.509 Improper Certificate Verificati...
     6. Check Point Firewall-1 Internet Key Exchange Information Dis...
     7. Invision Power Board Potential IP Address Spoofing Vulnerabi...
     8. Linux Kernel Inter Intergrated Circuit Bus Driver Integer Ov...
     9. Linux Kernel Multiple Device Driver Vulnerabilities
     10. Nmap Potential Insecure File Creation Vulnerability
     11. MoinMoin Group Name Privilege Escalation Vulnerability
     12. Asterisk PBX Multiple Logging Format String Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
     1. OpenVPN? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. SecretAgent
     2. Cyber-Ark  Inter-Business Vault
     3. EnCase Forensic Edition
     4. KeyGhost SX
     5. SafeKit
     6. Astaro Linux Firewall
V. NEW TOOLS FOR LINUX PLATFORMS
     1. SnortNotify 1.02
     2. Devil-Linux v1.2 Beta 1
     3. GNU Anubis v3.9.94
     4. DNSSEC Walker v3.4
     5. Ettercap v0.7.0 pre2
     6. Linux Intrusion Detection System (LIDS) v2.6.6
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Securing Apache 2: Step-by-Step
By Artur Maj

Continuing the very popular "Securing" series from last year, this 
article discusses step-by-step how to compile, install, chroot and 
configure a secure Apache 2 web server.

http://www.securityfocus.com/infocus/1786

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Horde Chora Viewer Remote Command Execution Vulnerability
BugTraq ID: 10531
Remote: Yes
Date Published: Jun 13 2004
Relevant URL: http://www.securityfocus.com/bid/10531
Summary:
Horde Chora Viewer is reported to be prone to a remote command 
execution vulnerability. The vulnerability is reported to exist due to a lack 
of sanitization performed on values that may be user-supplied. 

Shell metacharacters that are included as a value for the affected URI 
parameter may result in attacker specified shell commands being 
executed in an exec() call. Command execution will occur in the context of the 
affected web server.

Chora versions up to an including version 1.2.1 are reported to be 
affected by this vulnerability.

2. Multiple Vendor Anti-Virus Scanner Remote Denial Of Service ...
BugTraq ID: 10537
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10537
Summary:
Multiple vendor anti-virus scanning software is reported prone to a 
remote denial of service vulnerability. 

The issue is reported to present itself when certain malicious archives 
containing large quantities of data are scanned.

In the supplied example approximately 300 Gigabytes of data is archived 
in many different archive types. This archive may be transmitted to a 
client or submitted to an online anti-virus scanning service in order to 
crash the anti-virus software.

3. Linux Kernel Assembler Inline Function Local Denial Of Servi...
BugTraq ID: 10538
Remote: No
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10538
Summary:
The Linux Kernel is reportedly to be affected by a local denial of 
service vulnerability surrounding inline assembly functions.  This issue is 
due to a design error that causes the application to fail to properly 
handle stack frame management.

This issue may be leveraged by an attacker to cause the affected system 
to crash, denying service to legitimate users.

Although only select linux kernels are reported to be affected, it is 
likely that various other versions are vulnerable as well.

4. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
BugTraq ID: 10539
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10539
Summary:
Invision Power Board 'ssi.php' script reported prone to a cross-site 
scripting vulnerability.  The issue presents itself due to a lack of 
sufficient sanitization performed by functions in the 'ssi.php' script on 
user-influenced 'f' parameter.  This can permit the theft of 
cookie-based authentication credentials; other attacks may also be possible.

5. KAME Racoon IDE Daemon X.509 Improper Certificate Verificati...
BugTraq ID: 10546
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10546
Summary:
It is reported that racoon improperly validates X.509 certificates when 
negotiating IPSec connections.

When checking certificate validity, racoon ignores many errors from 
OpenSSL and grants access to invalid certificates.

When ignoring these errors, racoon would allow improper certificates to 
be used when authenticating connections. This vulnerability would allow 
attackers to forge certificates and potentially gain access to IPSec 
VPNs. This would also effectively make all certificates permanent.

It is unknown the exact versions of racoon that are vulnerable at this 
time.

6. Check Point Firewall-1 Internet Key Exchange Information Dis...
BugTraq ID: 10558
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10558
Summary:
Check Point Firewall-1 is affected by an information disclosure 
vulnerability during an Internet Key Exchange (IKE) phase.  This issue is due 
to a design error that may present sensitive information to an 
attacker.

An attacker can leverage this issue to disclose information about the 
affected firewall product including the version number and various 
details about the firewall's capabilities. Furthermore this issue would 
facilitate fingerprinting or identifying a firewall by carrying out active 
scans.

7. Invision Power Board Potential IP Address Spoofing Vulnerabi...
BugTraq ID: 10559
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10559
Summary:
It is reported that Invision Power Board is prone to an IP address 
spoofing vulnerability.  If an attacker is using a proxy to access a remote 
forum, the application logs the attacker's internal IP address on the 
LAN, instead of the real IP address of the proxy.

This issue is reported to affect Invision Power Board version 1.3, 
however, it is likely that other versions are affected as well.

8. Linux Kernel Inter Intergrated Circuit Bus Driver Integer Ov...
BugTraq ID: 10563
Remote: No
Date Published: Jun 17 2004
Relevant URL: http://www.securityfocus.com/bid/10563
Summary:
The Linux kernel has been reported to be vulnerable to an integer 
overflow in the inter integrated circuit (I2C) bus driver.  This issue is 
due to a failure of the offending driver to properly validate 
user-reported size values.

