| Date: | 4 Jan 2005 23:25:12 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #217 |
SecurityFocus Linux Newsletter #217
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Trojan Horse Christmas
2. Spam Punishment Doesn't Fit the Crime
II. LINUX VULNERABILITY SUMMARY
1. Business Objects Crystal Enterprise Report File Cross-Site S...
2. GNU A2PS fixps.in Script Insecure Temporary File Vulnerabili...
3. GNU A2PS psmandup.in Script Insecure Temporary File Vulnerab...
4. SugarCRM Multiple Cross-Site Scripting Vulnerability
5. PHProjekt Remote File Include Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CAN-2004-1137 (Thread)
2. opensource anti-virus gateway application for HTTP t...
(Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. pasmal 1.5
2. PatchLink Update 6.01.78
3. AutoScan b0.92 R6
4. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
5. rootsh 0.2
6. Maillog View v1.03.3
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Trojan Horse Christmas
By Scott Granneman
Here are some suggestions on how to help your family members safely use
that new trojan horse they received under the Christmas tree this year.
http://www.securityfocus.com/columnists/288
2. Spam Punishment Doesn't Fit the Crime
By Mark Rasch
When spammers are treated more harshly than those who commit war crimes
in
Rwanda, and are fined more than companies that destroy the environment,
it's time to revisit our strategy.
http://www.securityfocus.com/columnists/287
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Business Objects Crystal Enterprise Report File Cross-Site S...
BugTraq ID: 12107
Remote: Yes
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12107
Summary:
Business Objects Crystal Enterprise is prone to a cross-site scripting
vulnerability.
An attacker could exploit this issue by enticing a user to following a
malicious link to a Report (RPT) file. Malicious script embedded in
the link could access properties of the vulnerable Crystal Enterprise
site, allowing for various attacks such as theft of cookie-based
authentication credentials.
2. GNU A2PS fixps.in Script Insecure Temporary File Vulnerabili...
BugTraq ID: 12108
Remote: No
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12108
Summary:
GNU a2ps is prone to a vulnerability that may allow malicious local
users to corrupt files. This issue is due to the fact that the 'fixps.in'
script creates temporary files in an insecure manner, allowing symbolic
link attacks.
File corruption would occur in the context of the user running the
script. It is not known if this issue could be leveraged to elevate
privileges.
3. GNU A2PS psmandup.in Script Insecure Temporary File Vulnerab...
BugTraq ID: 12109
Remote: No
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12109
Summary:
GNU a2ps is prone to a vulnerability that may allow malicious local
users to corrupt files. This issue is due to the fact that the
'psmandup.in' script creates temporary files in an insecure manner, allowing
symbolic link attacks.
File corruption would occur in the context of the user running the
script. It is not known if this issue could be leveraged to elevate
privileges.
4. SugarCRM Multiple Cross-Site Scripting Vulnerability
BugTraq ID: 12113
Remote: Yes
Date Published: Dec 26 2004
Relevant URL: http://www.securityfocus.com/bid/12113
Summary:
SugarCRM is prone to multiple cross-site scripting vulnerabilities.
These issues are exposed through various URI parameters of the
'index.php' script. The affected parameters are not adequately sanitized of HTML
and script code before being output into dynamically generated pages.
An attacker could exploit these issues by enticing a victim user into
following a malicious link that contains hostile HTML and script code.
This could be exploited to steal cookie-based authentication
credentials.
The discoverer of these issues stated that some of the issues could
theoretically allow for execution of arbitrary PHP code, though has not
provided further information as to how this is possible.
5. PHProjekt Remote File Include Vulnerability
BugTraq ID: 12116
Remote: Yes
Date Published: Dec 28 2004
Relevant URL: http://www.securityfocus.com/bid/12116
Summary:
A remote file include vulnerability affects PHProjekt. This issue is
due to a failure of the application to properly sanitize user-supplied
input prior to using it in a PHP 'include()' function call.
An attacker may leverage this issue to execute arbitrary server-side
script code on an affected computer with the privileges of the Web server
process. This will facilitate unauthorized access.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. CAN-2004-1137 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/385980
2. opensource anti-virus gateway application for HTTP t... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/385744
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. pasmal 1.5
By: James Meehan
Relevant URL: http://www.elitelabs.org/
Platforms: Linux
Summary:
pasmal 1.5 is a port knocking authentification system using simple or
encrypted tcp/udp/icmp packets. pasmal can be used with
iptables/ipchains (firewall purposes) or any other program (remote shell, reboot,
etc)It is packaged with a php web admin, a command line client
pasmal.client, start/stop rc.d scripts.pasmal 1.5 also feature an intrusion/attempts
detection system due to its sniffers capabilities, running with syslogd
and custom log files.
2. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL:
http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux,
MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX,
Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware,
Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and
preventative process it should be. PATCHLINK UPDATE scans networks for
security holes and closes them with the click of a mouse, no matter the
operating system, the vendor applications, the mix, or the size of the
environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works
quickly, accurately and safely to ensure desktops and servers are patched
correctly and completely the first time around.
3. AutoScan b0.92 R6
By: Lagarde Thierry
Relevant URL: http://autoscan.free.fr/
Platforms: Linux
Summary:
AutoScan is an application designed to explore and to manage your
network. Entire subnets can be scanned simultaneously without human
intervention. It features OS detection, automatic network discovery, a port
scanner, a Samba share browser, and the ability to save the network state.
4. ksb26-2.6.9 Kernel Socks Bouncer for 2.6.x kernels 2.6.9
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
5. rootsh 0.2
By: Gerhard Lausser
Relevant URL: http://sourceforge.net/projects/rootsh/
Platforms: AIX, HP-UX, Linux, POSIX, SINIX, Solaris, UNIX
Summary:
Rootsh is a wrapper for shells which logs all echoed keystrokes and
terminal output to a file and/or to syslog. It's main purpose is the
auditing of users who need a shell with root privileges. They start rootsh
through the sudo mechanism. I's in heavy use here at a big bavarian car
manufacturer (three letters, fast, cool,...) for project users whom you
can't deny root privileges.
6. Maillog View v1.03.3
By: Angelo 'Archie' Amoruso
Relevant URL: http://www.netorbit.it/modules.html
Platforms: Linux
Summary:
Maillog View is a Webmin module that allows you to easily view all your
/var/log/maillog.* files. It features autorefresh, message size
indication, ascending/descending view order, compressed file support, and a
full statistics page. Sendmail, Postfix, Exim, and Qmail (partially) are
supported. Courier MTA support is experimental.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------