SecurityFocus Linux Newsletter #61

From: John Boletta (jboletta@securityfocus.com)
Date: 01/03/02


Date: Thu, 3 Jan 2002 07:39:03 -0700 (MST)
From: John Boletta <jboletta@securityfocus.com>
To: <linux-secnews@securityfocus.com>

SecurityFocus Linux Newsletter #61
--------------------------------

Announcing The Security eMarketing Report

SecurityFocus is proud to introduce the Security eMarketing Report, the
monthly electronic publication tailored specifically to the security
professionals who market security products and services on-line.

Along with monthly SecurityFocus Web site traffic statistics, this
publication will feature content written by industry experts on a variety
of topics including, but not limited to:

**Case Studies
**Industry News
**Columnists
**Guest Interviews
**Success Stories
**Techniques

To subscribe this free HTML email publication, please send a blank email
to smr-html-subscribe@securityfocus.com. To contact the editor, please
email smr@securityfocus.com

-------------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Advertising Information
     2. Episode Thirteen: Cabbages and Kings
II. LINUX VULNERABILITY SUMMARY
     1. Plesk Server Administrator PHP Source Disclosure Vulnerability
     2. Les VanBrunt AdRotate Pro SQL Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
     1. Locking Down a Linux Box (Thread)
     2. About SSLproxy running as client? (Thread)
     3. Firewall Rulesets Are Available (Thread)
     4. aide or tripwire (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
     1. NetMAX FireWall
     2. PakSecured Firewall
     3. AntiViral Toolkit Pro (AVP) Z.E.S. Linux
V. NEW TOOLS FOR LINUX PLATFORMS
     1. Linux Intrusion Detection System (LIDS) v1.1.0 for 2.4.16 (2.x)
     2. Linux Port/Socket Pseudo ACLs v2.4.17-14(2.4)
     3. floppyfw v1.9.15
     4. ifmonitor v0.1
VI. SPONSORSHIP INFORMATION

I. FRONT AND CENTER
-------------------
1. Advertising Information

Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!

SecurityFocus is the Web's most successful security intelligence site,
with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.

To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsales@securityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak
directly
with a customer service representative, please call +1(650) 655-6350.

2. Episode Thirteen: Cabbages and Kings
by Robert G. Ferrell

Jake sat at the incarcerated Merv's terminal and scratched his head. The
military security people had told him that this box was sending bursts of
(presumed) classified data to an undisclosed location in another country.
Okay, except that this segment of the network had no physical attachment
to the secured net. In fact, the segment into which this box was plugged
wasn't even on his network map. That was a little disturbing, but not
entirely surprising , since the data telecomm documentation he'd inherited
from his predecessor was a little on the skimpy side.

http://www.securityfocus.com/infocus/1529

II. BUGTRAQ SUMMARY
-------------------
1. Plesk Server Administrator PHP Source Disclosure Vulnerability
BugTraq ID: 3737
Remote: Yes
Date Published: Dec 21 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3737
Summary:

Plesk Server Administrator (PSA) is web based software that enables remote
administration of web servers. It can be used on Linux and other systems
that support PHP.

Due to an input validation error in Plesk Server Administrator, it is
possible for a remote attacker to make a specially crafted web request
which will display PHP source code.

This is acheivable by connecting to a host (using the IP address rather
than the domain name), and submitting a request for a known PHP file along
with a valid username.

http://target/~username/filename.php

There is a potential that this issue may result in sensitive information
being disclosed to attackers, depending on the contents of the script
source code.

2. Les VanBrunt AdRotate Pro SQL Injection Vulnerability
BugTraq ID: 3739
Remote: Yes
Date Published: Dec 24 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3739
Summary:

AdRotate Pro is a freeware collection of Perl scripts designed to deliver
rotating advertising banners on a web page. It includes administrative
tools, and is driven by a MySQL database. It runs on Linux and other
systems that support Perl and MySQL.

AdRotate Pro constructs SQL statements including user supplied input. A
malicious user may be able to supply input including escape characters
such as ' and additional SQL commands, and modify the SQL statement being
passed to the database.

Also, database result sets are later used by some scripts as arguments to
the Perl open() command. If shell escape characters and commands can be
inserted into the database such that they will be used in this context, it
may be possible to execute arbitrary shell commands as the web server
(generally the user 'nobody').

