SecurityFocus Linux Newsletter #166
------------------------------------
This issue sponsored by: SolSoft
FREE Webinar: Better Management for Network Security
Looking for a better way to manage your IP security? See a live demo to
learn how Solsoft can help you:
- Ensure robust IP security through visual, policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks (including Linux firewalls)
- Respond rapidly to network events from a central console
- Foster collaboration between network admins and security experts
Register for our FREE webinar at:
http://www.securityfocus.com/sponsor/Solsoft_linux-secnews_040112
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Digital Signatures And European Laws
II. LINUX VULNERABILITY SUMMARY
1. EasyDynamicPages config_page.php Remote PHP File Include Vul...
2. Cherokee HTTP Post Remote Content Length Denial Of Service V...
3. XSOK XSOKDir Option Local Buffer Overrun Vulnerability
4. Invision Power Board Calendar.PHP SQL Injection Vulnerabilit...
5. Linux Kernel do_mremap Function Boundary Condition Vulnerabi...
6. mpg321 MP3 File Remote Format String Vulnerability
7. nd Multiple Buffer Overrun Vulnerabilities
8. Lotus Domino Initialization Files Weak Default Permissions V...
9. Debian FSP Vulnerabilities
10. VBox3 For ISDN4Linux Local Privilege Escalation Vulnerabilit...
11. ISC INN Control Message Handling Buffer Overrun Vulnerabilit...
III. LINUX FOCUS LIST SUMMARY
1. LDAP problem (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Packit v0.6.0
2. suPHP v0.5
3. MUTE File Sharing v0.2
4. Andutteye v1.13-1
5. braa v0.8
6. Linux Security Auditing Tool v0.9.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Digital Signatures And European Laws
By Mirella Mazzeo
This article discusses the security requirements for electronic
communications and commerce with European governments and many European-
based businesses. It will also give an overview of the current trends for
public key infrastructure in Europe, useful for any organization that does
business with the EU.
http://www.securityfocus.com/infocus/1756
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. EasyDynamicPages config_page.php Remote PHP File Include Vul...
BugTraq ID: 9338
Remote: Yes
Date Published: Jan 02 2004
Relevant URL: http://www.securityfocus.com/bid/9338
Summary:
EasyDynamicPages is a content management system that is written in PHP.
It is available for Unix/Linux derivatives and Microsoft Windows operating
systems.
EasyDynamicPages is prone to a remote file include vulnerability. The
source of this vulnerability is that the 'config_page.php' script includes
an external file ('admin/site_settings.php') in such a way that the
attacker may influence the include path of the file. If the attacker
specifies an include path to a malicious PHP script on an
attacker-controlled server, this could result in execution of the
malicious script in the context of the web server hosting the vulnerable
software.
Exploitation will permit a remote attacker to gain interactive access to
the vulnerable system.
2. Cherokee HTTP Post Remote Content Length Denial Of Service V...
BugTraq ID: 9345
Remote: Yes
Date Published: Jan 01 2004
Relevant URL: http://www.securityfocus.com/bid/9345
Summary:
Cherokee is a freely available, open source web server software package.
It is available for the Unix and Linux platforms.
A problem has been identified in the handling of HTTP POST requests by
Cherokee. Because of this, it may be possible for a remote attacker to
deny service to legitimate users of a vulnerable server.
The problem is in the handling of HTTP Content-Length header fields. When
a POST request is made, Cherokee may react unpredictably when a
Content-Length header field is not supplied with the POST. This has been
reported to result in a denial of service issue. It is conjectured that
this issue may not be limited to just a denial of service, though
available information is insufficient it making a further determination.
This Bugtraq ID will be further updated if more information becomes
available.
3. XSOK XSOKDir Option Local Buffer Overrun Vulnerability
BugTraq ID: 9352
Remote: No
Date Published: Jan 04 2004
Relevant URL: http://www.securityfocus.com/bid/9352
Summary:
xsok is a freely available, open source single player game. It is
available for the Linux platform.
xsok is prone to a locally exploitable buffer overflow vulnerability.
The vulnerability exists in the xsokdir function. By supplying an argument
of excessive length to the xsokdir option, it is possible to corrupt
sensitive variables in memory. This could be exploited to execute
arbitrary code with elevated privileges. The program is usually installed
with Set-Group-ID games privileges.
