SecurityFocus Linux Newsletter #230
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
I. FRONT AND CENTER
1. Web Browser Forensics, Part 1
2. Defeating Honeypots: System Issues, Part 2
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
2. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
3. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
4. Midnight Commander Insert_Text Buffer Overflow Vulnerability
5. Linux Kernel EXT2 File System Information Leak Vulnerability
6. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
7. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
8. Mailreader Remote HTML Injection Vulnerability
9. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
10. Linux Kernel File Lock Local Denial Of Service Vulnerability
11. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
12. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
13. BZip2 CHMod File Permission Modification Race Condition Weak...
14. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
15. PHP Group PHP Image File Format Remote Denial Of Service Vul...
16. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
17. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
18. BakBone NetVault Remote Heap Overflow Vulnerability
19. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
III. LINUX FOCUS LIST SUMMARY
1. vsftp question (Thread)
2. Linux and DB2 (Thread)
3. Apache+PHP+ftp security (Thread)
4. Re[2]: Apache+PHP+ftp security (Thread)
5. OpenVPN? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. File System Saint 1.02a
2. Umbrella v0.5
3. Travesty 1.0
4. OCS 0.1
5. KSB - Kernel Socks Bouncer 2.6.10
6. DigSig 1.3.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827
2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and the application layer.
http://www.securityfocus.com/infocus/1828
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to securely handle signed values when validating memory indexes.
This issue may be leverage by a local attacker to gain escalated privileges on an affected computer.
2. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's Telnet client. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
3. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a remote buffer overflow vulnerability. It is reported that the vulnerability exists in a function 'env_opt_add()' in the 'telnet.c' source file, which is apparently common source for all of the affected vendors.
A remote attacker may exploit this vulnerability to execute arbitrary code on some of the affected platforms in the context of a user that is using the vulnerable Telnet client to connect to a malicious server.
4. Midnight Commander Insert_Text Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander. The vulnerability is caused by insufficient bounds checking of external data supplied to the 'insert_text()' function.
This issue may allow local attackers to execute arbitrary code in the context of another user.
5. Linux Kernel EXT2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel EXT2 filesystem handling code is reported prone to a local information leakage vulnerability.
This issue may be leveraged by a local attacker to gain access to potential sensitive kernel memory. Information gained in this way may lead to further attacks against the affected computer.
6. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments with MIME-encoded file names.
Succesful exploitation may allow arbitrary code execution in the security context of the application.
7. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service vulnerability.
It is reported that issue exists in the 'load_elf_library' function.
Linux Kernel 2.6.11.5 and prior versions are affected by this issue.
8. Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
BugTraq ID: 12947
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12947
Summary:
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an including version 0.0.3.
10. Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks.
An attacker may leverage this issue to crash or hang the affected kernel and deny service to legitimate users.
It should be noted that Symantec has been unable to reproduce this issue after testing. It is possible that this vulnerability is linked to the reporter's specific configuration. More information will be added as it becomes available.
11. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service vulnerability. This issue arises due to a double free condition.
It is reported that this vulnerability presents itself when an application that is linked against the library handles malformed Bitmap (.bmp) image files.
A successful attack may result in a denial of service condition. It is not confirmed whether this vulnerability could be leveraged to execute arbitrary code.
gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this issue. It is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
12. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be retired or updated upon further analysis.
13. BZip2 CHMod File Permission Modification Race Condition Weak...
BugTraq ID: 12954
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
bzip2 is reported prone to a security weakness, the issue is only present when an archive is extracted into a world or group writeable directory. It is reported that bzip2 employs non-atomic procedures to write a file and later change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of target files.
This weakness is reported to affect bzip2 version 1.0.2 and previous versions.
14. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
BugTraq ID: 12959
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12959
Summary:
The Linux kernel futex functions are reported prone to a local denial of service vulnerability. The issue is reported to manifest because several unspecified futex functions perform 'get_user()' calls and at the same time hold mmap_sem for reading purposes.
