SecurityFocus Linux Newsletter #203
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
I. FRONT AND CENTER
1. Online Theft
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
3. Defeating Honeypots : Network issues, Part 1
II. LINUX VULNERABILITY SUMMARY
1. Jörg Schilling SDD Remote Tape Support Client Undisclosed V...
2. Tutos Multiple Remote Input Validation Vulnerabilities
3. FreeRADIUS Access-Request Denial Of Service Vulnerability
4. Getmail Local Symbolic Link Vulnerability
5. Jabber Studio JabberD Remote Denial Of Service Vulnerability
6. YaBB 1 Gold Multiple Input Validation Vulnerabilities
7. Apache Satisfy Directive Access Control Bypass Vulnerability
8. Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
9. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
10. Macromedia JRun Multiple Remote Vulnerabilities
11. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
III. LINUX FOCUS LIST SUMMARY
1. iptables & tcp wrappers (Thread)
2. Network "Change Management" (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. PIKT - Problem Informant/Killer Tool v1.17.0
2. ID-Synch 3.1
3. Nmap v3.70
4. THC-Hydra v4.3
5. Pads 1.1
6. cenfw 0.3b
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Online Theft
By Kelly Martin
Identity theft meets the global virus epidemic, enabling fraud that has
finally started to get people's attention.
http://www.securityfocus.com/columnists/268
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
By Yiming Gong
This paper discusses the use of NetFlow, a traffic profile monitoring
technology available on many routers, for use in the early detection of
worms, spammers, and other abnormal network activity in large enterprise
networks and service providers. Part 2 of 2.
http://www.securityfocus.com/infocus/1802
3. Defeating Honeypots : Network issues, Part 1
By Laurent Oudot and Thorsten Holz
The purpose of this paper is to explain how attackers behave when they
attempt to identify and defeat honeypots, and is useful for security
professionals to deploy honeypots in a more stealthy manner.
http://www.securityfocus.com/infocus/1803
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Jörg Schilling SDD Remote Tape Support Client Undisclosed V...
BugTraq ID: 11217
Remote: Unknown
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11217
Summary:
Jörg Schilling sdd is reported prone to an undisclosed vulnerability. The issue is reported to present itself in the RMT client.
This BID will be updated as soon as further analysis of this vulnerability is completed.
2. Tutos Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 11221
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11221
Summary:
Tutos is reported prone to multiple remote input validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL injection attacks.
These issue reportedly affect Tutos 1.1.2004-04-14.
3. FreeRADIUS Access-Request Denial Of Service Vulnerability
BugTraq ID: 11222
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11222
Summary:
Reportedly FreeRADIUS is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle malformed packets.
An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
4. Getmail Local Symbolic Link Vulnerability
BugTraq ID: 11224
Remote: No
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11224
Summary:
Reportedly getmail is affected by a local symbolic link vulnerability. This issue is due to a failure of the application to validate files prior to writing to them.
An attacker may leverage this issue to cause arbitrary files to be written to with the privileges of a user that sends messages to an attacker-controlled file. This may facilitate privilege escalation or destruction of data.
5. Jabber Studio JabberD Remote Denial Of Service Vulnerability
BugTraq ID: 11231
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11231
Summary:
Jabber Studio jabberd is reportedly affected by a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed network messages.
An attacker may leverage this issue by causing the affected server to crash, denying service to legitimate users.
6. YaBB 1 Gold Multiple Input Validation Vulnerabilities
BugTraq ID: 11235
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11235
Summary:
YaBB 1 Gold is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
An attacker may leverage a cross-site scripting issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the vulnerable site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
An attacker may exploit a HTTP response splitting issue to manipulate or misrepresent pages in the context of the vulnerable site, potentially facilitating phishing attacks.
7. Apache Satisfy Directive Access Control Bypass Vulnerability
BugTraq ID: 11239
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11239
Summary:
Apache Web Server is reportedly affected by an access control bypass vulnerability. This issue presents itself due to an unspecified error in the merging of the 'Satisfy' directive. As a result, a remote attacker may bypass access controls and gain unauthorized access to restricted resources.
