| Date: | 29 Mar 2005 19:37:57 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #229 |
SecurityFocus Linux Newsletter #229
------------------------------------
This Issue is Sponsored By: Wireless Security Conference
WIRELESS SECURITY CONFERENCE & EXPO is the nation's leading event for
corporate wireless security strategies and solutions. Learn everything
you
need to help your company secure your corporate wireless networks and
mobile devices. Includes hands-on workshops, live hacking sessions, top
keynotes and more. Join hundreds of your colleagues, over 25 of the
world's
top wireless security experts and our technology solutions expo. Expo
pass
is free or use priority code WSCSFC to save $100 off conference rates.
April 19-21, 2005, Hyatt Regency Cambridge, Cambridge, MA. Conference
website is: www.wireless-security-conference.com
http://www.securityfocus.com/sponsor/WirelessSecurityConference_linux-secnews_050329
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Owning A New Phone
2. Practical Certifications
II. LINUX VULNERABILITY SUMMARY
1. Icecast XSL Parser Multiple Vulnerabilities
2. Xzabite DYNDNSUpdate Multiple Remote Buffer Overflow Vulnera...
3. Samsung DSL Modem Multiple Remote Vulnerabilities
4. NetWin SurgeMail Multiple Remote HTML Injection and File Upl...
5. Nortel Contivity VPN Client Local Password Disclosure Weakne...
6. ImageMagick SGI Parser Heap Overflow Vulnerability
7. ImageMagick TIFF Image File Unspecified Denial Of Service Vu...
8. ImageMagick TIFF Image Tag Denial Of Service Vulnerability
9. Imagemagick Photoshop Document Parsing Unspecified Denial of...
10. Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of
Servic...
11. Mozilla GIF Image Processing Library Remote Heap Overflow
Vu...
12. Mozilla Firefox Sidebar Panel Script Injection Vulnerability
13. Mozilla Browser Remote Insecure XUL Start Up Script Loading
...
14. PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
15. Invision Power Board HTML Injection Vulnerability
16. CDRTools CDRecord Local Insecure File Creation Vulnerability
17. Dnsmasq Multiple Remote Vulnerabilities
18. OpenMosixview Multiple Insecure Temporary File Creation
Vuln...
III. LINUX FOCUS LIST SUMMARY
1. Apache+PHP+ftp security (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. File System Saint 1.02a
2. Umbrella v0.5
3. Travesty 1.0
4. OCS 0.1
5. KSB - Kernel Socks Bouncer 2.6.10
6. DigSig 1.3.2
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Owning A New Phone
By Scott Granneman
Recent mobile phone and Bluetooth hacks, and the public's response to
them,
show us how the average person really looks at security.
http://www.securityfocus.com/columnists/310
2. Practical Certifications
By Don Parker
Recent changes to the GIAC makes one question the value of
certification
for the security industry.
http://www.securityfocus.com/columnists/311
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Icecast XSL Parser Multiple Vulnerabilities
BugTraq ID: 12849
Remote: Yes
Date Published: Mar 18 2005
Relevant URL: http://www.securityfocus.com/bid/12849
Summary:
Icecast is reported prone to multiple vulnerabilities. The following
individual issues are reported:
Icecast XSL parser is reported to be prone to a buffer overflow
vulnerability. This issue exists due to a lack of sufficient boundary checks
performed on certain XSL tag values before copying these values into a
finite buffer in process memory. It is reported that the vulnerability
manifests when a malicious XSL file is parsed by the affected software.
This issue may potentially be exploited to deny service for legitimate
users or potentially execute arbitrary code in the context of the user
that is running the affected software. This is not confirmed.
It is reported that the Icecast XSL parser is prone to an information
disclosure vulnerability. It is reported that the parser fails to parse
XSL files when a request for such a file is appended with a dot '.'
character.
A remote attacker may exploit this vulnerability to disclose the
contents of XSL files that can be requested publicly.
These vulnerabilities are reported to affect Icecast version 2.20,
other versions might also be affected.
2. Xzabite DYNDNSUpdate Multiple Remote Buffer Overflow Vulnera...
BugTraq ID: 12858
Remote: Yes
Date Published: Mar 21 2005
Relevant URL: http://www.securityfocus.com/bid/12858
Summary:
Multiple remote buffer overflow vulnerabilities affect Xzabite's
dyndnsupdate. These issues are due to a failure of the application to
properly validate the length of user-supplied strings prior to copying them
into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the
privileges of a user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
3. Samsung DSL Modem Multiple Remote Vulnerabilities
BugTraq ID: 12864
Remote: Yes
Date Published: Mar 21 2005
Relevant URL: http://www.securityfocus.com/bid/12864
Summary:
Multiple vulnerabilities are reported to exist in Samsung DSL modems.
The first issue is an information disclosure issue due to a failure of
the device to block access to potentially sensitive files.
