Date: 24 Aug 2004 22:29:51 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #198
SecurityFocus Linux Newsletter #198
------------------------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add 
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all 
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Valuing Secure Access to Personal Information
     2. Infected In Twenty Minutes
     3. Using Libwhisker
II. LINUX VULNERABILITY SUMMARY
     1. GV Postscript and PDF Viewer Multiple Remote Buffer Overflow...
     2. Gentoo Linux Tomcat EBuild Insecure Install Permissions Vuln...
     3. KDE Mcoputils Insecure Temporary File Creation Vulnerability
     4. PScript PForum User Profile HTML Injection Vulnerability
     5. SpamAssassin Malformed Email Remote Denial Of Service Vulner...
     6. RXVT-Unicode Open File Descriptor Leakage Vulnerability
     7. RaXnet Cacti Auth_Login.PHP SQL Injection Vulnerability
     8. GNU GLibC LD_DEBUG Local Information Disclosure Vulnerabilit...
     9. GYach Enhanced Multiple Undisclosed Vulnerabilities
     10. Courier-IMAP Remote Format String Vulnerability
     11. Multiple Qt Image Handling Heap Overflow Vulnerabilities
     12. MySQL Mysql_real_connect Function Potential Remote Buffer 
Ov...
III. LINUX FOCUS LIST SUMMARY
     1. Attempts to push spam through apache (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Cyber-Ark  Inter-Business Vault
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Pads 1.1
     2. cenfw 0.3b
     3. Firewall Builder 2.0
     4. Lepton's Crack 20031130
     5. popa3d v0.6.4.1
     6. tinysofa enterprise server 2.0-rc1
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Valuing Secure Access to Personal Information
By Ben Malisow

This article seeks to answer the question: is your personal data safe? 
Or
do you give it away during almost every transaction you make with
government or commercial entities? 

http://www.securityfocus.com/infocus/1797


2. Infected In Twenty Minutes
By Scott Granneman

What normally happens within twenty minutes? That's how long your 
average
unprotected PC running Windows XP, fresh out of the box, will last once
it's connected to the Internet.

http://www.securityfocus.com/columnists/262


3. Using Libwhisker
By Neil Desai

This article discusses the use of Libwhisker, a PERL module which 
allows
for the creation of custom HTTP packets and can be used for penetration
testing various web applications. 

http://www.securityfocus.com/infocus/1798

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. GV Postscript and PDF Viewer Multiple Remote Buffer Overflow...
BugTraq ID: 10944
Remote: Yes
Date Published: Aug 14 2004
Relevant URL: http://www.securityfocus.com/bid/10944
Summary:
gv is reported prone to multiple remote buffer overflow 
vulnerabilities.  These issues exist due to insufficient checking performed by the 
application on file headers for PostScript and PDF documents.

These vulnerabilities exist in the 'psscan' function of the 'ps.c' 
file.  The vulnerabilities include multiple stack and heap based buffer 
overflows.  A number of the stack overflows have been specified, however, 
there are also a number of unspecified heap overflows.

Successful exploitation of these issues may result in an attacker 
executing arbitrary code on a vulnerable computer to gain unauthorized 
access.  This would occur in the context of the vulnerable application.

It should be noted that applications such as Web browsers may use the 
software as an automatic handler for PostScript and PDF files.

2. Gentoo Linux Tomcat EBuild Insecure Install Permissions Vuln...
BugTraq ID: 10951
Remote: No
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10951
Summary:
The Gentoo Linux Tomcat eBuild is reported prone to an insecure default 
install permission vulnerability. It is reported that certain Tomcat 
scripts are installed with permissions that allow members of the tomcat 
group to write to the file.

A local attacker that is a member of the Tomcat group may exploit this 
condition to escalate privileges.

3. KDE Mcoputils Insecure Temporary File Creation Vulnerability
BugTraq ID: 10952
Remote: No
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10952
Summary:
KDEs mcoputils is reported to contain an insecure temporary file 
creation vulnerability.  The result of this is that temporary files created 
by the application may use predictable filenames.

