Joe
03-09-2005, 12:53 AM
SecurityFocus Linux Newsletter #226
------------------------------------
This Issue is Sponsored By: Black Hat
Make plans now to attend the Black Hat Briefings & Training Europe, March
29-April 1 in Amsterdam, the world's premier technical security event.
Featuring 30 speakers in four tracks, 10 training sessions, with 250
delegates from 20 nations attending. Learn about the technical security
market drivers in the European market. Visit www.blackhat.com for
information or to register.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050308
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Where is Google Headed?
2. High Profile, Low Security
3. WEP: Dead Again, Part 2
II. LINUX VULNERABILITY SUMMARY
1. Mozilla Firefox Address Bar Image Dragging Remote Script Exe...
2. Debian Reportbug Multiple Information Disclosure Vulnerabili...
3. KPPP Privileged File Descriptor Leakage Vulnerability
4. PHPBB Authentication Bypass Vulnerability
5. PostNuke Phoenix Download Module Multiple Cross-Site Scripti...
6. Trolltech QT Local Code Execution Vulnerability
7. RealNetworks RealOne Player/RealPlayer Unspecified WAV File ...
8. RealNetworks RealOne Player/RealPlayer SMIL File Remote Stac...
9. XLoadImage Compressed Image Command Execution Vulnerability
10. XLI Unspecified Remote Buffer Mismanagement Vulnerability
11. LibXPM Bitmap_unit Integer Overflow Vulnerability
12. Squid Proxy Set-Cookie Headers Information Disclosure Vulner...
13. ImageMagick File Name Handling Remote Format String Vulnerab...
14. PABox HTML Injection Vulnerability
15. Typo3 CMW_Linklist Extension SQL Injection Vulnerability
16. Stadtaus.Com Download Center Lite Arbitrary Remote PHP File ...
III. LINUX FOCUS LIST SUMMARY
1. Deny Access To configuration file using php scripts (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Travesty 1.0
2. OCS 0.1
3. KSB - Kernel Socks Bouncer 2.6.10
4. DigSig 1.3.2
5. Firestarter 1.0.0
6. Network Equipment Performance Monitor 2.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Where is Google Headed?
By Scott Granneman
As the bad guys start using Google more and more, the company wrestles with
some new security and privacy issues with AutoLink.
http://www.securityfocus.com/columnists/304
2. High Profile, Low Security
By Matthew Tanase
Big companies stumble with high profile security breaches that make your
local WiFi coffee shop look secure.
http://www.securityfocus.com/columnists/305
3. WEP: Dead Again, Part 2
By Michael Ossmann
Part two of the WEP cracking series shows how active attacks can
dramatically increase the rate of packet collection and speed up
statistical attacks.
http://www.securityfocus.com/infocus/1824
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Mozilla Firefox Address Bar Image Dragging Remote Script Exe...
BugTraq ID: 12672
Remote: Yes
Date Published: Feb 26 2005
Relevant URL: http://www.securityfocus.com/bid/12672
Summary:
A remote script execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly validate the origin of scripts prior to execution when loaded into a browser window by dragging JavaScript image URIs into the address bar.
An attacker may leverage this issue to execute arbitrary script code in the context of a target Web site in the browser of an unsuspecting user. This may facilitate cookie-based authentication credential theft as well as other attacks.
2. Debian Reportbug Multiple Information Disclosure Vulnerabili...
BugTraq ID: 12674
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12674
Summary:
Multiple information disclosure vulnerabilities affect Debian reportbug; these issues are due to a failure of the application to properly configure sensitive data files.
An attacker may leverage these issues to email smarthost passwords, potentially leading to further compromise.
3. KPPP Privileged File Descriptor Leakage Vulnerability
BugTraq ID: 12677
Remote: No
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12677
Summary:
KPPP is reported prone to a file descriptor leakage vulnerability. This vulnerability can allow local attackers to gain read or write access to sensitive files such as '/etc/hosts' and '/etc/resolv.conf', which may lead to other attacks against the computer.
This vulnerability has been confirmed in KPPP 2.1.2. KPPP versions included with KDE 3.1.5 and prior versions are affected as well.
4. PHPBB Authentication Bypass Vulnerability
BugTraq ID: 12678
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12678
Summary:
phpBB is affected by an authentication bypass vulnerability.
This issue is due to the application failing to properly sanitize user-supplied input during authentication.
Exploitation of this vulnerability would permit unauthorized access to any known account including the administrator account.
The vendor has addressed this issue in phpBB 2.0.13.
