SecurityFocus Linux Newsletter #50

From: John Boletta (jboletta@securityfocus.com)
Date: 10/15/01

Previous message: John Boletta: "SecurityFocus Linux Newsletter #49"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 15 Oct 2001 11:25:02 -0600 (MDT)
From: John Boletta <jboletta@securityfocus.com>
To: <linux-secnews@securityfocus.com>
Subject: SecurityFocus Linux Newsletter #50
Message-ID: <Pine.GSO.4.30.0110151124190.24229-100000@mail>

SecurityFocus Linux Newsletter #50
----------------------------------

This newsletter is sponsored by: SecurityFocus
(http://www.securityfocus.com)

SPECIAL OFFER: Upgrade now to a better class of security intelligence for
the same price you're paying your current provider.

SecurityFocus announces an opportunity for you to move from your current
security alert service provider to SecurityFocus SIA, the best Security
Intelligence Alert service available. SecurityFocus is offering you the
opportunity to have one year of our unmatched Security Intelligence Alert
service delivered to you at the same price as your existing service. Offer
now extended to October 15th, due to popular demand.

SIA eliminates the need to dedicate your valuable staff resources to sift
through the mountain of potential threats to evaluate the latest important
security information.

   Features and Benefits
     *Largest Resource of Vendor and Product Vulnerabilities
     *More than 700 vendor and 1,300 product vulnerabilities tracked
      continuously
     *Security experts on staff seven days a week monitoring
      vulnerabilities worldwide.
     *Detailed, Configurable Alerts
     *Targeted to the IS managers responsible for maintaining specific
      applications, systems, or networks
     *Automatic dissemination of vulnerability information to the
      responsible entity within the enterprise
     *Detailed patch and release information is provided in the
      vulnerability to eliminate fumbling through vendor sites looking for
      downloads

This offer is limited to up to 10 seats. Proof of current Service Level
Agreement with 3rd party vendor is required. Voice/fax/SMS alert delivery
subject to additional fees.

In order to take advantage of this limited time offer, contact us at
+1.650.655.6300 or <siasales@securityfocus.com> or visit us on the web at
http://www.securityfocus.com/intelligence/

-------------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Win timely, customized vulnerability alerts from SecurityFocus
     2. The Value of Honeypots, Part One: Definitions and Values of
        Honeypots
     3. Comparing E-mail Server Virus Protection Solutions
II. LINUX VULNERABILITY SUMMARY
     1. SuSE LPROld Remote File Ownership Changing Vulnerability
     2. Linux 2.4 Kernel MAC Module Filtering Bypassing Vulnerability
     3. RedHat Setserial Init Script Predictable Temporary File...
     4. Util-Linux Login Pam Privilege Elevation Vulnerability
III. LINUX FOCUS LIST SUMMARY
     1. Login Control (Thread)
     2. blocking ip's with proftpd (Thread)
     3. 2.4.11 issues (Thread)
     4. LPD: Summary, fury and more (Thread)
     5. kazaa,gnutella,aimster blocks (Thread)
     6. Identd DoS Attacks (Thread)
     7. Root can't delete files (Thread)
     8. Securing a wireless LAN (Thread)
     9. linux firewal and ipsec (Thread)
     10. LPD configuration (Thread)
     11. AW: Root can't delete files (Thread)
     12. Root umask problems in XFS 1.0.1 kernel 2.4.5-xfs-1.0.1...
     13. AW: Unknown Process (Thread)
     14. Reasonable precautions (Thread)
     15. LPD configuration + (Thread)
     16. Unknown Process (Thread)
     17. qmail file filter (Thread)
     18. Weird stuff in Apache logs... what is this junk? (Thread)
     19. Good Systems Administration Practise (Thread)
     20. Emergency kit? (Thread)
     21. That don't look good! (Thread)
     22. Fwd: Weird stuff in Apache logs... what is this junk? (Thread)
     23. More on procmail filters (Thread)
     24. iptables logging methods (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. Aventail ExtraNet Center
     2. NetMAX FireWall
     3. Immunix
     4. Guardian Digital Linux Lockbox
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Network Packet Capture Facility for Java v0.01.10
     2. Security Enhanced Linux v200108221537
     3. Devil-Linux v0.44
     4. Hping - Linux v2.0
VI. SPONSORSHIP INFORMATION

I. FRONT AND CENTER
-------------------
1. Enter to win timely, customized, product-specific
vulnerability alerts with SecurityFocus SIA 2.0!

