SecurityFocus Linux Newsletter #110

SecurityFocus Linux Newsletter #110

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Barbarians at the Gate: An Introduction to Distributed Denial...
2. Does Research Support Dumping Linux?
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando,FL) II. LINUX VULNERABILITY SUMMARY
5. YaBB YaBB.pl Cross Site Scripting Vulnerability
6. Traceroute-Nanog Hostname Buffer Overflow Vulnerability
7. SuidPerl Information Disclosure Vulnerability
8. Pserv Request Method Buffer Overflow Vulnerability
9. Pserv HTTP Version Specifier Buffer Overflow Vulnerability
10. SquirrelMail read_body.php Cross Site Scripting Vulnerability
11. Linux Netfilter/IPTables IP Queuing Arbitrary Network Traffic...
12. Debian Internet Message Insecure Temporary File Creation...
13. SMB2WWW Remote Command Execution Vulnerability
14. PortailPHP SQL Injection Vulnerability
15. Aldap Contact Manager Authentication Bypass Vulnerability
16. phpBB search.php Cross Site Scripting Vulnerability
17. Exim Internet Mailer Format String Vulnerability
18. Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
19. pWins Web Server Directory Traversal Vulnerability
20. Bogofilter Bogopass Insecure Temporary File Creation...
21. Boozt index.cgi Buffer Overrun Vulnerability
22. Pserv Stream Reading Buffer Overflow Vulnerability
23. Traceroute-Nanog Spray Buffer Overflow Vulnerability
24. Pserv User-Agent HTTP Header Buffer Overflow Vulnerability III. LINUX FOCUS LIST SUMMARY
25. NO NEW POSTS FOR THE WEEK ENDING 12.06.02 IV. NEW PRODUCTS FOR LINUX PLATFORM
26. CaptIO
27. NetMAX VPN Server Suite
28. NetSecure Web
29. NEW TOOLS FOR LINUX PLATFORMS
30. Sniffdet v0.7
31. linksysulator v1.0
32. gateProtect Firewall v3.2 VI. SPONSOR INFORMATION
33. FRONT AND CENTER

    ---

34. Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks By Matthew Tanase

DDoS attacks first made headlines in February 2000. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.

http://online.securityfocus.com/infocus/1647

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Does Research Support Dumping Linux?
By Tim Mullen

Microsoft's security policies are getting better every day, even as a new report slams open-source competitors as security nightmares. But the easy answers aren't always the right ones.

http://online.securityfocus.com/columnists/127

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. YaBB YaBB.pl Cross Site Scripting Vulnerability BugTraq ID: 6272 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6272 Summary:

YaBB (Yet Another Bulletin Board) is freely available web forum software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms.

A cross-site scripting vulnerability has been reported in the YaBB forum
'YaBB.pl' script. This vulnerability is due to insufficient sanitization
of URI parameters.

As a result, it is possible for a remote attacker to create a malicious link to the login page of a site hosting the web forum. The malicious link may contain arbitrary HTML code in URI parameters. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website.

It has been demonstrated that this vulnerability may be exploited to steal cookie-based authentication credentials.

This vulnerability has been reported for YaBB 1 Gold - SP 1. It is not known if other versions are affected.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Traceroute-Nanog Hostname Buffer Overflow Vulnerability BugTraq ID: 6274
Remote: No
Date Published: Nov 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6274
Summary:

Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. This vulnerability affects the Traceroute-Nanog program, written for Unix and Linux operating systems.

A problem with Traceroute-Nanog may make it possible to execute arbitrary code locally on a vulnerable host.

It has been reported that a buffer overflow exists in Traceroute-Nanog. Due to insufficient bounds checking in the Traceroute-Nanog program, a user may execute the program with a hostname of arbitrary length, and cause the overwriting of stack memory within the process. This could result in the execution of attacker-supplied instructions.

This program may present a risk if installed with setuid privileges. By default, this program is installed with setuid privileges on Linux operating systems such as SuSE.

3. SuidPerl Information Disclosure Vulnerability BugTraq ID: 6282
Remote: No
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6282
Summary:

SuidPerl is the Perl interpreter for setuid Perl scripts. It is included with distributions of the Perl package and is available for Linux and Unix variant operating environments.

An information disclosure vulnerability has been reported for SuidPerl. Reportedly, it is possible for an attacker to determine whether files exist in non-accessible directories.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by invoking suidperl with an absolute filename to determine whether the file exists. When run in this manner, suidperl will return with a message that confirms the existence of a file.

Information obtained in this manner may allow an attacker to launch further, potentially damaging, attacks against a vulnerable system.