5. PostNuke Phoenix Download Module Multiple Cross-Site Scripti...
BugTraq ID: 12685
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12685
Summary:
PostNuke is affected by multiple cross-site scripting vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input.
As a result of these vulnerabilities, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
6. Trolltech QT Local Code Execution Vulnerability
BugTraq ID: 12695
Remote: No
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12695
Summary:
A local code execution vulnerability affects Trolltech QT. These issues are due to a failure of the application to secure local dynamically loaded libraries.
An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user that activates a QT derived product; this will facilitate privilege escalation.
7. RealNetworks RealOne Player/RealPlayer Unspecified WAV File ...
BugTraq ID: 12697
Remote: Yes
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12697
Summary:
RealNetworks RealPlayer and RealOne Player are reported prone to an unspecified buffer overflow vulnerability. It is reported that the issue manifests when a malicious WAV file is processed. The vulnerability affects heap-based memory.
A remote attacker may exploit this vulnerability to execute arbitrary code in the context of a user that uses a vulnerable version of the media player to play a malicious WAV file.
8. RealNetworks RealOne Player/RealPlayer SMIL File Remote Stac...
BugTraq ID: 12698
Remote: Yes
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12698
Summary:
RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms.
9. XLoadImage Compressed Image Command Execution Vulnerability
BugTraq ID: 12712
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12712
Summary:
A remote command execution vulnerability affects xloadimage. This issue is due to a failure of the application to safely parse compressed images.
An attacker may leverage this by distributing a malicious image file designed to execute arbitrary commands with the privileges of an unsuspecting users.
10. XLI Unspecified Remote Buffer Mismanagement Vulnerability
BugTraq ID: 12713
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12713
Summary:
An unspecified remote buffer mismanagement vulnerability affects xli. This issue is due to a failure of the application to securely manage internal buffers when processing user-supplied input.
An attacker may leverage this issue to execute arbitrary code with the privileges of the affected application, facilitating privilege escalation or unauthorized access.
11. LibXPM Bitmap_unit Integer Overflow Vulnerability
BugTraq ID: 12714
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12714
Summary:
An integer overflow vulnerability is reported to affect libXpm, it is reported that this vulnerability exists in the 'scan.c' source file and is due to a lack of sanity checks performed on the 'bitmap_unit' value.
A remote attacker may exploit this condition to execute arbitrary code in the context of the application that is linked to the affected library.
12. Squid Proxy Set-Cookie Headers Information Disclosure Vulner...
BugTraq ID: 12716
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information disclosure vulnerability.
It is reported that remote attackers may gain access to Set-Cookie headers related to another user. Information gathered through exploiting this issue may aid in further attacks against services related to the cookie, potentially allowing for session hijacking.
Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.
13. ImageMagick File Name Handling Remote Format String Vulnerab...
BugTraq ID: 12717
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format string vulnerability.
Reportedly, this issue arises when the application handles malformed file names. An attacker can exploit this vulnerability by crafting a malicious file with a name that contains format specifiers and sending the file to an unsuspecting user.
It should be noted that other attack vectors also exist that may not require user interaction as the application can be used with custom printing systems and Web applications.
A successful attack may result in crashing the application or lead to arbitrary code execution.
All versions of ImageMagick are considered vulnerable at the moment.
14. PABox HTML Injection Vulnerability
BugTraq ID: 12719
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12719
Summary:
paBox is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This vulnerability is reported to affect paBox version 1.6.
paBox version 2.0 does not appear to be affected by this vulnerability; this has not been confirmed by the vendor.
15. Typo3 CMW_Linklist Extension SQL Injection Vulnerability
BugTraq ID: 12721
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12721
Summary:
Typo3 'cmw_linklist' extension is affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue is reported to affect 'cmw_linklist' extension versions 1.4.1 and earlier.
16. Stadtaus.Com Download Center Lite Arbitrary Remote PHP File ...
BugTraq ID: 12726
Remote: Yes
Date Published: Mar 04 2005
Relevant URL: http://www.securityfocus.com/bid/12726
Summary:
Download Center Lite is reportedly affected by an arbitrary remote PHP file include vulnerability. This issue is due to the application failing to properly sanitize user supplied input.
This vulnerability affects Download Center Lite version 1.5; earlier versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Deny Access To configuration file using php scripts (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/392536
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/E...nsic/index.shtm (http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm)
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or spe******t system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses (MAC) of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address.
It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Travesty is written in Python, and is very simple to add functionality to, or modify.