The second issue is a default backdoor account vulnerability. It is
reported that multiple accounts exist on the modem by default, allowing
remote attackers to gain administrative privileges on the modem.
These vulnerabilities may allow remote attackers to gain access to
potentially sensitive information, or to gain administrative access to the
affected device.
Samsung DSL modems running software version SMDK8947v1.2 are reported
to be affected. Other devices and software versions are also likely
affected.
4. NetWin SurgeMail Multiple Remote HTML Injection and File Upl...
BugTraq ID: 12866
Remote: Yes
Date Published: Mar 22 2005
Relevant URL: http://www.securityfocus.com/bid/12866
Summary:
Multiple remote file upload and HTML injection vulnerabilities affect
NetWin SurgeMail. The underlying causes of these issues are a failure ot
sanitize user-supplied input and a failure to securely handle the file
upload functionality.
These issues may be leverage to upload arbitrary files into arbitrary
locations writable to the affected application and carry out HTML
injection attacks against the SurgeMail administrator. This may facilitate
theft of credentials and potentially compromise of the email server.
5. Nortel Contivity VPN Client Local Password Disclosure Weakne...
BugTraq ID: 12871
Remote: No
Date Published: Mar 22 2005
Relevant URL: http://www.securityfocus.com/bid/12871
Summary:
Nortel Contivity VPN Client for Microsoft Windows platforms is reported
prone to a local pre-shared key (password) disclosure weakness. It is
reported that the VPN user and group password is stored in the memory
image of the process in plain-text format.
Credentials that are harvested through the exploitation of this
weakness may then be used to aid in further attacks.
This weakness is reported to affect Nortel Contivity VPN Client version
5.01 for Microsoft Windows, versions for the Linux platform are not
reported to be vulnerable. Other versions might also be affected.
6. ImageMagick SGI Parser Heap Overflow Vulnerability
BugTraq ID: 12873
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12873
Summary:
ImageMagick is prone to a heap-based buffer overflow vulnerability.
This vulnerability exists in the SGI image file parser.
Successful exploitation may result in execution of arbitrary code.
This issue may potentially be exploited through the ImageMagick
application or in other applications that import the SGI image file parser
component.
It is noted that the SGI codec is enabled by default in ImageMagick.
7. ImageMagick TIFF Image File Unspecified Denial Of Service Vu...
BugTraq ID: 12874
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12874
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick. This issue is likely due to a failure of the application to handle
malformed TIFF image files.
A remote attacker may leverage this issue to cause the affected
application to crash, potentially causing a loss of data denying service to
legitimate users.
8. ImageMagick TIFF Image Tag Denial Of Service Vulnerability
BugTraq ID: 12875
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12875
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick. This issue is likely due to a failure of the application to handle
malformed TIFF image files.
A remote attacker may leverage this issue to cause the affected
application to crash, potentially causing a loss of data, and denying service
to legitimate users.
9. Imagemagick Photoshop Document Parsing Unspecified Denial of...
BugTraq ID: 12876
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12876
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick. This issue is likely due to a failure of the application to handle
malformed PSD files.
A remote attacker may leverage this issue to cause the affected
application to crash, potentially causing a loss of data denying service to
legitimate users.
10. Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Servic...
BugTraq ID: 12877
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12877
Summary:
mod_ssl is prone to a remote denial of service vulnerability. The issue
exists in the 'ssl_io_filter_cleanup' function.
A remote attacker can exploit this issue to cause a denial of service
condition in an affected Apache server.
Apache 2.0.49 and prior versions are considered to be affected by this
vulnerability.
11. Mozilla GIF Image Processing Library Remote Heap Overflow Vu...
BugTraq ID: 12881
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12881
Summary:
Multiple Mozilla products are affected by a remote heap overflow
vulnerability. This issue affects the GIF image processing library used by
Mozilla Firefox, Mozilla Browser, and Mozilla Thunderbird Mail client.
A successful attack can result in arbitrary code execution and result
in unauthorized access to the affected computer. Arbitrary code
execution will take place in the context of a user running a vulnerable
application.
12. Mozilla Firefox Sidebar Panel Script Injection Vulnerability
BugTraq ID: 12884
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12884
Summary:
Mozilla Firefox is prone to a vulnerability that could allow remote
code execution.
This may occur if a malicious Web page is bookmarked as a sidebar
panel. The malicious page may then reportedly open a privileged page and
inject JavaScript. This may be leveraged to execute arbitrary code as
the victim client user.
13. Mozilla Browser Remote Insecure XUL Start Up Script Loading ...
BugTraq ID: 12885
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12885
Summary:
Mozilla Suite and Mozilla Firefox are affected by a remote insecure XUL
script loading vulnerability. This issue is due to an access
validation issue that causes the script to be loaded with elevated privileges.
An attacker may leverage this issue to execute XUL startup scripts with
elevated privileges. The vendor has reported that the security impact
of this is currently limited.
14. PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12887
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12887
Summary:
phpSysInfo is reportedly affected by multiple cross-site scripting
vulnerabilities. These issues are due to a failure in the application to
properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code
executed in the browser of an unsuspecting user. This may facilitate the
theft of cookie-based authentication credentials as well as other
attacks.
15. Invision Power Board HTML Injection Vulnerability
BugTraq ID: 12888
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12888
Summary:
Invision Power Board is reported prone to an HTML injection
vulnerability. This issue arises due to insufficient sanitization of
user-supplied data.
It is reported that due to a lack of filtering of HTML tags, an
attacker can inject an IFRAME through an HTTP POST request.
All version of Invision Power Board are considered vulnerable at the
moment.
This BID will be updated when more information is available.
16. CDRTools CDRecord Local Insecure File Creation Vulnerability
BugTraq ID: 12891
Remote: No
Date Published: Mar 24 2005
Relevant URL: http://www.securityfocus.com/bid/12891
Summary:
A local insecure file creation vulnerability affects cdrtools cdrecord.
This issue is due to a failure of the application to securely create
and write to various files.
An attacker may leverage this issue to corrupt arbitrary files with the
privileges of an unsuspecting user that activates the application.
17. Dnsmasq Multiple Remote Vulnerabilities
BugTraq ID: 12897
Remote: Yes
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12897
Summary:
Dnsmasq is reported prone to multiple remote vulnerabilities. These
issues can allow an attacker to exploit an off-by-one overflow condition
and carry out DNS cache poisoning attacks.
An attacker may leverage these issues to manipulate cache data,
potentially facilitating man-in-the-middle, site impersonation, or denial of
service attacks. A denial of service condition or potential code
execution may occur due to the off-by-one overflow vulnerability.
These issues affect Dnsmasq 2.20 and prior versions.
Due to a lack of details, further information is not available at the
moment. This BID will be updated when more information becomes
available.
18. OpenMosixview Multiple Insecure Temporary File Creation Vuln...
BugTraq ID: 12902
Remote: No
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12902
Summary:
openMosixview is reported prone to multiple local insecure temporary
file creation vulnerabilities. These issues are due to design errors
that cause the application to fail to verify the existence of files before
writing to them.
An attacker may leverage these issues to overwrite and delete arbitrary
files with the privileges of an unsuspecting user that activates the
vulnerable application.
All versions of openMosixView are reported vulnerable.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Apache+PHP+ftp security (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/394503
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. File System Saint 1.02a
By: Joshua Fritsch
Relevant URL: http://www.unixgeeks.org/saint
Platforms: Linux, UNIX
Summary:
A fast, flexible, lightweight perl-based host IDS.
2. Umbrella v0.5
By: Umbrella
Relevant URL: http://umbrella.sf.net/
Platforms: Linux
Summary:
A combination of process-based access control (PBAC) and authentication
of binaries (like DigSig) - in addition the binaries have the security
policy included within the binary, thus when it is executed, the policy
is applied to the corrosponding process. Umbrella provides developers
with a "restricted fork" which enables him to further restrict a
sub-process from e.g. accessing the network.
3. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses
(MAC) of ethernet devices on your computer. It supports manually
changing the MAC, generating random addresses, and applying different vendor
prefixes to the current address.
It also allows the user to import their own lists of hardware
addresses and descriptions that can be navigated from within the Travesty
interface. Travesty is written in Python, and is very simple to add
functionality to, or modify.
4. OCS 0.1
By: OverIP
Relevant URL: http://hacklab.altervista.org/download/OCS.c
Platforms: Linux
Summary:
This is a very reliable and fast mass scanner for Cisco router with
telnet/enable default password.
5. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects
full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26
uses a character device to pass socks5 and target ips to the Linux
Kernel. I have choosen to write in kernel space to enjoy myself [I know
that there are easier and safer ways to write this in userspace].
6. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before
running it. It inserts digital signatures inside the ELF binary and
verify this signature before loading the binary. Therefore, it improves
the security of the system by avoiding a wide range of malicious
binaries like viruses, worms, Torjan programs and backdoors from running on
the system.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Wireless Security Conference
WIRELESS SECURITY CONFERENCE & EXPO is the nation's leading event for
corporate wireless security strategies and solutions. Learn everything
you
need to help your company secure your corporate wireless networks and
mobile devices. Includes hands-on workshops, live hacking sessions, top
keynotes and more. Join hundreds of your colleagues, over 25 of the
world's
top wireless security experts and our technology solutions expo. Expo
pass
is free or use priority code WSCSFC to save $100 off conference rates.
April 19-21, 2005, Hyatt Regency Cambridge, Cambridge, MA. Conference
website is: www.wireless-security-conference.com
http://www.securityfocus.com/sponsor/WirelessSecurityConference_linux-secnews_050329
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------