SecurityFocus Linux Newsletter #108

SecurityFocus Linux Newsletter #108

This Issue is Sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide. Get your copy today at

https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. SQL Injection and Oracle
2. Complete Snort-based IDS Architecture, Part Two
3. Caught in a BIND
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. LINUX VULNERABILITY SUMMARY
6. Multiple Unspecified Opera 7 Vulnerabilities
7. Netscape/Mozilla JAR Remote Heap Corruption Vulnerability
8. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability
9. Nullmailer Invalid User Denial Of Service Vulnerability
10. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability
11. DHCPCD Character Expansion Remote Command Execution Vulnerability III. LINUX FOCUS LIST SUMMARY
12. iptables REJECT types for UDP (if any) (Thread)
13. DeepSight Analyzer 4.0 Announcement (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORM
14. QuickStart Data Rescue
15. BRU Desktop
16. ServerCluster
17. NEW TOOLS FOR LINUX PLATFORMS
18. guard bash v1.0
19. Paketto Keiretsu v1.0
20. mod_authenticache v2.0.6
21. SNMP Trap Translator v0.4 VI. SPONSOR INFORMATION
22. FRONT AND CENTER

    ---

23. SQL Injection and Oracle By Pete Finnigan

This is the first article in a two-part series that will examine SQL injection attacks against Oracle databases. The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack.

http://online.securityfocus.com/infocus/1644

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Complete Snort-based IDS Architecture, Part Two by Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin

Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This is second part of a two-part article that will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. In this installment we shall discuss Web interface configuration, summaries and daily reporting, automated attack response, sensor installation, installation of the central station, and big distributed IDS systems.

http://online.securityfocus.com/infocus/1643

3. Caught in a BIND
By Jon Lasser

How did one of the Internet's most ubiquitous software packages grow up to be chronically insecure? History offers a lesson.

http://online.securityfocus.com/columnists/125

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Multiple Unspecified Opera 7 Vulnerabilities BugTraq ID: 6184 Remote: Yes Date Published: Nov 14 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6184 Summary:

Opera is web browser software which is available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A reliable source has announced two major unspecified vulnerabilities in the beta version of Opera 7. It has been reported that these issues in combination may allow attackers to gain full read access to a client filesystem or may allow scripting across any domain. It may also be possible to view websites that a user of the client visits.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit these issues by embedding malicious script code in a webpage.

This record will be updated when further details become publicly available.

Opera 7 is only available for Microsoft Windows platforms at the time of writing. These issues are not present in earlier versions of the browser.

2. Netscape/Mozilla JAR Remote Heap Corruption Vulnerability BugTraq ID: 6185
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6185
Summary:

Netscape and Mozilla are freely available web browsers. They are available for various platforms including Linux variant and Microsoft Windows operating systems.

A heap corruption vulnerability has been reported for Mozilla and Netscape browsers.

The vulnerability is present in the JAR (Java Archive) URI handler used by Netscape and Mozilla. The vulnerability is due to inadequate checks when decompressing JAR files.

An attacker can exploit this vulnerability by creating a malformed JAR file that contains invalid information about the sizes of the files it contains. When a victim user is enticed to view a file contained within the malformed JAR file, the vulnerable browser will attempt to decompress the JAR file. During decompression, proper bounds checking of inflated data against the allocated buffer is not performed. Consequently, an overrun condition in the heap can occur. This may be exploited by attackers to cause code to be executed.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can overwrite arbitrary values in heap memory to execute malicious attacker-supplied code.

3. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability BugTraq ID: 6190
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6190
Summary:

Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms.

A problem with Zeroo HTTP server could lead to remote code execution.

It has been reported that Zeroo HTTP server does not sufficiently check bounds on some requests. This occurs when a string of excessive length is received by the server. This can result in the overwriting of stack memory, and potential code execution.

It is not required that this data be sent in HTTP request format. Sending a string of 1024 bytes or greater to the server without structure has been reported to reproduce this issue.

Previous versions of the software may also be affected.

4. Nullmailer Invalid User Denial Of Service Vulnerability BugTraq ID: 6193
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6193
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Nullmailer is a simple relay-only mail transport agent. It is available for the Unix and Linux operating systems.

A denial of service vulnerability has been discovered in nullmailer.

When attempting to deliver an email message to a non-existent user, an unknown user error will occur. Upon processing this error nullmailer will cease to deliver any pending mail in the mail queue.

By crafting a malicious email to a non-existent user on a vulnerable system, it is possible for an attacker to exploit this issue. This will result in a denial of service as nullmailer will fail to deliver any email.

This issue was reported in v1.00RC5 of nullmailer. It is not yet known whether earlier versions are affected.

5. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability BugTraq ID: 6195
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6195
Summary:

phpBB2 is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

A cross site scripting vulnerability has been discovered in the 'viewtopic.php' script included with phpBB2.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web forum.