4. Invision Power Board Calendar.PHP SQL Injection Vulnerabilit...
BugTraq ID: 9353
Remote: Yes
Date Published: Jan 04 2004
Relevant URL: http://www.securityfocus.com/bid/9353
Summary:
Invision Power Board is a bulletin board system that is implemented in
PHP. It is available for Windows and Unix/Linux derivatives.
Invision Power Board is prone to SQL injection attacks. This vulnerability
exists in the 'calendar.php' script, which takes user-supplied input from
URI parameters and then includes this input in database queries without
adequate sanitization. In this instance, it is possible to supply
malicious SQL syntax by manipulating the value supplied to the
$this->chosen_month variable of calendar.php. This issue will permit a
remote attacker to manipulate the logic and structure of database queries,
possibly resulting in bulletin board compromise, information disclosure or
other consequences.
5. Linux Kernel do_mremap Function Boundary Condition Vulnerabi...
BugTraq ID: 9356
Remote: No
Date Published: Jan 05 2004
Relevant URL: http://www.securityfocus.com/bid/9356
Summary:
A vulnerability involving the do_mremap system function has been reported
in the Linux kernel, allowing for local privilege escalation.
The mremap(2) system call is used to resize and relocate Virtual Memory
Areas (VMA). It calls the kernel do_mremap function internally. Due to a
bounds checking issue within the function, it is possible for local
attackers to disrupt the operation of the kernel. It is reported that
this flaw may be exploited to create a malicious VMA of zero bytes in
length. The malicious VMA may disrupt other memory management operations
in the kernel, potentially causing system instability. Attack vectors
also exist that may permit a local attacker to gain root privileges.
This type of vulnerability will permit a remote attacker who has already
gained limited privileges on a host to fully compromise the system.
Because the 2.2 kernel series does not support the affected MREMAP_FIXED
flag, it is not reported to be prone to this issue.
6. mpg321 MP3 File Remote Format String Vulnerability
BugTraq ID: 9364
Remote: Yes
Date Published: Jan 06 2004
Relevant URL: http://www.securityfocus.com/bid/9364
Summary:
mpg321 is a command-line media player for Unix/Linux variants.
A remotely exploitable format string vulnerability is present in mpg321.
The source of the problem is incorrect usage of printf() functions,
allowing format specifiers to be supplied directly to the vulnerable
functions from external data. This issue is likely exposed when the media
player handles MP3 meta data such as information included in ID3 tags,
though this has not been confirmed.
This issue could be exploited if a malicious MP3 file is played by a user,
either by opening the file manually or by streaming the malicious file.
Format string vulnerabilities permit attackers to overwrite arbitrary
locations in memory with attacker-specified data, giving the attacker a
means of controlling execution flow of the vulnerable program. This will
permit for execution of arbitrary code in the context of the user invoking
the media player.
7. nd Multiple Buffer Overrun Vulnerabilities
BugTraq ID: 9365
Remote: Yes
Date Published: Jan 06 2004
Relevant URL: http://www.securityfocus.com/bid/9365
Summary:
nd is a command-line WebDAV interface for Unix/Linux platforms.
Multiple buffer overrun vulnerabilities were reported in nd. The source
of the vulnerabilities appears to be multiple instances where sprintf()
operations are performed on server-supplied data without proper bounds
checking.
These issues may be exploited by a malicious WebDAV server. If the server
supplies malicious data to the software that is sufficient in length to
trigger one of the conditions, then it will be possible to overrun
adjacent regions of memory with the superfluous data. If a sensitive
variable in memory, such as a return address, can be overwritten then it
will be possible to control the execution flow of the program. This will
result in execution of arbitrary code.
8. Lotus Domino Initialization Files Weak Default Permissions V...
BugTraq ID: 9366
Remote: No
Date Published: Jan 06 2004
Relevant URL: http://www.securityfocus.com/bid/9366
Summary:
Domino is the e-mail server distributed by Lotus. It is available for the
Unix, Linux, and Microsoft operating systems.
A vulnerability has been identified in Lotus Domino for the Linux
operating system. Due to an issue with installation permissions, it may
be possible to modify sensitive configuration files.
The problem is in the default permissions of initialization files. By
default, the /local/notesdata/notes.ini and /opt/lotus/LPSilent.ini
initialization files are installed with world read-write UNIX file
permissions. Because of this, an attacker can modify these files to force
Domino to perform potentially dangerous actions.
