| Date: | 15 Jun 2004 18:21:27 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #188 |
SecurityFocus Linux Newsletter #188
------------------------------------
This issue sponsored by: Astaro
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN, wireless security
Protect your network against hackers, viruses, spam and other risks
with
Astaro Security Linux, the comprehensive security solution that
combines
six applications in one software solution for ease of use and lower
total
cost of ownership.
Download your free trial at:
http://www.securityfocus.com/sponsor/Astaro_sf-news_040615
------------------------------------------------------------------------
I. FRONT AND CENTER
1. TCP/IP Skills for Security Analysts (Part 2)
2. The Trouble with Gmail
3. Wireless Attacks and Penetration Testing (part 2 of 3)
II. LINUX VULNERABILITY SUMMARY
1. cPanel Killacct Script Customer Account DNS Information Dele...
2. PostgreSQL ODBC Driver Unspecified Remote Buffer Overflow Vu...
3. Webmin Multiple Unspecified Vulnerabilities
4. Multiple CPanel Perl Script Failure To Implement Taint Mode ...
5. NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabi...
6. PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability
7. CVS Multiple Vulnerabilities
8. Squid Proxy NTLM Authentication Buffer Overflow Vulnerabilit...
9. cPanel Passwd Remote SQL Injection Vulnerability
10. SMTP.Proxy Remote Format String Vulnerability
11. Invision Power Board SSI.PHP SQL Injection Vulnerability
12. KSymoops KSymoops-GZNM Insecure Temporary File Handling
Symb...
13. Subversion SVN Protocol Parser Remote Integer Overflow
Vulne...
14. Usermin HTML Email Script Code Execution Vulnerability
15. Webmin Configuration Module Information Disclosure
Vulnerabi...
16. PHP-Nuke Multiple Input Validation Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. mrtg/snmp/subinterfaces (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Immunity CANVAS
2. SecretAgent
3. Cyber-Ark Inter-Business Vault
4. EnCase Forensic Edition
5. KeyGhost SX
6. SafeKit
V. NEW TOOLS FOR LINUX PLATFORMS
1. SnortNotify 1.02
2. Devil-Linux v1.2 Beta 1
3. GNU Anubis v3.9.94
4. DNSSEC Walker v3.4
5. Ettercap v0.7.0 pre2
6. Linux Intrusion Detection System (LIDS) v2.6.6
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. TCP/IP Skills for Security Analysts (Part 2)
By Don Parker
This article series guides users new to the security field through some
of the key skills required to work as a security analyst. Part two puts
the skills into context by simulating a "day in the life" of a network
security analyst, using an example of what steps to take when new
exploit
code appears.
http://www.securityfocus.com/infocus/1784
2. The Trouble with Gmail
By Mark Rasch
Mass acceptance of the keyword scanning in Google's new e-mail service
could leave government spooks feeling lucky.
http://www.securityfocus.com/columnists/248
3. Wireless Attacks and Penetration Testing (part 2 of 3)
By Jonathan Hassell
This is the second of a three part series on penetration testing for
wireless networks. This installment looks at how a nefarious user
cracks
the WEP key, scans for servers and services, and then exploits
vulnerabilities to gain system access.
http://www.securityfocus.com/infocus/1785
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. cPanel Killacct Script Customer Account DNS Information Dele...
BugTraq ID: 10468
Remote: Yes
Date Published: Jun 05 2004
Relevant URL: http://www.securityfocus.com/bid/10468
Summary:
cPanel is prone to a vulnerability that can allow a remote
authenticated administrator to delete customer account DNS information for
customers that are not administered by that administrator. This attack can
allow an attacker to cause a denial of service condition against
vulnerable Web sites.
2. PostgreSQL ODBC Driver Unspecified Remote Buffer Overflow Vu...
BugTraq ID: 10470
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10470
Summary:
PostgreSQL ODBC driver is reportedly prone to a remote buffer overflow
vulnerability. This vulnerability was reported in a Debian advisory
and may allow a remote attacker to crash a Web server used with the
application. It is reported that this issue can be exploited by using a
malicious script in order to cause a denial of service condition in the
Web server.
Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes available.
PostgreSQL version 7.2.1 is confirmed to be vulnerable at the moment,
however, it is likely that other versions are affected as well.
3. Webmin Multiple Unspecified Vulnerabilities
BugTraq ID: 10474
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10474
Summary:
Webmin is prone to multiple unspecified vulnerabilities that may allow
an attacker to disclose sensitive information and carry out denial of
service attacks against legitimate users of the application.
The first issue can allow a user to disclose sensitive configuration
information about any module regardless of the user's privileges. The
second issue can allow an attacker to send fake credentials to the
application that results in locking out legitimate users of Webmin.
Webmin versions 1.140 and prior are affected by these issues.
4. Multiple CPanel Perl Script Failure To Implement Taint Mode ...
BugTraq ID: 10479
Remote: No
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10479
Summary:
Multiple Perl scripts that are distributed with cPanel are reported
prone to a security weakness. The issues are reported to exist because the
scripts do not run with taint mode. These weaknesses may be exploited
in conjunction with the weakness described in BID 10478 in order to
elevate privileges on a vulnerable system.
5. NetWin SurgeMail/WebMail Multiple Input Validation Vulnerabi...
BugTraq ID: 10483
Remote: Yes
Date Published: Jun 07 2004
Relevant URL: http://www.securityfocus.com/bid/10483
Summary:
SurgeMail/WebMail is prone to multiple vulnerabilities. These issue
result from insufficient sanitization of user-supplied data. The issues
can allow an attacker to carry out path disclosure and cross-site
scripting attacks.
SurgeMail versions 1.9 and prior and WebMail 3.1d are affected by these
issues.
6. PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability
BugTraq ID: 10493
Remote: Yes
Date Published: Jun 08 2004
Relevant URL: http://www.securityfocus.com/bid/10493
Summary:
PHP-Nuke 'reviews' module is prone to a cross-site scripting
vulnerability. These issue could allow an attacker to steal cookie-based
authentication credentials. It is reported that the application does not
sanitize user-supplied data through the 'id' parameter.
This vulnerability is likely to be fixed in the current versions of
PHP-Nuke. This issue may have surfaced earlier, however, this has not
been confirmed. This BID will be updated or retired as more information
becomes available.
7. CVS Multiple Vulnerabilities
BugTraq ID: 10499
Remote: Yes
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10499
Summary:
CVS is prone to multiple vulnerabilities. The issues include a double
free vulnerability, format string vulnerabilities, and integer
overflows. There is also a null termination issue in the security patch for
BID 10384, potentially leading to a server crash. Some of these issues
may be leveraged to execute arbitrary code, while other issues may only
result in a denial of service.
8. Squid Proxy NTLM Authentication Buffer Overflow Vulnerabilit...
BugTraq ID: 10500
Remote: Yes
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10500
Summary:
Squid Web Proxy Cache is reportedly affected by a buffer overflow
vulnerability when processing NTLM authentication credentials. This issue
is due to a failure of the application to properly validate buffer
boundaries when copying user-supplied input.
This would allow an attacker to modify stack based process memory in
order to cause a denial of service condition and execute arbitrary code
in the context of the vulnerable web proxy. This will most likely
facilitate unauthorized access to the affected computer.
9. cPanel Passwd Remote SQL Injection Vulnerability
BugTraq ID: 10505
Remote: Yes
Date Published: Jun 09 2004
Relevant URL: http://www.securityfocus.com/bid/10505
Summary:
cPanel is reportedly affected by a remote SQL injection vulnerability
in the passwd script. This issue is due to a failure of the application
to properly sanitize user-supplied URI parameter input before using it
in an SQL query.
The problem presents itself when malicious SQL statements are passed to
the 'passwd' script through URI parameters.
As a result of this a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database.
