SecurityFocus Linux Newsletter #185
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
I. FRONT AND CENTER
1. Malware Analysis for Administrators
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
II. LINUX VULNERABILITY SUMMARY
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
2. WGet Insecure File Creation Race Condition Vulnerability
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
4. PHP-Nuke Multiple Input Validation Vulnerabilities
5. LibUser Multiple Unspecified Vulnerabilities
6. Mandrake Linux passwd Potential Vulnerabilities
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
12. SquirrelMail Unspecified SQL Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. looking for wireless linux security book (Thread)
2. Problem with my wireless network(To all LinkSys user... (Thread)
3. Problem with my wireless network (Thread)
4. Secure Form Script? (Thread)
5. iptables firewall script for debian-woody, 2.4.24 (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Ettercap v0.7.0 pre2
2. Linux Intrusion Detection System (LIDS) v2.6.6
3. Astaro Security Linux (Stable 5.x) v5.007
4. TinyCA v0.6.0
5. OS-SIM v0.9.4
6. Automatic Firewall v0.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Malware Analysis for Administrators
By S. G. Masood
The purpose of this article is to help administrators and power users use
behavioral analysis to determine if a binary is harmful malware, by
analyzing it in a lab environment without the use of anti-virus software,
debuggers, or code disassembly.
http://www.securityfocus.com/infocus/1780
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
By Bob Rudis
This is the second of a two-part series that focuses on the centralized
management of security for mobile users. Part two completes the
discussion by presenting additional layers of defence to help protect
valuable, mobile data.
http://www.securityfocus.com/infocus/1781
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
BugTraq ID: 10359
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10359
Summary:
It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks.
The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site.
These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible.
2. WGet Insecure File Creation Race Condition Vulnerability
BugTraq ID: 10361
Remote: No
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10361
Summary:
wget has been reported prone to a race condition vulnerability. The issue exists because wget does not lock files that it creates and writes to during file downloads.
A local attacker may exploit this condition to corrupt files with the privileges of the victim who is running the vulnerable version of wget.
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
BugTraq ID: 10365
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10365
Summary:
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
4. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10367
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10367
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks.
5. LibUser Multiple Unspecified Vulnerabilities
BugTraq ID: 10368
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10368
Summary:
Libuser implements a standardized interface for manipulating and administering user and group accounts one Unix systems.
It has been reported that several vulnerabilities exist in this library. Attackers could possibly crash applications that are linked to this library, or possibly cause the applications to write 4GB files containing garbage to disk.
These issues could possibly lead to a denial of service condition, causing legitimate users to be unable to access resources.
6. Mandrake Linux passwd Potential Vulnerabilities
BugTraq ID: 10370
Remote: Unknown
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10370
Summary:
Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
BugTraq ID: 10383
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10383
Summary:
It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
BugTraq ID: 10384
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10384
Summary:
CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution.
CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue.
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
BugTraq ID: 10385
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10385
Summary:
Neon WebDAV client library is prone to a heap overflow vulnerability. This issue exists due to improper boundary checks performed on user-supplied data. Reportedly a malformed string value may cause a sscanf() string overflow into static heap variables.
Neon 0.24.5 and prior are prone to this issue.
10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
BugTraq ID: 10386
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10386
Summary:
Subversion is prone to a buffer overflow vulnerability. This issue exists in one of the data parsing functions of the application. Specifically, Subversion calls an sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application.
Subversion versions 1.0.2 and prior are prone to this issue.
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
BugTraq ID: 10389
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10389
Summary:
It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
12. SquirrelMail Unspecified SQL Injection Vulnerability
BugTraq ID: 10397
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10397
Summary:
Reportedly, SquirrelMail is prone to an unspecified SQL injection vulnerability. The vulnerability results from insufficient sanitization of user-supplied data.
This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the user password hashes or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
Due to a lack of information, further details are not currently available. This BID will be updated as more information becomes available.
SquirrelMail 1.4.2 and prior versions are affected by this issue.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364172
2. Problem with my wireless network(To all LinkSys user... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364171
3. Problem with my wireless network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364058
4. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364050
5. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363883
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full access to the entire CANVAS codebase. Python is one of the easiest languages to learn, so even novice programmers can be productive on the CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise information security teams or system adminstrators, and an advanced development platform for exploit developers, or people learning to become exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting cross-platform interoperability over a wide range of platforms: Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless of the size of your organization.
Using the latest recognized standards in encryption and digital signature technology, SecretAgent ensures the confidentiality, integrity, and authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
2. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg (at) gem.ncic.ac (dot) cn [email concealed]
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
Astaro Security Linux is a firewall solution. It does stateful packet inspection filtering, content filtering, user authentication, virus scanning, VPN with IPSec and PPTP, and much more. With its Web-based management tool, WebAdmin, and the ability to pull updates via the Internet, it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities.
4. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small certification authority. It is based on OpenSSL and Perl modules from the OpenCA project. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them.
OSSIM pretends to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, HotSaNIC, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security.
6. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your environment and deciding what is a good fit for your needs. It is intended for the novice broadband user to install and forget about, but still be fairly well protected.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Malware Analysis for Administrators
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
II. LINUX VULNERABILITY SUMMARY
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
2. WGet Insecure File Creation Race Condition Vulnerability
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
4. PHP-Nuke Multiple Input Validation Vulnerabilities
5. LibUser Multiple Unspecified Vulnerabilities
6. Mandrake Linux passwd Potential Vulnerabilities
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
12. SquirrelMail Unspecified SQL Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. looking for wireless linux security book (Thread)
2. Problem with my wireless network(To all LinkSys user... (Thread)
3. Problem with my wireless network (Thread)
4. Secure Form Script? (Thread)
5. iptables firewall script for debian-woody, 2.4.24 (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. Ettercap v0.7.0 pre2
2. Linux Intrusion Detection System (LIDS) v2.6.6
3. Astaro Security Linux (Stable 5.x) v5.007
4. TinyCA v0.6.0
5. OS-SIM v0.9.4
6. Automatic Firewall v0.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Malware Analysis for Administrators
By S. G. Masood
The purpose of this article is to help administrators and power users use
behavioral analysis to determine if a binary is harmful malware, by
analyzing it in a lab environment without the use of anti-virus software,
debuggers, or code disassembly.
http://www.securityfocus.com/infocus/1780
2. Protecting Road Warriors: Managing Security for Mobile Users (Part Two)
By Bob Rudis
This is the second of a two-part series that focuses on the centralized
management of security for mobile users. Part two completes the
discussion by presenting additional layers of defence to help protect
valuable, mobile data.
http://www.securityfocus.com/infocus/1781
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
BugTraq ID: 10359
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10359
Summary:
It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks.
The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site.
These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible.
2. WGet Insecure File Creation Race Condition Vulnerability
BugTraq ID: 10361
Remote: No
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10361
Summary:
wget has been reported prone to a race condition vulnerability. The issue exists because wget does not lock files that it creates and writes to during file downloads.
A local attacker may exploit this condition to corrupt files with the privileges of the victim who is running the vulnerable version of wget.
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
BugTraq ID: 10365
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10365
Summary:
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
4. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10367
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10367
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks.
5. LibUser Multiple Unspecified Vulnerabilities
BugTraq ID: 10368
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10368
Summary:
Libuser implements a standardized interface for manipulating and administering user and group accounts one Unix systems.
It has been reported that several vulnerabilities exist in this library. Attackers could possibly crash applications that are linked to this library, or possibly cause the applications to write 4GB files containing garbage to disk.
These issues could possibly lead to a denial of service condition, causing legitimate users to be unable to access resources.
6. Mandrake Linux passwd Potential Vulnerabilities
BugTraq ID: 10370
Remote: Unknown
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10370
Summary:
Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
BugTraq ID: 10383
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10383
Summary:
It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
BugTraq ID: 10384
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10384
Summary:
CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution.
CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue.
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
BugTraq ID: 10385
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10385
Summary:
Neon WebDAV client library is prone to a heap overflow vulnerability. This issue exists due to improper boundary checks performed on user-supplied data. Reportedly a malformed string value may cause a sscanf() string overflow into static heap variables.
Neon 0.24.5 and prior are prone to this issue.
10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
BugTraq ID: 10386
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10386
Summary:
Subversion is prone to a buffer overflow vulnerability. This issue exists in one of the data parsing functions of the application. Specifically, Subversion calls an sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application.
Subversion versions 1.0.2 and prior are prone to this issue.
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
BugTraq ID: 10389
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10389
Summary:
It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag.
This weakness could be employed to trick a user into following a malicious link.
An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.
12. SquirrelMail Unspecified SQL Injection Vulnerability
BugTraq ID: 10397
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10397
Summary:
Reportedly, SquirrelMail is prone to an unspecified SQL injection vulnerability. The vulnerability results from insufficient sanitization of user-supplied data.
This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the user password hashes or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.
Due to a lack of information, further details are not currently available. This BID will be updated as more information becomes available.
SquirrelMail 1.4.2 and prior versions are affected by this issue.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. looking for wireless linux security book (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364172
2. Problem with my wireless network(To all LinkSys user... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364171
3. Problem with my wireless network (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364058
4. Secure Form Script? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/364050
5. iptables firewall script for debian-woody, 2.4.24 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/363883
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full access to the entire CANVAS codebase. Python is one of the easiest languages to learn, so even novice programmers can be productive on the CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise information security teams or system adminstrators, and an advanced development platform for exploit developers, or people learning to become exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility, supporting cross-platform interoperability over a wide range of platforms: Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements, regardless of the size of your organization.
Using the latest recognized standards in encryption and digital signature technology, SecretAgent ensures the confidentiality, integrity, and authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor (at) users.sourceforge (dot) net [email concealed]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
2. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg (at) gem.ncic.ac (dot) cn [email concealed]
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
3. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary:
Astaro Security Linux is a firewall solution. It does stateful packet inspection filtering, content filtering, user authentication, virus scanning, VPN with IPSec and PPTP, and much more. With its Web-based management tool, WebAdmin, and the ability to pull updates via the Internet, it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities.
4. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small certification authority. It is based on OpenSSL and Perl modules from the OpenCA project. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them.
5. OS-SIM v0.9.4
By: Dominique Karg
Relevant URL: http://www.ossim.net/
Platforms: Linux, MacOS, POSIX
Summary:
OSSIM pretends to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, HotSaNIC, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security.
6. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary:
Automatic Firewall configures your firewall by looking at your environment and deciding what is a good fit for your needs. It is intended for the novice broadband user to install and forget about, but still be fairly well protected.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
[ reply ]