9. Debian FSP Vulnerabilities
BugTraq ID: 9377
Remote: Yes
Date Published: Jan 07 2004
Relevant URL: http://www.securityfocus.com/bid/9377
Summary:
The File Service Protocol (FSP) is a file transfer protocol that is an
alternative to FTP. A set of FSP client and server tools is included with
Debian Linux. It has been reported that there are two vulnerabilities
present in the implementation of FSP included with Debian Linux.
The first vulnerability is an access validation error that can allow for a
client to access parts of the filesystem outside of the FSP root
directory. Exploitation may result in a disclosure of sensitive
information to malicious users.
The second vulnerability is a buffer overflow condition that can be
exploited by clients to execute instructions on the target server. This
may result in a full compromise of the underlying host.
At this time, further technical details are not known.
10. VBox3 For ISDN4Linux Local Privilege Escalation Vulnerabilit...
BugTraq ID: 9381
Remote: No
Date Published: Jan 07 2004
Relevant URL: http://www.securityfocus.com/bid/9381
Summary:
isdn4linux is a freely available, open source package of Linux kernel
module ISDN compatibility tools. It is available for Linux operating
systems. vbox3 is a voice response system for isdn4linux.
vbox3 has been reported prone to a local privilege escalation
vulnerability. The issue is reported to occur because the vbox3 software
does not lower execution privilege before accepting and interpreting a
user-supplied TCL script. A local user may potentially exploit this
condition to have arbitrary TCL code executed with elevated privileges.
Potentially this vulnerability may provide for unfettered access to a
vulnerable system for local users.
11. ISC INN Control Message Handling Buffer Overrun Vulnerabilit...
BugTraq ID: 9382
Remote: Yes
Date Published: Jan 08 2004
Relevant URL: http://www.securityfocus.com/bid/9382
Summary:
ISC INN is a Usenet/NNTP implementation that is available for Unix and
Linux platforms.
ISC has reported a remotely exploitable buffer overrun in INN. This issue
exists in the control message handling code that was introduced into
version 2.4.0. This code is responsible for special filing of control
messages into per-type newsgroups.
The issue exists in the 'art.c' source file and is due to an operation
where externally supplied data is copied into a static buffer without
sufficient bounds checking. This could cause adjacent regions of memory
to be overrun with attacker-specified data, allowing remote attackers to
overwrite sensitive variables in memory to control the execution flow of
the program. It may possible to exploit this issue to execute arbitrary
code in the context of the innd process. It should be noted that innd is
designed to drop privileges after binding to port 119, so successful
exploitation would typically only yield the privileges of the news user.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. LDAP problem (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/349280
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting
cross-platform interoperability over a wide range of platforms: Windows,
Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless
of the size of your organization.
Using the latest recognized standards in encryption and digital signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris,
UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for
computer forensics and investigations. With an intuitive GUI and superior
performance, EnCase Version 4 provides investigators with the tools to
conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields completely
non-invasive computer forensic investigations while allowing examiners to
easily manage large volumes of computer evidence and view all relevant
files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all
functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data
in it?s own internal memory (not on the hard drive), it is impossible for
a network intruder to gain access to any sensitive data stored within the
device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application
available 24 hours per day. With no extra hardware: just use your existing
servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to serve
your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Packit v0.6.0
By: Darren Bounds
Relevant URL: http://packit.sourceforge.net
Platforms: FreeBSD, Linux, POSIX
Summary:
Packit is a network auditing tool that allows you to monitor, manipulate,
and inject customized IPv4 traffic into your network. This can be
extremely valuable for testing firewalls, intrusion detection systems,
port scanning, and general TCP/IP auditing. It currently supports the
ability to define nearly all TCP, UDP, ICMP, IP, and Ethernet header
options. It requires libnet 1.1 or greater as well as libpcap, and has
been tested to run on FreeBSD, NetBSD, OpenBSD, and Linux.
2. suPHP v0.5
By: Sebastian Marsching
Relevant URL: http://www.suphp.org/
Platforms: Linux
Summary:
suPHP is a combination of an Apache module (mod_suphp) and an executable
which provides a wrapper for PHP. With both together, it is possible to
execute PHP scripts with the permissions of their owner without having to
place a PHP binary in each user's cgi-bin directory. suPHP doesn't need
Apache's suExec, and provides a logging function.