A local attacker may also possibly exploit this vulnerability to 
execute symbolic link file overwrite attacks. This may allow an attacker to 
overwrite arbitrary files with the privileges of the targeted user. 
Privilege escalation may also be possible using this method of attack.

4. PScript PForum User Profile HTML Injection Vulnerability
BugTraq ID: 10954
Remote: Yes
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10954
Summary:
PScript PForum is reported prone to a HTML injection vulnerability. The 
vulnerability presents itself due to a lack of sufficient sanitization 
performed on data submitted through input fields of the PForum user 
profile form.

This could be exploited to steal cookie-based authentication 
credentials.  It is also possible to use this type of vulnerability as an attack 
vector to exploit latent browser security flaws.

5. SpamAssassin Malformed Email Remote Denial Of Service Vulner...
BugTraq ID: 10957
Remote: Yes
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10957
Summary:
SpamAssassin is reported prone to a remote denial of service 
vulnerability. Full details regarding this vulnerability are not known.

A remote attacker may potentially exploit this vulnerability to deny 
service to a target SpamAssassin service.

SpamAssassin versions prior to 2.64 are reported vulnerable to this 
issue.

This BID will be updated as further details regarding this 
vulnerability are announced.

6. RXVT-Unicode Open File Descriptor Leakage Vulnerability
BugTraq ID: 10959
Remote: No
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10959
Summary:
It is reported that RXVT-Unicode fails to properly close file 
descriptors when spawning new child terminal windows.

The child process could then potentially gain access to possibly 
sensitive information from the contents of the open file descriptors. 
Depending on the mode of the original file, and the privileges of the user 
that opened it, processes in the child window may exploit this 
vulnerability to take control of the parent process. Other attacks may also be 
possible.

An attacker requires local access to the RXVT-Unicode process window to 
exploit this vulnerability.

Versions prior to 3.6 are reported vulnerable to this issue.

7. RaXnet Cacti Auth_Login.PHP SQL Injection Vulnerability
BugTraq ID: 10960
Remote: Yes
Date Published: Aug 16 2004
Relevant URL: http://www.securityfocus.com/bid/10960
Summary:
RaXnet Cacti is reportedly affected by a remote SQL injection 
vulnerability.  This issue occurs in the auth_login.php script due to a failure 
of the application to properly sanitize user-supplied "username" URI 
parameter input before using it in an SQL query.

It is demonstrated that an attacker may exploit this vulnerability in 
order to bypass the authentication interface used by Cacti.

8. GNU GLibC LD_DEBUG Local Information Disclosure Vulnerabilit...
BugTraq ID: 10963
Remote: No
Date Published: Aug 17 2004
Relevant URL: http://www.securityfocus.com/bid/10963
Summary:
A local vulnerability is reported to exist in glibc, it is reported 
that LD_DEBUG is allowed on setuid binaries even though this should not be 
allowed. A local attacker may debug a setuid binary and may disclose 
sensitive information.

Information harvested in this manner may be employed to aid in further 
attacks that are launched against a vulnerable host.

9. GYach Enhanced Multiple Undisclosed Vulnerabilities
BugTraq ID: 10975
Remote: Yes
Date Published: Aug 18 2004
Relevant URL: http://www.securityfocus.com/bid/10975
Summary:
GYach is reported prone to multiple undisclosed vulnerabilities. One of 
the flaws reported is a denial of service vulnerability. Few details 
are known in regard to the other reported issues.

A remote attacker may exploit these vulnerabilities to deny service to 
the vulnerable client, other types of security compromise may also be 
possible.

Details regarding these vulnerabilities are not available. This BID 
will be updated as further information regarding these vulnerabilities is 
announced.

10. Courier-IMAP Remote Format String Vulnerability
BugTraq ID: 10976
Remote: Yes
Date Published: Aug 18 2004
Relevant URL: http://www.securityfocus.com/bid/10976
Summary:
Courier-IMAP is reported to be susceptible to a remote format string 
vulnerability. This issue is due to a failure of the application to 
properly sanitize user-supplied input before using it as the format 
specifier in a formatted printing function.

Successful exploitation of this issue will allow an attacker to execute 
arbitrary code on the affected computer with the privileges of the user 
that the IMAP daemon runs as. This vulnerability is exploitable prior 
to authentication.

