SecurityFocus Linux Newsletter #195
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
I. FRONT AND CENTER
1. Data Driven Attacks Using HTTP Tunneling
2. Email Privacy is Lost
II. LINUX VULNERABILITY SUMMARY
1. PostNuke Install Script Administrator Password Disclosure Vu...
2. eSeSIX Thintune Thin Client Devices Multiple Vulnerabilities
3. Mozilla Firefox Refresh Security Property Spoofing Vulnerabi...
4. Pavuk Remote Digest Authentication Buffer Overflow Vulnerabi...
5. Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili...
6. MoinMoin PageEditor Unspecified Privilege Escalation Vulnera...
7. PostNuke Reviews Module Cross-Site Scripting Vulnerability
8. Dropbear SSH Server Digital Signature Standard Unspecified A...
9. Invision Power Board Index.php Query String Cross-Site Scrip...
10. MoinMoin Unspecified Privilege Escalation Vulnerability
11. SoX WAV File Buffer Overflow Vulnerability
12. DansGuardian Hex Encoded File Extension URI Content Filter B...
13. Oracle Database Default Library Directory Privilege Escalati...
14. Mozilla Firefox XML User Interface Language Browser Interfac...
15. Citadel/UX Username Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. SSO on Linux (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Firewall Builder 2.0
2. Lepton's Crack 20031130
3. popa3d v0.6.4.1
4. tinysofa enterprise server 2.0-rc1
5. cenfw 0.2 beta
6. TinyCA v0.6.4
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Data Driven Attacks Using HTTP Tunneling
By Ido Dubrawsky
In this article we will look at a means to bypass the access control
restrictions of a company's router or firewall. This information is
intended to provide help for those who are legitimately testing the
security of a network (whether they are in-house expertise or outside
consultants).
http://www.securityfocus.com/infocus/1793
2. Email Privacy is Lost
By Scott Granneman
As if the common use of "web bugs" inside spam was not enough, companies
are using new techniques to watch and track the private emails you read,
forward, print, and more.
http://www.securityfocus.com/columnists/258
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. PostNuke Install Script Administrator Password Disclosure Vu...
BugTraq ID: 10793
Remote: Yes
Date Published: Jul 24 2004
Relevant URL: http://www.securityfocus.com/bid/10793
Summary:
It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.
2. eSeSIX Thintune Thin Client Devices Multiple Vulnerabilities
BugTraq ID: 10794
Remote: Yes
Date Published: Jul 24 2004
Relevant URL: http://www.securityfocus.com/bid/10794
Summary:
Thintune Linux-based devices are reported prone to multiple vulnerabilities. These issues can allow remote attackers to gain complete access to a vulnerable device.
The issues include backdoor accounts that can be accessed over the network and an information disclosure issue that can disclose user accounts and passwords.
Thintune devices with firmware version 2.4.38 and prior are affected by these issues. Reportedly, Thintune devices based on Windows CE are not affected.
3. Mozilla Firefox Refresh Security Property Spoofing Vulnerabi...
BugTraq ID: 10796
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10796
Summary:
Mozilla Firefox may permit malicious Web pages to spoof security properties of a trusted site.
An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this spoofing to steal sensitive or private information, facilitating phishing attacks
4. Pavuk Remote Digest Authentication Buffer Overflow Vulnerabi...
BugTraq ID: 10797
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10797
Summary:
It has been reported that Pavuk is affected by a remote digest authentication buffer overflow vulnerability. This issue is due to a failure of the application to validate string lengths when copying user-supplied data into finite buffers in process memory.
Ultimately a remote malicious web site may exploit this issue to execute arbitrary code on the affected computer with the privileges of the user who started the affected application.
5. Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili...
BugTraq ID: 10800
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10800
Summary:
Subversion is reported to contain access control bypass vulnerabilities in its 'mod_authz_svn' Apache module.
These access control vulnerabilities present themselves when users have mixed access to a repository.
These vulnerabilities exist in several server operations, such as COPY and DELETE. These operations fail to properly implement the operator assigned access controls, allowing users improper access to repositories.
