SecurityFocus Linux Newsletter #118

SecurityFocus Linux Newsletter #118

This Issue is Sponsored by: BlackHat

Spooked about Windows security? Getting "slammed" hard by worms? Find all of the solutions at Black Hat Windows Security Briefings & Training, February 24-27 in Seattle, the world's premier technical event for Windows security experts. All of the top experts you've read about recently are speaking. Fully supported by Microsoft, with new MS hosted training sessions just added!

Visit www.blackhat.com to register.

I. FRONT AND CENTER

1. SunScreen, Part Two: Policies, Rules, and NAT
2. The Great IDS Debate : Signature Analysis Versus Protocol Analysis
3. Smallpot: Tracking the Slapper and Scalper Unix Worms
4. Lessons From the Slammer
5. Something Needs to Change
6. SecurityFocus DPP Program
7. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. LINUX VULNERABILITY SUMMARY
8. Macromedia ColdFusion MX Windows User File Authorization...
9. Bladeenc Signed Integer Memory Corruption Vulnerability
10. PHP-Nuke Avatar HTML Injection Vulnerability
11. Opera JavaScript Console Attribute Injection Vulnerability
12. Majordomo Default Configuration Remote List Subscriber...
13. SpamProbe Remote Denial of Service Vulnerability
14. PAM pam_xauth Module Unintended X Session Cookie Access...
15. Opera History Object Information Disclosure Weakness
16. Opera Cross Domain Scripting Vulnerability
17. Opera Image Rendering HTML Injection Vulnerability
18. Linux O_DIRECT Direct Input/Output Information Leak Vulnerability III. LINUX FOCUS LIST SUMMARY
19. openSSL Key generation (Thread)
20. ezmlm warning (Thread)
21. Perl administration for Linux fileserver (Thread)
22. Secure Web-Based Administration (Thread)
23. NIS with local root (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORM
24. Firebox II FastVPN
25. PENS
26. hp secure OS software for Linux
27. NEW TOOLS FOR LINUX PLATFORMS
28. WatchLog v0.1b
29. FieryFilter v0.3
30. apachelogrotate.pl v0.1.2 VI. SPONSOR INFORMATION
31. FRONT AND CENTER

    ---

32. SunScreen, Part Two: Policies, Rules, and NAT By Ido Dubrawsky

This is the second of a two-part series looking at SunScreen, Sun Microsystem's firewall product, which provides a variety of features that allow system and network administrators to secure their networks as well as provide for remote access capabilities. This article will cover the some of the rudimentary facilities in SunScreen such as adding and removing rules, setting up a remote management station, and network address translation.

http://online.securityfocus.com/infocus/1664

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. The Great IDS Debate : Signature Analysis Versus Protocol Analysis by Matt Tanase

Intrusion detection systems (IDS) have rapidly become a crucial component of any network defense strategy. Over the past few years, their popularity has soared as vendors have refined their results and increased performance capabilities. At the heart of intrusion detection systems lies the analysis engine. It reviews each packet, determines if it is malicious, and logs an alert if necessary – the core tasks of an IDS. Two different IDS techniques, each favored by separate and loyal camps, have emerged as the preferred engine behind the software. Despite the copious marketing material and fiery online debates, each method has distinct strengths and weaknesses. In this article, we'll examine and compare the two different techniques: signature analysis and protocol analysis.

http://online.securityfocus.com/infocus/1663

3. Smallpot: Tracking the Slapper and Scalper Unix Worms by Costin Raiu

Fueled by the old myth that "you can't get a virus in Unix" and by the increasing popularity of Linux and FreeBSD, Unix viruses passed an important milestone in 2001 and continued by receiving even more attention during 2002.

http://online.securityfocus.com/infocus/1662

4. Lessons From the Slammer
By Richard Forno

January's Slammer infection held valuable lessons for all security stakeholders.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/columnists/140

5. Something Needs to Change
By Tim Mullen

That's all there was to "Slammer," 376 bytes. When you think about it, it's amazing that a piece of code could have wreaked such havoc on the Internet and caused such widespread system failure -- at about the size of two paragraphs of this column.

http://online.securityfocus.com/columnists/139

6. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

7. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Macromedia ColdFusion MX Windows User File Authorization Vulnerability BugTraq ID: 6737 Remote: Yes Date Published: Jan 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6737 Summary:

ColdFusion MX Enterprise Edition is the application server for developing and hosting infrastructure distributed by Macromedia. It is available as a standalone product for Unix, Linux, and Microsoft Operating Systems.

