Date: 20 Oct 2004 20:40:02 -0000
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #206
SecurityFocus Linux Newsletter #206
------------------------------------

This issue sponsored by: SPI Dynamics

Pen Test for the Top Web Application Vulnerabilities- FREE Product 
Trial
Hackers are exploiting web apps with attacks such as; SQL Injection, 
XSS
and Session Hijacking, all undetectable by Firewalls and IDS! Are you
vulnerable?   Run a FREE Test of your Web Apps via our FREE 15 Day 
Product
Trial that delivers a comprehensive Vulnerability Report.

http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_041020

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. SSH Host Key Protection
II. LINUX VULNERABILITY SUMMARY
     1. MySQL Multiple Local Vulnerabilities
     2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
     3. Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerabilit...
     4. phpMyAdmin Remote Command Execution Vulnerability
     5. LibTIFF Multiple Buffer Overflow Vulnerabilities
     6. Macromedia JRun Management Console HTML Injection Vulnerabil...
     7. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
     8. Macromedia JRun Management Console Administrative Session Fi...
     9. KDocker Unspecified Vulnerability
     10. Veritas Cluster Server Superuser Compromise Vulnerability
     11. ProFTPD Authentication Delay Username Enumeration 
Vulnerabil...
III. LINUX FOCUS LIST SUMMARY
     NO NEW POSTS FOR THE WEEK 2004-10-12 to 2004-10-19.
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Cyber-Ark  Inter-Business Vault
     2. EnCase Forensic Edition
     3. KeyGhost SX
     4. SafeKit
     5. Astaro Linux Firewall
     6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
     1. PIKT - Problem Informant/Killer Tool v1.17.0
     2. ID-Synch 3.1
     3. Nmap v3.70
     4. THC-Hydra v4.3
     5. Pads 1.1
     6. cenfw 0.3b
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. SSH Host Key Protection
By Brian Hatch

This is the first in a series of articles on SSH in-depth. We start 
with
looking at standard SSH host keys by examining the verification process 
to
ensure you have not been the victim of an attack.

http://www.securityfocus.com/infocus/1806

II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. MySQL Multiple Local Vulnerabilities
BugTraq ID: 11357
Remote: No
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11357
Summary:
MySQL is reported prone to multiple local vulnerabilities.  These 
issues may allow an attacker to bypass security restrictions or cause a 
denial of service condition in the application.

It is reported that an attacker can bypass certain security 
restrictions and gain access to and corrupt potentially sensitive data due to an 
error in 'ALTER TABLE ... RENAME' operations.

A denial of service condition presents itself when multiple threads 
ALTER MERGE tables to change the UNION.

Due to a lack of details, further information is not available at the 
moment.  This BID will be updated as more information becomes available.

2. Macromedia ColdFusion MX CreateObject And CFOBJECT Java Exte...
BugTraq ID: 11364
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11364
Summary:
It is reported that ColdFusion MX contains a weakness that allows all 
developers to utilize the CFOBJECT tag and the CreateObject function to 
execute potentially malicious code in the context of the affected 
application server.

This weakness allows malicious developers to execute code that is not 
appropriate for a shared server environment, or to perform 
administrative actions in the context of the affected application server. Malicious 
developers may possibly exploit this weakness to aid them in further 
application or system attacks.

Versions 6.0 and 6.1 of Macromedia ColdFusion MX are reported to be 
affected by this weakness.

3. Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerabilit...
BugTraq ID: 11385
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11385
Summary:
It is reported that Squid is susceptible to a denial of service 
vulnerability in its SNMP ASN.1 parser. SNMP support is not enabled by default 
as provided by the vendor. It may be enabled by default when Squid is 
included as a binary application in certain unconfirmed operating 
systems.

This vulnerability allows remote attackers to crash affected Squid 
proxies with single UDP datagrams that may be spoofed. Squid will attempt 
to restart itself automatically, but an attacker sending repeated 
malicious SNMP packets can effectively deny service to legitimate users.

Squid versions 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702 
are reported vulnerable to this issue.

4. phpMyAdmin Remote Command Execution Vulnerability
BugTraq ID: 11391
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11391
Summary:
phpMyAdmin is reported prone to a remote command execution 
vulnerability.  This vulnerability likely arises due to insufficient sanitization 
of user-supplied data.

