SecurityFocus Linux Newsletter #184
------------------------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
I. FRONT AND CENTER
1. Secure by Default
2. TCP/IP Skills Required for Security Analysts
II. LINUX VULNERABILITY SUMMARY
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
2. Linux Kernel Local IO Access Inheritance Vulnerability
3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
4. National Science Foundation Squid Proxy Internet Access Cont...
5. EMule Web Control Panel Denial Of Service Vulnerability
6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
7. Linux Kernel Serial Driver Proc File Information Disclosure ...
8. Linux Kernel STRNCPY Information Leak Vulnerability
9. Opera Web Browser Address Bar Spoofing Weakness
10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab...
11. Opera Web Browser Telnet URI handler Arbitrary File Creation...
III. LINUX FOCUS LIST SUMMARY
1. Secure Form Script? (Thread)
2. decent loadbalancing with 2 different ISP's with min... (Thread)
3. decent loadbalancing with 2 different ISP's with min... (Thread)
4. Did RedHat's OpenSSL patch miss Apache? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Astaro Security Linux (Stable 5.x) v5.007
2. TinyCA v0.6.0
3. OS-SIM v0.9.4
4. Automatic Firewall v0.3
5. MIMEDefang v2.43
6. WallFire wfconvert v0.3.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Secure by Default
By Jason Miller
Why "Secure By Default" is a step in the right direction.
http://www.securityfocus.com/columnists/241
2. TCP/IP Skills Required for Security Analysts
By Don Parker
This article guides users new to the security field through some of the
key skills required to work as a security analyst. The focus is on core
TCP/IP competency and related technologies such as intrusion detection
systems, firewalls and routers.
http://www.securityfocus.com/infocus/1779
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
BugTraq ID: 10301
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10301
Summary:
It has been reported that Sun's Java Runtime Environment, as well as the Java Software Development Kit are affected by an unspecified, remote denial of service vulnerability.
This issue would allow an attacker to cause the affected JRE to become unresponsive, denying service to legitimate users.
2. Linux Kernel Local IO Access Inheritance Vulnerability
BugTraq ID: 10302
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10302
Summary:
It has been reported that the Linux Kernel is affected by an IO access inheritance vulnerability. This issue is due to an access validation error that fails to invalidate all io_bitmap pointers before a process exits.
This issue could allow local users to lock up the affected system, denying service to legitimate users. This issue might also allow an attacker to gain escalated privileges.
3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote buffer overflow vulnerability when processing an excessively long base64 authentication request. A remote attacker could execute arbitrary code in the context of the server leading to unauthorized access.
This issue is reported to exist in Icecast 2.0.0, however, it is possible that previous versions are affected as well.
4. National Science Foundation Squid Proxy Internet Access Cont...
BugTraq ID: 10315
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10315
Summary:
Squid proxy has been reported to be affected by an Internet access control bypass vulnerability. This issue is caused by a failure of the application to properly handle access controls when evaluating malformed URI requests.
This issue is reported to affect version 2.3.STABLE5 of the software, it is likely however that other versions are also affected.
This issue would allow users that are restricted from accessing Internet-based resources to access arbitrary web sites.
5. EMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to a remote denial of service vulnerability.
This issue is reportedly triggered by sending malformed requests to the web interface. Upon processing malformed requests, the affected application will crash, denying service to legitimate users.
6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
BugTraq ID: 10326
Remote: No
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10326
Summary:
An integer overflow vulnerability has been reported in the sctp_setsockopt() system call of the Linux kernel. This issue is related to the code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option.
The issue presents itself in the sctp_setsockopt() function of the net/sctp/socket.c source file, due to a lack of sufficient validation performed on user supplied integer values.
This vulnerbaility may result in the allocation of a zero byte chunk in kernel memory space. Likely resulting in a kernel panic. The issue may also potentially be exploited however to compromise the system.
This vulnerability is reported to affect Linux kernel versions up to and including version 2.4.25.