This issue could be leveraged by an attacker to execute machine code 
with the privileges of the affected driver; potentially leading to 
privilege escalation and ring 0 access.

It should be noted that in most cases I2C device files are by default 
only readable and writable by superusers; in such a case an attacker 
would have to have superuser privileges.

9. Linux Kernel Multiple Device Driver Vulnerabilities
BugTraq ID: 10566
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10566
Summary:
It has been reported that the Linux kernel is vulnerable to multiple 
device driver issues. These issues were found during a recent audit of 
the Linux kernel source.

Drivers reportedly affected by these issues are: aironet, asus_acpi, 
decnet, mpu401, msnd, and pss.

These issues may reportedly allow attackers to gain access to kernel 
memory or gain escalated privileges on the affected computer.

10. Nmap Potential Insecure File Creation Vulnerability
BugTraq ID: 10567
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10567
Summary:
Nmap is reportedly prone to a potential insecure file creation 
vulnerability.  A local user may exploit this vulnerability to cause files to 
be overwritten with the privileges of the user running Nmap.  This issue 
occurs when Nmap is launched with the '-oN' option.

All versions of Nmap are considered to be vulnerable to this issue.  

Further analysis has showed that this issue is not a vulnerability.  
This BID is being retired.

11. MoinMoin Group Name Privilege Escalation Vulnerability
BugTraq ID: 10568
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10568
Summary:
It is reported that MoinMoin contains a privilege escalation 
vulnerability whereby regular users can gain administrative privileges.

MoinMoin allows remote web clients to create their own user accounts 
without administrative intervention or approval. It is reported that if a 
user creates an account with the same name as an administrative group, 
the user will inherit the privileges of that same administrative group.

An attacker would use this vulnerability to gain complete access to the 
MoinMoin Wiki, and could gain access to sensitive information, or 
destroy information.

Versions before 1.2.2 are reported vulnerable.

12. Asterisk PBX Multiple Logging Format String Vulnerabilities
BugTraq ID: 10569
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10569
Summary:
It is reported that Asterisk is susceptible to format string 
vulnerabilities in its logging functions.

An attacker may use these vulnerabilities to corrupt memory, and read 
or write arbitrary memory. Remote code execution is likely possible.

Due to the nature of these vulnerabilities, there may exist many 
different avenues of attack. Anything that can potentially call the logging 
functions with user-supplied data is vulnerable.

Versions 0.7.0 through to 0.7.2 are reported vulnerable.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. OpenVPN? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/366447

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, 
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary: 

SecretAgent is a file encryption and digital signature utility, 
supporting cross-platform interoperability over a wide range of platforms: 
Windows, Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature technology, SecretAgent ensures the confidentiality, integrity, and 
authenticity of your data.

2. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

3. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

4. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

5. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

6. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary: 

Running from cron at a specified interval SnortNotify will search a 
snort database for new alerts. If new alerts match a pre configured 
priority level, an email will be sent to the contact. The email will include 
Sensor name, the signaturename, and the timestamp.

2. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko@devil-linux.org>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary: 

Devil-Linux is a special Linux distribution which is used for 
firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and 
secure Linux system. Configuration is saved on a floppy disk, and it 
has several optional packages.

3. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary: 

GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail 
User Agent) and the MTA (Mail Transport Agent), and can perform various 
sorts of processing and conversion on-the-fly in accordance with the 
sender's specified rules, based on a highly configurable regular 
expressions system. It operates as a proxy server, and can edit outgoing mail 
headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels 
using the TLS/SSL encryption even if your mail user agent doesn't 
support it, or tunnel a connection through a SOCKS proxy server.

4. DNSSEC Walker v3.4
By: Simon Josefsson
Relevant URL: http://josefsson.org/walker/
Platforms: Linux, UNIX
Summary: 

DNSSEC Walker is a tool to recover DNS zonefiles using the DNS 
protocol. The server does not have to support zonetransfer, but the zone must 
contain DNSSEC "NXT" records.

5. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, 
Windows XP
Summary: 

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It 
supports active and passive dissection of many protocols (even ciphered 
ones, like SSH and HTTPS). Data injection in an established connection 
and filtering on the fly is also possible, keeping the connection 
synchronized. Many sniffing modes were implemented to give you a powerful 
and complete sniffing suite. Plugins are supported. It has the ability to 
check whether you are in a switched LAN or not, and to use OS 
fingerprints (active or passive) to let you know the geometry of the LAN.

6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary: 

The Linux Intrusion Detection System is a patch which enhances the 
kernel's security. When it is in effect, chosen files access, all 
system/network administration operations, any capability use, raw device, mem, 
and I/O access can be made impossible even for root. You can define 
which program can access which file. It uses and extends the system 
capabilities bounding set to control the whole system and adds some network 
and filesystem security features to the kernel to enhance the security. 
You can finely tune the security protections online, hide sensitive 
processes, receive security alerts through the network, and more.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to visit a myriad of mailing lists and websites to read the news? Just 
add the new SecurityFocus RSS feeds to your freeware RSS reader, and 
see 
all the latest posts for Bugtraq and the SF Vulnernability database in 
one convenient place. Or, pull in the latest news, columnists and 
feature 
articles in the SecurityFocus aggregated news feed, and stay on top of 
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------