It is reported that this issue only affects Apache 2.0.51.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
8. Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
BugTraq ID: 11240
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11240
Summary:
Red Hat redhat-config-nfs is affected by an exported shares configuration vulnerability. These issues are due to a failure of the application to apply proper settings to the affected network file system (NFS) shares.
This issue would cause some NFS option, such as 'all_squash' to fail to be applied, potentially giving administrators a false sense of security.
9. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to an information disclosure vulnerability.
This vulnerability is presents itself when paths that are marked as unreadable are accessed by particular Subversion client commands. It is reportedly possible to disclose the existence of files that are inaccessible to users. Under certain circumstances it may also be possible to disclose commit log messages, or even the contents of files that are configured to be inaccessible to users.
This vulnerability is reported to exist in versions prior to 1.0.8 and 1.1.0-rc4.
10. Macromedia JRun Multiple Remote Vulnerabilities
BugTraq ID: 11245
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11245
Summary:
Multiple vulnerabilities have been reported in Macromedia JRun.
The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and possibly allow them to gain administrative access to the web application.
The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks.
The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers.
Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.
11. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when processing malformed playlist files. This issue exists due to insufficient boundary checks performed by the application and may allow an attacker to gain unauthorized access to a vulnerable computer.
Reportedly, this issue affects Zinf version 2.2.1 for Windows. Zinf version 2.2.5 for Linux is reportedly fixed, however, this is not confirmed at the moment.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. iptables & tcp wrappers (Thread)
Relevant URL:
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund (at) gsb.uchicago (dot) edu [email concealed]
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and configure computer systems, organize system security, format documents, assist command-line work, and perform other common systems administration tasks.
PIKT's primary purpose is to report and fix problems, but its flexibility and extendibility evoke many other uses limited only by your imagination.
2. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost of user administration, helps new and reassigned users get to work more quickly, and ensures prompt and reliable access termination. This is accomplished through automatic propagation of changes to user profiles from systems of record to managed systems, with self service workflow for security change requests, through consolidated and delegated user administration, and with federation.
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes: important bugfix!
5. Pads 1.1
By: Matt Shelton
Relevant URL: http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
6. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Theft
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
3. Defeating Honeypots : Network issues, Part 1
II. LINUX VULNERABILITY SUMMARY
1. Jörg Schilling SDD Remote Tape Support Client Undisclosed V...
2. Tutos Multiple Remote Input Validation Vulnerabilities
3. FreeRADIUS Access-Request Denial Of Service Vulnerability
4. Getmail Local Symbolic Link Vulnerability
5. Jabber Studio JabberD Remote Denial Of Service Vulnerability
6. YaBB 1 Gold Multiple Input Validation Vulnerabilities
7. Apache Satisfy Directive Access Control Bypass Vulnerability
8. Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
9. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
10. Macromedia JRun Multiple Remote Vulnerabilities
11. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
III. LINUX FOCUS LIST SUMMARY
1. iptables & tcp wrappers (Thread)
2. Network "Change Management" (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. PIKT - Problem Informant/Killer Tool v1.17.0
2. ID-Synch 3.1
3. Nmap v3.70
4. THC-Hydra v4.3
5. Pads 1.1
6. cenfw 0.3b
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Online Theft
By Kelly Martin
Identity theft meets the global virus epidemic, enabling fraud that has
finally started to get people's attention.
http://www.securityfocus.com/columnists/268
2. Detecting Worms and Abnormal Activities with NetFlow, Part 2
By Yiming Gong
This paper discusses the use of NetFlow, a traffic profile monitoring
technology available on many routers, for use in the early detection of
worms, spammers, and other abnormal network activity in large enterprise
networks and service providers. Part 2 of 2.
http://www.securityfocus.com/infocus/1802
3. Defeating Honeypots : Network issues, Part 1
By Laurent Oudot and Thorsten Holz
The purpose of this paper is to explain how attackers behave when they
attempt to identify and defeat honeypots, and is useful for security
professionals to deploy honeypots in a more stealthy manner.
http://www.securityfocus.com/infocus/1803
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Jörg Schilling SDD Remote Tape Support Client Undisclosed V...
BugTraq ID: 11217
Remote: Unknown
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11217
Summary:
Jörg Schilling sdd is reported prone to an undisclosed vulnerability. The issue is reported to present itself in the RMT client.
