SecurityFocus Linux Newsletter #58
From: John Boletta (jboletta@securityfocus.com)Date: 12/10/01
- Previous message: jboletta@securityfocus.com: "SecurityFocus Linux Newsletter #57"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Dec 2001 11:04:47 -0700 (MST) From: John Boletta <jboletta@securityfocus.com> To: <linux-secnews@securityfocus.com>
SecurityFocus Linux Newsletter #58
----------------------------------
This issue is sponsored by VeriSign - The Internet Trust Company
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll
learn everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions, secure your corporate intranets and authenticate
your Web sites. 128-bit SSL is serious security for your online business.
Get it now!
http://www.verisign.com/cgi-bin/go.cgi?a=n094465670057000
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Advertising Information
2. An Introduction to IDS
3. The Future of IDS
4. 'Magic Lantern' Rubs the Wrong Way
II. LINUX VULNERABILITY SUMMARY
1. fml Mailing List HTML Injection Vulnerability
2. OpenSSH UseLogin Environment Variable Passing Vulnerability
3. XTel XTel-User Tempory File Race Condition Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Easily configurable firewall? (Thread)
2. Spam Filter Software User-User (Thread)
3. Spam filter software (Thread)
4. Packet filter choice (Thread)
5. buffer overflow question (Thread)
6. FW: Easily configurable firewall? (Thread)
7. Is this Chroot Enviroment Secure? (Thread)
8. Bandwidth management (Thread)
9. pam_wheel.so not logging (Thread)
10. unexpected UNDELIVERED MAIL (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Phoenix Adaptive Firewall
2. Guardian Digital Linux Lockbox
3. F-Secure Anti-Virus for Linux
V. NEW TOOLS FOR LINUX PLATFORMS
1. Stealth HTTP Security Scanner v2.0b36
2. libdvdcss v1.0.0
3. Sniff'em
4. Portable OpenSSH v3.0.2p1
5. IP Sorcery v1.4
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Advertising Information
Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!
SecurityFocus is the Web's most successful security intelligence site,
with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.
To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsales@securityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak directly
with a customer service representative, please call +1(650) 655-6350.
2. An Introduction to IDS
by Paul Innella
Intrusion detection systems, or IDSs, have become an important component
in the Security Officer's toolbox. However, many security experts are
still in the dark about IDS, unsure about what IDS tools do, how to use
them, or why they must. This article will offer a brief overview of
intrusion detection systems, including: a description of what IDSs are,
the functions they serve, the two primary types of IDS, and the different
methods of intrusion detection that they may employ.
http://www.securityfocus.com/infocus/1520
3. The Future of IDS
by Matthew Tanase
Writing about the future is a risky venture. More than likely, one will
end up wrong, or worse yet - so far off that memories of the forecast
bring waves of embarrassment. There is, however, the slightest chance of
success; lucky for me then that the task at hand, a discussion of the
future of Intrusion Detection Systems (IDS), is a bit easier to model.
http://www.securityfocus.com/infocus/1518
4. 'Magic Lantern' Rubs the Wrong Way
by Shane Coursen
The U.S. anti-virus industry can't afford to grant immunity to FBI
spyware.
http://www.securityfocus.com/columnists/44
II. BUGTRAQ SUMMARY
-------------------
1. fml Mailing List HTML Injection Vulnerability
BugTraq ID: 3623
Remote: Yes
Date Published: Dec 05 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3623
Summary:
The fml Mailing List Server is a collection of perl scripts providing
mailing list administration functionality for Linux and other systems.
It includes support for a web based archive.
When index pages are created for these archives, the characters < and >
are not properly escaped in email subject lines. This could lead to the
injection of additional HTML tags, altering the appearance of the
displayed page.
It is possible that javascript commands could be inserted through the mail
subject, exposing anyone viewing the page to a cross-site scripting
attack. This may reveal any sensitive information stored in cookie's used
by the flm domain.
Earlier versions of flm may share this vulnerability.
2. OpenSSH UseLogin Environment Variable Passing Vulnerability
BugTraq ID: 3614
Remote: No
Date Published: Dec 04 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3614
Summary:
OpenSSH is a freely available, open source implementation of the Secure
Shell protocol. It is maintained by members of the OpenBSD team.
A problem has been discovered in OpenSSH that could allow local users to
gain elevated privileges. OpenSSH allows for certain environment
variables to be set when users log in with specific keys. When the server
is configured to use 'login' via the UseLogin config flag, these
environment variables are set for the 'login' process.
This behaviour could be exploited by a local attacker to load arbitrary
shared libraries for 'login' via LD_PRELOAD resulting in the execution of
arbitrary code with elevated privileges.
If the UseLogin flag is set, local users can gain root privileges.
UseLogin is not enabled by default.
3. XTel XTel-User Tempory File Race Condition Vulnerability
BugTraq ID: 3626
Remote: No
Date Published: Dec 05 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3626
Summary:
Xtel is a freely available, open source Linux X emulator for minitel. It
is maintained by public domain.
A problem with Xtel has been discovered that could allow local users to
launch symbolic link attacks. The problem is in the creation of temporary
files.
When executed by a user, Xtel generates files in the /tmp directory with
the name .xtel-$USER, where $USER represents the user executing Xtel.
Xtel does not check for the existance of the .xtel-$USER file prior to
execution, to ensure that it does not exist, or in a worse scenario, does
not exist as a symbolic link.