3. MUTE File Sharing v0.2
By: Jason Rohrer
Relevant URL: http://mute-net.sourceforge.net/
Platforms: Linux, MacOS, Os Independent, Windows 2000, Windows 95/98
Summary:
MUTE File Sharing is an anonymous, decentralized search-and-download file
sharing system. Several people have described MUTE as the "third
generation file sharing network" (From Napster to Gnutella to MUTE, with
each generation getting less centralized and more anonymous). MUTE uses
algorithms inspired by ant behavior to route all messages, include file
transfers, through a mesh network of neighbor connections.
Andutteye is surveillance software for Linux and Unix systems. Its used to
monitor your system, resolve local actions, and send alarms to a central
point. You can manage your client configurations, view and handle the
incoming alarms, and have FAQ entries on well known alarms.
Braa is a tool for making SNMP queries. It is able to query hundreds or
thousands of hosts simultaneously, while being completely single-threaded.
It does not need any SNMP libraries, as it is equipped with its own SNMP
engine. However, it's good to have a complete SNMP package including
"snmptranslate" installed somewhere, because for speed reasons, there is
no ASN.1 parser in Braa, and all the SNMP OIDs need to be specified
numerically.
Linux Security Auditing Tool (LSAT) is a post install security auditing
tool. It is modular in design, so new features can be added quickly. It
checks inetd entries and scans for unneeded RPM packages. It is being
expanded to work with Linux distributions other than Red Hat, and checks
for kernel versions.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address.
The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SolSoft
FREE Webinar: Better Management for Network Security
Looking for a better way to manage your IP security? See a live demo to
learn how Solsoft can help you:
- Ensure robust IP security through visual, policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks (including Linux firewalls)
- Respond rapidly to network events from a central console
- Foster collaboration between network admins and security experts
Register for our FREE webinar at:
http://www.securityfocus.com/sponsor/Solsoft_linux-secnews_040112
------------------------------------------------------------------------
SecurityFocus Linux Newsletter #166
------------------------------------
This issue sponsored by: SolSoft
FREE Webinar: Better Management for Network Security
Looking for a better way to manage your IP security? See a live demo to
learn how Solsoft can help you:
- Ensure robust IP security through visual, policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks (including Linux firewalls)
- Respond rapidly to network events from a central console
- Foster collaboration between network admins and security experts
Register for our FREE webinar at:
http://www.securityfocus.com/sponsor/Solsoft_linux-secnews_040112
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Digital Signatures And European Laws
II. LINUX VULNERABILITY SUMMARY
1. EasyDynamicPages config_page.php Remote PHP File Include Vul...
2. Cherokee HTTP Post Remote Content Length Denial Of Service V...
3. XSOK XSOKDir Option Local Buffer Overrun Vulnerability
4. Invision Power Board Calendar.PHP SQL Injection Vulnerabilit...
5. Linux Kernel do_mremap Function Boundary Condition Vulnerabi...
6. mpg321 MP3 File Remote Format String Vulnerability
7. nd Multiple Buffer Overrun Vulnerabilities
8. Lotus Domino Initialization Files Weak Default Permissions V...
9. Debian FSP Vulnerabilities
10. VBox3 For ISDN4Linux Local Privilege Escalation Vulnerabilit...
11. ISC INN Control Message Handling Buffer Overrun Vulnerabilit...
III. LINUX FOCUS LIST SUMMARY
1. LDAP problem (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Packit v0.6.0
2. suPHP v0.5
3. MUTE File Sharing v0.2
4. Andutteye v1.13-1
5. braa v0.8
6. Linux Security Auditing Tool v0.9.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Digital Signatures And European Laws
By Mirella Mazzeo
This article discusses the security requirements for electronic
communications and commerce with European governments and many European-
based businesses. It will also give an overview of the current trends for
public key infrastructure in Europe, useful for any organization that does
business with the EU.
http://www.securityfocus.com/infocus/1756
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. EasyDynamicPages config_page.php Remote PHP File Include Vul...
BugTraq ID: 9338
Remote: Yes
Date Published: Jan 02 2004
Relevant URL: http://www.securityfocus.com/bid/9338
Summary:
EasyDynamicPages is a content management system that is written in PHP.
It is available for Unix/Linux derivatives and Microsoft Windows operating
systems.