This BID will be updated as soon as further analysis of this vulnerability is completed.
2. Tutos Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 11221
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11221
Summary:
Tutos is reported prone to multiple remote input validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL injection attacks.
These issue reportedly affect Tutos 1.1.2004-04-14.
3. FreeRADIUS Access-Request Denial Of Service Vulnerability
BugTraq ID: 11222
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11222
Summary:
Reportedly FreeRADIUS is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle malformed packets.
An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
4. Getmail Local Symbolic Link Vulnerability
BugTraq ID: 11224
Remote: No
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11224
Summary:
Reportedly getmail is affected by a local symbolic link vulnerability. This issue is due to a failure of the application to validate files prior to writing to them.
An attacker may leverage this issue to cause arbitrary files to be written to with the privileges of a user that sends messages to an attacker-controlled file. This may facilitate privilege escalation or destruction of data.
5. Jabber Studio JabberD Remote Denial Of Service Vulnerability
BugTraq ID: 11231
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11231
Summary:
Jabber Studio jabberd is reportedly affected by a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed network messages.
An attacker may leverage this issue by causing the affected server to crash, denying service to legitimate users.
6. YaBB 1 Gold Multiple Input Validation Vulnerabilities
BugTraq ID: 11235
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11235
Summary:
YaBB 1 Gold is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input.
An attacker may leverage a cross-site scripting issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the vulnerable site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
An attacker may exploit a HTTP response splitting issue to manipulate or misrepresent pages in the context of the vulnerable site, potentially facilitating phishing attacks.
7. Apache Satisfy Directive Access Control Bypass Vulnerability
BugTraq ID: 11239
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11239
Summary:
Apache Web Server is reportedly affected by an access control bypass vulnerability. This issue presents itself due to an unspecified error in the merging of the 'Satisfy' directive. As a result, a remote attacker may bypass access controls and gain unauthorized access to restricted resources.
It is reported that this issue only affects Apache 2.0.51.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
8. Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
BugTraq ID: 11240
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11240
Summary:
Red Hat redhat-config-nfs is affected by an exported shares configuration vulnerability. These issues are due to a failure of the application to apply proper settings to the affected network file system (NFS) shares.
This issue would cause some NFS option, such as 'all_squash' to fail to be applied, potentially giving administrators a false sense of security.
9. Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to an information disclosure vulnerability.
This vulnerability is presents itself when paths that are marked as unreadable are accessed by particular Subversion client commands. It is reportedly possible to disclose the existence of files that are inaccessible to users. Under certain circumstances it may also be possible to disclose commit log messages, or even the contents of files that are configured to be inaccessible to users.
This vulnerability is reported to exist in versions prior to 1.0.8 and 1.1.0-rc4.
10. Macromedia JRun Multiple Remote Vulnerabilities
BugTraq ID: 11245
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11245
Summary:
Multiple vulnerabilities have been reported in Macromedia JRun.
The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and possibly allow them to gain administrative access to the web application.
The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks.
The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers.
Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.
11. Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when processing malformed playlist files. This issue exists due to insufficient boundary checks performed by the application and may allow an attacker to gain unauthorized access to a vulnerable computer.
Reportedly, this issue affects Zinf version 2.2.1 for Windows. Zinf version 2.2.5 for Linux is reportedly fixed, however, this is not confirmed at the moment.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. iptables & tcp wrappers (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/376739
2. Network "Change Management" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/376456
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund (at) gsb.uchicago (dot) edu [email concealed]
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and configure computer systems, organize system security, format documents, assist command-line work, and perform other common systems administration tasks.
PIKT's primary purpose is to report and fix problems, but its flexibility and extendibility evoke many other uses limited only by your imagination.
2. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost of user administration, helps new and reassigned users get to work more quickly, and ensures prompt and reliable access termination. This is accomplished through automatic propagation of changes to user profiles from systems of record to managed systems, with self service workflow for security change requests, through consolidated and delegated user administration, and with federation.
3. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris, SunOS, UNIX
Summary:
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP frag
4. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris, UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes: important bugfix!
5. Pads 1.1
By: Matt Shelton
Relevant URL: http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
6. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
[ reply ]