QODS ec

Wednesday, June 23, 2004

SEC: SecurityFocus Linux Newsletter #189

SecurityFocus Linux Newsletter #189
------------------------------------

This Issue is Sponsored By: SecurityFocus

Want to keep up on the latest security vulnerabilities? Don't have time
to visit a myriad of mailing lists and websites to read the news? Just
add the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all the latest posts for Bugtraq and the SF Vulnernability database in
one convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
1. Securing Apache 2: Step-by-Step
II. LINUX VULNERABILITY SUMMARY
1. Horde Chora Viewer Remote Command Execution Vulnerability
2. Multiple Vendor Anti-Virus Scanner Remote Denial Of Service ...
3. Linux Kernel Assembler Inline Function Local Denial Of Servi...
4. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
5. KAME Racoon IDE Daemon X.509 Improper Certificate Verificati...
6. Check Point Firewall-1 Internet Key Exchange Information Dis...
7. Invision Power Board Potential IP Address Spoofing Vulnerabi...
8. Linux Kernel Inter Intergrated Circuit Bus Driver Integer Ov...
9. Linux Kernel Multiple Device Driver Vulnerabilities
10. Nmap Potential Insecure File Creation Vulnerability
11. MoinMoin Group Name Privilege Escalation Vulnerability
12. Asterisk PBX Multiple Logging Format String Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. OpenVPN? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. SecretAgent
2. Cyber-Ark Inter-Business Vault
3. EnCase Forensic Edition
4. KeyGhost SX
5. SafeKit
6. Astaro Linux Firewall
V. NEW TOOLS FOR LINUX PLATFORMS
1. SnortNotify 1.02
2. Devil-Linux v1.2 Beta 1
3. GNU Anubis v3.9.94
4. DNSSEC Walker v3.4
5. Ettercap v0.7.0 pre2
6. Linux Intrusion Detection System (LIDS) v2.6.6
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Securing Apache 2: Step-by-Step
By Artur Maj

Continuing the very popular "Securing" series from last year, this
article discusses step-by-step how to compile, install, chroot and
configure a secure Apache 2 web server.

http://www.securityfocus.com/infocus/1786

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Horde Chora Viewer Remote Command Execution Vulnerability
BugTraq ID: 10531
Remote: Yes
Date Published: Jun 13 2004
Relevant URL: http://www.securityfocus.com/bid/10531
Summary:
Horde Chora Viewer is reported to be prone to a remote command execution vulnerability. The vulnerability is reported to exist due to a lack of sanitization performed on values that may be user-supplied.

Shell metacharacters that are included as a value for the affected URI parameter may result in attacker specified shell commands being executed in an exec() call. Command execution will occur in the context of the affected web server.

Chora versions up to an including version 1.2.1 are reported to be affected by this vulnerability.

2. Multiple Vendor Anti-Virus Scanner Remote Denial Of Service ...
BugTraq ID: 10537
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10537
Summary:
Multiple vendor anti-virus scanning software is reported prone to a remote denial of service vulnerability.

The issue is reported to present itself when certain malicious archives containing large quantities of data are scanned.

In the supplied example approximately 300 Gigabytes of data is archived in many different archive types. This archive may be transmitted to a client or submitted to an online anti-virus scanning service in order to crash the anti-virus software.

3. Linux Kernel Assembler Inline Function Local Denial Of Servi...
BugTraq ID: 10538
Remote: No
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10538
Summary:
The Linux Kernel is reportedly to be affected by a local denial of service vulnerability surrounding inline assembly functions. This issue is due to a design error that causes the application to fail to properly handle stack frame management.

This issue may be leveraged by an attacker to cause the affected system to crash, denying service to legitimate users.

Although only select linux kernels are reported to be affected, it is likely that various other versions are vulnerable as well.

4. Invision Power Board SSI.PHP Cross-Site Scripting Vulnerabil...
BugTraq ID: 10539
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10539
Summary:
Invision Power Board 'ssi.php' script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in the 'ssi.php' script on user-influenced 'f' parameter. This can permit the theft of cookie-based authentication credentials; other attacks may also be possible.

5. KAME Racoon IDE Daemon X.509 Improper Certificate Verificati...
BugTraq ID: 10546
Remote: Yes
Date Published: Jun 14 2004
Relevant URL: http://www.securityfocus.com/bid/10546
Summary:
It is reported that racoon improperly validates X.509 certificates when negotiating IPSec connections.

When checking certificate validity, racoon ignores many errors from OpenSSL and grants access to invalid certificates.

When ignoring these errors, racoon would allow improper certificates to be used when authenticating connections. This vulnerability would allow attackers to forge certificates and potentially gain access to IPSec VPNs. This would also effectively make all certificates permanent.

It is unknown the exact versions of racoon that are vulnerable at this time.

6. Check Point Firewall-1 Internet Key Exchange Information Dis...
BugTraq ID: 10558
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10558
Summary:
Check Point Firewall-1 is affected by an information disclosure vulnerability during an Internet Key Exchange (IKE) phase. This issue is due to a design error that may present sensitive information to an attacker.

An attacker can leverage this issue to disclose information about the affected firewall product including the version number and various details about the firewall's capabilities. Furthermore this issue would facilitate fingerprinting or identifying a firewall by carrying out active scans.

