SecurityFocus Linux Newsletter #117

SecurityFocus Linux Newsletter #117

This newsletter is sponsored by: Black Hat (http://www.blackhat.com)

Spooked about Windows security? Getting "slammed" hard by worms? Find all of the solutions at Black Hat Windows Security Briefings & Training, February 24-27 in Seattle, the world's premier technical event for Windows security experts.

All of the top experts you've read about recently are speaking. Fully supported by Microsoft, with new MS hosted training sessions just added!

Visit www.blackhat.com to register.

I. FRONT AND CENTER

1. Forensics on the Windows Platform, Part 1
2. The Busy Life of a Welsh Virus-Writer
3. New Book: Hacker's Challenge 2 Test Your Network Security...
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. LINUX VULNERABILITY SUMMARY
6. GNU Mailman 'email' Cross Site Scripting Vulnerability
7. GNU Mailman Error Page Cross Site Scripting Vulnerability
8. slocate Local Buffer Overrun Vulnerability
9. Blackboard Learning System search.pl SQL Injection Variant...
10. Noffle Remote Memory Corruption Vulnerability
11. Sun Java Virtual Machine Illegal Access To Object Methods...
12. Sun JSSE/Java Plug-In/Java Web Start Incorrect Certificate...
13. SpamAssassin BSMTP Mode Buffer Overflow Vulnerability
14. YaBB SE News.PHP Remote File Include Vulnerability
15. FTLS GuestBook Script Injection Vulnerability
16. DotProject Remote File Include Vulnerability
17. MIT Kerberos Key Distribution Center Remote Format String...
18. MIT Kerberos Remote Heap Corruption Vulnerability
19. MIT Kerberos / Key Distribution Center Shared Key User...
20. PLP Tools plpnfsd Syslog Format String Vulnerability III. LINUX FOCUS LIST SUMMARY
21. NIS with local root (Thread)
22. Secure Web-Based Administration (Thread)
23. Administrivia: Trimming replies (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORM
24. McAfee Active Virus Defense Small Business Edition
25. F-Secure Anti-Virus Total Suite
26. eTrust Antivirus
27. NEW TOOLS FOR LINUX PLATFORMS
28. TinyMonitor v0.9b
29. J2SSH v0.0.4
30. Bastille Linux v2.0.4 VI. SPONSOR INFORMATION
31. FRONT AND CENTER

    ---

32. Forensics on the Windows Platform, Part 1 By Jamie Morris

This article, the first in a two-part series about forensics on the Windows platform, will examine the preparatory steps that can be taken by both investigators and system administrators alike. While this series is concerned with Windows-specific investigations, this article will examine some basic, non-technical concepts that are applicable to all forensic investigations.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/infocus/1661

2. The Busy Life of a Welsh Virus-Writer By George Smith

The prison-bound author of the Gokar virus loves shoes, pole dancers and personal self-disclosure. His blog tells all.

http://online.securityfocus.com/columnists/138

3. New Book: Hacker's Challenge 2 Test Your Network Security & Forensic Skills

Do you have what it takes to keep the bad guys out of your network? Find out with the latest edition of this best-selling book featuring 20+ all new hacking challenges for you to solve. Plus, you'll get in-depth solutions for each, all written by experienced security consultants.

For more information visit:
http://shop.osborne.com/cgi-bin/osborne/0072226307.html

4. SecurityFocus DPP Program

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. GNU Mailman 'email' Cross Site Scripting Vulnerability BugTraq ID: 6677 Remote: Yes Date Published: Jan 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6677 Summary:

Mailman is software to help manage email discussion lists, much like Majordomo and SmartList. It is written and maintained by the GNU Project and is available for the Linux and Unix operating systems.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A cross site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of URI parameters. Specifically, the 'email' URI parameter is not correctly filtered for embedded HTML or script code.

As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software. When this link is followed by a web user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

2. GNU Mailman Error Page Cross Site Scripting Vulnerability BugTraq ID: 6678
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6678
Summary:

Mailman is software to help manage email discussion lists, much like Majordomo and SmartList. It is written and maintained by the GNU Project and is available for the Linux and Unix operating systems.