Why dedicate hours each day to track your IT vulnerabilities, when you can
get one-year free SecurityFocus SIA?

Receive timely, product-specific information about threats and emerging
security vulnerabilities before they become widely known by hackers. Get
them delivered to your desktop - tailored specifically for your network.

Stop searching through hundreds of e-mails and dozens of websites.
SecurityFocus SIA delivers only those alerts relevant to your systems.

Fix and patch your system's vulnerabilities before the attackers find
them. Now, how would you like to get this all for FREE?

Stop by the SecurityFocus booth at either the SANS, Network Security
<http://www.sans.org/NS2001/NS2001.htm>,
San Diego, California, October 16-17, 2001 (booth 414) or
CSI, Computer Security Conference and Expo
<http://www.gocsi.com/28th_annual/>,
Washington, DC, October 28-30 (booth 1601)
tradeshows this October and enter to win a one-year subscription of the
latest edition of SecurityFocus Security Intelligence Alert
<http://www.securityfocus.com/premier/> - the leading Vulnerability Alert
Service. Liberate your IT staff to let them focus on managing your
network.

2. The Value of Honeypots, Part One: Definitions and Values of Honeypots
by Lance Spitzner with extensive help from Marty Roesch

Over the past several years there has been a growing interest in honeypots
and honeypot-related technologies. Honeypots are not a new technology,
they were first explained in a couple of very good papers by several icons
in computer security: Cliff Stoll's book "The Cuckoo's Egg", and Steve
Bellovin and Bill Cheswick's "An Evening with Berferd." This two-part
series will attempt to take these works further and discuss what honeypots
are, how they can add value to an organization, and several honeypot
solutions. There are a variety of misconceptions on what a honeypot is,
how it works, and how it adds value. It is hoped that this series will
help clear up these issues.

http://www.securityfocus.com/cgi-bin/infocus.pl?id=1492

3. Comparing E-mail Server Virus Protection Solutions
by Robert Grupe

So you've been assigned the task of selecting virus protection for your
messaging and groupware server. Or maybe you already have a solution in
place, but are having second thoughts because your organisation seems to
be disrupted by new viruses more than it should be. This article is the
first of a two-part series that is intended to help readers assess and
evaluate AV solutions. This installment will help readers to assess their
AV needs and point out a few things to look for in AV products.

http://www.securityfocus.com/cgi-bin/infocus.pl?id=1494

II. BUGTRAQ SUMMARY
-------------------
1. SuSE LPROld Remote File Ownership Changing Vulnerability
BugTraq ID: 3417
Remote: Yes
Date Published: 2001-10-10 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3417
Summary:

SuSE Linux is a freely available, open source implementation of the Linux
Operating System, a UNIX clone. It is maintained and distributed by SuSE.

A problem with the lprold package has been discovered that could allow
remote users to gain unauthorized access to system files. This could
additionally result in elevated privileges on the local system.

The problem is due to a design error in lprold. Upon generating a
custom-crafted malicious request, it is possible for a remote user to
change the ownership of files on the local system. This can allow a
remote user to change the ownership of any root-owned file to possession
of a non-privileged user on the local system.

This vulnerability can only be taken advantage of if the system the attack
is being launched from is listed in the /etc/hosts.equiv, or
/etc/hosts.lpd file.

2. Linux 2.4 Kernel MAC Module Filtering Bypassing Vulnerability
BugTraq ID: 3418
Remote: Yes
Date Published: 2001-10-10 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3418
Summary:

The Linux Kernel is the core of all Linux-based operating systems. It is
maintained by public domain, and steered by Linus Torvalds.

A problem in the Netfilter functions of the Linux Kernel could allow a
remote user intended access to sensitive systems. The problem is due to
the insufficient checking of fragmented packets.