2. OCS 0.1
By: OverIP
Relevant URL: http://hacklab.altervista.org/download/OCS.c
Platforms: Linux
Summary:
This is a very reliable and fast mass scanner for Cisco router with telnet/enable default password.
3. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
4. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verify this signature before loading the binary. Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Torjan programs and backdoors from running on the system.
5. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to combine
ease of use with powerful features, serving both desktop users and administrators.
6. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system that monitors any type of logged data from IP networked equipment and reports it via E-mail and web pages. Current conditions and history from systems based on Windows NT/2000 and UNIX can be tracked and reported. Most major server, switch and router systems can be monitored, without running agents on the target systems.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Black Hat
Make plans now to attend the Black Hat Briefings & Training Europe, March
29-April 1 in Amsterdam, the world's premier technical security event.
Featuring 30 speakers in four tracks, 10 training sessions, with 250
delegates from 20 nations attending. Learn about the technical security
market drivers in the European market. Visit www.blackhat.com for
information or to register.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050308
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
------------------------------------
This Issue is Sponsored By: Black Hat
Make plans now to attend the Black Hat Briefings & Training Europe, March
29-April 1 in Amsterdam, the world's premier technical security event.
Featuring 30 speakers in four tracks, 10 training sessions, with 250
delegates from 20 nations attending. Learn about the technical security
market drivers in the European market. Visit www.blackhat.com for
information or to register.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050308
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Where is Google Headed?
2. High Profile, Low Security
3. WEP: Dead Again, Part 2
II. LINUX VULNERABILITY SUMMARY
1. Mozilla Firefox Address Bar Image Dragging Remote Script Exe...
2. Debian Reportbug Multiple Information Disclosure Vulnerabili...
3. KPPP Privileged File Descriptor Leakage Vulnerability
4. PHPBB Authentication Bypass Vulnerability
5. PostNuke Phoenix Download Module Multiple Cross-Site Scripti...
6. Trolltech QT Local Code Execution Vulnerability
7. RealNetworks RealOne Player/RealPlayer Unspecified WAV File ...
8. RealNetworks RealOne Player/RealPlayer SMIL File Remote Stac...
9. XLoadImage Compressed Image Command Execution Vulnerability
10. XLI Unspecified Remote Buffer Mismanagement Vulnerability
11. LibXPM Bitmap_unit Integer Overflow Vulnerability
12. Squid Proxy Set-Cookie Headers Information Disclosure Vulner...
13. ImageMagick File Name Handling Remote Format String Vulnerab...
14. PABox HTML Injection Vulnerability
15. Typo3 CMW_Linklist Extension SQL Injection Vulnerability
16. Stadtaus.Com Download Center Lite Arbitrary Remote PHP File ...
III. LINUX FOCUS LIST SUMMARY
1. Deny Access To configuration file using php scripts (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Travesty 1.0
2. OCS 0.1
3. KSB - Kernel Socks Bouncer 2.6.10
4. DigSig 1.3.2
5. Firestarter 1.0.0
6. Network Equipment Performance Monitor 2.2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Where is Google Headed?
By Scott Granneman
As the bad guys start using Google more and more, the company wrestles with
some new security and privacy issues with AutoLink.
http://www.securityfocus.com/columnists/304
2. High Profile, Low Security
By Matthew Tanase
Big companies stumble with high profile security breaches that make your
local WiFi coffee shop look secure.
http://www.securityfocus.com/columnists/305
3. WEP: Dead Again, Part 2
By Michael Ossmann
Part two of the WEP cracking series shows how active attacks can
dramatically increase the rate of packet collection and speed up
statistical attacks.
http://www.securityfocus.com/infocus/1824
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Mozilla Firefox Address Bar Image Dragging Remote Script Exe...
BugTraq ID: 12672
Remote: Yes
Date Published: Feb 26 2005
Relevant URL: http://www.securityfocus.com/bid/12672
Summary:
A remote script execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly validate the origin of scripts prior to execution when loaded into a browser window by dragging JavaScript image URIs into the address bar.
An attacker may leverage this issue to execute arbitrary script code in the context of a target Web site in the browser of an unsuspecting user. This may facilitate cookie-based authentication credential theft as well as other attacks.
2. Debian Reportbug Multiple Information Disclosure Vulnerabili...
BugTraq ID: 12674
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12674
Summary:
Multiple information disclosure vulnerabilities affect Debian reportbug; these issues are due to a failure of the application to properly configure sensitive data files.
An attacker may leverage these issues to email smarthost passwords, potentially leading to further compromise.