When ColdFusion MX is used in conjunction with Microsoft IIS, Windows NT authentication, and NTFS file permissions, it may be possible for a user to access files and templates they do not have permission to access.

This is due to a configuration error. IIS is not configured by default to determine if files associated with ColdFusion MX are accessible or not by the authenticated user. Consequently, user supplied file names are passed directly to ColdFusion MX which apparently does not check NTFS permissions against the user itself.

2. eL DAPo Authentication Information Disclosure Weakness BugTraq ID: 6735
Remote: Yes
Date Published: Jan 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6735
Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

eL DAPo is a Web application for managing and querying LDAP servers implemented in PHP. It is available for a variety of platforms including Linux and Unix variant operating systems.

An information disclosure weakness has been reported for eL DAPo. The issue exists in the login.php script used by eL DAPo. Specifically, when sending authentication information to query LDAP servers, any information submitted may be visible in URI parameters.

It is possible to exploit this weakness to obtain authentication credentials of unsuspecting users.

This vulnerability was reported for eL DAPo 1.13 and earlier.

3. Bladeenc Signed Integer Memory Corruption Vulnerability BugTraq ID: 6745
Remote: No
Date Published: Feb 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6745
Summary:

Bladeenc is an open-source MP3 encoder and is available for a variety of platforms including Microsoft Windows and Linux and Unix variant operating systems.

A memory corruption vulnerability has been reported for Bladeenc. Bladeenc encodes WAV files in 'chunks' of data. The vulnerability exists when Bladeenc is seeking a WAV file chunk. Specifically, in the function __myfseek() in the samplein.c source file, an integer value is not properly verified. When this function is given a negative value, it will result in the corruption of sensitive areas of memory with attacker-supplied values.

An attacker can exploit this vulnerability by creating a malicious WAV file with carefully crafted headers that will cause Bladeenc to execute malicious attacker-supplied code.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for Bladeenc 0.94.2 and earlier.

4. PHP-Nuke Avatar HTML Injection Vulnerability BugTraq ID: 6750
Remote: Yes
Date Published: Feb 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6750
Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

A vulnerability has been reported in PHP-Nuke that may result in HTML injection. The vulnerability occurs because PHP-Nuke does not sanitize some user-supplied input submitted to a site when selecting 'avatar' images. Due to this condition, a malicious user may be able to insert malicious HTML code which will then be displayed to unsuspecting users of PHP-Nuke forums. Any attacker-supplied code will be interpreted in a victim user's web browser in the security context of the site hosting the software.

It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. It is also possible to modify or corrupt other user's Avatars. Other attacks are also possible.

This vulnerability was reported for PHP-Nuke 6.0 and earlier.

5. Opera JavaScript Console Attribute Injection Vulnerability BugTraq ID: 6755
Remote: Yes
Date Published: Feb 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6755
Summary:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in Opera's JavaScript console program. The console program consists of three HTML files, one of which is 'console.html'. Any unhandled exceptions thrown by any JavaScript are listed in the console and are converted into clickable links.

The vulnerability exists in the regular expressions used by 'console.html' to format exception messages. Specifically, exception messages are not parsed for quote characters. It is possible, by inserting quote (") characters, to add additional attributes to URLs that may make it possible to execute arbitrary attacker-supplied script code in the file:// protocol context. This may lead to disclosure of local file contents to remote attackers.

This vulnerability was reported for Opera 7 browser for Microsoft Windows.

6. IBM WebSphere Exported XML Password Encoding Weakness BugTraq ID: 6758
Remote: No
Date Published: Feb 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6758
Summary:

IBM WebSphere is a commercial web application server which runs on a number of platforms including Linux and Unix variants and Microsoft Windows operating environments.