A local attacker may potentially leverage this issue to trigger a kernel deadlock and potentially deny service for legitimate users.
This vulnerability is reported to exist in the 2.6 Linux kernel tree.
15. PHP Group PHP Image File Format Remote Denial Of Service Vul...
BugTraq ID: 12962
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12962
Summary:
A remote denial of service vulnerability affects PHP Group PHP. This issue is due to a failure of the application to properly handle maliciously formed Image Format File (IFF) image files.
It should be noted that this vulnerability can only be exploited remotely if a Web based PHP application is implemented that allows user-supplied images to be processed by the 'getimagesize()' function. The 'getimagesize()' is commonly implemented in PHP Web applications that allow for the display of images.
An attacker may leverage this issue to cause the affected script interpreter to consume excessive processing resources on an affected computer, leading to a denial of service condition.
16. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
BugTraq ID: 12963
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12963
Summary:
A remote denial of service vulnerability affects PHP Group PHP. This issue is due to a failure of the application to properly handle maliciously crafted JPEG image files.
It should be noted that this vulnerability can only be exploited remotely if a Web based PHP application is implemented that allows user-supplied images to be processed by the 'getimagesize()' function. The 'getimagesize()' is commonly implemented in PHP Web applications that allow for the display of images.
An attacker may leverage this issue to cause the affected script interpreter to consume excessive processing resources on an affected computer, leading to a denial of service condition.
17. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
BugTraq ID: 12966
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12966
Summary:
NetVault is reported prone to a local buffer overflow vulnerability.
It is reported that a local attacker can exploit this vulnerability by supplying excessive data through a variable in the 'configure.cfg' file.
A successful attack can allow local attackers to execute arbitrary code on a vulnerable computer to gain elevated privileges.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
18. BakBone NetVault Remote Heap Overflow Vulnerability
BugTraq ID: 12967
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12967
Summary:
NetVault is reported prone to a remote heap overflow vulnerability.
A successful attack can allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
19. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
BugTraq ID: 12970
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12970
Summary:
The Linux kernel is reported prone to a local denial of service vulnerability. The issue is reported to exist in the Linux kernel tmpfs driver, and is because of a lack of sanitization performed on the address argument of 'shm_nopage()'.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. vsftp question (Thread)
Relevant URL:
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
A combination of process-based access control (PBAC) and authentication of binaries (like DigSig) - in addition the binaries have the security policy included within the binary, thus when it is executed, the policy is applied to the corrosponding process. Umbrella provides developers with a "restricted fork" which enables him to further restrict a sub-process from e.g. accessing the network.
3. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses (MAC) of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address.
It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Travesty is written in Python, and is very simple to add functionality to, or modify.
This is a very reliable and fast mass scanner for Cisco router with telnet/enable default password.
5. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
6. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verify this signature before loading the binary. Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Torjan programs and backdoors from running on the system.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Web Browser Forensics, Part 1
2. Defeating Honeypots: System Issues, Part 2
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
2. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
3. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
4. Midnight Commander Insert_Text Buffer Overflow Vulnerability
5. Linux Kernel EXT2 File System Information Leak Vulnerability
6. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
7. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
8. Mailreader Remote HTML Injection Vulnerability
9. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
10. Linux Kernel File Lock Local Denial Of Service Vulnerability
11. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
12. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
13. BZip2 CHMod File Permission Modification Race Condition Weak...
14. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
15. PHP Group PHP Image File Format Remote Denial Of Service Vul...
16. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
17. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
18. BakBone NetVault Remote Heap Overflow Vulnerability
19. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
III. LINUX FOCUS LIST SUMMARY
1. vsftp question (Thread)
2. Linux and DB2 (Thread)
3. Apache+PHP+ftp security (Thread)
4. Re[2]: Apache+PHP+ftp security (Thread)
5. OpenVPN? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. File System Saint 1.02a
2. Umbrella v0.5
3. Travesty 1.0
4. OCS 0.1
5. KSB - Kernel Socks Bouncer 2.6.10
6. DigSig 1.3.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Web Browser Forensics, Part 1
By Keith J. Jones and Rohyt Belani
This article provides a case study of digital forensics, and investigates
incriminating evidence using a user's web browser history.