3. KPPP Privileged File Descriptor Leakage Vulnerability
BugTraq ID: 12677
Remote: No
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12677
Summary:
KPPP is reported prone to a file descriptor leakage vulnerability. This vulnerability can allow local attackers to gain read or write access to sensitive files such as '/etc/hosts' and '/etc/resolv.conf', which may lead to other attacks against the computer.
This vulnerability has been confirmed in KPPP 2.1.2. KPPP versions included with KDE 3.1.5 and prior versions are affected as well.
4. PHPBB Authentication Bypass Vulnerability
BugTraq ID: 12678
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12678
Summary:
phpBB is affected by an authentication bypass vulnerability.
This issue is due to the application failing to properly sanitize user-supplied input during authentication.
Exploitation of this vulnerability would permit unauthorized access to any known account including the administrator account.
The vendor has addressed this issue in phpBB 2.0.13.
5. PostNuke Phoenix Download Module Multiple Cross-Site Scripti...
BugTraq ID: 12685
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12685
Summary:
PostNuke is affected by multiple cross-site scripting vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input.
As a result of these vulnerabilities, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
6. Trolltech QT Local Code Execution Vulnerability
BugTraq ID: 12695
Remote: No
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12695
Summary:
A local code execution vulnerability affects Trolltech QT. These issues are due to a failure of the application to secure local dynamically loaded libraries.
An attacker may leverage this issue to execute arbitrary code in the context of an unsuspecting user that activates a QT derived product; this will facilitate privilege escalation.
7. RealNetworks RealOne Player/RealPlayer Unspecified WAV File ...
BugTraq ID: 12697
Remote: Yes
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12697
Summary:
RealNetworks RealPlayer and RealOne Player are reported prone to an unspecified buffer overflow vulnerability. It is reported that the issue manifests when a malicious WAV file is processed. The vulnerability affects heap-based memory.
A remote attacker may exploit this vulnerability to execute arbitrary code in the context of a user that uses a vulnerable version of the media player to play a malicious WAV file.
8. RealNetworks RealOne Player/RealPlayer SMIL File Remote Stac...
BugTraq ID: 12698
Remote: Yes
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12698
Summary:
RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack based buffer overflow vulnerability. The issue exists due to a lack of boundary checks performed by the application when parsing Synchronized Multimedia Integration Language (SMIL) files. A remote attacker may execute arbitrary code on a vulnerable computer to gain unauthorized access.
This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms.
9. XLoadImage Compressed Image Command Execution Vulnerability
BugTraq ID: 12712
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12712
Summary:
A remote command execution vulnerability affects xloadimage. This issue is due to a failure of the application to safely parse compressed images.
An attacker may leverage this by distributing a malicious image file designed to execute arbitrary commands with the privileges of an unsuspecting users.
10. XLI Unspecified Remote Buffer Mismanagement Vulnerability
BugTraq ID: 12713
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12713
Summary:
An unspecified remote buffer mismanagement vulnerability affects xli. This issue is due to a failure of the application to securely manage internal buffers when processing user-supplied input.
An attacker may leverage this issue to execute arbitrary code with the privileges of the affected application, facilitating privilege escalation or unauthorized access.
11. LibXPM Bitmap_unit Integer Overflow Vulnerability
BugTraq ID: 12714
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12714
Summary:
An integer overflow vulnerability is reported to affect libXpm, it is reported that this vulnerability exists in the 'scan.c' source file and is due to a lack of sanity checks performed on the 'bitmap_unit' value.
A remote attacker may exploit this condition to execute arbitrary code in the context of the application that is linked to the affected library.
12. Squid Proxy Set-Cookie Headers Information Disclosure Vulner...
BugTraq ID: 12716
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information disclosure vulnerability.
It is reported that remote attackers may gain access to Set-Cookie headers related to another user. Information gathered through exploiting this issue may aid in further attacks against services related to the cookie, potentially allowing for session hijacking.
Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.
13. ImageMagick File Name Handling Remote Format String Vulnerab...
BugTraq ID: 12717
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format string vulnerability.
Reportedly, this issue arises when the application handles malformed file names. An attacker can exploit this vulnerability by crafting a malicious file with a name that contains format specifiers and sending the file to an unsuspecting user.
It should be noted that other attack vectors also exist that may not require user interaction as the application can be used with custom printing systems and Web applications.
A successful attack may result in crashing the application or lead to arbitrary code execution.
All versions of ImageMagick are considered vulnerable at the moment.