A cross site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of URI parameters. Specifically, the 'language' variable is not sufficiently sanitized before being included in error pages.

As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software. When this link is followed by a web user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that GNU Mailman 2.0.11 is not affected by this issue.

3. slocate Local Buffer Overrun Vulnerability BugTraq ID: 6676
Remote: No
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6676
Summary:

Secure Locate (slocate) provides a secure way to index and quickly search for files on your system. It is available for the Linux and Unix operating systems. Typically slocate is installed with setgid 'slocate' privileges.

A buffer overrun vulnerability has been discovered in slocate. The issue occurs when 1024, or more, bytes of data are supplied to both the regex ('-r') and the parse /etc/updatedb.conf ('-c') command line arguments. This issue occurs due to insufficient bounds checking on user-supplied input.

A malicious local user may be able to exploit this issue to overwrite sensitive locations in memory. For instance, by overwriting the programs instruction pointer it may be possible to redirect program flow to point to attacker-supplied instructions. As slocate is typically installed with setgid privileges, any code execution accomplished by an attacker will be executed with group 'slocate' privileges. An attacker may leverage this privilege escalation to exploit the target system further.

• Conflicting details have been released which provide information reporting that the issue described is not a buffer overflow. Furthermore, the programming error that occurs may not be a security issue and thus not exploitable. 4. Blackboard Learning System search.pl SQL Injection Variant Vulnerability BugTraq ID: 6687 Remote: Yes Date Published: Jan 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6687 Summary:

Blackboard Learning system is a suite of software products available for Microsoft Windows, Linux and Solaris servers that power an "e-Education Infrastructure" for education providers.

Blackboard Learning System, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database.

This vulnerability was reported to exist in the search.pl script file. A remote attacker can exploit this vulnerability to discover the passwords of other users.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability is a variant of the vulnerability described in BID 6655.

This vulnerability was reported for Blackboard Learning System 5.5.1,level 1 and 2. Previous releases may also be affected.

5. Noffle Remote Memory Corruption Vulnerability BugTraq ID: 6695
Remote: Yes
Date Published: Jan 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6695
Summary:

Noffle is a news (nntp) server designed to service few users and low speed dial-up connections to the Internet. It is available for the Unix and Linux operating systems.

A memory corruption bug has been discovered in Noffle. The issue can be triggered remotely and may cause a segmentation violation in the affected server. This issue is likely caused when Noffles is attempting to process a malicious news group or entry.

Although unconfirmed, this issue may be exploitable by a remote attacker to trigger a denial of service or possibly execute arbitrary code. Attacker-supplied instructions would be executed with the privileges of the invoker of Noffle, likely the 'news' user.

The technical details regarding this issue are currently unknown. This BID will be updated when further information becomes available.

6. Sun Java Virtual Machine Illegal Access To Object Methods Vulnerability BugTraq ID: 6681
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6681
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported in the Sun Java Virtual Machine that may allow illegal access to protected fields or methods of an object.

Precise technical details of this vulnerability are not currently known however this vulnerability may have security implications. It may be possible to exploit this vulnerability to gain read/write access to system files despite the security constraints placed on the Applet sandbox. The ability to access protected values may also be leveraged to launch other attacks.

It may be possible to execute commands on target systems if this vulnerability is exploited in conjunction with others.

7. Sun JSSE/Java Plug-In/Java Web Start Incorrect Certificate Validation Vulnerability BugTraq ID: 6682
Remote: Yes
Date Published: Jan 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6682
Summary:

Sun (Java Secure Socket Extension) JSSE is a series of Java packages to facilitate secure network communications. Java Plug-In is software to enhance inter-operability with applets and Java beans. It is included with releases of JRE (Java Runtime Environment). Java Web Start is software to simplify deployment of Java applications, allowing users to launch Java applications from embedded links in webpages.

In the case of JSSE, this may result in untrusted and potentially hostile websites being successfully authenticated for SSL transactions. If successfully exploited, a malicious website may be validated for a SSL transaction and this may lead to further attacks against the user based on the false trust created by this vulnerability. Applications which use JSSE will be prone to this issue.