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Locking Down a Linux Box (Thread)
Relevant URL:

http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=004e01c18da3$80bc1500$18d40e3f@nosy&threads=1

2. About SSLproxy running as client? (Thread)
Relevant URL:

http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=003d01c18d16$58374a60$5d01a8c0@nsecure&threads=1

3. Firewall Rulesets Are Available (Thread)
Relevant URL:

Pine.GSO.4.30.0112242314380.8616-100000@mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=Pine.GSO.4.30.0112242314380.8616-100000@mail.securityfocus.com&threads=1

4. aide or tripwire (Thread)
Relevant URL:

20011221152822.A6871@nepomuk.max.uni-duisburg.de&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=91&mid=20011221152822.A6871@nepomuk.max.uni-duisburg.de&threads=1

IV.NEW PRODUCTS FOR LINUX PLATFORMS
----------------------------------------
1. NetMAX FireWall
by Cybernet Systems
Platforms: Linux, FreeBSD, Windows NT, MacOS
Relevant URL:
http://www.netmax.com/products/index.html
Summary:

NetMAX FireWall is a firewall and a router in one integrated product. The
NetMAX FireWall includes and easily installs all necessary software in
about 15 minutes. The product includes a Linux operating system based on
the Red Hat distribution or FreeBSD, the packet firewall package, and the
routing package. All of the services are pre-configured and integrated
into the FireWall product. The point and click HTML based interface makes
running a server as easy as browsing the web.

2. PakSecured Firewall
by Paktronix Systems
Platforms: Linux
Relevant URL:
http://www.paktronix.com/products/pakfirewall.html
Summary:

Our secure firewall systems connect your networks to the Internet without
worry. The PakSecured Firewall can connect over ISDN, 56K-T1/E1 Frame
Relay/Dedicated, dial-on-demand, and any LAN interface supported under
Linux. We use full Policy Routing Security Structures along with the
standard IPChains/NetFilter stateful packet filtering code to provide full
data level protection for your networks. The advanced modular design of
the runtime firewall permits adding a wide array of enhancement functions
on the fly. Report Generators, Specialized Port Forwarders, and Proxy
Inspection Services are among the enhancements offered. Due to the
extensive customization possible under the modular setup we can design and
build an optimal solution for your specific scenario.

3. AntiViral Toolkit Pro (AVP) Z.E.S. Linux
by Kaspersky Labs
Platforms: Linux
Relevant URL:
http://www.kasperskylabs.com/
Summary:

AntiViral Toolkit Pro (AVP) Z.E.S. Linux is a distributive package
containing Linux-based bootable rescue diskette with pre-installed
anti-virus software - AVP for Linux. It is a unique tool, which allows
fast and efficient restoring of booting ability of a computer affected by
a virus attack. It also makes possible to actively neutralise computer
viruses invisible for many anti-virus products on infected systems.

V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Added Dec 27, 2001
Linux Intrusion Detection System (LIDS) v1.1.0 for 2.4.16 (2
by Xie Hua Gang, xhg@gem.ncic.ac.cn
Relevant URL:
http://www.lids.org/
Platforms: Linux
Summary:

The Linux Intrusion Detection System is a patch which enhances the
kernel's security. When it is in effect, chosen files access, all
system/network administration operations, any capability use, raw device,
mem, and I/O access can be made impossible even for root. You can define
which program can access which file. It uses and extends the system
capabilities bounding set to control the whole system and adds some
network and filesystem security features to the kernel to enhance the
security. You can finely tune the security protections online, hide
sensitive processes, receive security alerts through the network, and
more.

2. Linux Port/Socket Pseudo ACLs v2.4.17-14(2.4)
by anthonyu
Relevant URL:
http://original.killa.net/infosec/acls/
Platforms: Linux
Summary:

The Linux Port/Socket Pseudo ACLs patch allows an administrator to
delegate privileges for some protected network resources to non-root
users. The ACLs are generally used to run untrusted or insecure
applications as an unprivileged process, thereby mitigating some
undiscovered denial of service or root compromise. The ACLs cover
protected ports, raw sockets, and packet sockets.

3. floppyfw v1.9.15
by Thomas Lundquist, thomasez@zelow.no
Relevant URL:
http://www.zelow.no/floppyfw/
Platforms: Linux
Summary:

floppyfw is a router and simple firewall on one single floppy. It uses
Linux basic firewall capabilities and have a very simple packaging system.
It is perfect for masquerading and securing networks on ADSL and cable
lines using both static IP and DHCP. It has a simple installation, mostly
only needed to edit one file on the floppy.

4. ifmonitor v0.1
by Edson Medina
Relevant URL:
http://ifmonitor.preteritoimperfeito.com/
Platforms: Linux
Summary:

ifmonitor is a network interface traffic logger and grapher for Linux. It
does not depend on SNMP, and it is written in Perl/PHP. It uses MySQL to
store its logs.

VI. SPONSORSHIP INFORMATION
---------------------------
Announcing The Security eMarketing Report

SecurityFocus is proud to introduce the Security eMarketing Report, the
monthly electronic publication tailored specifically to the security
professionals who market security products and services on-line.

Along with monthly SecurityFocus Web site traffic statistics, this
publication will feature content written by industry experts on a variety
of topics including, but not limited to:

**Case Studies
**Industry News
**Columnists
**Guest Interviews
**Success Stories
**Techniques

To subscribe this free HTML email publication, please send a blank email
to smr-html-subscribe@securityfocus.com. To contact the editor, please
email smr@securityfocus.com

-------------------------------------------------------------------------------