Date: 20 Jul 2004 19:14:43 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #193
SecurityFocus Linux Newsletter #193
------------------------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add 
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all 
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Metasploit Framework (Part 2 of 3)
     2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
II. LINUX VULNERABILITY SUMMARY
     1. Multiple Mozilla Bugzilla Vulnerabilities
     2. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
     3. PHP Strip_Tags() Function Bypass Vulnerability
     4. PHP memory_limit Remote Code Execution Vulnerability
     5. Linux Kernel Equalizer Load Balancer Device Driver Local Den...
     6. PHPBB Multiple Cross-Site Scripting Vulnerabilities
     7. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
III. LINUX FOCUS LIST SUMMARY
     1. Access control for a NFS server (Thread)
     2. Certifying a RedHat Install (Thread)
     3. Visited by a cracker (Thread)
     4. Administrivia (Thread)
     5. Fwd: Certifying a RedHat Install (Thread)
     6. Weird! (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Cyber-Ark  Inter-Business Vault
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. cenfw 0.2 beta
     2. TinyCA v0.6.4
     3. MIMEDefang v2.44
     4. Ettercap v0.7.0 pre2
     5. SnortNotify 1.02
     6. Devil-Linux v1.2 Beta 1
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part 2 of 3)
By Pukhraj Singh and K.K. Mookhey

This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the 
future of
penetration testing once and for all. Part two of three.

http://www.securityfocus.com/infocus/1790


2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
By Don Parker

This article is the second of a two-part series that will discuss 
various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques. 

http://www.securityfocus.com/infocus/1791

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Multiple Mozilla Bugzilla Vulnerabilities
BugTraq ID: 10698
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10698
Summary:
Multiple vulnerabilities are reported to exist in the Bugzilla 
software. The issues include cross-site scripting, SQL injection, privilege 
escalation, and information disclosure.

An information disclosure vulnerability is reported to affect Bugzilla 
installations under certain circumstances. It is reported that when the 
SQL server is halted, and the HTTP server continues to run, a remote 
attacker may disclosure the database password.

An attacker, may employ the harvested password information to 
authenticate to the SQL database.

A privilege escalation vulnerability is reported to affect Bugzilla.

A privileged attacker may exploit this vulnerability to gain membership 
to other Bugzilla groups.

An additional information disclosure vulnerability is reported to 
affect Bugzilla. It is reported that hidden products may be revealed using 
vulnerable CGI scripts.

An attacker may employ the vulnerable scripts in order to disclose 
product listings that are marked as confidential.

Bugzilla is reported prone to multiple cross-site scripting 
vulnerabilities. These issues exist due to a lack of sanitization performed on 
user supplied URI data before this data is incorporated into dynamically 
generated error messages.

These cross-site scripting issues could permit a remote attacker to 
create a malicious URI link that includes hostile HTML and script code.  
If a user follows the malicious link, the attacker-supplied code 
executes in the web browser of the victim computer.

An additional information disclosure vulnerability is reported to 
affect Bugzilla. It is reported that a Bugzilla user's password may be 
embedded as a part of an image URI, the password may be saved into and be 
visible in web server or web proxy logs.

An attacker who has access to the web server logs may harvest 
credentials.

Finally, Bugzilla is reported prone to an SQL injection vulnerability. 
The issue is due to a failure of the application to properly sanitize 
user-supplied input. 

As a result of this issue a privileged attacker could modify the logic 
and structure of database queries.

2. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 10722
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10722
Summary:
It is reported that phpBB contains multiple unspecified SQL injection 
vulnerabilities.

One vulnerability is reported to exist in 'admin_board.php'. The other 
pertains to improper characters in the session id variable.

These issues are due to a failure of the application to properly 
sanitize user-supplied URI parameters before using them to construct SQL 
queries to be issued to the underlying database. 

Version 2.0.9 has been released addressing these, and other issues. 
This BID will be updated when further information is known.

3. PHP Strip_Tags() Function Bypass Vulnerability
BugTraq ID: 10724
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10724
Summary:
It is reported that it is possible to bypass PHPs strip_tags() 
function.

It is reported that under certain circumstances, PHPs strip_tags() 
function will improperly leave malformed tags in place.

This vulnerability may mean that previously presumed-safe web 
applications could contain multiple cross-site scripting and HTML injection 
vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari 
web browsers.

It is reported that 'magic_quotes_gpc' must be off for PHP to be 
vulnerable to this issue.

4. PHP memory_limit Remote Code Execution Vulnerability
BugTraq ID: 10725
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10725
Summary:
Reportedly PHP modules compiled with memory_limit support are affected 
by a remote code execution vulnerability.  This issue is due to a 
failure of the PHP module to properly handle memory_limit request 
termination.

This issue is reportedly exploitable by exploiting the Apache 
ap_escape_html Memory Allocation Denial Of Service Vulnerability (BID 10619); an 
attacker can cause premature termination during critical code 
execution.  It should be noted that although the above-mentioned Apache 
vulnerability is the only known attack vector, there might be other attack 
vectors that are currently unknown.