7. Linux Kernel Serial Driver Proc File Information Disclosure ...
BugTraq ID: 10330
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10330
Summary:
It has been reported that the Linux kernel is prone to a serial driver proc file information disclosure vulnerability. This issue is due to a design error that allows unprivileged access to potentially sensitive information.
This issue might allow an attacker to gain access to sensitive information such as user password lengths.
8. Linux Kernel STRNCPY Information Leak Vulnerability
BugTraq ID: 10331
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10331
Summary:
This issue is reported to affect the vulnerable kernel only on platforms other than x86.
It has been reported that the Linux kernel is prone to a 'strncpy()' information leak vulnerability. This issue is due to a failure of the libc code to properly implement the offending function on platforms other than x86.
This issue might lead to information leakage, potentially facilitating further attacks against an affected system or process.
9. Opera Web Browser Address Bar Spoofing Weakness
BugTraq ID: 10337
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10337
Summary:
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information.
This is reportedly possible through malicious use of the JavaScript "unOnload" event handler when the browser is redirected to another page.
This issue could be exploited to spoof the domain of a malicious web page, potentially causing the victim user to trust the spoofed domain.
The vulnerability reportedly affects Opera 7.23 releases on Windows and Linux platforms. Earlier versions may also be affected.
10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab...
BugTraq ID: 10340
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10340
Summary:
Reportedly ZoneMinder is affected by multiple remote buffer overflow vulnerabilities, potentially leading to unauthorized access. These issues are due to a failure of the application to properly validate buffer boundaries when processing user input.
These issues could allow a remote attacker to execute arbitrary code in the context of the affected software, which could lead to unauthorized access.
11. Opera Web Browser Telnet URI handler Arbitrary File Creation...
BugTraq ID: 10341
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10341
Summary:
It has been reported that Opera web browser is prone to a vulnerability that may allow a remote attacker to create and modify arbitrary files on a system. The vulnerability presents itself because the telnet URI handler in Opera fails to sanitize user-supplied input. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the telnet program to carry out an attack remotely.
Opera version 7.23 is reported to be affected by this issue. Earlier versions may also be affected.
**It has been reported that various web browsers are affected by this issue. The affected products include Apple Safari, Microsoft Internet Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly others. These applications are currently undergoing further review and individual BIDs will be created when more information becomes available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363468
2. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362894
3. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362893
4. Did RedHat's OpenSSL patch miss Apache? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362892
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full access to the entire CANVAS codebase. Python is one of the easiest languages to learn, so even novice programmers can be productive on the CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise information security teams or system adminstrators, and an advanced development platform for exploit developers, or people learning to become exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting cross-platform interoperability over a wide range of platforms: Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless of the size of your organization.
Using the latest recognized standards in encryption and digital signature technology, SecretAgent ensures the confidentiality, integrity, and authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet inspection filtering, content filtering, user authentication, virus scanning, VPN with IPSec and PPTP, and much more. With its Web-based management tool, WebAdmin, and the ability to pull updates via the Internet, it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities.
2. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small certification authority. It is based on OpenSSL and Perl modules from the OpenCA project. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them.
OSSIM pretends to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, HotSaNIC, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security.
4. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your environment and deciding what is a good fit for your needs. It is intended for the novice broadband user to install and forget about, but still be fairly well protected.
5. MIMEDefang v2.43
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect Windows clients from viruses. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unnaceptable attachments. MIMEDefang works with Sendmail 8.11's new "Milter" API, which gives it much more flexibility than procmail-based approaches.
The goal of the WallFire project is to create a very general and modular firewalling application based on Netfilter or any kind of low-level framework. Wfconvert is a tool which imports/translates rules from/to any supported firewalling language.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
------------------------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
http://www.securityfocus.com/sponsor/TruSecure_linux-secnews_040517
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Secure by Default
2. TCP/IP Skills Required for Security Analysts
II. LINUX VULNERABILITY SUMMARY
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
2. Linux Kernel Local IO Access Inheritance Vulnerability
3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
4. National Science Foundation Squid Proxy Internet Access Cont...
5. EMule Web Control Panel Denial Of Service Vulnerability
6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
7. Linux Kernel Serial Driver Proc File Information Disclosure ...
8. Linux Kernel STRNCPY Information Leak Vulnerability
9. Opera Web Browser Address Bar Spoofing Weakness
10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab...