10. SMTP.Proxy Remote Format String Vulnerability
BugTraq ID: 10509
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10509
Summary:
smtp.proxy is prone to a remotely exploitable format string
vulnerability.
The vulnerability occurs in routines that log SMTP headers in email
passed through the proxy. This issue may be exploited to execute
arbitrary code.
11. Invision Power Board SSI.PHP SQL Injection Vulnerability
BugTraq ID: 10511
Remote: Yes
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10511
Summary:
Invision Power Board is reported prone to an SQL injection
vulnerability in its 'ssi.php' script.
Due to improper filtering of user supplied data, 'ssi.php' is
exploitable by attackers to pass SQL statements to the underlying database.
The impact of this vulnerability depends on the underlying database. It
may be possible to corrupt/read sensitive data, execute
commands/procedures on the database server or possibly exploit vulnerabilities in the
database itself through this condition.
Version 1.3.1 Final of Invision Power Board is reported vulnerable.
Other versions may also be affected as well.
*** There have been conflicting reports stating the the vulnerable
variable only accepts integer values and not arbitrary strings.
12. KSymoops KSymoops-GZNM Insecure Temporary File Handling Symb...
BugTraq ID: 10516
Remote: No
Date Published: Jun 10 2004
Relevant URL: http://www.securityfocus.com/bid/10516
Summary:
Ksymoops ships with several scripts, one of these scripts is
'ksymoops-gznm'. It is reported that the 'ksymoops-gznm' script is prone to a
local insecure temporary file handling symbolic link vulnerability. This
issue is due to a design error that allows the application to insecurely
write to a temporary file that is created with a predictable file name.
The script will write to this file before verifying its existence; this
would facilitate a symbolic link attack.
13. Subversion SVN Protocol Parser Remote Integer Overflow Vulne...
BugTraq ID: 10519
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10519
Summary:
It is reported that Subversion is prone to a remote integer overrun
vulnerability. The issue exists in the svn protocol parser and is due to a
lack of sufficient bounds checking performed on svn URI strings that
are transmitted by the client.
If the URI string recieved is long enough an integer overrun may occur
where the size value of the URI string will wrap and be misrepresented.
This may potentially result in corruption of heap memory management
structures.
14. Usermin HTML Email Script Code Execution Vulnerability
BugTraq ID: 10521
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10521
Summary:
Usermin is reportedly affected by a script code execution vulnerability
when rendering HTML email messages. This issue is due to a failure to
sanitize HTML email messages.
This issue will allow an attacker to execute arbitrary script code in
the browser of an unsuspecting user; facilitating theft of cookie based
authentication credentials. This could potentially allow unauthorized
access to user accounts on the computer.
15. Webmin Configuration Module Information Disclosure Vulnerabi...
BugTraq ID: 10522
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10522
Summary:
Webmin is reportedly prone to a vulnerability that allow for
unauthorized disclosure of the configuration of a module. This issue is due to
an access validation error.
This issue may allow an attacker to view the configuration of a module
for the affected application that may facilitate further attacks
against the affected system.
16. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10524
Remote: Yes
Date Published: Jun 11 2004
Relevant URL: http://www.securityfocus.com/bid/10524
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from
insufficient sanitization of user-supplied data. The following
specific issues can affect the application:
PHP-Nuke is prone to multiple cross-site scripting vulnerabilities.
These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules.
These cross-site scripting issues could permit a remote attacker to
create a malicious URI link that includes hostile HTML and script code.
If a user follows the malicious link, the attacker-supplied code
executes in the Web browser of the victim computer.
PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is
due to a failure of the application to properly sanitize user-supplied
input. The problem presents itself when SQL syntax is passed through
the a parameter of the 'Reviews' module.
As a result of this issue an attacker could modify the logic and
structure of database queries.
Finally a remote denial of service vulnerability is reported to exist
in the score subsystem of the 'Review' module of PHP-Nuke, it is
reported that a large number supplied as a value for a parameter passed to the
'Reviews' module will deny service to legitimate PHP-Nuke users.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. mrtg/snmp/subinterfaces (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/366082
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Immunity CANVAS
By: Immunity, Inc.
