SecurityFocus Linux Newsletter #39
From: Stephen Entwisle (se@securityfocus.com)Date: 07/31/01
- Previous message: DuskDevil: "Re: IPTables Upgrade"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 31 Jul 2001 11:53:33 -0600 (MDT) From: Stephen Entwisle <se@securityfocus.com> To: <focus-linux@securityfocus.com> Subject: SecurityFocus Linux Newsletter #39 Message-ID: <Pine.GSO.4.30.0107311153160.13478-100000@mail>
SecurityFocus Linux Newsletter #39
--------------------------------------
This issued sponsored by: SecurityFocus, inc.
Need to keep track of the latest vulnerability information? Short on
time? Let SecurityFocus do the work for you.
SecurityFocus, the leading provider of security intelligence services for
business, offers timely, accurate, comprehensive information on the latest
vulnerabilities for both security product vendors and corporate security
professionals.
Security product and service vendors receive a direct feed of our premium
database that they can incorporate directly into their existing
information infrastructure. Increase the security intelligence you
provide to customers with actionable data from the recognized source for
vulnerability information.
Corporate IT departments can stay ahead of hackers with Security
Intelligence Alerts (SIA), a subscription service that delivers timely
security alerts configured based on the exact systems, software and
networks in your environment. Security staff can focus on repairing
vulnerabilities rather than searching for them.
For more information about the vulnerability database, contact Business
Development at bizdev@securityfocus.com . To learn more about SIA, contact
SIA Sales at siasales@securityfocus.com.
I. FRONT AND CENTER
1. Building a Secure User Environment with SSH ChRootGroups
2. Watch this worm
3. You May Already Be Hacked.
4. Cybercrime Treaty Flawed, But Needed
II. LINUX VULNERABILITY SUMMARY
1. Multiple Linux Vendor Expect Insecure Library Loading Vulnerability
2. Linux UDP Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. IPTables Upgrade (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. ProWall
V. NEW TOOLS FOR LINUX PLATFORMS
1. Stealth HTTP Security Scanner v1.0b30
2. Samhain v1.2.2
3. Modular Syslog v1.06
4. IP Personality 20010724
5. loggrep v0.4
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Building a Secure User Environment with SSH ChRootGroups
Chroot alters the effective root directory of a user or process to one
specified by the root user. Thus far, chroot has not been widely used for
creating secure user environments; the difficulties involved with creating
a functional cage are an obstacle that still needs to be overcome. This
article will provide an overview of SSH ChRootGroups feature; which
provides a quick and easy way for administrators to lock users inside a
chrooted cage.
http://www.securityfocus.com/focus/linux/articles/chroot.html
2. Watch This Worm
By Shane Coursen
The Code Red worm is dangerous because it uses a hacker's technique.
http://www.securityfocus.com/templates/column.html?id=13
3. You may already be hacked.
By Jon Lasser
Rootkits help hackers play hide-and-seek.
http://www.securityfocus.com/templates/columns.html?id=12
4. Cybercrime treaty flawed, but needed
By Mark Rasch
It may be controversial, but the COE treaty is desperately needed to
battle global cybercrime.
http://www.securityfocus.com/template/columns.html?id=11
II. BUGTRAQ SUMMARY
-------------------
1. Multiple Linux Vendor Expect Insecure Library Loading Vulnerability
BugTraq ID: 3074
Remote: No
Date Published: 2001-07-19
Relevant URL:
http://www.securityfocus.com/bid/3074
Summary:
Expect is a freely available tool designed for automating interactive
programs such as telnet, ftp, and so forth. The program was originally
written by Don Libes.
Expect as implemented on some Linux distributions makes it possible to
execute arbitrary code. This may lead to a local user gaining elevated
privileges, and potentially root access. The problem is in the searching
of dynamic libraries.
As implemented on some Linux distributions, when expect is executed, it
searches insecure directories for dynamic libraries before execution.
One such directory is /var/tmp, which on some Linux distributions is a
world-writable temporary directory.
It is possible for a local user to build a malicious library, and place it
in the /var/tmp directory. When a local user executes a program or script
using expect, the malicious library in /var/tmp will be loaded. This
could result in the execution of arbitrary code. Depending on the
privileges of the user, it could also result in a local user gaining
arbitrary administrative access.
2. Linux UDP Denial of Service Vulnerability
BugTraq ID: 3094
Remote: Yes
Date Published: 2001-07-25
Relevant URL:
http://www.securityfocus.com/bid/3094
Summary:
A potential denial of service vulnerability exists in the Linux Kernel.