11. Opera Web Browser Telnet URI handler Arbitrary File Creation...
III. LINUX FOCUS LIST SUMMARY
1. Secure Form Script? (Thread)
2. decent loadbalancing with 2 different ISP's with min... (Thread)
3. decent loadbalancing with 2 different ISP's with min... (Thread)
4. Did RedHat's OpenSSL patch miss Apache? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Astaro Security Linux (Stable 5.x) v5.007
2. TinyCA v0.6.0
3. OS-SIM v0.9.4
4. Automatic Firewall v0.3
5. MIMEDefang v2.43
6. WallFire wfconvert v0.3.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Secure by Default
By Jason Miller
Why "Secure By Default" is a step in the right direction.
http://www.securityfocus.com/columnists/241
2. TCP/IP Skills Required for Security Analysts
By Don Parker
This article guides users new to the security field through some of the
key skills required to work as a security analyst. The focus is on core
TCP/IP competency and related technologies such as intrusion detection
systems, firewalls and routers.
http://www.securityfocus.com/infocus/1779
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se...
BugTraq ID: 10301
Remote: Yes
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10301
Summary:
It has been reported that Sun's Java Runtime Environment, as well as the Java Software Development Kit are affected by an unspecified, remote denial of service vulnerability.
This issue would allow an attacker to cause the affected JRE to become unresponsive, denying service to legitimate users.
2. Linux Kernel Local IO Access Inheritance Vulnerability
BugTraq ID: 10302
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10302
Summary:
It has been reported that the Linux Kernel is affected by an IO access inheritance vulnerability. This issue is due to an access validation error that fails to invalidate all io_bitmap pointers before a process exits.
This issue could allow local users to lock up the affected system, denying service to legitimate users. This issue might also allow an attacker to gain escalated privileges.
3. Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote buffer overflow vulnerability when processing an excessively long base64 authentication request. A remote attacker could execute arbitrary code in the context of the server leading to unauthorized access.
This issue is reported to exist in Icecast 2.0.0, however, it is possible that previous versions are affected as well.
4. National Science Foundation Squid Proxy Internet Access Cont...
BugTraq ID: 10315
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10315
Summary:
Squid proxy has been reported to be affected by an Internet access control bypass vulnerability. This issue is caused by a failure of the application to properly handle access controls when evaluating malformed URI requests.
This issue is reported to affect version 2.3.STABLE5 of the software, it is likely however that other versions are also affected.
This issue would allow users that are restricted from accessing Internet-based resources to access arbitrary web sites.
5. EMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to a remote denial of service vulnerability.
This issue is reportedly triggered by sending malformed requests to the web interface. Upon processing malformed requests, the affected application will crash, denying service to legitimate users.
6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
BugTraq ID: 10326
Remote: No
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10326
Summary:
An integer overflow vulnerability has been reported in the sctp_setsockopt() system call of the Linux kernel. This issue is related to the code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option.
The issue presents itself in the sctp_setsockopt() function of the net/sctp/socket.c source file, due to a lack of sufficient validation performed on user supplied integer values.
This vulnerbaility may result in the allocation of a zero byte chunk in kernel memory space. Likely resulting in a kernel panic. The issue may also potentially be exploited however to compromise the system.
This vulnerability is reported to affect Linux kernel versions up to and including version 2.4.25.
7. Linux Kernel Serial Driver Proc File Information Disclosure ...
BugTraq ID: 10330
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10330
Summary:
It has been reported that the Linux kernel is prone to a serial driver proc file information disclosure vulnerability. This issue is due to a design error that allows unprivileged access to potentially sensitive information.
This issue might allow an attacker to gain access to sensitive information such as user password lengths.
8. Linux Kernel STRNCPY Information Leak Vulnerability
BugTraq ID: 10331
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10331
Summary:
This issue is reported to affect the vulnerable kernel only on platforms other than x86.