Courier-IMAP versions 1.6.0 through to 2.2.1 are reported vulnerable. 
Other versions may also be vulnerable.

11. Multiple Qt Image Handling Heap Overflow Vulnerabilities
BugTraq ID: 10977
Remote: Yes
Date Published: Aug 19 2004
Relevant URL: http://www.securityfocus.com/bid/10977
Summary:
Multiple heap overflows have been reported to exist in the Qt QImage 
library.  These issues may be triggered when handling malformed images of 
various types, potentially causing a denial of service in applications 
that use the library to render images.  Remote code execution is also 
possible.

12. MySQL Mysql_real_connect Function Potential Remote Buffer Ov...
BugTraq ID: 10981
Remote: Yes
Date Published: Aug 20 2004
Relevant URL: http://www.securityfocus.com/bid/10981
Summary:
MySQL is prone to a potential remote buffer overflow vulnerability.  
This issue occurs due to insufficient boundary checks performed by the 
'mysql_real_connect' function.

The 'mysql_real_connect' function does not verify the length of the IP 
address returned through a DNS response from a server.  Immediate 
consequences of an attack may result in a denial of service condition.  It 
is conjectured that this issue could allow for arbitrary code execution, 
however, this has not been confirmed.

It is also reported that the glibc library verifies the length of an IP 
address, however, other libraries may obtain the length from a DNS 
response packet.  Computers using glibc on Linux and BSD platforms may not 
be vulnerable to this issue.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Attempts to push spam through apache (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/372724

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Pads 1.1
By: Matt Shelton
Relevant URL: 
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary: 

Pads (Passive Asset Detection System) is a signature-based detection 
engine used to passively detect network assets. It is designed to 
complement IDS technology by providing context to IDS alerts.

2. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary: 

The Centron IPTables Firewall Gui is an object oriented, database 
driven, windows interface to linux IPtables firewall rules.

3. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary: 

Firewall Builder consists of a GUI and set of policy compilers for 
various firewall platforms. It helps users maintain a database of objects 
and allows policy editing using simple drag-and-drop operations. The GUI 
and policy compilers are completely independent, and support for a new 
firewall platform can be added to the GUI without any changes to the 
program (only a new policy compiler is needed). This provides for a 
consistent abstract model and the same GUI for different firewall platforms. 
It currently supports iptables, ipfilter, and OpenBSD pf.

4. Lepton's Crack 20031130
By: Lepton and Nekromancer
Relevant URL: http://www.nestonline.com/lcrack/lcrack-20031130-beta.zip
Platforms: Linux, MacOS, Os Independent, UNIX, Windows 2000, Windows 
NT, Windows XP
Summary: 

Lepton's Crack is a generic password cracker. It is easily-customizable 
with a simple plugin system and allows system administrators to review 
the quality of the passwords being used on their systems. It can 
perform a dictionary-based (wordlist) attack as well as a brute force 
(incremental) password scan. It supports standard MD4 hash, standard MD5 hash, 
NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash 
formats. LM (LAN Manager) plus appending and prepending

5. popa3d v0.6.4.1
By: Solar Designer, solar@openwall.com
Relevant URL: http://www.openwall.com/popa3d/
Platforms: Linux, Solaris
Summary: 

popa3d is a POP3 daemon which attempts to be extremely secure, 
reliable, RFC compliant, and fast (in that order).

6. tinysofa enterprise server 2.0-rc1
By: Omar Kilani
Relevant URL: http://www.tinysofa.org
Platforms: Linux, POSIX
Summary: 

tinysofa enterprise server is a secure server targeted enterprise grade 
operating system. It is based on Trustix Secure Linux and includes a 
complete distribution port to Python 2.3 and RPM 4.2, an overhauled PAM 
authentication system providing system-wide authentication 
configuration, the latest upstream packages, the replacement of ncftp with lftp, the 
addition of gdb and screen, feature additions to the swup updater that 
provide multiple configuration file support, user login FTP support, 
enable/disable support, variable expansion support (allows multiple 
architectures), and many enhancements.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add 
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all 
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------