EasyDynamicPages is prone to a remote file include vulnerability. The
source of this vulnerability is that the 'config_page.php' script includes
an external file ('admin/site_settings.php') in such a way that the
attacker may influence the include path of the file. If the attacker
specifies an include path to a malicious PHP script on an
attacker-controlled server, this could result in execution of the
malicious script in the context of the web server hosting the vulnerable
software.
Exploitation will permit a remote attacker to gain interactive access to
the vulnerable system.
2. Cherokee HTTP Post Remote Content Length Denial Of Service V...
BugTraq ID: 9345
Remote: Yes
Date Published: Jan 01 2004
Relevant URL: http://www.securityfocus.com/bid/9345
Summary:
Cherokee is a freely available, open source web server software package.
It is available for the Unix and Linux platforms.
A problem has been identified in the handling of HTTP POST requests by
Cherokee. Because of this, it may be possible for a remote attacker to
deny service to legitimate users of a vulnerable server.
The problem is in the handling of HTTP Content-Length header fields. When
a POST request is made, Cherokee may react unpredictably when a
Content-Length header field is not supplied with the POST. This has been
reported to result in a denial of service issue. It is conjectured that
this issue may not be limited to just a denial of service, though
available information is insufficient it making a further determination.
This Bugtraq ID will be further updated if more information becomes
available.
3. XSOK XSOKDir Option Local Buffer Overrun Vulnerability
BugTraq ID: 9352
Remote: No
Date Published: Jan 04 2004
Relevant URL: http://www.securityfocus.com/bid/9352
Summary:
xsok is a freely available, open source single player game. It is
available for the Linux platform.
xsok is prone to a locally exploitable buffer overflow vulnerability.
The vulnerability exists in the xsokdir function. By supplying an argument
of excessive length to the xsokdir option, it is possible to corrupt
sensitive variables in memory. This could be exploited to execute
arbitrary code with elevated privileges. The program is usually installed
with Set-Group-ID games privileges.
4. Invision Power Board Calendar.PHP SQL Injection Vulnerabilit...
BugTraq ID: 9353
Remote: Yes
Date Published: Jan 04 2004
Relevant URL: http://www.securityfocus.com/bid/9353
Summary:
Invision Power Board is a bulletin board system that is implemented in
PHP. It is available for Windows and Unix/Linux derivatives.
Invision Power Board is prone to SQL injection attacks. This vulnerability
exists in the 'calendar.php' script, which takes user-supplied input from
URI parameters and then includes this input in database queries without
adequate sanitization. In this instance, it is possible to supply
malicious SQL syntax by manipulating the value supplied to the
$this->chosen_month variable of calendar.php. This issue will permit a
remote attacker to manipulate the logic and structure of database queries,
possibly resulting in bulletin board compromise, information disclosure or
other consequences.
5. Linux Kernel do_mremap Function Boundary Condition Vulnerabi...
BugTraq ID: 9356
Remote: No
Date Published: Jan 05 2004
Relevant URL: http://www.securityfocus.com/bid/9356
Summary:
A vulnerability involving the do_mremap system function has been reported
in the Linux kernel, allowing for local privilege escalation.
The mremap(2) system call is used to resize and relocate Virtual Memory
Areas (VMA). It calls the kernel do_mremap function internally. Due to a
bounds checking issue within the function, it is possible for local
attackers to disrupt the operation of the kernel. It is reported that
this flaw may be exploited to create a malicious VMA of zero bytes in
length. The malicious VMA may disrupt other memory management operations
in the kernel, potentially causing system instability. Attack vectors
also exist that may permit a local attacker to gain root privileges.
This type of vulnerability will permit a remote attacker who has already
gained limited privileges on a host to fully compromise the system.
Because the 2.2 kernel series does not support the affected MREMAP_FIXED
flag, it is not reported to be prone to this issue.
6. mpg321 MP3 File Remote Format String Vulnerability
BugTraq ID: 9364
Remote: Yes
Date Published: Jan 06 2004
Relevant URL: http://www.securityfocus.com/bid/9364
Summary:
mpg321 is a command-line media player for Unix/Linux variants.
A remotely exploitable format string vulnerability is present in mpg321.
The source of the problem is incorrect usage of printf() functions,
allowing format specifiers to be supplied directly to the vulnerable
functions from external data. This issue is likely exposed when the media
player handles MP3 meta data such as information included in ID3 tags,
though this has not been confirmed.
This issue could be exploited if a malicious MP3 file is played by a user,
either by opening the file manually or by streaming the malicious file.