These issues are only present when using the WebDAV access method with the Apache 'mod_authz_svn' module, with the 'AuthzSVNAccessFile' configuration directive.
The vulnerabilities are present in version 1.0.5 and prior. Versions 1.0.6 and 1.1.0-rc1 have been released to address these vulnerabilities.
6. MoinMoin PageEditor Unspecified Privilege Escalation Vulnera...
BugTraq ID: 10801
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10801
Summary:
MoinMoin is reported prone to an unspecified privilege escalation vulnerability. This issue is related to the PageEditor functionality. Specifically this vulnerability may arise due to improper implementation of access control lists. A remote attacker may exploit this to gain elevated privileges.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
This issues is identified in MoinMoin version 1.2.2, however, other versions may be affected as well.
7. PostNuke Reviews Module Cross-Site Scripting Vulnerability
BugTraq ID: 10802
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10802
Summary:
PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
It should be noted, that although this vulnerability has been reported to affect PostNuke version 0.726-3 and 0.75-RC3, other versions might also be affected.
8. Dropbear SSH Server Digital Signature Standard Unspecified A...
BugTraq ID: 10803
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10803
Summary:
Reportedly Dropbear SSH is affected by an unspecified digital signal standard (DSS) authentication vulnerability; an upgrade is available.
The impact of this issue is currently unknown, although it is speculated that this issue could be used to gain unauthorized access to a computer running the vulnerable application. It should be noted that this is not confirmed. This BID will be updated as more information becomes available.
9. Invision Power Board Index.php Query String Cross-Site Scrip...
BugTraq ID: 10804
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10804
Summary:
A vulnerability has been reported to exist in Invision Power Board that may allow a remote user to launch cross-site scripting attacks.
This vulnerability makes it possible for an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. This attack would occur in the security context of the site.
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
10. MoinMoin Unspecified Privilege Escalation Vulnerability
BugTraq ID: 10805
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10805
Summary:
MoinMoin is reported prone to an unspecified privilege escalation vulnerability. It is reported that this issue presents itself if access control lists are not applied. An unspecified erroneous function allows remote attackers to carry out privileged tasks without proper access validation. Remote attackers may gain read and write access to sensitive data.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
This issues is identified in MoinMoin versions 1.2.2 and prior.
11. SoX WAV File Buffer Overflow Vulnerability
BugTraq ID: 10819
Remote: No
Date Published: Jul 28 2004
Relevant URL: http://www.securityfocus.com/bid/10819
Summary:
The WAV header handling code in SoX is reported to contain a buffer overflow vulnerability. This issue is due to a failure of the application to validate string lengths when copying user-supplied data into finite buffers in process memory.
The attacker must be able to present a malicious WAV file to an unsuspecting user. The user must employ the affected application to either listen to, or process the malicious file.
Ultimately a malicious attacker may exploit this issue to execute arbitrary code on the affected computer with the privileges of the user who started the affected application.
12. DansGuardian Hex Encoded File Extension URI Content Filter B...
BugTraq ID: 10823
Remote: Yes
Date Published: Jul 29 2004
Relevant URL: http://www.securityfocus.com/bid/10823
Summary:
It is reported that DansGuardian contains a content filter bypass vulnerability when handling hex encoded file extensions in URIs.
Under some installations, this may violate security policy, or allow users to inadvertently access malicious web content.
13. Oracle Database Default Library Directory Privilege Escalati...
BugTraq ID: 10829
Remote: No
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10829
Summary:
Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid root applications with arbitrary code.
This issue would allow an Oracle software owner to execute code as the superuser, taking control of the entire system.
It should be noted that this vulnerability only affects Oracle on UNIX/Linux platforms.
14. Mozilla Firefox XML User Interface Language Browser Interfac...
BugTraq ID: 10832
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10832
Summary:
Mozilla Firefox is reported prone to an interface spoofing vulnerability. The issue presents itself because JavaScript code is allowed to hide the Mozilla Firefox interface and status bar by default. A fake Mozilla firefox interface may be created using the XML User Interface Language API, this interface may aid in phishing style attacks.
This misrepresentation may fool a user into trusting a malicious site, which would likely ask the user to submit sensitive or private information.
