| Date: | 28 Sep 2004 21:53:13 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #203 |
SecurityFocus Linux Newsletter #203
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Theft
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
3. Defeating Honeypots : Network issues, Part 1
II. LINUX VULNERABILITY SUMMARY
1. Jörg Schilling SDD Remote Tape Support Client Undisclosed V...
2. Tutos Multiple Remote Input Validation Vulnerabilities
3. FreeRADIUS Access-Request Denial Of Service Vulnerability
4. Getmail Local Symbolic Link Vulnerability
5. Jabber Studio JabberD Remote Denial Of Service Vulnerability
6. YaBB 1 Gold Multiple Input Validation Vulnerabilities
7. Apache Satisfy Directive Access Control Bypass Vulnerability
8. Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
9. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
10. Macromedia JRun Multiple Remote Vulnerabilities
11. Zinf Malformed Playlist File Remote Buffer Overflow
Vulnerab...
III. LINUX FOCUS LIST SUMMARY
1. iptables & tcp wrappers (Thread)
2. Network "Change Management" (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. PIKT - Problem Informant/Killer Tool v1.17.0
2. ID-Synch 3.1
3. Nmap v3.70
4. THC-Hydra v4.3
5. Pads 1.1
6. cenfw 0.3b
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Online Theft
By Kelly Martin
Identity theft meets the global virus epidemic, enabling fraud that has
finally started to get people's attention.
http://www.securityfocus.com/columnists/268
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
By Yiming Gong
This paper discusses the use of NetFlow, a traffic profile monitoring
technology available on many routers, for use in the early detection of
worms, spammers, and other abnormal network activity in large
enterprise
networks and service providers. Part 2 of 2.
http://www.securityfocus.com/infocus/1802
3. Defeating Honeypots : Network issues, Part 1
By Laurent Oudot and Thorsten Holz
The purpose of this paper is to explain how attackers behave when they
attempt to identify and defeat honeypots, and is useful for security
professionals to deploy honeypots in a more stealthy manner.
http://www.securityfocus.com/infocus/1803
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Jörg Schilling SDD Remote Tape Support Client Undisclosed V...
BugTraq ID: 11217
Remote: Unknown
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11217
Summary:
Jörg Schilling sdd is reported prone to an undisclosed vulnerability.
The issue is reported to present itself in the RMT client.
This BID will be updated as soon as further analysis of this
vulnerability is completed.
2. Tutos Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 11221
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11221
Summary:
Tutos is reported prone to multiple remote input validation
vulnerabilities. These issues exist due to insufficient sanitization of
user-supplied data and may allow an attacker to carry out cross-site scripting
and SQL injection attacks.
These issue reportedly affect Tutos 1.1.2004-04-14.
3. FreeRADIUS Access-Request Denial Of Service Vulnerability
BugTraq ID: 11222
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11222
Summary:
Reportedly FreeRADIUS is affected by a remote denial of service
vulnerability. This issue is due to a failure of the application to handle
malformed packets.
An attacker may leverage this issue to cause the affected server to
crash, denying service to legitimate users.
4. Getmail Local Symbolic Link Vulnerability
BugTraq ID: 11224
Remote: No
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11224
Summary:
Reportedly getmail is affected by a local symbolic link vulnerability.
This issue is due to a failure of the application to validate files
prior to writing to them.
An attacker may leverage this issue to cause arbitrary files to be
written to with the privileges of a user that sends messages to an
attacker-controlled file. This may facilitate privilege escalation or
destruction of data.
5. Jabber Studio JabberD Remote Denial Of Service Vulnerability
BugTraq ID: 11231
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11231
Summary:
Jabber Studio jabberd is reportedly affected by a remote denial of
service vulnerability. This issue is due to a failure of the application
to properly handle malformed network messages.
An attacker may leverage this issue by causing the affected server to
crash, denying service to legitimate users.