The vulnerability occurs if an SSLContext was initialized, using the SSLContext.init() method, with an instance of the X509TrustManager implementation. This will result in JSSE to incorrectly call the isClientTrusted() method when determining trust decisions.

Java Plug-In and Java Web Start do not correctly validate signed JAR files. This may result in untrusted and potentially hostile code being treated and therefore executed as though it is trusted. An attacker may exploit this to transmit a signed JAR file containing malicious code to a user of the software, which will appear to be trusted by the software. Any web browsers which are configured to use JRE and include the Java Plug-In or Java Web Start may be prone to this issue.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It is not currently known what circumstances are required to reproduce these conditions. Though not verified, this may be similar to the issue described in BID 5410.

8. SpamAssassin BSMTP Mode Buffer Overflow Vulnerability BugTraq ID: 6679
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6679
Summary:

SpamAssassin is a mail filter to identify and process spam. It is available for Linux and Unix variant operating systems.

A buffer overflow vulnerability has been reported for SpamAssassin. The vulnerability exists when SpamAssassin has been configured for use with BSMTP (Batch Simple Mail Transfer Protocol) processing.

SpamAssassin uses the program spamc to process mail. 'spamc' is the client program that feeds data to the spamd service that processes email. BSMTP processing is enabled by executing spamc with the '-B' option.

The vulnerability occurs when SpamAssassin is escaping '.' characters when processing email headers. Due to insufficient bounds checking performed by the filter, it is possible for a remote attacker to trigger the buffer overflow condition.

An attacker can exploit this vulnerability by composing a malicious email with specific headers. This will cause the buffer overflow condition in the program, spamc. This may result in malicious attacker-supplied code being executed with the privileges of the spamc process.

It should be noted that this issue allows an attacker to write the value of the '.' character to the LSB of the value stored above the affected buffer. Under some circumstances this may be the function's saved frame pointer but the exploitability of this issue is highly volatile.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported to affect SpamAssassin 2.40 to 2.43.

9. YaBB SE News.PHP Remote File Include Vulnerability BugTraq ID: 6674
Remote: Yes
Date Published: Jan 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6674
Summary:

YaBB SE is a freely available, open source port of Yet Another Bulletin Board (YaBB). It is available for a number of platforms include Unix, Linux, and Microsoft Windows operating systems.

A vulnerability has been discovered in YaBB SE. Due to insufficient sanitization of some user-supplied variables by the 'News.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the '$template' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for YaBB SE 1.5.1 and earlier.

1. FTLS GuestBook Script Injection Vulnerability BugTraq ID: 6686 Remote: Yes Date Published: Jan 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6686 Summary:

FTLS Guestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The attacker's script code may be executed in the web client of arbitrary users who view the pages generated by the guestbook, in the security context of the website running the software.

Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials.

This vulnerability was reported for FTLS Guestbook 1.1.

1. DotProject Remote File Include Vulnerability BugTraq ID: 6710 Remote: Yes Date Published: Jan 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6710 Summary:

dotproject is web-based project management software, written in PHP. It is designed to run on Unix and Linux variants.

dotproject is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with dotproject in the 'modules' directory which try to include the file 'classdefs/date.php'.

The following are a list of scripts that are affected:

modules/projects/addedit.php
modules/projects/view.php
modules/projects/vw_files.php
modules/tasks/addedit.php
modules/tasks/viewgantt.php

Under some circumstances, it is possible for remote attackers to influence the include path for 'date.php' to point to an external file on a remote server by manipulating the $root_dir URI parameter.

If the remote file is a malicious PHP script, this may be exploited to execute arbitrary commands in the context of the webserver.

1. MIT Kerberos Key Distribution Center Remote Format String Vulnerabilities BugTraq ID: 6712 Remote: Yes Date Published: Jan 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6712 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret- key cryptography. Kerberos is written and maintained by MIT. It is available for a variety of platforms including the Microsoft Windows, Unix, and Linux operating systems.

