Date: 1 Jun 2004 21:13:09 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #186
SecurityFocus Linux Newsletter #186
------------------------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see 
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. H.323 Mediated Voice over IP: Protocols, Vulnerabilities & 
Remediation
     2. Pass the Chocolate
II. LINUX VULNERABILITY SUMMARY
     1. XPCD XPCD-SVGA Buffer Overflow Vulnerability
     2. cPanel Local Privilege Escalation Vulnerability
     3. GNU Mailman Unspecified Password Retrieval Vulnerability
     4. Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
III. LINUX FOCUS LIST SUMMARY
     1. Block martians with source address 127.0.0.1 (Thread)
     2. looking for wireless linux security book (Thread)
     3. Secure Form Script? (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Immunity CANVAS
     2. SecretAgent
     3. Cyber-Ark  Inter-Business Vault
     4. EnCase Forensic Edition
     5. KeyGhost SX
     6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Ettercap v0.7.0 pre2
     2. Linux Intrusion Detection System (LIDS) v2.6.6
     3. Astaro Security Linux (Stable 5.x) v5.007
     4. TinyCA v0.6.0
     5. OS-SIM v0.9.4
     6. Automatic Firewall v0.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. H.323 Mediated Voice over IP: Protocols, Vulnerabilities & 
Remediation
By Dr. Thomas Porter

This paper provides an overview of the H.323 (VoIP) protocol suite, its 
known vulnerabilities, and then suggests twenty rules for securing an 
H.323-based network.

http://www.securityfocus.com/infocus/1782


2. Pass the Chocolate
By Scott Granneman

For the 70% of the population that will trade their computer password 
for 
a bar of chocolate, this one's for you.

http://www.securityfocus.com/columnists/245

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. XPCD XPCD-SVGA Buffer Overflow Vulnerability
BugTraq ID: 10403
Remote: No
Date Published: May 23 2004
Relevant URL: http://www.securityfocus.com/bid/10403
Summary:
The xpcd-svga utility is susceptible to a locally exploitable buffer 
overflow condition.  According to the report, xpcd-svga copies untrusted 
data into a buffer of predefined size without bounds checking.  The 
procedure where this occurs is "pcd_open()", suggesting that the source of 
the data may be in the image file or photo disk.

2. cPanel Local Privilege Escalation Vulnerability
BugTraq ID: 10407
Remote: No
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10407
Summary:
cPanel is reported prone to a privilege escalation vulnerability. It is 
reported that the options used by cPanel to compile Apache 1.3.29 and 
PHP using the mod_phpsuexec option are insecure. These settings will 
reportedly permit a local attacker to execute arbitrary code as any user 
who possesses a PHP file that is published to the Apache web server.

3. GNU Mailman Unspecified Password Retrieval Vulnerability
BugTraq ID: 10412
Remote: Yes
Date Published: May 25 2004
Relevant URL: http://www.securityfocus.com/bid/10412
Summary:
Mailman is prone to an unspecified password retrieval vulnerability.  
This vulnerability was disclosed by the vendor.  Reportedly, a remote 
attacker can gain access to user passwords, when the users subscribe to a 
mailing list.

A remote attacker can use the sensitive information to hijack user 
accounts or carry out other attacks.

Mailman versions 2.1.4 and prior are prone to this issue.

Due to a lack of details further information is not available at the 
moment.  This BID will be updated as more information becomes available.

4. Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
BugTraq ID: 10428
Remote: No
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10428
Summary:
Subversion is reported prone to an undisclosed vulnerability. The issue 
is reported to present itself due to an insecure implementation of the 
pre-commit-hook template.

This BID will be updated as soon as further information regarding this 
vulnerability becomes available.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Block martians with source address 127.0.0.1 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/364801

2. looking for wireless linux security book (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/364322

3. Secure Form Script? (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/364301

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary: 

Immunity CANVAS is 100% pure Python, and every license includes full 
access to the entire CANVAS codebase. Python is one of the easiest 
languages to learn, so even novice programmers can be productive on the 
CANVAS API, should they so chose. 

Immunity CANVAS is both a valuable demonstration tool for enterprise 
information security teams or system adminstrators, and an advanced 
development platform for exploit developers, or people learning to become 
exploit developers.

2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT, 
Windows XP
Relevant URL: 
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary: 

SecretAgent is a file encryption and digital signature utility, 
supporting cross-platform interoperability over a wide range of platforms: 
Windows, Linux, Mac OS X, and UNIX systems.

It's the perfect solution for your data security requirements, 
regardless of the size of your organization.

Using the latest recognized standards in encryption and digital 
signature technology, SecretAgent ensures the confidentiality, integrity, and 
authenticity of your data.

3. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, 
Windows XP
Summary: 

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It 
supports active and passive dissection of many protocols (even ciphered 
ones, like SSH and HTTPS). Data injection in an established connection 
and filtering on the fly is also possible, keeping the connection 
synchronized. Many sniffing modes were implemented to give you a powerful 
and complete sniffing suite. Plugins are supported. It has the ability to 
check whether you are in a switched LAN or not, and to use OS 
fingerprints (active or passive) to let you know the geometry of the LAN.

2. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary: 

The Linux Intrusion Detection System is a patch which enhances the 
kernel's security. When it is in effect, chosen files access, all 
system/network administration operations, any capability use, raw device, mem, 
and I/O access can be made impossible even for root. You can define 
which program can access which file. It uses and extends the system 
capabilities bounding set to control the whole system and adds some network 
and filesystem security features to the kernel to enhance the security. 
You can finely tune the security protections online, hide sensitive 
processes, receive security alerts through the network, and more.

3. Astaro Security Linux (Stable 5.x) v5.007
By: astaro
Relevant URL: http://www.astaro.com/
Platforms: Linux, POSIX
Summary: 

Astaro Security Linux is a firewall solution. It does stateful packet 
inspection filtering, content filtering, user authentication, virus 
scanning, VPN with IPSec and PPTP, and much more. With its Web-based 
management tool, WebAdmin, and the ability to pull updates via the Internet, 
it is pretty easy to manage. It is based on a special hardened Linux 
2.4 distribution where most daemons are running in change-roots and are 
protected by kernel capabilities.

4. TinyCA v0.6.0
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary: 

TinyCA is a simple GUI written in Perl/Tk to manage a small 
certification authority. It is based on OpenSSL and Perl modules from the OpenCA 
project. TinyCA lets you manage x509 certificates. It is possible to 
export data in PEM or DER format for use with servers, as PKCS#12 for use 
with clients, or as S/MIME certificates for use with email programs. It 
is also possible to import your own PKCS#10 requests and generate 
certificates from them.

5. OS-SIM v0.9.4
By: Dominique Karg 
Relevant URL: http://www.ossim.net/
Platforms: Linux, MacOS, POSIX
Summary: 

OSSIM pretends to unify network monitoring, security, correlation, and 
qualification in one single tool. It combines Snort, Acid, HotSaNIC, 
NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full 
control over every aspect of networking or security.

6. Automatic Firewall v0.3
By: Baruch Even
Relevant URL: http://baruch.ev-en.org/proj/autofw/autofw.html
Platforms: Linux
Summary: 

Automatic Firewall configures your firewall by looking at your 
environment and deciding what is a good fit for your needs. It is intended for 
the novice broadband user to install and forget about, but still be 
fairly well protected.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add
the new SecurityFocus RSS feeds to your freeware RSS reader, and see 
all
the latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------