It has been reported that the Linux kernel is prone to a 'strncpy()' information leak vulnerability. This issue is due to a failure of the libc code to properly implement the offending function on platforms other than x86.
This issue might lead to information leakage, potentially facilitating further attacks against an affected system or process.
9. Opera Web Browser Address Bar Spoofing Weakness
BugTraq ID: 10337
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10337
Summary:
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information.
This is reportedly possible through malicious use of the JavaScript "unOnload" event handler when the browser is redirected to another page.
This issue could be exploited to spoof the domain of a malicious web page, potentially causing the victim user to trust the spoofed domain.
The vulnerability reportedly affects Opera 7.23 releases on Windows and Linux platforms. Earlier versions may also be affected.
10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab...
BugTraq ID: 10340
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10340
Summary:
Reportedly ZoneMinder is affected by multiple remote buffer overflow vulnerabilities, potentially leading to unauthorized access. These issues are due to a failure of the application to properly validate buffer boundaries when processing user input.
These issues could allow a remote attacker to execute arbitrary code in the context of the affected software, which could lead to unauthorized access.
11. Opera Web Browser Telnet URI handler Arbitrary File Creation...
BugTraq ID: 10341
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10341
Summary:
It has been reported that Opera web browser is prone to a vulnerability that may allow a remote attacker to create and modify arbitrary files on a system. The vulnerability presents itself because the telnet URI handler in Opera fails to sanitize user-supplied input. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the telnet program to carry out an attack remotely.
Opera version 7.23 is reported to be affected by this issue. Earlier versions may also be affected.
**It has been reported that various web browsers are affected by this issue. The affected products include Apple Safari, Microsoft Internet Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly others. These applications are currently undergoing further review and individual BIDs will be created when more information becomes available.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363468
2. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362894
3. decent loadbalancing with 2 different ISP's with min... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362893
4. Did RedHat's OpenSSL patch miss Apache? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/362892
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full access to the entire CANVAS codebase. Python is one of the easiest languages to learn, so even novice programmers can be productive on the CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise information security teams or system adminstrators, and an advanced development platform for exploit developers, or people learning to become exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting cross-platform interoperability over a wide range of platforms: Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless of the size of your organization.
Using the latest recognized standards in encryption and digital signature technology, SecretAgent ensures the confidentiality, integrity, and authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet inspection filtering, content filtering, user authentication, virus scanning, VPN with IPSec and PPTP, and much more. With its Web-based management tool, WebAdmin, and the ability to pull updates via the Internet, it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities.
2. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small certification authority. It is based on OpenSSL and Perl modules from the OpenCA project. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them.
3. OS-SIM v0.9.4
By: Dominique Karg
Relevant URL: http://www.ossim.net/
Platforms: Linux, MacOS, POSIX
Summary:
OSSIM pretends to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, HotSaNIC, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security.
4. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your environment and deciding what is a good fit for your needs. It is intended for the novice broadband user to install and forget about, but still be fairly well protected.
5. MIMEDefang v2.43
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary:
MIMEDefang is a flexible MIME e-mail scanner designed to protect Windows clients from viruses. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unnaceptable attachments. MIMEDefang works with Sendmail 8.11's new "Milter" API, which gives it much more flexibility than procmail-based approaches.
6. WallFire wfconvert v0.3.1
By: Hervé Eychenne
Relevant URL: http://www.wallfire.org/wfconvert/
Platforms: Linux, POSIX
Summary:
The goal of the WallFire project is to create a very general and modular firewalling application based on Netfilter or any kind of low-level framework. Wfconvert is a tool which imports/translates rules from/to any supported firewalling language.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: TruSecure
FREE 14-DAY TRIAL: INTELLISHIELD ALERT MANAGER?
IS Alert Manager, TruSecure's threat and vulnerability service, helps
organizations better protect critical information assets with unmatched
intelligence and analysis from TruSecure's ICSA Labs and other resources.
Try it today! Sign up for your FREE 14-day trial below!
http://www.securityfocus.com/sponsor/TruSecure_linux-secnews_040517
------------------------------------------------------------------------
[ reply ]