Platforms: Linux, Windows 2000
Relevant URL: http://www.immunitysec.com/CANVAS/
Summary:
Immunity CANVAS is 100% pure Python, and every license includes full
access to the entire CANVAS codebase. Python is one of the easiest
languages to learn, so even novice programmers can be productive on the
CANVAS API, should they so chose.
Immunity CANVAS is both a valuable demonstration tool for enterprise
information security teams or system adminstrators, and an advanced
development platform for exploit developers, or people learning to become
exploit developers.
2. SecretAgent
By: Information Security Corporation (ISC)
Platforms: Linux, MacOS, UNIX, Windows 2000, Windows 95/98, Windows NT,
Windows XP
Relevant URL:
http://www.infoseccorp.com/products/secretagent/contents.htm
Summary:
SecretAgent is a file encryption and digital signature utility,
supporting cross-platform interoperability over a wide range of platforms:
Windows, Linux, Mac OS X, and UNIX systems.
It's the perfect solution for your data security requirements,
regardless of the size of your organization.
Using the latest recognized standards in encryption and digital
signature technology, SecretAgent ensures the confidentiality, integrity, and
authenticity of your data.
3. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
4. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
5. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
6. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary:
Running from cron at a specified interval SnortNotify will search a
snort database for new alerts. If new alerts match a pre configured
priority level, an email will be sent to the contact. The email will include
Sensor name, the signaturename, and the timestamp.
2. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko@devil-linux.org>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:
Devil-Linux is a special Linux distribution which is used for
firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and
secure Linux system. Configuration is saved on a floppy disk, and it
has several optional packages.
3. GNU Anubis v3.9.94
By: Wojciech Polak
Relevant URL: http://www.gnu.org/software/anubis/
Platforms: Linux, POSIX
Summary:
GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail
User Agent) and the MTA (Mail Transport Agent), and can perform various
sorts of processing and conversion on-the-fly in accordance with the
sender's specified rules, based on a highly configurable regular
expressions system. It operates as a proxy server, and can edit outgoing mail
headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels
using the TLS/SSL encryption even if your mail user agent doesn't
support it, or tunnel a connection through a SOCKS proxy server.
4. DNSSEC Walker v3.4
By: Simon Josefsson
Relevant URL: http://josefsson.org/walker/
Platforms: Linux, UNIX
Summary:
DNSSEC Walker is a tool to recover DNS zonefiles using the DNS
protocol. The server does not have to support zonetransfer, but the zone must
contain DNSSEC "NXT" records.
5. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT,
Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It
supports active and passive dissection of many protocols (even ciphered
ones, like SSH and HTTPS). Data injection in an established connection
and filtering on the fly is also possible, keeping the connection
synchronized. Many sniffing modes were implemented to give you a powerful
and complete sniffing suite. Plugins are supported. It has the ability to
check whether you are in a switched LAN or not, and to use OS
fingerprints (active or passive) to let you know the geometry of the LAN.
6. Linux Intrusion Detection System (LIDS) v2.6.6
By: Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL: http://www.lids.org/download.html
Platforms: Linux
Summary:
The Linux Intrusion Detection System is a patch which enhances the
kernel's security. When it is in effect, chosen files access, all
system/network administration operations, any capability use, raw device, mem,
and I/O access can be made impossible even for root. You can define
which program can access which file. It uses and extends the system
capabilities bounding set to control the whole system and adds some network
and filesystem security features to the kernel to enhance the security.
You can finely tune the security protections online, hide sensitive
processes, receive security alerts through the network, and more.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: Astaro
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN, wireless security
Protect your network against hackers, viruses, spam and other risks
with
Astaro Security Linux, the comprehensive security solution that
combines
six applications in one software solution for ease of use and lower
total
cost of ownership.
Download your free trial at:
http://www.securityfocus.com/sponsor/Astaro_sf-news_040615
------------------------------------------------------------------------