A successful attack may allow an attacker to execute arbitrary commands 
on a vulnerable server resulting in a compromise of the server.

phpMyAdmin 2.6.0-pl1 and prior versions are affected by this issue.

5. LibTIFF Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11406
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11406
Summary:
LibTIFF is affected by multiple buffer overflow vulnerabilities. This 
issue is due to a failure of the application to properly perform 
boundary checks prior to copying user-supplied strings into finite process 
buffers.

An attacker may leverage these issues to execute arbitrary code on a 
vulnerable computer with the privileges of the user running the 
vulnerable application, facilitating unauthorized access.  These issues may also 
be leveraged to cause an affected application to crash.

6. Macromedia JRun Management Console HTML Injection Vulnerabil...
BugTraq ID: 11411
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11411
Summary:
Macromedia JRun is prone to an HTML injection vulnerability.  This 
issue exists in the Management Console and may allow hijacking of 
administrative sessions.

7. Macromedia JRun Session ID Cookie HTTP Response Splitting Vu...
BugTraq ID: 11413
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11413
Summary:
An HTTP response splitting vulnerability affects Macromedia JRun due to 
Session ID handling.  This issue is due to a failure of the application 
to properly handle how POST requests are processed.

A remote attacker may exploit this vulnerability to influence or 
misrepresent how web content is served, cached or interpreted. This could aid 
in various attacks, which try to entice client users into a false sense 
of trust.

8. Macromedia JRun Management Console Administrative Session Fi...
BugTraq ID: 11414
Remote: Yes
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11414
Summary:
Macromedia JRun is prone to session fixation vulnerability.  This issue 
exists in the Management Console. 

The application is reported prone to session fixation vulnerability.  
This attack can allow an attacker to set a session ID in a user's 
browser and hijack the user's session upon authentication to JRun.

This issue can allow remote attackers to bypass authentication checks, 
and possibly allow them to gain administrative access to the web 
application. 

This issue was originally reported in BID 11245 (Macromedia JRun 
Multiple Remote Vulnerabilities).  It is now being separated and assigned a 
new BID.

9. KDocker Unspecified Vulnerability
BugTraq ID: 11419
Remote: No
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11419
Summary:
KDocker is reported prone to an unspecified vulnerability.  The vendor 
reported this issue in KDocker versions 0.8 and prior.  The cause and 
impact of this issue are currently unknown.  It is conjectured that due 
to the nature of this issue, it may allow a local attacker to gain 
elevated privileges or compromise a computer locally.

Due to a lack of details, further information is not available at the 
moment.  This BID will be updated as more information becomes available.

10. Veritas Cluster Server Superuser Compromise Vulnerability
BugTraq ID: 11421
Remote: Unknown
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11421
Summary:
Veritas Cluster Server is affected by a superuser compromise 
vulnerability.  The underlying cause for this issue is currently unknown.

An attacker can leverage this issue to gain superuser access to an 
affected computer, facilitating privileged unauthorized access.  It is 
currently not known if this issue is remotely or locally exploitable; this 
BID will be updated as more details are released.

11. ProFTPD Authentication Delay Username Enumeration Vulnerabil...
BugTraq ID: 11430
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11430
Summary:
A timing attack is described in ProFTPD that could assist a remote user 
in enumerating usernames.

A remote attacker may exploit this vulnerability to determine what 
usernames are valid, privileged, or do not exist on the remote system.

III. LINUX FOCUS LIST SUMMARY
-----------------------------
NO NEW POSTS FOR THE WEEK 2004-10-12 to 2004-10-19.

IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark  Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL: 
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary: 

Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business 
Vault, an information security solution that enables organizations to 
safely overcome traditional network boundaries in order to securely share 
business information among customers, business partners, and remote 
branches. It provides a seamless, LAN-like experience over the Internet 
that includes all the security, performance, accessibility, and ease of 
administration required to allow organizations to share everyday 
information worldwide. To learn more about these core attributes of the 
Inter-Business Vault click on the relevant link below:

2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, 
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: 
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary: 

EnCase Forensic Edition Version 4 delivers the most advanced features 
for computer forensics and investigations. With an intuitive GUI and 
superior performance, EnCase Version 4 provides investigators with the 
tools to conduct large-scale and complex investigations with accuracy and 
efficiency. Guidance Software?s award winning solution yields 
completely non-invasive computer forensic investigations while allowing 
examiners to easily manage large volumes of computer evidence and view all 
relevant files, including "deleted" files, file slack and unallocated 
space. 