http://www.securityfocus.com/infocus/1827
2. Defeating Honeypots: System Issues, Part 2
By Thorsten Holz and Frederic Raynal
Part two of this paper discusses how hackers discover, interact with, and
sometimes disable honeypots at the system level and the application layer.
http://www.securityfocus.com/infocus/1828
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to securely handle signed values when validating memory indexes.
This issue may be leverage by a local attacker to gain escalated privileges on an affected computer.
2. Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's Telnet client. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
3. Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a remote buffer overflow vulnerability. It is reported that the vulnerability exists in a function 'env_opt_add()' in the 'telnet.c' source file, which is apparently common source for all of the affected vendors.
A remote attacker may exploit this vulnerability to execute arbitrary code on some of the affected platforms in the context of a user that is using the vulnerable Telnet client to connect to a malicious server.
4. Midnight Commander Insert_Text Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander. The vulnerability is caused by insufficient bounds checking of external data supplied to the 'insert_text()' function.
This issue may allow local attackers to execute arbitrary code in the context of another user.
5. Linux Kernel EXT2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel EXT2 filesystem handling code is reported prone to a local information leakage vulnerability.
This issue may be leveraged by a local attacker to gain access to potential sensitive kernel memory. Information gained in this way may lead to further attacks against the affected computer.
6. Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments with MIME-encoded file names.
Succesful exploitation may allow arbitrary code execution in the security context of the application.
7. Linux Kernel Elf Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service vulnerability.
It is reported that issue exists in the 'load_elf_library' function.
Linux Kernel 2.6.11.5 and prior versions are affected by this issue.
8. Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. YepYep MTFTPD Remote CWD Argument Format String Vulnerabilit...
BugTraq ID: 12947
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12947
Summary:
mtftpd is reported prone to a remote format string vulnerability.
Reports indicate that this issue may be exploited by a remote authenticated attacker to execute arbitrary code in the context of the vulnerable service.
This vulnerability is reported to affect mtftpd versions up to an including version 0.0.3.
10. Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux kernel. This issue arises due to a failure of the kernel to properly handle malicious, excessive file locks.
An attacker may leverage this issue to crash or hang the affected kernel and deny service to legitimate users.
It should be noted that Symantec has been unable to reproduce this issue after testing. It is possible that this vulnerability is linked to the reporter's specific configuration. More information will be added as it becomes available.
11. GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service vulnerability. This issue arises due to a double free condition.
It is reported that this vulnerability presents itself when an application that is linked against the library handles malformed Bitmap (.bmp) image files.
A successful attack may result in a denial of service condition. It is not confirmed whether this vulnerability could be leveraged to execute arbitrary code.
gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable to this issue. It is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
12. PAFileDB ID Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 12952
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12952
Summary:
paFileDB is reported prone to a cross-site scripting vulnerability.
The vulnerability presents itself when an attacker supplies malicious HTML and script code through the 'id' parameter.
This may allow for theft of cookie-based authentication credentials or other attacks.
paFileDB 3.1 and prior versions are affected by this vulnerability.
This issue may be related to BID 12788 (PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities) and BID 12758 (PHP Arena PAFileDB Multiple Remote Cross Site Scripting Vulnerabilities). This BID will be retired or updated upon further analysis.
13. BZip2 CHMod File Permission Modification Race Condition Weak...
BugTraq ID: 12954
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
bzip2 is reported prone to a security weakness, the issue is only present when an archive is extracted into a world or group writeable directory. It is reported that bzip2 employs non-atomic procedures to write a file and later change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of target files.