Therefore, it is possible for a local user to create a symbolic link using
the username of a user of Xtel, and overwrite or corrupt any file
belonging to the user executing Xtel.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Easily configurable firewall? (Thread)
Relevant URL:
200112070809.fB789g815432@gotak.dyn.dhs.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=200112070809.fB789g815432@gotak.dyn.dhs.org&threads=1
2. Spam Filter Software User-User (Thread)
Relevant URL:
3. Spam filter software (Thread)
Relevant URL:
Pine.LNX.4.33.0112062217040.19917-100000@web.cyways.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.LNX.4.33.0112062217040.19917-100000@web.cyways.com&threads=1
4. Packet filter choice (Thread)
Relevant URL:
5. buffer overflow question (Thread)
Relevant URL:
LIEEKOOHFINPMHIJBIDCIEOPCDAA.anish.m@californiadigital.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=LIEEKOOHFINPMHIJBIDCIEOPCDAA.anish.m@californiadigital.com&threads=1
6. FW: Easily configurable firewall? (Thread)
Relevant URL:
Pine.LNX.4.33.0112061444360.18458-100000@abalone.zerobelow.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.LNX.4.33.0112061444360.18458-100000@abalone.zerobelow.org&threads=1
7. Is this Chroot Enviroment Secure? (Thread)
Relevant URL:
1007665920.20045.2.camel@devotchka.sonicopia.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=1007665920.20045.2.camel@devotchka.sonicopia.com&threads=1
8. Bandwidth management (Thread)
Relevant URL:
01120610574504.13978@Iescalibur.topnet.com.br&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=01120610574504.13978@Iescalibur.topnet.com.br&threads=1
9. pam_wheel.so not logging (Thread)
Relevant URL:
20011204115617.0090529f.thiago@ciphertech.com.br&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011204115617.0090529f.thiago@ciphertech.com.br&threads=1
10. unexpected UNDELIVERED MAIL (Thread)
Relevant URL:
3C0BD1CF.AAA0006@pmvp.ca&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=3C0BD1CF.AAA0006@pmvp.ca&threads=1
IV.NEW PRODUCTS FOR LINUX PLATFORMS
-----------------------------------
1. Phoenix Adaptive Firewall
by Progressive Systems
Platforms: Linux, Propietary Hardware
Relevant URL:
http://www.progressive-systems.com/products/phoenix/
Summary:
The Phoenix Adaptive Firewall is a MLSI-based firewall available for Linux
distributions and as a stand alone appliance. Free software evaluations
and GUI demo available on-line.
2. Guardian Digital Linux Lockbox
by Guardian Digital, Inc.
Platforms: Linux
Relevant URL:
http://www.guardiandigital.com/lockbox.html
Summary:
The Guardian Digital Linux Lockbox is the first open source network server
appliance designed to serve as a complete e-business solution. Powering
the Lockbox is EnGarde, Guardian Digital's Linux, engineered to achieve
the level of security required to conduct e-business.
3. F-Secure Anti-Virus for Linux
by F-Secure Corporation
Platforms: Linux
Relevant URL:
http://www.f-secure.com/products/anti-virus/linux.htm
Summary:
F-Secure Anti-Virus for Linux is an easy-to-use and up-to-date virus
scanner that can detect and disinfect viruses effectively. It scans and
removes viruses from networked or stand-alone workstations, and enables
system administrators to scan files on Linux servers that handle Web
sites, ftp sites, or file sharing on a LAN.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Stealth HTTP Security Scanner v2.0b36
by Felipe Moniz, Security Specialist
Relevant URL:
http://www.hideaway.net/stealth
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Stealth 1.0 scans for 2883 HTTP vulnerabilities. This tool is designed
especially for the system administrators, security consultants and IT
professionals to check the possible security holes and to confirm any
present security vulnerabilities that hackers can exploit. Totally free
for commercial and non-commercial use.
2. libdvdcss v1.0.0
by The VideoLAN Team videolan@videolan.org
Relevant URL:
http://www.videolan.org/libdvdcss/
Platforms: BeOS, FreeBSD, Linux, OpenBSD, Windows 2000, Windows 95/98,
Windows NT
Summary:
libdvdcss is a cross-platform library for transparent DVD device access
with on the fly CSS decryption. It currently runs under Linux, FreeBSD,
NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win98, Win2k and MacOS X. It is
used for the vlc DVD player because of its portability and because, unlike
similar libraries, it does not require your DVD drive to be region-locked.
3. Sniff'em
by YASC
Relevant URL:
http://www.sniff-em.com/sniffem.download.html
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Sniff'em is a performance minded Windows based Packetsniffer, a new
network management tool designed from the ground up with ease and
functionality in mind
4. Portable OpenSSH v3.0.2p1
by Damien Miller djm@mindrot.org
Relevant URL:
http://www.openssh.com/portable.html
Platforms: Linux, UNIX
Summary:
This is a Unix/Linux port of OpenBSD's excellent OpenSSH. OpenSSH is a
full implementation of the SSH1 protocol and a 99% implementation of the
SSH 2 protocol, including sftp client and server support.
5. IP Sorcery v1.4
by Case ajz023@motorola .com
Relevant URL:
http://www.legions.org/~phric/ipsorcery.html
Platforms: Linux, POSIX, UNIX
Summary:
IP Sorcery is a TCP/IP packet generator. It has the ability to send TCP,
UDP, and ICMP packets with a GTK+ interface.
VI. SPONSORSHIP INFORMATION
---------------------------
This issue is sponsored by VeriSign - The Internet Trust Company
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll
learn everything you need to know about using 128-bit SSL to encrypt your
e-commerce transactions, secure your corporate intranets and authenticate
your Web sites. 128-bit SSL is serious security for your online business.
Get it now!
http://www.verisign.com/cgi-bin/go.cgi?a=n094465670057000
-------------------------------------------------------------------------------
- Previous message: jboletta@securityfocus.com: "SecurityFocus Linux Newsletter #57"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