15. Citadel/UX Username Buffer Overflow Vulnerability
BugTraq ID: 10833
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10833
Summary:
A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments.
An anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code. This however has not been confirmed. Failed exploit attempts may result in a denial of service.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. SSO on Linux (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/370342
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary:
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, and support for a new firewall platform can be added to the GUI without any changes to the program (only a new policy compiler is needed). This provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, and OpenBSD pf.
2. Lepton's Crack 20031130
By: Lepton and Nekromancer
Relevant URL: http://www.nestonline.com/lcrack/lcrack-20031130-beta.zip
Platforms: Linux, MacOS, Os Independent, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Lepton's Crack is a generic password cracker. It is easily-customizable with a simple plugin system and allows system administrators to review the quality of the passwords being used on their systems. It can perform a dictionary-based (wordlist) attack as well as a brute force (incremental) password scan. It supports standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. LM (LAN Manager) plus appending and prepending
3. popa3d v0.6.4.1
By: Solar Designer, solar (at) openwall (dot) com [email concealed]
Relevant URL: http://www.openwall.com/popa3d/
Platforms: Linux, Solaris
Summary:
popa3d is a POP3 daemon which attempts to be extremely secure, reliable, RFC compliant, and fast (in that order).
tinysofa enterprise server is a secure server targeted enterprise grade operating system. It is based on Trustix Secure Linux and includes a complete distribution port to Python 2.3 and RPM 4.2, an overhauled PAM authentication system providing system-wide authentication configuration, the latest upstream packages, the replacement of ncftp with lftp, the addition of gdb and screen, feature additions to the swup updater that provide multiple configuration file support, user login FTP support, enable/disable support, variable expansion support (allows multiple architectures), and many enhancements.
5. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
6. TinyCA v0.6.4
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small certification authority. It is based on OpenSSL and Perl modules from the OpenCA project. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Data Driven Attacks Using HTTP Tunneling
2. Email Privacy is Lost
II. LINUX VULNERABILITY SUMMARY
1. PostNuke Install Script Administrator Password Disclosure Vu...
2. eSeSIX Thintune Thin Client Devices Multiple Vulnerabilities
3. Mozilla Firefox Refresh Security Property Spoofing Vulnerabi...
4. Pavuk Remote Digest Authentication Buffer Overflow Vulnerabi...
5. Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili...
6. MoinMoin PageEditor Unspecified Privilege Escalation Vulnera...
7. PostNuke Reviews Module Cross-Site Scripting Vulnerability
8. Dropbear SSH Server Digital Signature Standard Unspecified A...
9. Invision Power Board Index.php Query String Cross-Site Scrip...
10. MoinMoin Unspecified Privilege Escalation Vulnerability
11. SoX WAV File Buffer Overflow Vulnerability
12. DansGuardian Hex Encoded File Extension URI Content Filter B...
13. Oracle Database Default Library Directory Privilege Escalati...
14. Mozilla Firefox XML User Interface Language Browser Interfac...
15. Citadel/UX Username Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. SSO on Linux (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Firewall Builder 2.0
2. Lepton's Crack 20031130
3. popa3d v0.6.4.1
4. tinysofa enterprise server 2.0-rc1
5. cenfw 0.2 beta
6. TinyCA v0.6.4
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Data Driven Attacks Using HTTP Tunneling
By Ido Dubrawsky
In this article we will look at a means to bypass the access control
restrictions of a company's router or firewall. This information is
intended to provide help for those who are legitimately testing the
security of a network (whether they are in-house expertise or outside
consultants).
http://www.securityfocus.com/infocus/1793
2. Email Privacy is Lost
By Scott Granneman
As if the common use of "web bugs" inside spam was not enough, companies
are using new techniques to watch and track the private emails you read,
forward, print, and more.
http://www.securityfocus.com/columnists/258
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. PostNuke Install Script Administrator Password Disclosure Vu...
BugTraq ID: 10793
Remote: Yes
Date Published: Jul 24 2004
Relevant URL: http://www.securityfocus.com/bid/10793
Summary:
It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an attacker to gain unauthorized access to the content management system. The attacker may then carry out further attacks against other users or the computer running the vulnerable application.
