| Date: | 30 Nov 2004 18:25:19 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #212 |
SecurityFocus Linux Newsletter #212
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Profitware
II. LINUX VULNERABILITY SUMMARY
1. PHPBB Login Form Multiple Input Validation Vulnerabilities
2. W-Channel TC-IDE Embedded Linux Local Privilege Escalation V...
3. Sun Java Runtime Environment Java Plug-in JavaScript Securit...
4. Cyrus IMAPD Multiple Remote Vulnerabilities
5. F-Secure Anti-Virus ZIP Archive Scanner Bypass Vulnerability
6. ProZilla Multiple Remote Buffer Overflow Vulnerabilities
7. Soldier Of Fortune 2 Buffer Overflow Vulnerability
8. Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
9. SugarCRM Unspecified Vulnerabilities
10. Open DC Hub Remote Buffer Overflow Vulnerability
11. Yard Radius Remote Buffer Overflow Vulnerability
12. Linux Kernel Unspecified Local Denial Of Service And Memory
...
13. Sun Java Applet Invocation Version Specification Weakness
14. Opera Web Browser Infinite Array Sort Denial Of Service
Vuln...
15. YaBB Shadow BBCode Tag JavaScript Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
NO NEW POSTS FOR THE WEEK 2004-11-23 to 2004-11-30.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. AutoScan b0.92 R6
2. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
3. rootsh 0.2
4. Maillog View v1.03.3
5. BullDog Firewall 20040918
6. PIKT - Problem Informant/Killer Tool v1.17.0
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Profitware
By Kelly Martin
Some of the largest anti-virus companies have virtually ignored the
spyware
problem because there is no profit incentive for them to do otherwise.
Meanwhile, spyware companies make millions.
http://www.securityfocus.com/columnists/278
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. PHPBB Login Form Multiple Input Validation Vulnerabilities
BugTraq ID: 11716
Remote: Yes
Date Published: Nov 20 2004
Relevant URL: http://www.securityfocus.com/bid/11716
Summary:
Multiple input validation vulnerabilities affect the login form of
phpBB. These issues are due to a failure of the application to perform
proper sanitization prior to including user-supplied input in dynamically
generated content and SQL queries.
An attacker may leverage these issues to execute arbitrary client side
script code in the browser of an unsuspecting user and inject arbitrary
SQL syntax into SQL queries. This may potentially lead to theft of
cookie-based authentication credentials, theft of sensitive information or
corruption of data as well as other attacks.
It should be noted that it is possible that one or more of these issues
has been reported in a previous BID. This BID will be updated as more
information becomes available.
2. W-Channel TC-IDE Embedded Linux Local Privilege Escalation V...
BugTraq ID: 11718
Remote: No
Date Published: Nov 20 2004
Relevant URL: http://www.securityfocus.com/bid/11718
Summary:
Multiple local privilege escalation vulnerabilities reportedly exist in
W-Channel TC-IDE. These issues are due to input handling errors that
allow a local attacker to start applications with escalated privileges.
A local attacker may leverage these issues to gain superuser access to
the affected computer, facilitating privilege escalation.
3. Sun Java Runtime Environment Java Plug-in JavaScript Securit...
BugTraq ID: 11726
Remote: Yes
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11726
Summary:
A vulnerability is reported to exist in the access controls of the Java
to JavaScript data exchange within web browsers that employ the Sun
Java Plug-in. Reports indicate that it is possible for a malicious website
that contains JavaScript code to exploit this vulnerability to load a
dangerous Java class and to pass this class to an invoked applet.
** UPDATE: It is reported that the various methods of invoking Java
applets can be abused to specify which version of a plug-in will be used
to run an applet. If a vulnerable version is still installed on the
computer, it may be possible for to specify that this version runs the
applet instead of an updated version that is not prone to the
vulnerability. Users affected by this vulnerability should remove earlier versions
of the plug-in. This functionality could also be abused to prompt users
to install vulnerable versions of the plug-in, so users should be wary
of doing so. This general security weakness has been assigned an
individual BID (11757). It is not known to what degree the Sun Java Runtime
Environment Java Plug-in JavaScript Security Restriction Bypass
Vulnerability is affected by this security weakness, though a number of other
known vulnerabilities could be affected.