IBM WebSphere allows administrators to export configuration files to XML. When the WebSphere configuration file is exported in this manner, passwords are obfuscated using an easily reversible algorithm.

The algorithm used to obfuscate the password is as follows:

CHARobfuscated(n) = CHARpassword(n) XOR CHAR("_")

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

where n is the position of the character.

The obfuscated password is then Base64 encoded.

If an attacker gains access to an exported XML configuration file, it is a trivial task to decode the password.

To exploit this weakness, an administrator must first export the configuration to XML and then the attacker may gain unauthorized access to the exported file.

The WebSphere documentation states that exported configurations will contain encoded (and not encrypted) passwords. Administrators should be cautious when exporting configuration files.

This issue was reported in IBM WebSphere Advanced Server Edition 4.0.4. It is not known if the same encoding is used in other versions. Though the core weakness is that passwords are encoded and may be easier to reverse than if encrypted using a strong algorithm, so all current versions should be considered prone to this weakness to some degree.

7. Opera Error Message History Disclosure Weakness BugTraq ID: 6759
Remote: Yes
Date Published: Feb 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6759
Summary:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux, Unix variants and Apple MacOS.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Opera console is used to keep a track of any JavaScript error messages that may have occured when browsing a Web site.

It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. Specifically, Opera does not validate any requests for the opera.errorIndex() and opera.errorMessage(i) methods.

This issue is further exacerbated by the fact that error messages also contain the URL of the site that caused the issue. This can be exploited by a malicious attacker to obtain a listing of the victim user's Web browsing habits for, potentially, malicious purposes.

This vulnerability was reported for Opera 7 browser for Microsoft Windows.

8. Majordomo Default Configuration Remote List Subscriber Disclosure Vulnerability BugTraq ID: 6761
Remote: Yes
Date Published: Feb 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6761
Summary:

Majordomo is a freely available, open source mailing list management software package. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Majordomo may allow remote users to gain access to sensitive information.

It has been reported that Majordomo does not sufficiently guard list subscriber information. By sending specific commands to a default implementation, a remote user may be able to gain access to the list of mailing list subscribers. This issue is documented in the Majordomo documentation.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problem is in the default configuration of the mailing list manager. The software does not place sufficient access controls on the ability of users to execute the which command. By sending the command "which @", remote users may be able to list the entire member base of the list, resulting in a loss of privacy.

It should be noted that in the Majordomo 2 branch, this vulnerability is limited to gaining access to one address per submission per list.

9. SpamProbe Remote Denial of Service Vulnerability BugTraq ID: 6739
Remote: Yes
Date Published: Jan 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6739
Summary:

SpamProbe is a spam detection program that uses a Bayesian analysis of the frequencies of terms used in the email. It is available for the Linux operating system.

A denial of service vulnerability exists in SpamProbe. The problem occurs in a regular expression used by the removeHTMLFromText() function, which is located in MessageFactory.cc.

When SpamProbe attempts to parse HTML located in an emails an issue may occur on some operating systems which could cause SpamProbe to crash. The problem reportedly occurs when attempting to parse newline characters (\n) located within HTML <href> tags.

This issue could be exploited by an attacker to disable a victim's spam filter. Any subsequent unsolicited email messages sent to the victim would be successfully delivered.

This condition has been reported to occur on RedHat 8.0. It is not yet known whether SpamProbe is prone to this issue when running on other distributions or operating systems.

1. PAM pam_xauth Module Unintended X Session Cookie Access Vulnerability BugTraq ID: 6753 Remote: No Date Published: Feb 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6753 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Pluggable Authentication Modules (PAM) is shipped with RedHat Linux 8.0 and earlier, by default. PAM comes with the pam_xauth module which can be used in conjuction with the su utility to pass X MIT-Magic-Cookies to newly created sessions.

A vulnerability has been discovered when the pam_xauth module is used in conjunction with the su utility within an X session. When a user (user1) runs the su utility to assume the identity of another user (user2), pam_xauth will create a temporary .xauth cookie file located in the assumed users (user2) home directory. The file is created with read-write only permissions for the assumed user and contains sensitive information regarding the suing users X session.