4. Pserv Request Method Buffer Overflow Vulnerability BugTraq ID: 6284
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6284
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. Reportedly, Pserv reads 1024 bytes at a time from a connected socket but fails to allocate sufficient space in local buffers for the data. Specifically, in the request method, defined in the
'analyzeRequest()' function in 'main.c', Pserv only allocates 16 bytes of
space. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

5. Pserv HTTP Version Specifier Buffer Overflow Vulnerability BugTraq ID: 6285
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6285
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. Reportedly, Pserv reads 1024 bytes at a time from a connected socket but fails to allocate sufficient space in local buffers for the data.

An attacker can exploit this vulnerability by issuing an overly long HTTP request with an invalid HTTP version specifier. Specifically, in the request method, defined in the 'analyzeRequest()' function in 'main.c', Pserv only allocates 16 bytes of space for the data. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

6. SquirrelMail read_body.php Cross Site Scripting Vulnerability BugTraq ID: 6302
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6302
Summary:

SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0. It is available for Linux and Unix based operating systems.

A cross-site scripting vulnerability has been discovered in SquirrelMail. The read_body.php script fails to adequately sanitize content passed to the 'mailbox' and 'passed_id' variables. This makes it possible for an attacker to embed malicious script code in variable parameters.

Processing a malicious email may result in the execution of embedded script code in the users mail client. It may be possible to exploit this issue to obtain sensitive user information such as address books and authentication credentials.

It should be noted that this issue is known to affect SquirrelMail 1.2.9. It has not yet been determined if other versions are affected.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Linux Netfilter/IPTables IP Queuing Arbitrary Network Traffic Reading Vulnerability BugTraq ID: 6305
Remote: No
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6305
Summary:

IPTables and Netfilter are the firewall infrastructure developed for the Linux kernel.

A problem with the IP Queuing module distributed with the packages may make possible the reading of arbitrary network traffic.

The IP Queuing module requires a privileged process to communicate with user space to handle the queuing of network traffic on the local host. Insufficient checking of the integrity of the privileged process is performed. This could lead to a local user gaining access to information meant for the privileged process.

It has been reported that if the privileged process exits, the exit of the process is not tracked. A local user starting a new, unprivileged process with the previous process id of the privileged process would gain access to a limited amount of the network traffic meant for the privileged process. This could allow the user access to sensitive network traffic, and potentially lead to information disclosure.

It should be noted that the limited access to network traffic is dependant on the set queue length, which is typically 1024 bytes.

8. Debian Internet Message Insecure Temporary File Creation Vulnerability BugTraq ID: 6307
Remote: No
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6307
Summary:

IM (Internet Message) provides a series of user interface commands (im* commands) and backend Perl5 libraries to integrate E-mail and NetNews user interface. It is available for the Debian Linux distribution.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in the way Debian Internet Message (IM) creates temporary files. It has been reported that both the impwagent and immknmz utilities are affected.

By anticipating the names used to create files and directories stored in the /tmp, it may be possible for a local attacker to corrupt or modify data as another user. Depending on the actions executed on the temporary file, it may also be possible to disclose sensitive information with permissions of the IM process.

9. SMB2WWW Remote Command Execution Vulnerability BugTraq ID: 6313
Remote: Yes
Date Published: Dec 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6313
Summary:

SMB2WWW is a client for Windows Networks that is accessible through a web browser. It is designed for use with Linux variant operating systems.

A vulnerability has been reported for SMB2WWW. An attacker may be able to exploit this vulnerability to execute commands with the privileges of the
'www-data' user on a vulnerable host.

Precise technical details of this vulnerability are currently unknown. This BID will be updated as more information becomes available.

1. PortailPHP SQL Injection Vulnerability BugTraq ID: 6273 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6273 Summary:

Portail PHP is a Web portal project based PHP and MySQL. It is available for the Linux, Unix, and Microsoft Windows operating systems.

A vulnerability exists in the mod_search module included with PortailPHP. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in the 'index.php' script. Specifically, the 'rech' variable is not sanitized of malicious SQL input. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By injecting SQL code into the 'rech' variable, it may be possible for an attacker to corrupt database information.

1. Aldap Contact Manager Authentication Bypass Vulnerability BugTraq ID: 6310 Remote: Yes Date Published: Dec 03 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6310 Summary:

Aldap is a Web-based contact manager. It is designed for use with Linux variant operating systems.

An authentication bypassing vulnerability has been reported for Aldap. Reportedly, it may be possible for attackers to login to the Aldap contact manager with 'Manager' privileges regardless of the supplied password.

The vulnerability exists in the 'bind()' function in 'config.inc' and is due to the misuse of the '$pass' variable. Specifically, the '$pass' variable is declared twice and as a result is not used in a proper manner. Exploitation of this vulnerability will allow a remote attacker to obtain
'Manager' level privileges on vulnerable installations of Aldap.