Format string vulnerabilities permit attackers to overwrite arbitrary
locations in memory with attacker-specified data, giving the attacker a
means of controlling execution flow of the vulnerable program. This will
permit for execution of arbitrary code in the context of the user invoking
the media player.
7. nd Multiple Buffer Overrun Vulnerabilities
BugTraq ID: 9365
Remote: Yes
Date Published: Jan 06 2004
Relevant URL: http://www.securityfocus.com/bid/9365
Summary:
nd is a command-line WebDAV interface for Unix/Linux platforms.
Multiple buffer overrun vulnerabilities were reported in nd. The source
of the vulnerabilities appears to be multiple instances where sprintf()
operations are performed on server-supplied data without proper bounds
checking.
These issues may be exploited by a malicious WebDAV server. If the server
supplies malicious data to the software that is sufficient in length to
trigger one of the conditions, then it will be possible to overrun
adjacent regions of memory with the superfluous data. If a sensitive
variable in memory, such as a return address, can be overwritten then it
will be possible to control the execution flow of the program. This will
result in execution of arbitrary code.
8. Lotus Domino Initialization Files Weak Default Permissions V...
BugTraq ID: 9366
Remote: No
Date Published: Jan 06 2004
Relevant URL: http://www.securityfocus.com/bid/9366
Summary:
Domino is the e-mail server distributed by Lotus. It is available for the
Unix, Linux, and Microsoft operating systems.
A vulnerability has been identified in Lotus Domino for the Linux
operating system. Due to an issue with installation permissions, it may
be possible to modify sensitive configuration files.
The problem is in the default permissions of initialization files. By
default, the /local/notesdata/notes.ini and /opt/lotus/LPSilent.ini
initialization files are installed with world read-write UNIX file
permissions. Because of this, an attacker can modify these files to force
Domino to perform potentially dangerous actions.
9. Debian FSP Vulnerabilities
BugTraq ID: 9377
Remote: Yes
Date Published: Jan 07 2004
Relevant URL: http://www.securityfocus.com/bid/9377
Summary:
The File Service Protocol (FSP) is a file transfer protocol that is an
alternative to FTP. A set of FSP client and server tools is included with
Debian Linux. It has been reported that there are two vulnerabilities
present in the implementation of FSP included with Debian Linux.
The first vulnerability is an access validation error that can allow for a
client to access parts of the filesystem outside of the FSP root
directory. Exploitation may result in a disclosure of sensitive
information to malicious users.
The second vulnerability is a buffer overflow condition that can be
exploited by clients to execute instructions on the target server. This
may result in a full compromise of the underlying host.
At this time, further technical details are not known.
10. VBox3 For ISDN4Linux Local Privilege Escalation Vulnerabilit...
BugTraq ID: 9381
Remote: No
Date Published: Jan 07 2004
Relevant URL: http://www.securityfocus.com/bid/9381
Summary:
isdn4linux is a freely available, open source package of Linux kernel
module ISDN compatibility tools. It is available for Linux operating
systems. vbox3 is a voice response system for isdn4linux.
vbox3 has been reported prone to a local privilege escalation
vulnerability. The issue is reported to occur because the vbox3 software
does not lower execution privilege before accepting and interpreting a
user-supplied TCL script. A local user may potentially exploit this
condition to have arbitrary TCL code executed with elevated privileges.
Potentially this vulnerability may provide for unfettered access to a
vulnerable system for local users.
11. ISC INN Control Message Handling Buffer Overrun Vulnerabilit...
BugTraq ID: 9382
Remote: Yes
Date Published: Jan 08 2004
Relevant URL: http://www.securityfocus.com/bid/9382
Summary:
ISC INN is a Usenet/NNTP implementation that is available for Unix and
Linux platforms.
ISC has reported a remotely exploitable buffer overrun in INN. This issue
exists in the control message handling code that was introduced into
version 2.4.0. This code is responsible for special filing of control
messages into per-type newsgroups.
The issue exists in the 'art.c' source file and is due to an operation
where externally supplied data is copied into a static buffer without
sufficient bounds checking. This could cause adjacent regions of memory
to be overrun with attacker-specified data, allowing remote attackers to
overwrite sensitive variables in memory to control the execution flow of
the program. It may possible to exploit this issue to execute arbitrary
code in the context of the innd process. It should be noted that innd is
designed to drop privileges after binding to port 119, so successful
exploitation would typically only yield the privileges of the news user.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. LDAP problem (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/349280
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting
cross-platform interoperability over a wide range of platforms: Windows,
Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless
of the size of your organization.