Netfilter, the Linux Kernel firewall package, offers new functionality
that allows the filtration of TCP/IP packets on the basis of Media Access
Control (MAC) addresses. This can be used to restrict systems from
accessing certain resources on the basis of a semi-permanent
identification means (MAC addresses can be changed or aliased in the Linux
Kernel).

When a system creates small packets, or fragments of packets, to
communicate with another system that has restricted communication on the
basis of MAC address, it is possible to bypass filtering. The filter does
not acknowledge the MAC entry in the packet headers.

This could allow a system on a local segment of network to gain unintended
access to a system by setting a much lower MRU than the rest of the
network. This attack will not work across routers and switches, as MAC
addressing is a layer-two protocol.

3. RedHat Setserial Init Script Predictable Temporary File Vulnerability
BugTraq ID: 3367
Remote: No
Date Published: 2001-09-26 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3367
Summary:

Red Hat Linux is a freely available clone of the UNIX Operating System,
distributed by Red Hat Incorporated.

A problem with the serial port support in the distribution could make it
possible for a user to overwrite arbitrary files. This could result in a
denial of service.

The problem is related to the creation of temporary files, and occurs only
under certain circumstances. If a user has recompiled their kernel to
enable modular serial support in the kernel, and the rc.serial script has
been copied to /etc/rc.d/init.d/serial, the system is vulnerable to a race
condition error.

When executed, the serial init script creates temporary files in a
predictable manner. As these scripts are executed with root privileges
during system bootstrap, it may be possible for a user to overwrite
root-owned files. By guessing the name of a future temporary file, and
creating a symbolic link, a user can overwrite the file at the end of the
symbolic link.

This makes it possible for attackers to deny service to other users of the
system and potentially gain elevated privileges.

4. Util-Linux Login Pam Privilege Elevation Vulnerability
BugTraq ID: 3415
Remote: No
Date Published: 2001-10-09 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3415
Summary:

util-linux is a freely available, open source software package that
provides some implementations of standard UNIX utilities, such as login.

A problem in the package could allow a local user to gain elevated
privileges. This is due to unpredicted interaction with the PAM
utilities.

It is possible for a user to log into a system, and gain elevated
privileges at login. When the number of users of a certain group are
being limited via the pam_limits module, and access the system via a
utility that uses login, the user may be granted arbitrary rights.

This makes it possible for a user with legitimate access to the system to
gain elevated privileges, and potentially access sensitive information or
programs. The user could gain the rights of console, or potentially pts/0
rights.

IV. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Login Control (Thread)
Relevant URL:

http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.LNX.4.40.0110112325560.31617-100000@varg.wolfpack&threads=1

2. blocking ip's with proftpd (Thread)
Relevant URL:

20011011232503.Q26922-100000@lust.houseofsloth.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011011232503.Q26922-100000@lust.houseofsloth.net&threads=1

3. 2.4.11 issues (Thread)
Relevant URL:

200110112255.f9BMtxW05377@rdb.linux-help.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=200110112255.f9BMtxW05377@rdb.linux-help.org&threads=1

4. LPD: Summary, fury and more (Thread)
Relevant URL:

Pine.LNX.4.33.0110112222300.1024-100000@mbu.iisc.ernet.in&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.LNX.4.33.0110112222300.1024-100000@mbu.iisc.ernet.in&threads=1

5. kazaa,gnutella,aimster blocks (Thread)
Relevant URL:

http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=004101c152c1$72085900$9b5da7d1@h8x9c6&threads=1

6. Identd DoS Attacks (Thread)
Relevant URL:

864rp6rnxi.fsf@potato.vegetable.org.uk&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=864rp6rnxi.fsf@potato.vegetable.org.uk&threads=1

7. Root can't delete files (Thread)
Relevant URL:

200110111820.f9BIKoW14977@rdb.linux-help.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=200110111820.f9BIKoW14977@rdb.linux-help.org&threads=1

8. Securing a wireless LAN (Thread)
Relevant URL:

E15rlvv-0007tx-00@schizo.psychosis.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=E15rlvv-0007tx-00@schizo.psychosis.com&threads=1

9. linux firewal and ipsec (Thread)
Relevant URL:

COEMKDOLEHFJFHGFNILJOEIBCCAA.klika@funtech.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=COEMKDOLEHFJFHGFNILJOEIBCCAA.klika@funtech.com&threads=1

10. LPD configuration (Thread)
Relevant URL:

20011011145610.A149368@messi.uku.fi&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011011145610.A149368@messi.uku.fi&threads=1

11. AW: Root can't delete files (Thread)
Relevant URL:

2D5914BDC6D4D411998200008368A2C8B6FE04@HEW01EXHN1.hew.de&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=2D5914BDC6D4D411998200008368A2C8B6FE04@HEW01EXHN1.hew.de&threads=1

12. Root umask problems in XFS 1.0.1 kernel 2.4.5-xfs-1.0.1 (Thread)
Relevant URL:

200110102226.f9AMQtW21049@rdb.linux-help.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=200110102226.f9AMQtW21049@rdb.linux-help.org&threads=1

13. AW: Unknown Process (Thread)
Relevant URL:

20011010220838.D6CFE8F38F@outgoing.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011010220838.D6CFE8F38F@outgoing.securityfocus.com&threads=1

14. Reasonable precautions (Thread)
Relevant URL:

Pine.LNX.4.33.0110101431520.12296-100000@sanyu1.sanyutel.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.LNX.4.33.0110101431520.12296-100000@sanyu1.sanyutel.com&threads=1

15. LPD configuration + (Thread)
Relevant URL:

Pine.LNX.4.33.0110100903340.32710-100000@mbu.iisc.ernet.in&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.LNX.4.33.0110100903340.32710-100000@mbu.iisc.ernet.in&threads=1

16. Unknown Process (Thread)
Relevant URL:

F9B05628BAE2414A99980964199E954A01CE20@VOYAGER.brisbane.hatfields.com.au&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=F9B05628BAE2414A99980964199E954A01CE20@VOYAGER.brisbane.hatfields.com.au&threads=1

17. qmail file filter (Thread)
Relevant URL:

3BC37893.4475B189@spamless.genwax.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=3BC37893.4475B189@spamless.genwax.com&threads=1

18. Weird stuff in Apache logs... what is this junk? (Thread)
Relevant URL:

F9B05628BAE2414A99980964199E954A01CE1C@VOYAGER.brisbane.hatfields.com.au&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=F9B05628BAE2414A99980964199E954A01CE1C@VOYAGER.brisbane.hatfields.com.au&threads=1

19. Good Systems Administration Practise (Thread)
Relevant URL:

http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.GSO.4.32.0110091032060.3596-100000@saturn&threads=1

20. Emergency kit? (Thread)
Relevant URL:

1002640730.3bc3155a1add9@mail.ph.utexas.edu&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=1002640730.3bc3155a1add9@mail.ph.utexas.edu&threads=1

21. That don't look good! (Thread)
Relevant URL:

http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=315154A4F911D2118D9E00805FA9C2C62A6B23@nt0016a03&threads=1

22. Fwd: Weird stuff in Apache logs... what is this junk? (Thread)
Relevant URL:

200110090124.f991Oe326927@rdb.linux-help.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=200110090124.f991Oe326927@rdb.linux-help.org&threads=1

23. More on procmail filters (Thread)
Relevant URL:

20011006215609.A8721@mediabang.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011006215609.A8721@mediabang.com&threads=1

24. iptables logging methods (Thread)
Relevant URL:

20011006135801.2c447a8b.rdicaire@ardynet.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011006135801.2c447a8b.rdicaire@ardynet.com&threads=1

IV. NEW PRODUCTS FOR LINUX PLATFORMS
----------------------------------------
1. Aventail ExtraNet Center
by Aventail
Relevant URL:
http://www.aventail.com/solutions/
Platforms: Linux, Solaris, Windows NT, Windows 2000, Windows 3.x, POSIX,
AIX, HP-UX, MacOS, DG-UX, UNICOS
Summary:

Aventail ExtraNet Center is simple to deploy and requires no changes to
your partner's network, applications, or firewall configuration. This
simplifies the political challenges of the extranet, speeds deployment
times to days not months, thus increasing your competitive advantage.
Customer Service: By their very nature, extranets bring key partners and
customers to valuable resources. Aventail ExtraNet Center's client runs
transparently in the background and requires no contact with the user
beyond authentication. This increases the value of the partner extranet
while lowering corporations' support costs. And, it's not just HTTP,
Aventail ExtraNet Center provides security and management for any IP
application.