The problem occurs when a large number of UDP packets are sent to a Linux
system. This can cause the system to use all available CPU resources and
thus become unresponsive.
The attack can be performed by sending UDP packets to any port on the
system, regardless of whether a service is listening on that port. The
system may have to be reset manually if the attack is successful.
Further technical details are forthcoming.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPTables Upgrade (Thread)
Relevant URL:
fc64a8c0@az2600.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d91%26date%3d2001-07-30%26thread%3d002e01c113df$c2e05100$fc64a8c0@az2600.com
IV.NEW PRODUCTS FOR LINUX PLATFORMS
----------------------------------------
1. ProWall
by Protectix
Platforms: Linux
Relevant URL:
http://www.securityfocus.com/products/1231
Summary:
The ProWall is a security solution integrating reliable hardware, Open
Source software and an update service that provides customer-specific
security advisories and firmware updates. The ProWall performs access
control, Network Address Translation and detailed logging.
V.NEW TOOLS FOR LINUX PLATFORMS
------------------------------------
1. Stealth HTTP Security Scanner v1.0b30
by Felipe Moniz
Relevant URL: http://www.securityfocus.com/tools/2109
Platforms: Linux, Windows 2000, Windows 95/98 and Windows NT
Stealth 1.0 scans for 2883 HTTP vulnerabilities. This tool is designed
especially for the system administrators, security consultants and IT
professionals to check the possible security holes and to confirm any
present security vulnerabilities that hackers can exploit. Totally free
for commercial and non-commercial use.
2. Samhain v1.2.2
by Rainer Wichmann (rwichmann@la-samhna.de)
Relevant URL: http://www.securityfocus.com/tools/708
Platforms: AIX, Digital UNIX/Alpha, FreeBSD, HP-UX, Linux, Solaris and Unixware
samhain is a file system integrity checker that can optionally be used as
a client/server application for centralized monitoring of networked hosts.
Databases and configuration files can be stored on the server. In addition
to forwarding reports to the log server via authenticated TCP/IP
connections, several other logging facilities (e-mail, console,
tamper-resistant log file, and syslog) are available. samhain has been
tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
3. Modular Syslog v1.06
by Core-SDI
Relevant URL: http://www.securityfocus.com/tools/2127
Platforms: AIX, FreeBSD, IRIX, Linux, NetBSD, OpenBSD, POSIX, Solaris and SunOS
The modular syslog allows for an easy implementation of input and output
modules. The modules that mantain compatibility with its precursor are
included in the standard distribution along with four modules: om_peo (an
implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity
checking), om_mysql and om_pgsql (modules that sends output to a mysql and
postgresql database, respectively) and om_regex (a module that allows
output redirection using regular expressions).
4. IP Personality 20010724
by Gael Roualland and Jean-Marc Saffroy
Relevant URL: http://www.securityfocus.com/tools/1665
Platforms: Linux
The IP Personality project is a patch to the newer Linux kernels that adds
netfilter functionalities : it enables the emulation of other OSes at the
network level, thus fooling remote OS detection tools such as nmap that
rely on network fingerprinting.
5. loggrep v0.4
by Gerhard Khüny
Relevant URL: http://www.securityfocus.com/tools/2125
Platforms: Linux and UNIX
loggrep greps kernel logfiles for ipchains firewall log entries and
features the ability to filter against given entries (date, IP, port,
etc.). It also features quasi-detection of portscanning, line counts, and
HTML output.
VI. SPONSOR INFORMATION
------------------------
This issued sponsored by: SecurityFocus, inc.
Need to keep track of the latest vulnerability information? Short on
time? Let SecurityFocus do the work for you.
SecurityFocus, the leading provider of security intelligence services for
business, offers timely, accurate, comprehensive information on the latest
vulnerabilities for both security product vendors and corporate security
professionals.
Security product and service vendors receive a direct feed of our premium
database that they can incorporate directly into their existing
information infrastructure. Increase the security intelligence you
provide to customers with actionable data from the recognized source for
vulnerability information.
Corporate IT departments can stay ahead of hackers with Security
Intelligence Alerts (SIA), a subscription service that delivers timely
security alerts configured based on the exact systems, software and
networks in your environment. Security staff can focus on repairing
vulnerabilities rather than searching for them.
For more information about the vulnerability database, contact Business
Development at bizdev@securityfocus.com . To learn more about SIA, contact
SIA Sales at siasales@securityfocus.com.
- Previous message: DuskDevil: "Re: IPTables Upgrade"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