This vulnerability was reported for Aldap 0.09.

1. phpBB search.php Cross Site Scripting Vulnerability BugTraq ID: 6311 Remote: Yes Date Published: Dec 03 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6311 Summary:

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

phpBB is prone to cross site scripting attacks. The problem lies in the search.php script which fails to properly sanitize user-supplied input in the 'search_username' parameter.

By exploiting this issue it may be possible to steal a users cookie-based authentication credentials. This could be accomplished by constructing a malicious link containing script code embedded in the 'search_username' parameter.

1. Exim Internet Mailer Format String Vulnerability BugTraq ID: 6314 Remote: No Date Published: Dec 04 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6314 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Exim is a message transfer agent (MTA) developed at the University of Cambridge and available under the GNU Public License. It is available for the Linux operating system.

A format string vulnerability has been discovered in the daemon_go() function used by Exim. The problem occurs while copying the user-supplied
'pid_file_path' variable into a buffer using the sprintf() function. The
variable is copied into 'buff' with no specified format string. This may allow an attacker to insert format string characters into the
'pid_file_path?, which may be used to overwrite memory.

Gaining the ability to overwrite memory may make it possible for a local attacker to execute arbitrary code, with root privileges.

It should be noted that the execution of the daemon_go() function is limited to the user defined as the 'exim-admin-user'. The
'exim-admin-user' must be defined at compile time.

1. Cyrus IMAPD Pre-Login Heap Corruption Vulnerability BugTraq ID: 6298 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6298 Summary:

Cyrus IMAPD is a freely available, open source Interactive Mail Access Protocol (IMAP) daemon. It is available for Unix and Linux operating systems.

A problem discovered in the Cyrus IMAPD server may result in heap corruption.

It has been reported that Cyrus IMAPD does not sufficiently handle overly long strings. In some cases, when a user connects to the daemon, and upon negotiating the connection sends a login string of excessive length, a buffer overflow occurs. This could result in heap corruption and arbitrary words in memory being overwritten.

It should be noted that this vulnerability does not require remote authentication. Exploitation of this vulnerability would result in a user gaining remote access with the privileges of the IMAP daemon. This would minimally give a remote user the ability to read sensitive information such as email, and could lead to further attack and elevated privileges.

1. pWins Web Server Directory Traversal Vulnerability BugTraq ID: 6271 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6271 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

pWins is a Web server implemented using Ruby and Perl. It is designed for use on Linux variant and Microsoft Windows operating environments.

It has been reported that pWins fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root.

An attacker is able to traverse outside of the established web root by using dot-dot-slash (../) directory traversal sequences. An attacker may be able to obtain any web server readable files from outside of the web root directory.

Disclosure of sensitive system files may aid the attacker in launching further attacks against the target system.

This vulnerability has been reported for pWins 0.2.5 for the Microsoft Windows platform.

1. Bogofilter Bogopass Insecure Temporary File Creation Vulnerability BugTraq ID: 6278 Remote: No Date Published: Nov 29 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6278 Summary:

Bogofilter is a package used to filter spam from incoming email. It is available for Linux and Unix variant operating environments. Bogopass is a Perl script included with Bogofilter.

Reportedly, bogopass creates temporary files in a predictable manner. Specifically, temporary files will be created in '/tmp' as
'bogopass.<PID>'. As a result, it is possible for local attackers to read
or corrupt files readable by the bogopass process. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file which is created. Any actions performed by bogopass when it is executed will be performed on the file pointed to by the symbolic link.

An attacker may exploit this vulnerability to read, or corrupt, potentially critical system files.

1. Boozt index.cgi Buffer Overrun Vulnerability BugTraq ID: 6281 Remote: Yes Date Published: Nov 29 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6281 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Boozt is a banner management program available for the Linux operating system.

A buffer overrun has been discovered in the index.cgi script used by Boozt. By passing a string of excessive length, as the value for the $name parameter, to the vulnerable script, it is possible to overwrite a static buffer. This may result in the corruption of sensitive system memory.

By overwriting sensitive memory with attacker-supplied values, it may be possible to direct program flow to execute malicious instructions. Successful exploitation will result in the execution of arbitrary code with the privileges of the Boozt process.

This issue is known to affect Boozt 0.9.8 and it is not known whether other versions are affected.

1. Pserv Stream Reading Buffer Overflow Vulnerability BugTraq ID: 6283 Remote: Yes Date Published: Nov 30 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6283 Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. Pserv reads 1024 bytes from a connected socket. Due to some flaws when processing the data, it may be possible to corrupt sensitive memory on the system stack.