2. NetMAX FireWall
by Cybernet Systems
Relevant URL:
http://www.netmax.com/products/index.html
Platforms: Linux, Solaris, FreeBSD, Windows NT, BSDI, MacOS, SINIX
Summary:

NetMAX FireWall is a firewall and a router in one integrated product. The
NetMAX FireWall includes and easily installs all necessary software in
about 15 minutes. The product includes a Linux operating system based on
the Red Hat distribution or FreeBSD, the packet firewall package, and the
routing package. All of the services are pre-configured and integrated
into the FireWall product. The point and click HTML based interface makes
running a server as easy as browsing the web.

3. Immunix
by WireX
Relevant URL:
http://www.immunix.org/
Platforms: Linux, MacOS
Summary:

"Immunix" is a family of tools designed to enhance system integrity by
hardening system components and platforms against security attacks. The
Immunix OS is a Linux platform hardened with the Immunix tool set.

4. Guardian Digital Linux Lockbox
by Guardian Digital, Inc.
Relevant URL:
http://www.guardiandigital.com/lockbox.html
Platforms: Linux, MacOS Score: Not scored yet
Summary:

The Guardian Digital Linux Lockbox is the first open source network server
appliance designed to serve as a complete e-business solution. Powering
the Lockbox is EnGarde, Guardian Digital's Linux, engineered to achieve
the level of security required to conduct e-business.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Network Packet Capture Facility for Java v0.01.10
by patrick charles
Relevant URL:
http://www.securityfocus.com/data/tools/jpcap-0.01.10.tar.gz
Platforms: Linux, Solaris, SunOS
Summary:

Network Packet Capture Facility for Java is a set of Java classes that
provide an interface and system for network packet capture. A protocol
library and tool for visualizing network traffic is included. It utilizes
libpcap, a widely used system library for packet capture.

2. Security Enhanced Linux v200108221537
by NSA
Relevant URL:
http://www.nsa.gov/selinux/download2.html
Platforms: Linux
Summary:

As part of its Information Assurance mission, the National Security Agency
(NSA) has long been involved with the computer security research community
in investigating a wide range of computer security topics including
operating system security. Recognizing the critical role of operating
system security mechanisms in supporting security at higher levels,
researchers from the NSA's Information Assurance Research Office have been
investigating an architecture that can provide the necessary security
functionality in a manner that can meet the security needs of a wide range
of computing environments.

3. Devil-Linux v0.44
by Heiko Zuerker heiko@devil-linux.org
Relevant URL:
http://www.devil-linux.org/download.htm
Platforms: Linux
Summary:

Devil-Linux is a special Linux distribution which is used for
firewalls/routers. The goal of Devil-Linux is to have a small,
customizable, and secure Linux system. Configuration is saved on a floppy
disk, and it has several optional packages.

4. Hping - Linux v2.0
by Salvatore Sanfilippo of Intesis SECURITY LAB
Relevant URL:
http://www.securityfocus.com/tools/221
Platforms: Linux
Summary:

Packet Filter, latency testing tool. Similar to Firewalk although not as
advanced.

VI. SPONSORSHIP INFORMATION
---------------------------
This newsletter is sponsored by: SecurityFocus
(http://www.securityfocus.com)

SPECIAL OFFER: Upgrade now to a better class of security intelligence for
the same price you're paying your current provider.

SIA eliminates the need to dedicate your valuable staff resources to sift
through the mountain of potential threats to evaluate the latest important
security information.

This offer is limited to up to 10 seats. Proof of current Service Level
Agreement with 3rd party vendor is required. Voice/fax/SMS alert delivery
subject to additional fees.

In order to take advantage of this limited time offer, contact us at
+1.650.655.6300 or <siasales@securityfocus.com> or visit us on the web at
http://www.securityfocus.com/intelligence/

Previous message: John Boletta: "SecurityFocus Linux Newsletter #49"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]