A number of vulnerabilities have been reported in the MIT Kerberos Key Distribution Center (KDC). It has been reported that KDC fails to supply sufficient format specifiers when handling user-supplied data. Specifically, principal names supplied by a remote user are handled by functions of the printf family without supplying format specifiers. It has been determined that under some cirumstances an unauthenticated remote user may be able to pass principal names to an affected server.

An attacker could exploit this vulnerability by supplying a maliciously crafted principal name containing format specifiers. By writing attacker-controlled values to memory using the %n format specifier, it may be possible for a remote attacker to execute arbitrary commands.

As this issue affects older releases of Kerberos, a BID may already exist. If this is issue proves to be covered in a previous database entry, this BID will be retired and the correct BID will be updated accordingly.

1. MIT Kerberos Remote Heap Corruption Vulnerability BugTraq ID: 6713 Remote: Yes Date Published: Jan 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6713 Summary:

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret- key cryptography. Kerberos is written and maintained by MIT. It is available for a variety of platforms including the Microsoft Windows, Unix, and Linux operating systems.

A vulnerability has been discovered in MIT Kerberos. It has been reported that, due to insufficient bounds checking and sanitization of user-supplied data, Kerberos is prone to memory corruption.

A remote attacker may trigger this condition my supplying a negative length value in a malicious packet sent to a target server. This may result in insufficient memory being allocated or cause invalid memory to be referenced. Successful exploitation of this issue may result in a denial of service.

Due to the nature of this vulnerability it may be possible for an attacker to create a situation in which sensitive memory could be overwritten. If successful this could allow for the execution of arbitrary code with the privileges of Kerberos. The possibility of exploitation of this issue to execute code, however, has not been confirmed.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

As this issue affects older releases of Kerberos, a BID may already exist. If this is issue proves to be covered in a previous database entry, this BID will be retired and the correct BID will be updated accordingly.

1. MIT Kerberos / Key Distribution Center Shared Key User Spoofing Vulnerability BugTraq ID: 6714 Remote: Yes Date Published: Jan 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6714 Summary:

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret- key cryptography. Kerberos is written and maintained by MIT. It is available for a variety of platforms including the Microsoft Windows, Unix, and Linux operating systems.

A vulnerability has been discovered MIT Kerberos and Key Distribution Center (KDC). It has been reported that a user within a realm implementing shared keys may be able to spoof another legitimate non-local user.

This issue is exploitable due to insufficent realm transit path verification by the affected software.

This vulnerable exists only if non-local principal names are located in the KDC's access control list. The ability to impersonate another legitimate user may be leveraged by an attacker to obtain sensitive information. Under some cirumstances a malicious attacker may be able to impersonate a user with additional privileges to their own.

This issue affects MIT Kerberos 5 release 1.2.2 and earlier. As this issue affects older releases of Kerberos, a BID may already exist. If this is issue proves to be covered in a previous database entry, this BID will be retired and the correct BID will be updated accordingly.

1. PLP Tools plpnfsd Syslog Format String Vulnerability BugTraq ID: 6715 Remote: No Date Published: Jan 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6715 Summary:

PLP Tools is a collection of libraries and utilities for enabling Unix and Linux variant systems to communicate with a Psion palmtop over a serial line. plpnfsd is the server application that allows users to mount Psion filesystems on workstations.

A vulnerability has been reported for plpnfsd that may result in an attacker obtaining elevated privileges on the vulnerable system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Due to a programming error, it may be possible to exploit a format string vulnerability in plpnfsd. A logging function in plpnfsd contains insecure syslog() calls. This could result in the execution of attacker-supplied code.

The vulnerability occurs when plpnfsd receives a carefully constructed directory name that include malicious format string specifiers. In the event that this vulnerability is exploited, an attacker could cause arbitrary locations in memory to be corrupted with attacker-specified data and execute code with elevated privileges.

This vulnerability is also exacerbated by the fact that the plpnfsd daemon is installed with setuid root privileges.

This vulnerability was reported for plptools 0.6.

