Date: 17 May 2004 16:41:48 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #184
SecurityFocus Linux Newsletter #184
------------------------------------

This Issue is Sponsored By: TruSecure

FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps 
organizations better protect critical information assets with unmatched 
intelligence and analysis from TruSecure's ICSA Labs and other 
resources. 
Try it today! Sign up for your FREE 14-day trial below!

http://www.securityfocus.com/sponsor/TruSecure_linux-secnews_040517

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Secure by Default
     2. TCP/IP Skills Required for Security Analysts
II. LINUX VULNERABILITY SUMMARY
     1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
     2. Linux Kernel Local IO Access Inheritance Vulnerability
     3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
     4. National Science Foundation Squid Proxy Internet Access Cont...
     5. EMule Web Control Panel Denial Of Service Vulnerability
     6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
     7. Linux Kernel Serial Driver Proc File Information Disclosure ...
     8. Linux Kernel STRNCPY Information Leak Vulnerability
     9. Opera Web Browser Address Bar Spoofing Weakness
     10. Triornis ZoneMinder Multiple Remote Buffer Overflow 
Vulnerab...
     11. Opera Web Browser Telnet URI handler Arbitrary File 
Creation...
III. LINUX FOCUS LIST SUMMARY
     1. Secure Form Script? (Thread)
     2. decent loadbalancing with 2 different ISP's with min... 
(Thread)
     3. decent loadbalancing with 2 different ISP's with min... 
(Thread)
     4. Did RedHat's OpenSSL patch miss Apache? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Astaro Security Linux (Stable 5.x) v5.007
     2. TinyCA v0.6.0
     3. OS-SIM v0.9.4
     4. Automatic Firewall v0.3
     5. MIMEDefang v2.43
     6. WallFire wfconvert v0.3.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Secure by Default
By Jason Miller  

Why "Secure By Default" is a step in the right direction.

http://www.securityfocus.com/columnists/241


2. TCP/IP Skills Required for Security Analysts
By Don Parker

This article guides users new to the security field through some of the 
key skills required to work as a security analyst. The focus is on core 
TCP/IP competency and related technologies such as intrusion detection 
systems, firewalls and routers.

http://www.securityfocus.com/infocus/1779

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
BugTraq ID: 10301
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10301
Summary:
It has been reported that Sun's Java Runtime Environment, as well as 
the Java Software Development Kit are affected by an unspecified, remote 
denial of service vulnerability.

This issue would allow an attacker to cause the affected JRE to become 
unresponsive, denying service to legitimate users.

2. Linux Kernel Local IO Access Inheritance Vulnerability
BugTraq ID: 10302
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10302
Summary:
It has been reported that the Linux Kernel is affected by an IO access 
inheritance vulnerability.  This issue is due to an access validation 
error that fails to invalidate all io_bitmap pointers before a process 
exits.

This issue could allow local users to lock up the affected system, 
denying service to legitimate users.  This issue might also allow an 
attacker to gain escalated privileges.

3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote 
buffer overflow vulnerability when processing an excessively long base64 
authentication request.  A remote attacker could execute arbitrary code in 
the context of the server leading to unauthorized access.

This issue is reported to exist in Icecast 2.0.0, however, it is 
possible that previous versions are affected as well.

4. National Science Foundation Squid Proxy Internet Access Cont...
BugTraq ID: 10315
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10315
Summary:
Squid proxy has been reported to be affected by an Internet access 
control bypass vulnerability.  This issue is caused by a failure of the 
application to properly handle access controls when evaluating malformed 
URI requests.

This issue is reported to affect version 2.3.STABLE5 of the software, 
it is likely however that other versions are also affected.

This issue would allow users that are restricted from accessing 
Internet-based resources to access arbitrary web sites.

5. EMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to a 
remote denial of service vulnerability.

This issue is reportedly triggered by sending malformed requests to the 
web interface. Upon processing malformed requests, the affected 
application will crash, denying service to legitimate users.

6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
BugTraq ID: 10326
Remote: No
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10326
Summary:
An integer overflow vulnerability has been reported in the 
sctp_setsockopt() system call of the Linux kernel. This issue is related to the 
code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option.

The issue presents itself in the sctp_setsockopt() function of the 
net/sctp/socket.c source file, due to a lack of sufficient validation 
performed on user supplied integer values. 

This vulnerbaility may result in the allocation of a zero byte chunk in 
kernel memory space. Likely resulting in a kernel panic. The issue may 
also potentially be exploited however to compromise the system.

This vulnerability is reported to affect Linux kernel versions up to 
and including version 2.4.25.

7. Linux Kernel Serial Driver Proc File Information Disclosure ...
BugTraq ID: 10330
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10330
Summary:
It has been reported that the Linux kernel is prone to a serial driver 
proc file information disclosure vulnerability. This issue is due to a 
design error that allows unprivileged access to potentially sensitive 
information.

This issue might allow an attacker to gain access to sensitive 
information such as user password lengths.

8. Linux Kernel STRNCPY Information Leak Vulnerability
BugTraq ID: 10331
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10331
Summary:
This issue is reported to affect the vulnerable kernel only on 
platforms other than x86.

It has been reported that the Linux kernel is prone to a 'strncpy()' 
information leak vulnerability.  This issue is due to a failure of the 
libc code to properly implement the offending function on platforms other 
than x86.