An attacker can exploit this issue to execute arbitrary code on an 
affected computer within the context of the vulnerable application, 
facilitating unauthorized access.

5. Linux Kernel Equalizer Load Balancer Device Driver Local Den...
BugTraq ID: 10730
Remote: No
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10730
Summary:
The Linux kernel is reported to be prone to a local denial of service 
vulnerability. The issue is reported to exist in the 'eql.c' source 
file.

An unprivileged local attacker may exploit this issue by crafting a 
program that calls the vulnerable functions on a slave device name that 
does not exist.

This vulnerability is reported to exist in version 2.6.7 of the Linux 
kernel. It is likely that other versions are also affected.

6. PHPBB Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 10738
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10738
Summary:
It is reported that phpBB is affected by multiple cross-site scripting 
vulnerabilities.  These issues are due to a failure of the application 
to properly sanitize user-supplied URI input.

The problems present themselves in the 'index.php' and 'faq.php' 
scripts.

These issues could permit a remote attacker to create a malicious URI 
link that includes hostile HTML and script code. If this link were 
followed, the hostile code may be rendered in the web browser of the victim 
user.

7. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
BugTraq ID: 10741
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10741
Summary:
It is reported that PHPNuke is susceptible to a cross-site scripting 
vulnerability and an SQL injection vulnerability.

Both of these vulnerabilities are due to improper sanitization of 
user-supplied data.

Attackers may supply malicious parameters to manipulate the structure 
and logic of SQL queries. This may result in unauthorized operations 
being performed on the underlying database. This issue may be exploited to 
cause sensitive information to be disclosed to a remote attacker. 

The cross-site scripting vulnerability is reported to exist in the same 
script. As a result of this deficiency, it is possible for a remote 
attacker to create a malicious link containing script code that will be 
executed in the browser of a legitimate user.

This may allow for theft of cookie-based authentication credentials and 
other attacks. 

These vulnerabilities were reported in version 7.3 of PHPNuke. Other 
versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Access control for a NFS server (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/369388

2. Certifying a RedHat Install (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/369156

3. Visited by a cracker (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/369117

4. Administrivia (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/369089

5. Fwd: Certifying a RedHat Install (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/368985

6. Weird! (Thread)
Relevant URL:

http://www.securityfocus.com/archive/91/368773

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, 
Windows XP
Summary: 

The Centron IPTables Firewall Gui is an object oriented, database 
driven, windows interface to linux IPtables firewall rules.

2. TinyCA v0.6.4
By: Stephan Martin
Relevant URL: http://tinyca.sm-zone.net/
Platforms: Linux, OpenNMS, POSIX
Summary: 

TinyCA is a simple GUI written in Perl/Tk to manage a small 
certification authority. It is based on OpenSSL and Perl modules from the OpenCA 
project. TinyCA lets you manage x509 certificates. It is possible to 
export data in PEM or DER format for use with servers, as PKCS#12 for use 
with clients, or as S/MIME certificates for use with email programs. It 
is also possible to import your own PKCS#10 requests and generate 
certificates from them.

3. MIMEDefang v2.44
By: David F. Skoll
Relevant URL: http://www.mimedefang.org/
Platforms: Linux, Perl (any system supporting perl), UNIX
Summary: 

MIMEDefang is a flexible MIME e-mail scanner designed to protect 
Windows clients from viruses. It can alter or delete various parts of a MIME 
message according to a very flexible configuration file. It can also 
bounce messages with unnaceptable attachments. MIMEDefang works with 
Sendmail 8.11's new "Milter" API, which gives it much more flexibility than 
procmail-based approaches.

4. Ettercap v0.7.0 pre2
By: ALoR <alor@users.sourceforge.net>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, 
Windows XP
Summary: 

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It 
supports active and passive dissection of many protocols (even ciphered 
ones, like SSH and HTTPS). Data injection in an established connection 
and filtering on the fly is also possible, keeping the connection 
synchronized. Many sniffing modes were implemented to give you a powerful 
and complete sniffing suite. Plugins are supported. It has the ability to 
check whether you are in a switched LAN or not, and to use OS 
fingerprints (active or passive) to let you know the geometry of the LAN.

5. SnortNotify 1.02
By: Adam Ely
Relevant URL: http://www.780inc.com/snortnotify/
Platforms: Linux
Summary: 

Running from cron at a specified interval SnortNotify will search a 
snort database for new alerts. If new alerts match a pre configured 
priority level, an email will be sent to the contact. The email will include 
Sensor name, the signaturename, and the timestamp.

6. Devil-Linux v1.2 Beta 1
By: Heiko Zuerker <heiko@devil-linux.org>
Relevant URL: http://www.devil-linux.org/download.htm
Platforms: Linux
Summary: 

Devil-Linux is a special Linux distribution which is used for 
firewalls/routers. The goal of Devil-Linux is to have a small, customizable, and 
secure Linux system. Configuration is saved on a floppy disk, and it 
has several optional packages.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: SecurityFocus 

Want to keep up on the latest security vulnerabilities? Don't have time 
to
visit a myriad of mailing lists and websites to read the news? Just add 
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all 
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------