6. YaBB 1 Gold Multiple Input Validation Vulnerabilities
BugTraq ID: 11235
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11235
Summary:
YaBB 1 Gold is affected by multiple input validation vulnerabilities.
These issues are due to a failure of the application to properly
sanitize user-supplied input.
An attacker may leverage a cross-site scripting issue to execute
arbitrary HTML and script code in the browser of an unsuspecting user in the
context of the vulnerable site. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.
An attacker may exploit a HTTP response splitting issue to manipulate
or misrepresent pages in the context of the vulnerable site, potentially
facilitating phishing attacks.
7. Apache Satisfy Directive Access Control Bypass Vulnerability
BugTraq ID: 11239
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11239
Summary:
Apache Web Server is reportedly affected by an access control bypass
vulnerability. This issue presents itself due to an unspecified error in
the merging of the 'Satisfy' directive. As a result, a remote attacker
may bypass access controls and gain unauthorized access to restricted
resources.
It is reported that this issue only affects Apache 2.0.51.
Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes available.
8. Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
BugTraq ID: 11240
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11240
Summary:
Red Hat redhat-config-nfs is affected by an exported shares
configuration vulnerability. These issues are due to a failure of the application
to apply proper settings to the affected network file system (NFS)
shares.
This issue would cause some NFS option, such as 'all_squash' to fail to
be applied, potentially giving administrators a false sense of
security.
9. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to
an information disclosure vulnerability.
This vulnerability is presents itself when paths that are marked as
unreadable are accessed by particular Subversion client commands. It is
reportedly possible to disclose the existence of files that are
inaccessible to users. Under certain circumstances it may also be possible to
disclose commit log messages, or even the contents of files that are
configured to be inaccessible to users.
This vulnerability is reported to exist in versions prior to 1.0.8 and
1.1.0-rc4.
10. Macromedia JRun Multiple Remote Vulnerabilities
BugTraq ID: 11245
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11245
Summary:
Multiple vulnerabilities have been reported in Macromedia JRun.
The first vulnerability is reported to exist in an insecure
implementation of a session variable, 'JSESSIONID'. This vulnerability allows
remote attackers to bypass authentication checks, and possibly allow them
to gain administrative access to the web application.
The second issue is a source code disclosure vulnerability. This
vulnerability allows attackers to retrieve the contents of potentially
sensitive script files. This may aid them in further attacks.
The third issue is a buffer overflow vulnerability allowing remote
attackers to reportedly crash affected servers.
Versions 3.0, 3.1, and 4.0 are reportedly affected by these
vulnerabilities.
11. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when
processing malformed playlist files. This issue exists due to
insufficient boundary checks performed by the application and may allow an
attacker to gain unauthorized access to a vulnerable computer.
Reportedly, this issue affects Zinf version 2.2.1 for Windows. Zinf
version 2.2.5 for Linux is reportedly fixed, however, this is not
confirmed at the moment.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. iptables & tcp wrappers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/376739
2. Network "Change Management" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/376456
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and
configure computer systems, organize system security, format documents,
assist command-line work, and perform other common systems administration
tasks.
PIKT's primary purpose is to report and fix problems, but its
flexibility and extendibility evoke many other uses limited only by your
imagination.
2. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux,
MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris,
SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost
of user administration, helps new and reassigned users get to work more
quickly, and ensures prompt and reliable access termination. This is
accomplished through automatic propagation of changes to user profiles
from systems of record to managed systems, with self service workflow for
security change requests, through consolidated and delegated user
administration, and with federation.
3. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD,
Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works
fine for single hosts. Sometimes you need speed, other times you may
need stealth. In some cases, bypassing firewalls may be required. Not to
mention the fact that you may want to scan different protocols (UDP,
TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN
(half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp
proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
4. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
5. Pads 1.1
By: Matt Shelton
Relevant URL:
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection
engine used to passively detect network assets. It is designed to
complement IDS technology by providing context to IDS alerts.
6. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml