SecurityFocus Linux Newsletter #211
------------------------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
I. FRONT AND CENTER
1. Detecting Rootkits And Kernel-level Compromises In Linux
2. Bill Gates Is Right?
3. SSH and ssh-agent
II. LINUX VULNERABILITY SUMMARY
1. Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
2. Fcron FCronTab/FCronSighUp Multiple Local Vulnerabilities
3. MiniBB Remote SQL Injection Vulnerability
4. LibXPM Multiple Unspecified Vulnerabilities
5. Linux Kernel SMBFS Multiple Remote Vulnerabilities
6. Cscope Insecure Temporary File Creation Vulnerabilities
7. Gentoo GIMPS EBuild Insecure Default Permissions Vulnerabili...
8. Gentoo SETI@home EBuild Insecure Default Permissions Vulnera...
9. Gentoo ChessBrain EBuild Insecure Default Permissions Vulner...
10. PHPBB Admin_cash.PHP Remote PHP File Include Vulnerability
11. Invision Power Board Index.PHP Post Action SQL Injection Vul...
12. Danware NetOp Remote Control Information Disclosure Vulnerab...
13. Opera Web Browser Java Implementation Multiple Remote Vulner...
14. Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vu...
III. LINUX FOCUS LIST SUMMARY
1. locking idle text consoles (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. AutoScan b0.92 R6
2. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
3. rootsh 0.2
4. Maillog View v1.03.3
5. BullDog Firewall 20040918
6. PIKT - Problem Informant/Killer Tool v1.17.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Detecting Rootkits And Kernel-level Compromises In Linux
By Mariusz Burdach
This article outlines useful ways of detecting hidden modifications to a
Linux kernel. Often known as rootkits, these stealthy types of malware are
installed in the kernel and require special techniques by Incident handlers
and Linux system administrators to be detected.
http://www.securityfocus.com/infocus/1811
2. Bill Gates Is Right?
By Scott Granneman
Bill Gates is right about one thing: asking people to use a two-factor form
of authentication would go a long way toward alleviating a lot of the
password problems that plague computer security today.
http://www.securityfocus.com/columnists/277
3. SSH and ssh-agent
By Brian Hatch
This article discusses how to take SSH Identity/Pubkey trust relationships
to the next level, by using ssh-agent as a keymaster to manage a user's
authentication needs automatically.
http://www.securityfocus.com/infocus/1812
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
BugTraq ID: 11678
Remote: Yes
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11678
Summary:
Samba is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application does not perform proper boundary checks before copying user-supplied data into finite sized process buffers. This issue can allow an attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to affect Samba versions 3.0.0 to 3.0.7.
2. Fcron FCronTab/FCronSighUp Multiple Local Vulnerabilities
BugTraq ID: 11684
Remote: No
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11684
Summary:
Fcron is reported prone to multiple local vulnerabilities. The following issues are reported:
A local information disclosure vulnerability is reported to affect fcronsighup. It is reported that the affected utility will attempt to parse configuration files that are passed to the utility as a command line argument.
A local attacker may exploit this condition to reveal the contents of arbitrary files that are owned by the superuser. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1030.
An access control bypass vulnerability is also reported to affect fcronsighup. It is reported that the issue exists due to a design error.
A local attacker may exploit this vulnerability to make configuration changes to fcronsighup. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1031.
fcronsighup is reported prone to an arbitrary file deletion vulnerability. By exploiting the aforementioned access control bypass vulnerability, a local attacker may influence the fcronsighup configuration and may cause the application to overwrite arbitrary attacker specified files. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1032.
Finally it is reported that the fcrontab component of Fcron leaks file descriptors. This can result in sensitive information disclosure. Specifically, fcrontab leaks the file descriptors of the '/etc/fcron.allow' and '/etc/fcron.deny' files. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1033.
3. MiniBB Remote SQL Injection Vulnerability
BugTraq ID: 11688
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11688
Summary:
miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
miniBB versions prior to 1.7f are reported prone to this issue.
4. LibXPM Multiple Unspecified Vulnerabilities
BugTraq ID: 11694
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11694
Summary:
libXpm is reported prone to multiple vulnerabilities. These issues may be triggered when handling malformed XPM images. The following issues are reported:
Integer overflow vulnerabilities, out-of-bounds memory access vulnerabilities, a shell command execution vulnerability, a path traversal vulnerability, and endless loop vulnerabilities.
The details regarding each of these issues are not specified at the time of writing. However, this BID will be updated as further details regarding these vulnerabilities becomes available.
5. Linux Kernel SMBFS Multiple Remote Vulnerabilities
BugTraq ID: 11695
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11695
Summary:
The Linux kernel is reported susceptible to multiple remote vulnerabilities in the SMBFS network file system.
These vulnerabilities may lead to the execution of attacker-supplied machine code, information disclosure of kernel memory, or kernel crashes, denying service to legitimate users.
Versions of the kernel in both the 2.4, and the 2.6 series are reported susceptible to various issues.
6. Cscope Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 11697
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11697
Summary:
Cscope is reportedly affected by insecure temporary file creation vulnerabilities. These issues are due to a design error that causes the application to fail to verify the existence of a file before writing to it.
It is reported that during execution the affected utility creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that will be written to by the vulnerable utility when an unsuspecting user executes it.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including version 15.5 are reported vulnerable.
7. Gentoo GIMPS EBuild Insecure Default Permissions Vulnerabili...
BugTraq ID: 11698
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11698
Summary:
The Gentoo GIMPS eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
8. Gentoo SETI@home EBuild Insecure Default Permissions Vulnera...
BugTraq ID: 11699
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11699
Summary:
The Gentoo SETI@home eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
9. Gentoo ChessBrain EBuild Insecure Default Permissions Vulner...
BugTraq ID: 11700
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11700
Summary:
The Gentoo ChessBrain eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
10. PHPBB Admin_cash.PHP Remote PHP File Include Vulnerability
BugTraq ID: 11701
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11701
Summary:
A vulnerability is reported to exist in the phpBB Cash_Mod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system.
Remote attackers could potentially exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.
11. Invision Power Board Index.PHP Post Action SQL Injection Vul...
BugTraq ID: 11703
Remote: Yes
Date Published: Nov 18 2004
Relevant URL: http://www.securityfocus.com/bid/11703
Summary:
A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
12. Danware NetOp Remote Control Information Disclosure Vulnerab...
BugTraq ID: 11710
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11710
Summary:
It is reported that NetOp Remote Control is susceptible to an information disclosure vulnerability.
This vulnerability reportedly allows remote attackers to discern the name of the user that is logged in and the internal IP address and hostname of the targeted computer. This information may aid malicious users in further attacks.
Versions prior to 7.65 build 2004278 are reported vulnerable to this issue.
13. Opera Web Browser Java Implementation Multiple Remote Vulner...
BugTraq ID: 11712
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11712
Summary:
Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation.
These issues may allow an attacker to craft a Java applet that violate Sun's Java secure programming guidelines.
These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.
Although only version 7.54 is reportedly vulnerable, it is likely that earlier versions are vulnerable to these issues as well.
14. Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vu...
BugTraq ID: 11715
Remote: No
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11715
Summary:
It is reported that a serialization error exists in the AF_UNIX address family that creates a race condition. This race condition reportedly allows local users to repeatedly increment arbitrary kernel memory locations.
This vulnerability allows local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.
Versions prior to 2.4.28 are reportedly affected by this vulnerability.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. locking idle text consoles (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/381905
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. AutoScan b0.92 R6
By: Lagarde Thierry
Relevant URL: http://autoscan.free.fr/
Platforms: Linux
Summary:
AutoScan is an application designed to explore and to manage your network. Entire subnets can be scanned simultaneously without human intervention. It features OS detection, automatic network discovery, a port scanner, a Samba share browser, and the ability to save the network state.
2. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. It's main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism. I's in heavy use here at a big bavarian car manufacturer (three letters, fast, cool,...) for project users whom you can't deny root privileges.
Maillog View is a Webmin module that allows you to easily view all your /var/log/maillog.* files. It features autorefresh, message size indication, ascending/descending view order, compressed file support, and a full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are supported. Courier MTA support is experimental.
5. BullDog Firewall 20040918
By: Robert APM Darin
Relevant URL: http://tanaya.net/BullDog
Platforms: Linux
Summary:
Bulldog is a powerful but lightweight firewall for heavy use systems. With many features, this firewall can be used by anyone who wants to protect his/her systems.
This system allow dynamic and static rules sets for maximum protection and has several advance features.
This firewall will work for the hobbyist or a military base. Generation 7 is a complete rewrite and redesign from scratch.
Be prepared to spend some time setting this up.
6. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund (at) gsb.uchicago (dot) edu [email concealed]
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and configure computer systems, organize system security, format documents, assist command-line work, and perform other common systems administration tasks.