This weakness is reported to affect bzip2 version 1.0.2 and previous versions.
14. Linux Kernel Futex Local Deadlock Denial Of Service Vulnerab...
BugTraq ID: 12959
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12959
Summary:
The Linux kernel futex functions are reported prone to a local denial of service vulnerability. The issue is reported to manifest because several unspecified futex functions perform 'get_user()' calls and at the same time hold mmap_sem for reading purposes.
A local attacker may potentially leverage this issue to trigger a kernel deadlock and potentially deny service for legitimate users.
This vulnerability is reported to exist in the 2.6 Linux kernel tree.
15. PHP Group PHP Image File Format Remote Denial Of Service Vul...
BugTraq ID: 12962
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12962
Summary:
A remote denial of service vulnerability affects PHP Group PHP. This issue is due to a failure of the application to properly handle maliciously formed Image Format File (IFF) image files.
It should be noted that this vulnerability can only be exploited remotely if a Web based PHP application is implemented that allows user-supplied images to be processed by the 'getimagesize()' function. The 'getimagesize()' is commonly implemented in PHP Web applications that allow for the display of images.
An attacker may leverage this issue to cause the affected script interpreter to consume excessive processing resources on an affected computer, leading to a denial of service condition.
16. PHP Group PHP Remote JPEG File Format Remote Denial Of Servi...
BugTraq ID: 12963
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12963
Summary:
A remote denial of service vulnerability affects PHP Group PHP. This issue is due to a failure of the application to properly handle maliciously crafted JPEG image files.
It should be noted that this vulnerability can only be exploited remotely if a Web based PHP application is implemented that allows user-supplied images to be processed by the 'getimagesize()' function. The 'getimagesize()' is commonly implemented in PHP Web applications that allow for the display of images.
An attacker may leverage this issue to cause the affected script interpreter to consume excessive processing resources on an affected computer, leading to a denial of service condition.
17. BakBone NetVault Configure.CFG Local Buffer Overflow Vulnera...
BugTraq ID: 12966
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12966
Summary:
NetVault is reported prone to a local buffer overflow vulnerability.
It is reported that a local attacker can exploit this vulnerability by supplying excessive data through a variable in the 'configure.cfg' file.
A successful attack can allow local attackers to execute arbitrary code on a vulnerable computer to gain elevated privileges.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
18. BakBone NetVault Remote Heap Overflow Vulnerability
BugTraq ID: 12967
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12967
Summary:
NetVault is reported prone to a remote heap overflow vulnerability.
A successful attack can allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
19. Linux Kernel TmpFS Driver Local Denial Of Service Vulnerabil...
BugTraq ID: 12970
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12970
Summary:
The Linux kernel is reported prone to a local denial of service vulnerability. The issue is reported to exist in the Linux kernel tmpfs driver, and is because of a lack of sanitization performed on the address argument of 'shm_nopage()'.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. vsftp question (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394897
2. Linux and DB2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394891
3. Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394746
4. Re[2]: Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394581
5. OpenVPN? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394497
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
2. Umbrella v0.5
By: Umbrella
Relevant URL: http://umbrella.sf.net/
Platforms: Linux
Summary:
A combination of process-based access control (PBAC) and authentication of binaries (like DigSig) - in addition the binaries have the security policy included within the binary, thus when it is executed, the policy is applied to the corrosponding process. Umbrella provides developers with a "restricted fork" which enables him to further restrict a sub-process from e.g. accessing the network.
3. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses (MAC) of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address.
It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Travesty is written in Python, and is very simple to add functionality to, or modify.
4. OCS 0.1
By: OverIP
Relevant URL: http://hacklab.altervista.org/download/OCS.c
Platforms: Linux
Summary:
This is a very reliable and fast mass scanner for Cisco router with telnet/enable default password.
5. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
6. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verify this signature before loading the binary. Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Torjan programs and backdoors from running on the system.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
[ reply ]