7. Invision Power Board Potential IP Address Spoofing Vulnerabi...
BugTraq ID: 10559
Remote: Yes
Date Published: Jun 16 2004
Relevant URL: http://www.securityfocus.com/bid/10559
Summary:
It is reported that Invision Power Board is prone to an IP address spoofing vulnerability. If an attacker is using a proxy to access a remote forum, the application logs the attacker's internal IP address on the LAN, instead of the real IP address of the proxy.

This issue is reported to affect Invision Power Board version 1.3, however, it is likely that other versions are affected as well.

8. Linux Kernel Inter Intergrated Circuit Bus Driver Integer Ov...
BugTraq ID: 10563
Remote: No
Date Published: Jun 17 2004
Relevant URL: http://www.securityfocus.com/bid/10563
Summary:
The Linux kernel has been reported to be vulnerable to an integer overflow in the inter integrated circuit (I2C) bus driver. This issue is due to a failure of the offending driver to properly validate user-reported size values.

This issue could be leveraged by an attacker to execute machine code with the privileges of the affected driver; potentially leading to privilege escalation and ring 0 access.

It should be noted that in most cases I2C device files are by default only readable and writable by superusers; in such a case an attacker would have to have superuser privileges.

9. Linux Kernel Multiple Device Driver Vulnerabilities
BugTraq ID: 10566
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10566
Summary:
It has been reported that the Linux kernel is vulnerable to multiple device driver issues. These issues were found during a recent audit of the Linux kernel source.

Drivers reportedly affected by these issues are: aironet, asus_acpi, decnet, mpu401, msnd, and pss.

These issues may reportedly allow attackers to gain access to kernel memory or gain escalated privileges on the affected computer.

10. Nmap Potential Insecure File Creation Vulnerability
BugTraq ID: 10567
Remote: No
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10567
Summary:
Nmap is reportedly prone to a potential insecure file creation vulnerability. A local user may exploit this vulnerability to cause files to be overwritten with the privileges of the user running Nmap. This issue occurs when Nmap is launched with the '-oN' option.

All versions of Nmap are considered to be vulnerable to this issue.

Further analysis has showed that this issue is not a vulnerability. This BID is being retired.

11. MoinMoin Group Name Privilege Escalation Vulnerability
BugTraq ID: 10568
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10568
Summary:
It is reported that MoinMoin contains a privilege escalation vulnerability whereby regular users can gain administrative privileges.

MoinMoin allows remote web clients to create their own user accounts without administrative intervention or approval. It is reported that if a user creates an account with the same name as an administrative group, the user will inherit the privileges of that same administrative group.

An attacker would use this vulnerability to gain complete access to the MoinMoin Wiki, and could gain access to sensitive information, or destroy information.

Versions before 1.2.2 are reported vulnerable.

12. Asterisk PBX Multiple Logging Format String Vulnerabilities
BugTraq ID: 10569
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10569
Summary:
It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions.

An attacker may use these vulnerabilities to corrupt memory, and read or write arbitrary memory. Remote code execution is likely possible.

Due to the nature of these vulnerabilities, there may exist many different avenues of attack. Anything that can potentially call the logging functions with user-supplied data is vulnerable.

Versions 0.7.0 through to 0.7.2 are reported vulnerable.


III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. OpenVPN? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/366447

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:

SecretAgent is a file encryption and digital signature utility, supporting cross-platform interoperability over a wide range of platforms: Windows, Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, regardless of the size of your organization.

Using the latest recognized standards in encryption and digital signature technology, SecretAgent ensures the confidentiality, integrity, and authenticity of your data.

2. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business Vault, an information security solution that enables organizations to safely overcome traditional network boundaries in order to securely share business information among customers, business partners, and remote branches. It provides a seamless, LAN-like experience over the Internet that includes all the security, performance, accessibility, and ease of administration required to allow organizations to share everyday information worldwide. To learn more about these core attributes of the Inter-Business Vault click on the relevant link below:

3. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:

EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.

The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.

4. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:

KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or specialist system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.

5. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:

Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.

6. Astaro Linux Firewall

By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:

Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:

Running from cron at a specified interval SnortNotify will search a snort database for new alerts. If new alerts match a pre configured priority level, an email will be sent to the contact. The email will include Sensor name, the signaturename, and the timestamp.

2. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:

Devil-Linux is a special Linux distribution which is used for firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and secure Linux system. Configuration is saved on a floppy disk, and it has several optional packages.

3. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary:

GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail User Agent) and the MTA (Mail Transport Agent), and can perform various sorts of processing and conversion on-the-fly in accordance with the sender's specified rules, based on a highly configurable regular expressions system. It operates as a proxy server, and can edit outgoing mail headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels using the TLS/SSL encryption even if your mail user agent doesn't support it, or tunnel a connection through a SOCKS proxy server.

4. DNSSEC Walker v3.4
By: Simon Josefsson
Relevant URL: http://josefsson.org/walker/
Platforms: Linux, UNIX
Summary:

DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zonetransfer, but the zone must contain DNSSEC "NXT" records.

5. Ettercap v0.7.0 pre2
By: ALoR
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:

The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it is in effect, chosen files access, all system/network administration operations, any capability use, raw device, mem, and I/O access can be made impossible even for root. You can define which program can access which file. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus

Want to keep up on the latest security vulnerabilities? Don't have time
to visit a myriad of mailing lists and websites to read the news? Just
add the new SecurityFocus RSS feeds to your freeware RSS reader, and see
all the latest posts for Bugtraq and the SF Vulnernability database in
one convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------

0 Comments:

Post a Comment

<< Home


Get Firefox!