PIKT's primary purpose is to report and fix problems, but its flexibility and extendibility evoke many other uses limited only by your imagination.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_linux-secnews_041123
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Detecting Rootkits And Kernel-level Compromises In Linux
2. Bill Gates Is Right?
3. SSH and ssh-agent
II. LINUX VULNERABILITY SUMMARY
1. Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
2. Fcron FCronTab/FCronSighUp Multiple Local Vulnerabilities
3. MiniBB Remote SQL Injection Vulnerability
4. LibXPM Multiple Unspecified Vulnerabilities
5. Linux Kernel SMBFS Multiple Remote Vulnerabilities
6. Cscope Insecure Temporary File Creation Vulnerabilities
7. Gentoo GIMPS EBuild Insecure Default Permissions Vulnerabili...
8. Gentoo SETI@home EBuild Insecure Default Permissions Vulnera...
9. Gentoo ChessBrain EBuild Insecure Default Permissions Vulner...
10. PHPBB Admin_cash.PHP Remote PHP File Include Vulnerability
11. Invision Power Board Index.PHP Post Action SQL Injection Vul...
12. Danware NetOp Remote Control Information Disclosure Vulnerab...
13. Opera Web Browser Java Implementation Multiple Remote Vulner...
14. Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vu...
III. LINUX FOCUS LIST SUMMARY
1. locking idle text consoles (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. AutoScan b0.92 R6
2. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
3. rootsh 0.2
4. Maillog View v1.03.3
5. BullDog Firewall 20040918
6. PIKT - Problem Informant/Killer Tool v1.17.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Detecting Rootkits And Kernel-level Compromises In Linux
By Mariusz Burdach
This article outlines useful ways of detecting hidden modifications to a
Linux kernel. Often known as rootkits, these stealthy types of malware are
installed in the kernel and require special techniques by Incident handlers
and Linux system administrators to be detected.
http://www.securityfocus.com/infocus/1811
2. Bill Gates Is Right?
By Scott Granneman
Bill Gates is right about one thing: asking people to use a two-factor form
of authentication would go a long way toward alleviating a lot of the
password problems that plague computer security today.
http://www.securityfocus.com/columnists/277
3. SSH and ssh-agent
By Brian Hatch
This article discusses how to take SSH Identity/Pubkey trust relationships
to the next level, by using ssh-agent as a keymaster to manage a user's
authentication needs automatically.
http://www.securityfocus.com/infocus/1812
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
BugTraq ID: 11678
Remote: Yes
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11678
Summary:
Samba is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application does not perform proper boundary checks before copying user-supplied data into finite sized process buffers. This issue can allow an attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to affect Samba versions 3.0.0 to 3.0.7.
2. Fcron FCronTab/FCronSighUp Multiple Local Vulnerabilities
BugTraq ID: 11684
Remote: No
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11684
Summary:
Fcron is reported prone to multiple local vulnerabilities. The following issues are reported:
A local information disclosure vulnerability is reported to affect fcronsighup. It is reported that the affected utility will attempt to parse configuration files that are passed to the utility as a command line argument.
A local attacker may exploit this condition to reveal the contents of arbitrary files that are owned by the superuser. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1030.
An access control bypass vulnerability is also reported to affect fcronsighup. It is reported that the issue exists due to a design error.
A local attacker may exploit this vulnerability to make configuration changes to fcronsighup. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1031.
fcronsighup is reported prone to an arbitrary file deletion vulnerability. By exploiting the aforementioned access control bypass vulnerability, a local attacker may influence the fcronsighup configuration and may cause the application to overwrite arbitrary attacker specified files. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1032.
Finally it is reported that the fcrontab component of Fcron leaks file descriptors. This can result in sensitive information disclosure. Specifically, fcrontab leaks the file descriptors of the '/etc/fcron.allow' and '/etc/fcron.deny' files. This vulnerability is assigned the following MITRE CVE identifier: CAN-2004-1033.
3. MiniBB Remote SQL Injection Vulnerability
BugTraq ID: 11688
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11688
Summary:
miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.
miniBB versions prior to 1.7f are reported prone to this issue.
4. LibXPM Multiple Unspecified Vulnerabilities
BugTraq ID: 11694
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11694
Summary:
libXpm is reported prone to multiple vulnerabilities. These issues may be triggered when handling malformed XPM images. The following issues are reported:
Integer overflow vulnerabilities, out-of-bounds memory access vulnerabilities, a shell command execution vulnerability, a path traversal vulnerability, and endless loop vulnerabilities.
The details regarding each of these issues are not specified at the time of writing. However, this BID will be updated as further details regarding these vulnerabilities becomes available.
5. Linux Kernel SMBFS Multiple Remote Vulnerabilities
BugTraq ID: 11695
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11695
Summary:
The Linux kernel is reported susceptible to multiple remote vulnerabilities in the SMBFS network file system.
These vulnerabilities may lead to the execution of attacker-supplied machine code, information disclosure of kernel memory, or kernel crashes, denying service to legitimate users.
Versions of the kernel in both the 2.4, and the 2.6 series are reported susceptible to various issues.
6. Cscope Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 11697
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11697
Summary:
Cscope is reportedly affected by insecure temporary file creation vulnerabilities. These issues are due to a design error that causes the application to fail to verify the existence of a file before writing to it.
It is reported that during execution the affected utility creates temporary files in the system's temporary directory, '/tmp', with predictable names. This allows attackers to create malicious symbolic links that will be written to by the vulnerable utility when an unsuspecting user executes it.
An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.
Versions up to and including version 15.5 are reported vulnerable.
7. Gentoo GIMPS EBuild Insecure Default Permissions Vulnerabili...
BugTraq ID: 11698
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11698
Summary:
The Gentoo GIMPS eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
8. Gentoo SETI@home EBuild Insecure Default Permissions Vulnera...
BugTraq ID: 11699
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11699
Summary:
The Gentoo SETI@home eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
9. Gentoo ChessBrain EBuild Insecure Default Permissions Vulner...
BugTraq ID: 11700
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11700
Summary:
The Gentoo ChessBrain eBuild package is reported prone to a weak default permissions vulnerability.
A local attacker may exploit this vulnerability to escalate privileges.
10. PHPBB Admin_cash.PHP Remote PHP File Include Vulnerability
BugTraq ID: 11701
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11701
Summary:
A vulnerability is reported to exist in the phpBB Cash_Mod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system.
Remote attackers could potentially exploit this issue via a vulnerable variable to include a remote malicious PHP script, which will be executed in the context of the web server hosting the vulnerable software.
11. Invision Power Board Index.PHP Post Action SQL Injection Vul...
BugTraq ID: 11703
Remote: Yes
Date Published: Nov 18 2004
Relevant URL: http://www.securityfocus.com/bid/11703
Summary:
A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-supplied input prior to using it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
12. Danware NetOp Remote Control Information Disclosure Vulnerab...
BugTraq ID: 11710
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11710
Summary:
It is reported that NetOp Remote Control is susceptible to an information disclosure vulnerability.
This vulnerability reportedly allows remote attackers to discern the name of the user that is logged in and the internal IP address and hostname of the targeted computer. This information may aid malicious users in further attacks.
Versions prior to 7.65 build 2004278 are reported vulnerable to this issue.
13. Opera Web Browser Java Implementation Multiple Remote Vulner...
BugTraq ID: 11712
Remote: Yes
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11712
Summary:
Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation.
These issues may allow an attacker to craft a Java applet that violate Sun's Java secure programming guidelines.
These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.
Although only version 7.54 is reportedly vulnerable, it is likely that earlier versions are vulnerable to these issues as well.
14. Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vu...
BugTraq ID: 11715
Remote: No
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11715
Summary:
It is reported that a serialization error exists in the AF_UNIX address family that creates a race condition. This race condition reportedly allows local users to repeatedly increment arbitrary kernel memory locations.
This vulnerability allows local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.
Versions prior to 2.4.28 are reportedly affected by this vulnerability.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. locking idle text consoles (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/381905
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. AutoScan b0.92 R6
By: Lagarde Thierry
Relevant URL: http://autoscan.free.fr/
Platforms: Linux
Summary:
AutoScan is an application designed to explore and to manage your network. Entire subnets can be scanned simultaneously without human intervention. It features OS detection, automatic network discovery, a port scanner, a Samba share browser, and the ability to save the network state.
2. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
3. rootsh 0.2
By: Gerhard Lausser
Relevant URL: http://sourceforge.net/projects/rootsh/
Platforms: AIX, HP-UX, Linux, POSIX, SINIX, Solaris, UNIX
Summary:
Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. It's main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism. I's in heavy use here at a big bavarian car manufacturer (three letters, fast, cool,...) for project users whom you can't deny root privileges.
4. Maillog View v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary:
Maillog View is a Webmin module that allows you to easily view all your /var/log/maillog.* files. It features autorefresh, message size indication, ascending/descending view order, compressed file support, and a full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are supported. Courier MTA support is experimental.
5. BullDog Firewall 20040918
By: Robert APM Darin
Relevant URL: http://tanaya.net/BullDog
Platforms: Linux
Summary:
Bulldog is a powerful but lightweight firewall for heavy use systems. With many features, this firewall can be used by anyone who wants to protect his/her systems.
This system allow dynamic and static rules sets for maximum protection and has several advance features.
This firewall will work for the hobbyist or a military base. Generation 7 is a complete rewrite and redesign from scratch.
Be prepared to spend some time setting this up.
6. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund (at) gsb.uchicago (dot) edu [email concealed]
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary:
PIKT is a cross-categorical, multi-purpose toolkit to monitor and configure computer systems, organize system security, format documents, assist command-line work, and perform other common systems administration tasks.
PIKT's primary purpose is to report and fix problems, but its flexibility and extendibility evoke many other uses limited only by your imagination.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Symantec
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_linux-secnews_041123
------------------------------------------------------------------------
[ reply ]