14. PABox HTML Injection Vulnerability
BugTraq ID: 12719
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12719
Summary:
paBox is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in dynamically generated content.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This vulnerability is reported to affect paBox version 1.6.
paBox version 2.0 does not appear to be affected by this vulnerability; this has not been confirmed by the vendor.
15. Typo3 CMW_Linklist Extension SQL Injection Vulnerability
BugTraq ID: 12721
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12721
Summary:
Typo3 'cmw_linklist' extension is affected by a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue is reported to affect 'cmw_linklist' extension versions 1.4.1 and earlier.
16. Stadtaus.Com Download Center Lite Arbitrary Remote PHP File ...
BugTraq ID: 12726
Remote: Yes
Date Published: Mar 04 2005
Relevant URL: http://www.securityfocus.com/bid/12726
Summary:
Download Center Lite is reportedly affected by an arbitrary remote PHP file include vulnerability. This issue is due to the application failing to properly sanitize user supplied input.
This vulnerability affects Download Center Lite version 1.5; earlier versions may also be affected.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Deny Access To configuration file using php scripts (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/392536
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.guidancesoftware.com/products/E...nsic/index.shtm (http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm)
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features for computer forensics and investigations. With an intuitive GUI and superior performance, EnCase Version 4 provides investigators with the tools to conduct large-scale and complex investigations with accuracy and efficiency. Guidance Software?s award winning solution yields completely non-invasive computer forensic investigations while allowing examiners to easily manage large volumes of computer evidence and view all relevant files, including "deleted" files, file slack and unallocated space.
The integrated functionality of EnCase allows the examiner to perform all functions of the computer forensic investigation process. EnCase's EnScript, a powerful macro-programming language and API included within EnCase, allows investigators to build customized and reusable forensic scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed, including chat conversations, email, word processor, or even activity within an accounting or spe******t system. It is completely undetectable by software scanners and provides you with one of the most powerful stealth surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data in it?s own internal memory (not on the hard drive), it is impossible for a network intruder to gain access to any sensitive data stored within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any application available 24 hours per day. With no extra hardware: just use your existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to do is add more standard servers into the cluster. With the load balancing features of SafeKit, you can distribute applications over multiple servers. If one system fails completely, the others will continue to serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content filtering and spam protection internet security software package for Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Travesty 1.0
By: Robert Wesley McGrew
Relevant URL: http://cse.msstate.edu/~rwm8/travesty/
Platforms: Linux
Summary:
Travesty is an interactive program for managing the hardware addresses (MAC) of ethernet devices on your computer. It supports manually changing the MAC, generating random addresses, and applying different vendor prefixes to the current address.
It also allows the user to import their own lists of hardware addresses and descriptions that can be navigated from within the Travesty interface. Travesty is written in Python, and is very simple to add functionality to, or modify.
2. OCS 0.1
By: OverIP
Relevant URL: http://hacklab.altervista.org/download/OCS.c
Platforms: Linux
Summary:
This is a very reliable and fast mass scanner for Cisco router with telnet/enable default password.
3. KSB - Kernel Socks Bouncer 2.6.10
By: Paolo Ardoino
Relevant URL: http://ardoino.altervista.org/kernel.php
Platforms: Linux
Summary:
KSB26 [Kernel Socks Bouncer] is Linux Kernel 2.6.x patch that redirects full tcp connections [SSH, telnet, ...] to follow through socks5. KSB26 uses a character device to pass socks5 and target ips to the Linux Kernel. I have choosen to write in kernel space to enjoy myself [I know that there are easier and safer ways to write this in userspace].
4. DigSig 1.3.2
By:
Relevant URL: http://sourceforge.net/projects/disec/
Platforms: Linux
Summary:
DigSig Linux kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verify this signature before loading the binary. Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Torjan programs and backdoors from running on the system.
5. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to combine
ease of use with powerful features, serving both desktop users and administrators.
6. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system that monitors any type of logged data from IP networked equipment and reports it via E-mail and web pages. Current conditions and history from systems based on Windows NT/2000 and UNIX can be tracked and reported. Most major server, switch and router systems can be monitored, without running agents on the target systems.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: Black Hat
Make plans now to attend the Black Hat Briefings & Training Europe, March
29-April 1 in Amsterdam, the world's premier technical security event.
Featuring 30 speakers in four tracks, 10 training sessions, with 250
delegates from 20 nations attending. Learn about the technical security
market drivers in the European market. Visit www.blackhat.com for
information or to register.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050308
------------------------------------------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------