Using the latest recognized standards in encryption and digital signature
technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris,
UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for
computer forensics and investigations. With an intuitive GUI and superior
performance, EnCase Version 4 provides investigators with the tools to
conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields completely
non-invasive computer forensic investigations while allowing examiners to
easily manage large volumes of computer evidence and view all relevant
files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all
functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows
95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity
within an accounting or specialist system. It is completely undetectable
by software scanners and provides you with one of the most powerful
stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data
in it?s own internal memory (not on the hard drive), it is impossible for
a network intruder to gain access to any sensitive data stored within the
device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application
available 24 hours per day. With no extra hardware: just use your existing
servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to serve
your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Packit v0.6.0
By: Darren Bounds
Relevant URL: http://packit.sourceforge.net
Platforms: FreeBSD, Linux, POSIX
Summary:
Packit is a network auditing tool that allows you to monitor, manipulate,
and inject customized IPv4 traffic into your network. This can be
extremely valuable for testing firewalls, intrusion detection systems,
port scanning, and general TCP/IP auditing. It currently supports the
ability to define nearly all TCP, UDP, ICMP, IP, and Ethernet header
options. It requires libnet 1.1 or greater as well as libpcap, and has
been tested to run on FreeBSD, NetBSD, OpenBSD, and Linux.
2. suPHP v0.5
By: Sebastian Marsching
Relevant URL: http://www.suphp.org/
Platforms: Linux
Summary:
suPHP is a combination of an Apache module (mod_suphp) and an executable
which provides a wrapper for PHP. With both together, it is possible to
execute PHP scripts with the permissions of their owner without having to
place a PHP binary in each user's cgi-bin directory. suPHP doesn't need
Apache's suExec, and provides a logging function.
3. MUTE File Sharing v0.2
By: Jason Rohrer
Relevant URL: http://mute-net.sourceforge.net/
Platforms: Linux, MacOS, Os Independent, Windows 2000, Windows 95/98
Summary:
MUTE File Sharing is an anonymous, decentralized search-and-download file
sharing system. Several people have described MUTE as the "third
generation file sharing network" (From Napster to Gnutella to MUTE, with
each generation getting less centralized and more anonymous). MUTE uses
algorithms inspired by ant behavior to route all messages, include file
transfers, through a mesh network of neighbor connections.
4. Andutteye v1.13-1
By: andutt
Relevant URL: http://www.utterberg.com
Platforms: Linux
Summary:
Andutteye is surveillance software for Linux and Unix systems. Its used to
monitor your system, resolve local actions, and send alarms to a central
point. You can manage your client configurations, view and handle the
incoming alarms, and have FAQ entries on well known alarms.
5. braa v0.8
By: mteg
Relevant URL: http://s-tech.elsat.net.pl/braa/
Platforms: FreeBSD, Linux
Summary:
Braa is a tool for making SNMP queries. It is able to query hundreds or
thousands of hosts simultaneously, while being completely single-threaded.
It does not need any SNMP libraries, as it is equipped with its own SNMP
engine. However, it's good to have a complete SNMP package including
"snmptranslate" installed somewhere, because for speed reasons, there is
no ASN.1 parser in Braa, and all the SNMP OIDs need to be specified
numerically.
6. Linux Security Auditing Tool v0.9.0
By: Triode
Relevant URL: http://usat.sourceforge.net/
Platforms: Linux, POSIX
Summary:
Linux Security Auditing Tool (LSAT) is a post install security auditing
tool. It is modular in design, so new features can be added quickly. It
checks inetd entries and scans for unneeded RPM packages. It is being
expanded to work with Linux distributions other than Red Hat, and checks
for kernel versions.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address.
The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and
ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: SolSoft
FREE Webinar: Better Management for Network Security
Looking for a better way to manage your IP security? See a live demo to
learn how Solsoft can help you:
- Ensure robust IP security through visual, policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks (including Linux firewalls)
- Respond rapidly to network events from a central console
- Foster collaboration between network admins and security experts
Register for our FREE webinar at:
http://www.securityfocus.com/sponsor/Solsoft_linux-secnews_040112
------------------------------------------------------------------------
[ reply ]