This poses a security risk when a user (user1) runs the su utility to assume the identity of another user. The real user (user2) is able to read the contents of the cookie file. The vulnerability lies in the fact that the cookie file contains sensitive information pertaining to the suing users X session. This issue could be exploited by the real user (user2) to connect to the X server with the credentials of the suing user (user1).

Accessing another users X session may allow an attacker to obtain sensitive information otherwise restricted. It may also grant the ability to run commands with the privileges of the victim user.

This vulnerability could result in elevated privileges in the event that a higher privileged user made use of the su program to log into the account of a lower-privileged user. The lower-privileged user could exploit this issue to gain administrative access to the local system.

It has been reported that this issue does not affect RedHat 7.0.

1. Opera History Object Information Disclosure Weakness BugTraq ID: 6757 Remote: Yes Date Published: Feb 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6757 Summary:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

An information disclosure weakness has been reported for Opera 7 browsers on the Microsoft Windows platform.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The weakness is due to the way the history object exposes some properties. Specifically, the properties history.next and history.previous are exposed.

A vulnerable user, when navigating to a malicious website, may have some information pertaining to browser history logged by the site. This information can be used by Web masters for, potentially, malicious purposes.

This vulnerability was reported for Opera 7 browser for Microsoft Windows.

1. Opera Cross Domain Scripting Vulnerability BugTraq ID: 6754 Remote: Yes Date Published: Feb 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6754 Summary:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems.

Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is also exacerbated by the fact that an attacker may also be able to override properties and methods in other windows to create malicious methods that can be accessed by a victim user.

Exploitation of this vulnerability will allow an attacker to obtain access to local resources on a vulnerable system.

This issue may be similar to the ones described in BID 6184.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

These vulnerabilities were reported for Opera 7 browser for Microsoft Windows.

1. Opera Image Rendering HTML Injection Vulnerability BugTraq ID: 6756 Remote: Yes Date Published: Feb 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6756 Summary:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux, Unix variants and Apple MacOS.

Problems with Opera could make it possible to execute arbitrary HTML code in a vulnerable client.

It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode local URLs. Specifically, URLs that use the 'file://' protocol to access local files are not sufficiently sanitized of malicious HTML code.

This vulnerability could allow an attacker to inject malicious HTML code to an unsuspecting user of Opera, through a malformed link. Any code will be executed in the security context of the local Opera User.

Successful exploitation of this vulnerability may result in the disclosure of local file contents to remote attackers. Other attacks are possible.

This vulnerability was reported for Opera 7 browser for Microsoft Windows.

1. Linux O_DIRECT Direct Input/Output Information Leak Vulnerability BugTraq ID: 6763 Remote: No Date Published: Feb 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6763 Summary:

The Linux Kernel is the core of the Linux operating system. It is distributed by various Linux distributions.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with the O_DIRECT flag could make it possible for local users to gain access to potentially sensitive information.

It has been reported that some Linux Kernels do not properly handle O_DIRECT, which is used for direct input and output. Any user with system write privileges may be able to read limited information from other files.

This problem could allow a local user to read limited data from current files, and may be able to read data from previously deleted files. The ability of an attacker to exploit this issue at will is not known. Additionally, exploitation could result in minor corruption of the file system, which would require repair with the fsck utility.

It should be noted that this vulnerability can not be exploited on systems using a vulnerable kernel and the EXT3 file system.

IV. LINUX FOCUS LIST SUMMARY

1. openSSL Key generation (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/310734

2. ezmlm warning (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/309947

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Perl administration for Linux fileserver (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/310764

4. Secure Web-Based Administration (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/310014

5. NIS with local root (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/309750

IV. NEW PRODUCTS FOR LINUX PLATFORM

1. Firebox II FastVPN by WatchGuard Technologies Platforms: Linux Relevant URL: http://www.watchguard.com/products/fireboxIIfastvpn.asp Summary:

The Firebox II FastVPN is the most powerful WatchGuard Firebox and includes a custom encryption accelerator card for supporting intensive 3DES VPN encryption applications. Equipped with a security-hardened Linux operating system, the reliable Firebox II FastVPN is dedicated to the specialized task of Internet security. Solid state architecture removes the risk of hard drive failure and disk crashes, and dual-image flash memory enables fall-back to the previously transmitted policy. Three independent network interfaces allow you to separate your protected office network from the Internet while providing an optional public network for hosting Web, e-mail or FTP servers. Each network interface is independently monitored and visually displayed on the front of the Firebox II. In addition to LEDs showing connectivity and Armed/Disarmed status, Firebox II's also display three LEDs: TrafficMeter, LoadMeter and ThroughputMeter. The triangular TrafficMeter displays LEDs for the trusted, external and optional interfaces (green bars show the direction of allowed traffic, red bars indicate denied traffic). The LoadMeter LEDs display the load average of each Firebox II, up to 100Mb. Lastly, Sys A/Sys B LEDs indicate whether your Firebox II is running your defined security policy or if it is in configuration mode.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. PENS
by Portcullis Computer Security
Platforms: Linux, Netware, Windows 2000, Windows 95/98, Windows NT Relevant URL:
http://www.securitynet.kirion.net/encryption-software/ Summary:

PENS is an on-the-fly encryption software system with either 56-bit DES or, new for Version 1.5, 128-bit IDEA and Triple DES algorithms for data encryption and 1024-bit RSA for key exchange and authentication. Users are given their own encrypted domains with which they can protect their files. They can also let other users enter these domains - should the administrator allow that - making worksharing easier. All they have to do is send their keys to the person who requires them.

3. hp secure OS software for Linux
by Hewlett-Packard
Platforms: N/A
Relevant URL:
http://www.hp.com/security/products/linux/ Summary:

A secure server platform for Linux as an enhancement to the HP Netaction software suite. HP Secure OS Software for Linux, will help businesses secure their Linux environments by offering intrusion prevention, real-time protection against attacks, and damage containment. HP is first to market with this business-critical security solution for Linux. HP Secure OS Software for Linux provides high reliability, performance, availability, flexibility and scalability. Additionally, it is easy to install and manage, making it attractive to businesses that don't have large IT organizations.

V. NEW TOOLS FOR LINUX PLATFORMS

1. WatchLog v0.1b by Brian Shellabarger Relevant URL: http://www.glug.com/projects/WatchLog/ Platforms: Linux, POSIX, UNIX Summary:

WatchLog is a Perl program designed to give users a better real-time view of their Web traffic. Simply doing a 'tail -f' on the server log file often yields confusing results as you can be bombarded with scrolling with a single hit. WatchLog attempts to present the same information in a clean, formatted, real time view of the activity on a Website by watching the logfile and presenting only the relevant data.

2. FieryFilter v0.3
by Mezcalero
Relevant URL:
http://www.stud.uni-hamburg.de/users/lennart/projects/fieryfilter/ Platforms: Linux
Summary:

FieryFilter is an interactive desktop firewall for Linux. It will ask the user every time a new network connection is made if they want to allow or deny it. The user is able to generate rules from connections and thus minimize the amount of questions asked.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. apachelogrotate.pl v0.1.2
by Hatto von Hatzfeld
Relevant URL:
http://www.salesianer.de/util/apachelog.html Platforms: Linux, UNIX
Summary:

apachelogrotate.pl rotates and packs the logfiles of the Apache Web server on a Linux system without interrupting its service and without the need for a permanent change in the Web server configuration. Assuming that Apache is running, it will identify the log files which have to be rotated without any configuration, making it easy to install. By default, logfiles with more than 10 MB are rotated, but this parameter may be changed and/or a daily, monthly, or yearly rotation period can be configured. Documentation is included in the script itself.

VI. SPONSOR INFORMATION

Spooked about Windows security? Getting "slammed" hard by worms? Find all of the solutions at Black Hat Windows Security Briefings & Training, February 24-27 in Seattle, the world's premier technical event for Windows security experts. All of the top experts you've read about recently are speaking. Fully supported by Microsoft, with new MS hosted training sessions just added!

Visit www.blackhat.com to register.