III. LINUX FOCUS LIST SUMMARY

1. NIS with local root (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/309475

2. Secure Web-Based Administration (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/309114

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Administrivia: Trimming replies (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/309085

IV. NEW PRODUCTS FOR LINUX PLATFORM

1. McAfee Active Virus Defense Small Business Edition by Network Associates Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.mcafeesecurity.com/products/small-business/active-virus.asp Summary:

This product suite serves as your dedicated anti-virus department. This edition not only features VirusScan, WebShield, and NetShield to defend all tiers of your network, it adds the control of ePolicy Ochestrator. This flexible tool lets you enforce your chosen anti-virus policy, and gives you unprecedented visibility into virus defense across your network. Active Virus Defense Small Business Edition prevents outbreaks, promotes productivity, and protects your anti-virus budget.

2. F-Secure Anti-Virus Total Suite
by F-Secure Corporation
Platforms: DOS, Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.f-secure.com/products/anti-virus/totalsuite/ Summary:

F-Secure Anti-Virus Total Suite includes all critical components for corporate virus security. By using F-Secure's award winning workstation, file server, email server and firewall anti-virus products, you are always protected even against the latest threats. All F-Secure Anti-Virus Total Suite products are centrally manageable with one easy to use management solution, F-Secure Policy Manager.

3. eTrust Antivirus
by Computer Associates International, Inc. Platforms: Linux, MacOS, Netware, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
http://www3.ca.com/Solutions/ProductFamily.asp?ID=156 Summary:

eTrust Antivirus is a set of award-winning antivirus solutions, providing superior protection against today's most prevalent security threat ? viruses. Based on advanced technology, eTrust Antivirus reduces virus infections, simplifies and automates updating, and eases administration. eTrust Antivirus is certified by ICSA Labs for detecting 100% of "in the wild" viruses.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

V. NEW TOOLS FOR LINUX PLATFORMS

1. TinyMonitor v0.9b by Brian Shellabarger Relevant URL: http://www.glug.com/projects/ Platforms: FreeBSD, Linux, POSIX, Solaris, SunOS, UNIX Summary:

TinyMonitor is written in Perl and was created out of pure necessity for a simple monitoring program that watched the actual content of returned pages rather than simply checking to see if the httpd service was running. It can be used for simple Web server monitoring (i.e., is it actually delivering content?) or to verify that a page is returning what you expect (i.e., a 200 rather than a 404). It is very small and designed to work through cron. Alerts are sent via email to a pager or SMS phone.

2. J2SSH v0.0.4
by Richard Pernavas
Relevant URL:
http://www.sshtools.com
Platforms: Os Independent
Summary:

J2SSH is an object-orientated Java implementation of the SSH2 protocol. It provides a rich, powerful, and extensible SSH API that enables developers to gain access to SSH servers and to develop entire SSH client/server frameworks. The API library provides a fully-featured SSH2 implementation specifically designed for cross-platform development. Higher level components, representing both the standard SSH client and SSH servers, are provided which implement the protocol specification for user sessions and port forwarding. The specification currently supports public-key and password authentication, with X11 forwarding and SFTP to follow.

3. Bastille Linux v2.0.4
by Jay Beale jay@bastille dash linux.org Relevant URL:
http://www.bastille-linux.org/
Platforms: Linux
Summary:

Bastille Linux aims to be the most comprehensive, flexible, and educational Security Hardening Program for Red Hat, Mandrake, and Debian Linux, along with HP-UX. Virtually every task it performs is optional, providing immense flexibility. It educates the installing admin regarding the topic at hand before asking any question. The interactive nature allows the program to be more thorough when securing, while the educational component produces an admin who is less likely to compromise the increased security.

VI. SPONSOR INFORMATION

Spooked about Windows security? Getting "slammed" hard by worms? Find all of the solutions at Black Hat Windows Security Briefings & Training, February 24-27 in Seattle, the world's premier technical event for Windows security experts.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

All of the top experts you've read about recently are speaking. Fully supported by Microsoft, with new MS hosted training sessions just added!

Visit www.blackhat.com to register.