2. eSeSIX Thintune Thin Client Devices Multiple Vulnerabilities
BugTraq ID: 10794
Remote: Yes
Date Published: Jul 24 2004
Relevant URL: http://www.securityfocus.com/bid/10794
Summary:
Thintune Linux-based devices are reported prone to multiple vulnerabilities. These issues can allow remote attackers to gain complete access to a vulnerable device.
The issues include backdoor accounts that can be accessed over the network and an information disclosure issue that can disclose user accounts and passwords.
Thintune devices with firmware version 2.4.38 and prior are affected by these issues. Reportedly, Thintune devices based on Windows CE are not affected.
3. Mozilla Firefox Refresh Security Property Spoofing Vulnerabi...
BugTraq ID: 10796
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10796
Summary:
Mozilla Firefox may permit malicious Web pages to spoof security properties of a trusted site.
An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this spoofing to steal sensitive or private information, facilitating phishing attacks
4. Pavuk Remote Digest Authentication Buffer Overflow Vulnerabi...
BugTraq ID: 10797
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10797
Summary:
It has been reported that Pavuk is affected by a remote digest authentication buffer overflow vulnerability. This issue is due to a failure of the application to validate string lengths when copying user-supplied data into finite buffers in process memory.
Ultimately a remote malicious web site may exploit this issue to execute arbitrary code on the affected computer with the privileges of the user who started the affected application.
5. Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili...
BugTraq ID: 10800
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10800
Summary:
Subversion is reported to contain access control bypass vulnerabilities in its 'mod_authz_svn' Apache module.
These access control vulnerabilities present themselves when users have mixed access to a repository.
These vulnerabilities exist in several server operations, such as COPY and DELETE. These operations fail to properly implement the operator assigned access controls, allowing users improper access to repositories.
These issues are only present when using the WebDAV access method with the Apache 'mod_authz_svn' module, with the 'AuthzSVNAccessFile' configuration directive.
The vulnerabilities are present in version 1.0.5 and prior. Versions 1.0.6 and 1.1.0-rc1 have been released to address these vulnerabilities.
6. MoinMoin PageEditor Unspecified Privilege Escalation Vulnera...
BugTraq ID: 10801
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10801
Summary:
MoinMoin is reported prone to an unspecified privilege escalation vulnerability. This issue is related to the PageEditor functionality. Specifically this vulnerability may arise due to improper implementation of access control lists. A remote attacker may exploit this to gain elevated privileges.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
This issues is identified in MoinMoin version 1.2.2, however, other versions may be affected as well.
7. PostNuke Reviews Module Cross-Site Scripting Vulnerability
BugTraq ID: 10802
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10802
Summary:
PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
It should be noted, that although this vulnerability has been reported to affect PostNuke version 0.726-3 and 0.75-RC3, other versions might also be affected.
8. Dropbear SSH Server Digital Signature Standard Unspecified A...
BugTraq ID: 10803
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10803
Summary:
Reportedly Dropbear SSH is affected by an unspecified digital signal standard (DSS) authentication vulnerability; an upgrade is available.
The impact of this issue is currently unknown, although it is speculated that this issue could be used to gain unauthorized access to a computer running the vulnerable application. It should be noted that this is not confirmed. This BID will be updated as more information becomes available.
9. Invision Power Board Index.php Query String Cross-Site Scrip...
BugTraq ID: 10804
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10804
Summary:
A vulnerability has been reported to exist in Invision Power Board that may allow a remote user to launch cross-site scripting attacks.
This vulnerability makes it possible for an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. This attack would occur in the security context of the site.
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication credentials. Other attacks are also possible.
10. MoinMoin Unspecified Privilege Escalation Vulnerability
BugTraq ID: 10805
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10805
Summary:
MoinMoin is reported prone to an unspecified privilege escalation vulnerability. It is reported that this issue presents itself if access control lists are not applied. An unspecified erroneous function allows remote attackers to carry out privileged tasks without proper access validation. Remote attackers may gain read and write access to sensitive data.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
This issues is identified in MoinMoin versions 1.2.2 and prior.