This may allow for theft of cookie-based authentication credentials and other attacks.

This vulnerability was reported for phpBB 2.0.3. Other versions may also be affected.

6. DHCPCD Character Expansion Remote Command Execution Vulnerability BugTraq ID: 6200
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6200
Summary:

dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon. It is available for the Linux operating system. dhcpcd must be run with root privileges.

When assigning an IP address to a network interface, dhcpcd may execute an external script, '/sbin/dhcpd-<interface>.exe'. This is an optional configuration that must be setup manually on Conectiva systems (others are not confirmed) by copying the script into /sbin/.

The script 'dhcpcd-<interface>.exe' uses values from '/var/lib/dhcpcd/dhcpcd-<interface>.info', which originate from the DHCP server. A lack of input validation on this data may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such as ';' and '|'. These commands may run with root privileges.

This issue was discovered in dhcpd-1.3.22-pl1.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. LINUX FOCUS LIST SUMMARY

1. iptables REJECT types for UDP (if any) (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/300664

2. DeepSight Analyzer 4.0 Announcement (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/300492

IV. NEW PRODUCTS FOR LINUX PLATFORM

1. QuickStart Data Rescue by TOLIS Group Platforms: FreeBSD, Linux, Netware, OpenBSD, OS/2, SCO, Solaris, Unixware, Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.tolisgroup.com/qsdr3.html Summary:

QuickStart Data RescueTM is a PC crash and disaster recovery utility that recovers damaged systems while virtually eliminating the human error associated with the process. And, you can even recover to a larger hard disk! QuickStart Data RescueTM is a self-contained product. Other disaster recovery products rely on interaction with some other utility or application, or require a base OS reinstall, in order to do their job. QuickStart can write an image backup of the disk to the target device, and verify the backup for accuracy as well as manage the disaster recovery process. Used independently, or in conjunction with your normal backup procedure, QuickStart gets you up and running simply and effectively.

2. BRU Desktop
by TOLIS Group
Platforms: AIX, BSDI, FreeBSD, HP-UX, IRIX, Linux, OpenBSD, SCO, Solaris, True64 UNIX
http://www.tolisgroup.com/bru_dt3.html
Summary:

BRU Desktop 17.0 Backup & Restore Utility is a very cost-effective backup solution for SOHO (Small Office/Home Office) commercial applications. Delivering the full power, reliability, and functionality of BRU Workstation without the associated cost of network components, BRU Desktop supports single systems with locally attached archive devices. Licensed for commercial use, BRU Desktop shares the same proven data verification and error detection and recovery functionality of BRU Workstation.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. ServerCluster
by Stonesoft
Platforms: Linux, Solaris
http://www.stonesoft.com/products/ServerCluster/ Summary:

ServerCluster is a High Availability software solution that: &#x2022;

• clusters up to 32 servers and applications such as databases, web, mail etc. &#x2022;
• Provides continuous 24x7 monitoring with comprehensive fault detection and automated failover to secondary nodes in the cluster and therefore service continuity in the event of a failure, without the need for immediate on-site manual intervention. V. NEW TOOLS FOR LINUX PLATFORMS

  ---

  1. guard bash v1.0 by Alboaie Sînicã Relevant URL: http://www.iprogrammers.ro/guard/ Platforms: Linux, POSIX Summary:

guard bash is a shell wrapper that will execute an authentication phase before any command is executed. It uses a secret (user owned) algorithm method, and has a per user customizable procedure. If you need to connect to your computer from outside of your safe environment, even if you use SSH, you are vulnerable to simple attacks like key sniffing or to more complex attacks against SSH. If you have more than just one authentication method, you can more safely log in your account from an insecure Internet host.

2. Paketto Keiretsu v1.0
by Effugas
Relevant URL:
http://www.doxpara.com
Platforms: POSIX
Summary:

The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.

3. mod_authenticache v2.0.6
by anthonyu
Relevant URL:
http://original.killa.net/infosec/mod_authenticache/ Platforms: UNIX
Summary:

mod_authenticache provides a simple and generic method for caching authentication information on the client side in order to enhance performance. It has been tested with several Basic HTTP authentication modules, and has an Apache 2.0.x optional function exporter for caching credentials from any custom authentication module.

4. SNMP Trap Translator v0.4
by Alex Burger
Relevant URL:
http://snmptt.sourceforge.net
Platforms: Os Independent
Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SNMPTT is an SNMP trap handler written in Perl for use with the NET-SNMP/UCD-SNMP snmptrapd program. Received traps are translated into friendly messages using variable substitution. Output can be to STDOUT, text log file, syslog, MySQL (Linux/Windows), or a Windows ODBC database. User defined programs can also be executed.

VI. SPONSOR INFORMATION

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide. Get your copy today at

https://www.qualys.com/forms/nsguideh_376.php