This issue might lead to information leakage, potentially facilitating 
further attacks against an affected system or process.

9. Opera Web Browser Address Bar Spoofing Weakness
BugTraq ID: 10337
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10337
Summary:
Opera Web Browser is prone to a security weakness that may permit 
malicious web pages to spoof address bar information.  

This is reportedly possible through malicious use of the JavaScript 
"unOnload" event handler when the browser is redirected to another page.  

This issue could be exploited to spoof the domain of a malicious web 
page, potentially causing the victim user to trust the spoofed domain.

The vulnerability reportedly affects Opera 7.23 releases on Windows and 
Linux platforms.  Earlier versions may also be affected.

10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab...
BugTraq ID: 10340
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10340
Summary:
Reportedly ZoneMinder is affected by multiple remote buffer overflow 
vulnerabilities, potentially leading to unauthorized access.  These 
issues are due to a failure of the application to properly validate buffer 
boundaries when processing user input.

These issues could allow a remote attacker to execute arbitrary code in 
the context of the affected software, which could lead to unauthorized 
access.

11. Opera Web Browser Telnet URI handler Arbitrary File Creation...
BugTraq ID: 10341
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10341
Summary:
It has been reported that Opera web browser is prone to a vulnerability 
that may allow a remote attacker to create and modify arbitrary files 
on a system.  The vulnerability presents itself because the telnet URI 
handler in Opera fails to sanitize user-supplied input.  Specifically, 
if a '-' character is present at the beginning of a host name, options 
may be passed to the telnet program to carry out an attack remotely.

Opera version 7.23 is reported to be affected by this issue.  Earlier 
versions may also be affected.

**It has been reported that various web browsers are affected by this 
issue.  The affected products include Apple Safari, Microsoft Internet 
Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly 
others.  These applications are currently undergoing further review and 
individual BIDs will be created when more information becomes available.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Secure Form Script? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/363468

2. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/362894

3. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/362893

4. Did RedHat's OpenSSL patch miss Apache? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/362892

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary: 

Immunity CANVAS is 100% pure Python, and every license includes full 
access to the entire CANVAS codebase. Python is one of the easiest 
languages to learn, so even novice programmers can be productive on the 
CANVAS API, should they so chose. 

Immunity CANVAS is both a valuable demonstration tool for enterprise 
information security teams or system adminstrators, and an advanced 
development platform for exploit developers, or people learning to become 
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, 
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary: 

SecretAgent is a file encryption and digital signature utility, 
supporting cross-platform interoperability over a wide range of platforms: 
Windows, Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature technology, SecretAgent ensures the confidentiality, integrity, and 
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary: 

Astaro Security Linux is a firewall solution. It does stateful packet 
inspection filtering, content filtering, user authentication, virus 
scanning, VPN with IPSec and PPTP, and much more. With its Web-based 
management tool, WebAdmin, and the ability to pull updates via the Internet, 
it is pretty easy to manage. It is based on a special hardened Linux 
2.4 distribution where most daemons are running in change-roots and are 
protected by kernel capabilities.

2. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary: 

TinyCA is a simple GUI written in Perl/Tk to manage a small 
certification authority. It is based on OpenSSL and Perl modules from the OpenCA 
project. TinyCA lets you manage x509 certificates. It is possible to 
export data in PEM or DER format for use with servers, as PKCS#12 for use 
with clients, or as S/MIME certificates for use with email programs. It 
is also possible to import your own PKCS#10 requests and generate 
certificates from them.

3. OS-SIM v0.9.4
By: Dominique Karg 
Relevant URL: http://www.ossim.net/
Platforms: Linux, MacOS, POSIX
Summary: 

OSSIM pretends to unify network monitoring, security, correlation, and 
qualification in one single tool. It combines Snort, Acid, HotSaNIC, 
NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full 
control over every aspect of networking or security.

4. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary: 

Automatic Firewall configures your firewall by looking at your 
environment and deciding what is a good fit for your needs. It is intended for 
the novice broadband user to install and forget about, but still be 
fairly well protected.

5. MIMEDefang v2.43
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary: 

MIMEDefang is a flexible MIME e-mail scanner designed to protect 
Windows clients from viruses. It can alter or delete various parts of a MIME 
message according to a very flexible configuration file. It can also 
bounce messages with unnaceptable attachments. MIMEDefang works with 
Sendmail 8.11's new "Milter" API, which gives it much more flexibility than 
procmail-based approaches.

6. WallFire wfconvert v0.3.1
By: Hervé Eychenne
Relevant URL: http://www.wallfire.org/wfconvert/
Platforms: Linux, POSIX
Summary: 

The goal of the WallFire project is to create a very general and 
modular firewalling application based on Netfilter or any kind of low-level 
framework. Wfconvert is a tool which imports/translates rules from/to 
any supported firewalling language.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: TruSecure

FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps 
organizations better protect critical information assets with unmatched 
intelligence and analysis from TruSecure's ICSA Labs and other 
resources. 
Try it today! Sign up for your FREE 14-day trial below!

http://www.securityfocus.com/sponsor/TruSecure_linux-secnews_040517

------------------------------------------------------------------------