11. SoX WAV File Buffer Overflow Vulnerability
BugTraq ID: 10819
Remote: No
Date Published: Jul 28 2004
Relevant URL: http://www.securityfocus.com/bid/10819
Summary:
The WAV header handling code in SoX is reported to contain a buffer overflow vulnerability. This issue is due to a failure of the application to validate string lengths when copying user-supplied data into finite buffers in process memory.
The attacker must be able to present a malicious WAV file to an unsuspecting user. The user must employ the affected application to either listen to, or process the malicious file.
Ultimately a malicious attacker may exploit this issue to execute arbitrary code on the affected computer with the privileges of the user who started the affected application.
12. DansGuardian Hex Encoded File Extension URI Content Filter B...
BugTraq ID: 10823
Remote: Yes
Date Published: Jul 29 2004
Relevant URL: http://www.securityfocus.com/bid/10823
Summary:
It is reported that DansGuardian contains a content filter bypass vulnerability when handling hex encoded file extensions in URIs.
Under some installations, this may violate security policy, or allow users to inadvertently access malicious web content.
13. Oracle Database Default Library Directory Privilege Escalati...
BugTraq ID: 10829
Remote: No
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10829
Summary:
Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid root applications with arbitrary code.
This issue would allow an Oracle software owner to execute code as the superuser, taking control of the entire system.
It should be noted that this vulnerability only affects Oracle on UNIX/Linux platforms.
14. Mozilla Firefox XML User Interface Language Browser Interfac...
BugTraq ID: 10832
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10832
Summary:
Mozilla Firefox is reported prone to an interface spoofing vulnerability. The issue presents itself because JavaScript code is allowed to hide the Mozilla Firefox interface and status bar by default. A fake Mozilla firefox interface may be created using the XML User Interface Language API, this interface may aid in phishing style attacks.
This misrepresentation may fool a user into trusting a malicious site, which would likely ask the user to submit sensitive or private information.
15. Citadel/UX Username Buffer Overflow Vulnerability
BugTraq ID: 10833
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10833
Summary:
A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments.
An anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code. This however has not been confirmed. Failed exploit attempts may result in a denial of service.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. SSO on Linux (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/370342
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary:
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, and support for a new firewall platform can be added to the GUI without any changes to the program (only a new policy compiler is needed). This provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, and OpenBSD pf.
2. Lepton's Crack 20031130
By: Lepton and Nekromancer
Relevant URL: http://www.nestonline.com/lcrack/lcrack-20031130-beta.zip
Platforms: Linux, MacOS, Os Independent, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
Lepton's Crack is a generic password cracker. It is easily-customizable with a simple plugin system and allows system administrators to review the quality of the passwords being used on their systems. It can perform a dictionary-based (wordlist) attack as well as a brute force (incremental) password scan. It supports standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. LM (LAN Manager) plus appending and prepending
3. popa3d v0.6.4.1
By: Solar Designer, solar (at) openwall (dot) com [email concealed]
Relevant URL: http://www.openwall.com/popa3d/
Platforms: Linux, Solaris
Summary:
popa3d is a POP3 daemon which attempts to be extremely secure, reliable, RFC compliant, and fast (in that order).
4. tinysofa enterprise server 2.0-rc1
By: Omar Kilani
Relevant URL: http://www.tinysofa.org
Platforms: Linux, POSIX
Summary:
tinysofa enterprise server is a secure server targeted enterprise grade operating system. It is based on Trustix Secure Linux and includes a complete distribution port to Python 2.3 and RPM 4.2, an overhauled PAM authentication system providing system-wide authentication configuration, the latest upstream packages, the replacement of ncftp with lftp, the addition of gdb and screen, feature additions to the swup updater that provide multiple configuration file support, user login FTP support, enable/disable support, variable expansion support (allows multiple architectures), and many enhancements.
5. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
6. TinyCA v0.6.4
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary:
TinyCA is a simple GUI written in Perl/Tk to manage a small certification authority. It is based on OpenSSL and Perl modules from the OpenCA project. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
[ reply ]