4. Cyrus IMAPD Multiple Remote Vulnerabilities
BugTraq ID: 11729
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11729
Summary:
Several remote buffer overflow and heap corruption vulnerabilities in
versions of Cyrus IMAPD up to 2.2.8 have been identified.
These vulnerabilities reportedly allow remote, attacker-supplied
machine code to be executed in the context of the affected server process.
Cyrus-IMAPD is usually running as a non-privileged user.
5. F-Secure Anti-Virus ZIP Archive Scanner Bypass Vulnerability
BugTraq ID: 11732
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11732
Summary:
A vulnerability is reported to be present in the F-secure Anti-Virus
software that may cause the software to fail in detecting malicious ZIP
archives. It is reported that the software does not filter certain ZIP
archives.
Exploitation of this vulnerability may result in a false sense of
security and in the execution of malicious applications.
6. ProZilla Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 11734
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11734
Summary:
It is reported that multiple buffer overflow vulnerabilities exist in
ProZilla. These issues are due to a failure of the application to
properly bounds check user-supplied input prior to copying it into fixed
sized memory buffers.
These vulnerabilities allow remote attackers to execute arbitrary code
in the context of a user running the affected application. A victim
user is required to attempt to download files from an attacker-controlled
server for an exploit to succeed.
7. Soldier Of Fortune 2 Buffer Overflow Vulnerability
BugTraq ID: 11735
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11735
Summary:
It is reported that Soldier of Fortune 2 is susceptible to a buffer
overflow vulnerability. This issue is due to a failure of the application
to perform sufficient bounds checking on user-supplied input prior to
copying it to a fixed-sized memory buffer.
A remote attacker may exploit this vulnerability to deny service to
legitimate users. Due to the nature of this vulnerability, it is
conjectured that remote code execution may be possible, but this is not
confirmed.
8. Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
BugTraq ID: 11738
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11738
Summary:
Cyrus IMAPD is reported prone to multiple remote unspecified buffer
overflow vulnerabilities. The following issues are reported:
It is reported that the first issue exists in the 'IMAPMAGICPLUS'
functionality provided by Cyrus IMAPD. This vulnerability exists prior to
authentication, and is therefore reportedly exploitable by anonymous
remote attackers.
Additionally a buffer overflow vulnerability is reported to exist in
the 'mysasl_canon_user' Cyrus IMAPD function.
These vulnerabilities reportedly may allow remote, attacker-supplied
machine code to be executed in the context of the affected server
process.
9. SugarCRM Unspecified Vulnerabilities
BugTraq ID: 11740
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11740
Summary:
SugarCRM version 2.0.1a has been released to address multiple security
vulnerabilities. The vendor has not publicized specific details about
the vulnerabilities that were addressed in this release.
10. Open DC Hub Remote Buffer Overflow Vulnerability
BugTraq ID: 11747
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11747
Summary:
A remote buffer overflow vulnerability reportedly affects the Open DC
Hub. This issue is due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them into
finite process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
11. Yard Radius Remote Buffer Overflow Vulnerability
BugTraq ID: 11753
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11753
Summary:
Yard Radius is prone to a remotely exploitable stack-based buffer
overflow. This issue could reportedly be exploited prior to authentication.
Successful exploitation may result in execution of arbitrary code in
the context of the server, which may be running as the superuser.
12. Linux Kernel Unspecified Local Denial Of Service And Memory ...
BugTraq ID: 11754
Remote: No
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11754
Summary:
The Linux kernel is reported prone to multiple local vulnerabilities.
The following issues are reported:
Reports indicate that a handcrafted 'a.out' file may be used to trigger
a local denial of service condition.
A local attacker may exploit this vulnerability to trigger a
system-wide denial of service, potentially resulting in a kernel panic.
A memory disclosure vulnerability is also reported to affect the Linux
kernel.
A local attacker may exploit this vulnerability to disclose random
pages of physical memory.
This BID will be updated, as further details regarding these
vulnerabilities are made available.