The integrated functionality of EnCase allows the examiner to perform 
all functions of the computer forensic investigation process. EnCase's 
EnScript, a powerful macro-programming language and API included within 
EnCase, allows investigators to build customized and reusable forensic 
scripts.

3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, 
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary: 

KeyGhost SX discreetly captures and records all keystrokes typed, 
including chat conversations, email, word processor, or even activity within 
an accounting or specialist system. It is completely undetectable by 
software scanners and provides you with one of the most powerful stealth 
surveillance applications offered anywhere. 

Because KeyGhost uses STRONG 128-Bit encryption to store the recorded 
data in it?s own internal memory (not on the hard drive), it is 
impossible for a network intruder to gain access to any sensitive data stored 
within the device.

4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary: 

Evidian's SafeKit technology makes it possible to render any 
application available 24 hours per day. With no extra hardware: just use your 
existing servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to 
do is add more standard servers into the cluster. With the load 
balancing features of SafeKit, you can distribute applications over multiple 
servers. If one system fails completely, the others will continue to 
serve your users.

5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary: 

Astaro Linux Firewall: All-in-one firewall, virus protection, content 
filtering and spam protection internet security software package for 
Linux. 
Free download for home users.

6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, 
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary: 

Low cost, easy to use Two Factor Authentication One Time Password token 
using the Cellular. Does not use SMS or communication, manages multiple 
OTP accounts - new technology. For any business that want a safer 
access to its Internet Services. More information at our site.
 
We also provide eAuthentication service for businesses that will not 
buy an Authentication product but would prefer to pay a monthly charge 
for authentication services from our our CAT Server.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. PIKT - Problem Informant/Killer Tool v1.17.0
By: Robert Osterlund, robert.osterlund@gsb.uchicago.edu
Relevant URL: http://pikt.org
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS
Summary: 

PIKT is a cross-categorical, multi-purpose toolkit to monitor and 
configure computer systems, organize system security, format documents, 
assist command-line work, and perform other common systems administration 
tasks.

PIKT's primary purpose is to report and fix problems, but its 
flexibility and extendibility evoke many other uses limited only by your 
imagination.

2. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, 
MacOS, MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, 
SunOS, True64 UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary: 

ID-Synch is enterprise user provisioning software. It reduces the cost 
of user administration, helps new and reassigned users get to work more 
quickly, and ensures prompt and reliable access termination. This is 
accomplished through automatic propagation of changes to user profiles 
from systems of record to managed systems, with self service workflow for 
security change requests, through consolidated and delegated user 
administration, and with federation.

3. Nmap v3.70
By: Fyodor
Relevant URL: http://www.insecure.org/nmap/
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, 
Solaris, SunOS, UNIX
Summary: 

Nmap is a utility for port scanning large networks, although it works 
fine for single hosts. Sometimes you need speed, other times you may 
need stealth. In some cases, bypassing firewalls may be required. Not to 
mention the fact that you may want to scan different protocols (UDP, 
TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN 
(half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp 
proxy (bounce attack) scanning, SYN/FIN scanning using IP frag

4. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris, 
UNIX
Summary: 

THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3, 
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, 
Cisco and more. Includes SSL support and is part of Nessus. Visit the 
project web site to download Win32, Palm and ARM binaries. Changes: 
important bugfix!

5. Pads 1.1
By: Matt Shelton
Relevant URL: 
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary: 

Pads (Passive Asset Detection System) is a signature-based detection 
engine used to passively detect network assets. It is designed to 
complement IDS technology by providing context to IDS alerts.

6. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary: 

The Centron IPTables Firewall Gui is an object oriented, database 
driven, windows interface to linux IPtables firewall rules.

VII. SPONSOR INFORMATION
-----------------------

This issue sponsored by: SPI Dynamics

Pen Test for the Top Web Application Vulnerabilities- FREE Product 
Trial
Hackers are exploiting web apps with attacks such as; SQL Injection, 
XSS
and Session Hijacking, all undetectable by Firewalls and IDS! Are you
vulnerable?   Run a FREE Test of your Web Apps via our FREE 15 Day 
Product
Trial that delivers a comprehensive Vulnerability Report.

http://www.securityfocus.com/sponsor/SPIDynamics_linux-secnews_041020