Reportedly, it is possible to overflow a local buffer and corrupt memory by issuing a request that is exactly 1024 bytes. This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

1. Traceroute-Nanog Spray Buffer Overflow Vulnerability BugTraq ID: 6275 Remote: No Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6275 Summary:

Traceroute is a tool that is used to track packets in a TCP/IP network to determine the path of network connections. This vulnerability affects the Traceroute-Nanog program, written for Unix and Linux operating systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with Traceroute-Nanog may make it possible to execute arbitrary code locally on a vulnerable host.

It has been reported that a buffer overflow exists in Traceroute-Nanog. Due to insufficient bounds checking in the Traceroute-Nanog program, a user may execute the program with a spray packets amount of excessive size, and cause the overwriting of stack memory within the process. This could result in the execution of attacker-supplied instructions.

This program may present a risk if installed with setuid privileges. By default, this program is installed with setuid privileges on Linux operating systems such as SuSE.

20. Pserv User-Agent HTTP Header Buffer Overflow Vulnerability BugTraq ID: 6286
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6286
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections.

An attacker can exploit this vulnerability by issuing an overly long HTTP request with an invalid User-Agent header. Specifically, in the request method, defined in the 'analyzeRequest()' function in 'main.c', Pserv only allocates 256 bytes of space for the data that can be as large as 1011 bytes. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

21. Pserv HTTP Request Parsing Buffer Overflow BugTraq ID: 6287
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6287
Summary:

Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections.

An attacker can exploit this vulnerability by issuing an overly long HTTP request. Specifically, in the 'handleMethod()' function in 'main.c', Pserv attempts to concatenate supplied data with the absolute path for the web document root folder. The supplied input may be as large as 1024 bytes, however, Pserv does not take this into account when allocating space on the system stack. Due to this, it may be possible to corrupt sensitive memory on the system stack.

This may cause the web server to exhibit signs of unpredictable behaviour. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code.

III. LINUX FOCUS LIST SUMMARY

1. NO NEW POSTS FOR THE WEEK ENDING 12.06.02

1. CaptIO by Captus Networks Corp. Platforms: Linux http://www.captusnetworks.com/captio.htm Summary:

The CaptIO combines the functions of: -a firewall to manage access to resources -an Intrusion Detection System to prevent attempts to intrude on or shut down your systems -a high performance switch router network load balancing to even out traffic across a network Protection from security attacks originating from: -outside the network -inside the network where most security breaches occur An adaptive firewall that: -works with the dynamic Intrusion Detection System to continuously update against new attacks in near real-time

2. NetMAX VPN Server Suite
by Cybernet Systems
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT http://www.netmax.com/products/vpn_prods.html Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The NetMAX VPN Server Suite simplifies Linux servers by installing a ready-to-configure network security solution consisting of a Virtual Private Network (VPN) server, firewall, router, and proxy/cache server, along with the Linux operating system. NetMAX Internet Appliance Software provides small/medium sized businesses and enterprise workgroups easy use of a browser-based administration and pre-configured suite of applications, along with the strength and reliability of Linux.

3. NetSecure Web
by NetSecure Software
Platforms: AIX, BSDI, Linux, Solaris, Windows NT http://www.netsecuresoftware.com/netsecurenew/Products/NetSecureWeb/netsecureweb.html Summary:

NetSecure Web enables you to create Internet services guaranteeing full protection of your information system network.

* Total access to internal database server
* Fully transparent for internal and external users
* Preserves your private network from intrusion
* Ensures that only authorized requests are delivered
* Easy installation and operation

V. NEW TOOLS FOR LINUX PLATFORMS

1. Sniffdet v0.7 by Ademar de Souza Reis Jr. Relevant URL: http://sniffdet.sourceforge.net Platforms: Linux, POSIX Summary:

Sniffdet is an implementation of a set of tests for remote sniffers detection in TCP/IP network environments. It is composed of a flexible and easy to use library and a console application to run the tests. Major features include several tests for sniffers detection, config file support, output plugins, dropping of root privileges, and general documentation.

2. linksysulator v1.0
by TomK Tech
Relevant URL:
http://tomktech.n3.net
Platforms: Linux
Summary:

Linsysulator is a simple script that utilizes sed, wget, and nmap to automatically find "ope" linksys routers on a given subnet.

3. gateProtect Firewall v3.2
by Till von Rennenkampff
Relevant URL:
http://www.gateprotect.com/trial_down.php Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The "gateProtect Firewall & VPN Server&#8221; with its worldwide unique user interface, has passed several independent tests with best scores. All rules and VPN connections can be defined by drag & drop which only takes a few minutes. It&#8217;s VPN functionality is compatible to all other VPN solutions including Checkpoint VPN-1. All settings can be made intuitively and in several languages.

VI. SPONSOR INFORMATION

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php