13. Sun Java Applet Invocation Version Specification Weakness
BugTraq ID: 11757
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11757
Summary:
Java provides support for dynamic and static versioning when loading
applets in the Java plug-in. What this means is that it is possible
during the invocation of an applet to request that a particular version of
a plug-in is used to run the applet. The feature is accessible through
various HTML tags that allow Java applets to be embedded in HTML
documents, such as the EMBED, OBJECT, and APPLET tags.
This feature presents a security weakness in that it may be abused to
cause a previous version of a plug-in, that is known to be prone to
security vulnerabilities, to be loaded in lieu of a more recent version
that has been patched for said security vulnerabilities. For this design
flaw to pose a security threat, a vulnerable plug-in must either
already be installed on the host computer or the user must manually install a
version that is prone to security vulnerabilities. In this instance
that a targeted version is not installed, the user may be prompted to
install the targeted plug-in version.
This weakness could result in a false sense of security since it is
believed that installing an updated version will eliminate vulnerabilities
in previous versions.
It should be noted that this feature is supported in various Web
browsers, and therefore the browsers themselves may be prone to the issue.
Some browsers may not allow a Java plug-in that is no longer registered
with the browser to run.
This design flaw was originally discussed in an update to BID 11726.
14. Opera Web Browser Infinite Array Sort Denial Of Service Vuln...
BugTraq ID: 11762
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11762
Summary:
The Opera Web browser is prone to a vulnerability that may result in a
browser crash. This issue is exposed when the browser performs an
infinite JavaScript array sort operation. It is conjectured that this will
only result in a denial of service and is not further exploitable to
execute arbitrary code, though this has not been confirmed.
15. YaBB Shadow BBCode Tag JavaScript Injection Vulnerability
BugTraq ID: 11764
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11764
Summary:
YaBB is reported prone to a JavaScript injection vulnerability. It is
reported that the BBCode 'shadow' tag is not sufficiently sanitized of
malicious script content.
An attacker that has an account on the affected bulletin board may
exploit this vulnerability to inject arbitrary JavaScript code into forum
posts through the 'shadow' tag.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-11-23 to 2004-11-30.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. AutoScan b0.92 R6
By: Lagarde Thierry
Relevant URL: http://autoscan.free.fr/
Platforms: Linux
Summary:
AutoScan is an application designed to explore and to manage your
network. Entire subnets can be scanned simultaneously without human
intervention. It features OS detection, automatic network discovery, a port
scanner, a Samba share browser, and the ability to save the network state.
2. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
3. rootsh 0.2
By: Gerhard Lausser
Relevant URL: http://sourceforge.net/projects/rootsh/
Platforms: AIX, HP-UX, Linux, POSIX, SINIX, Solaris, UNIX
Summary:
Rootsh is a wrapper for shells which logs all echoed keystrokes and
terminal output to a file and/or to syslog. It's main purpose is the
auditing of users who need a shell with root privileges. They start rootsh
through the sudo mechanism. I's in heavy use here at a big bavarian car
manufacturer (three letters, fast, cool,...) for project users whom you
can't deny root privileges.
4. Maillog View v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary:
Maillog View is a Webmin module that allows you to easily view all your
/var/log/maillog.* files. It features autorefresh, message size
indication, ascending/descending view order, compressed file support, and a
full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are
supported. Courier MTA support is experimental.
5. BullDog Firewall 20040918
By: Robert APM Darin
Relevant URL: http://tanaya.net/BullDog
Platforms: Linux
Summary:
Bulldog is a powerful but lightweight firewall for heavy use systems.
With many features, this firewall can be used by anyone who wants to
protect his/her systems.
This system allow dynamic and static rules sets for maximum protection
and has several advance features.
This firewall will work for the hobbyist or a military base. Generation
7 is a complete rewrite and redesign from scratch.
Be prepared to spend some time setting this up.
6. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and
configure computer systems, organize system security, format documents,
assist command-line work, and perform other common systems administration
tasks.
PIKT's primary purpose is to report and fix problems, but its
flexibility and extendibility evoke many other uses limited only by your
imagination.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------