SecurityFocus Linux Newsletter #127

SecurityFocus Linux Newsletter #127

This Issue is Sponsored by: Spidynamics

ALERT: How A Hacker Launches A 'CROSS-SITE SCRIPTING ATTACK’ Hackers use Cross-Site Scripting to steal Login names and passwords, all undetectable by IDS and Firewalls!

Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.securityfocus.com/SPIDynamics-linux-secnews

I. FRONT AND CENTER

1. Steganography Revealed
2. Specter: A Commercial Honeypot Solution for Windows
3. Cryptographic File Systems, Part Two: Implementation
4. Super-DMCA Not So Bad
5. SecurityFocus DPP Program II. LINUX VULNERABILITY SUMMARY
6. Interbase GDS_Lock_MGR Interbase_Lock Environment Variable...
7. SETI@home Client Program Information Disclosure Vulnerability
8. CVSps Unfiltered Escape Sequence Vulnerability
9. AutomatedShops WebC Script Name Remote Buffer Overrun...
10. libesmtp read_smtp_response Buffer Overflow Vulnerability
11. Interbase External Table File Verification Vulnerability
12. Metrics Insecure Local File Creation Vulnerability
13. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities
14. Invision Board functions.php SQL Injection Vulnerability
15. Amavis Header Parsing Mail Relaying Weakness
16. Opera JavaScript Java Method Access Vulnerability
17. AutomatedShops WebC Symbolic Link Following Configuration File...
18. Citrix ICA Client Server Key Verification Vulnerability
19. Multiple Vendor I/O System Call File Existence Weakness
20. Abyss Web Server Incomplete HTTP Request Denial Of Service...
21. SETI@home Client Program Remote Buffer Overflow Vulnerability
22. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability III. LINUX FOCUS LIST SUMMARY
23. Re Live Upgrade for Linux (Thread)
24. after ptrace patch. (Thread)
25. SecurityFocus Article Announcement (Thread)
26. Red Hat: To patch or to upgrade? (Thread)
27. Live Upgrade for Linux (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
28. AppScan
29. Cobion OrangeBox Web
30. Kerio MailServer
31. NEW TOOLS FOR LINUX PLATFORMS
32. Scapy
33. NAT Monitor v0.7
34. Shadow-JPEG v1.1 VI. SPONSORSHIP INFORMATION
35. FRONT AND CENTER

    ---

36. Steganography Revealed By Kristy Westphal

Steganography is a means of protecting the confidentiality of data by "hiding" it within a larger file of data. This technique can be used for both legitimate and illegitimate purposes. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the implications it can have for security.

http://www.securityfocus.com/infocus/1684

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Specter: a Commercial Honeypot Solution for Windows by Lance Spitzner

This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution Specter.

http://www.securityfocus.com/infocus/1683

3. Cryptographic File Systems, Part Two: Implementation by Ido Dubrawsky

This is the second article in a two-part series looking at cryptographic filesystems. The first article in this series covered the background on cryptographic filesystems from the underlying concepts to some of the mechanics of those systems. This article will cover implementation. The focus will be on implementing the Microsoft's EFS under Windows 2000 and the Linux CryptoAPI.

http://www.securityfocus.com/infocus/1685

4. Super-DMCA Not So Bad
By Mark Rasch

The latest version of the controversial law could be a valuable weapon against thieves and pirates.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/columnists/153

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

1. Interbase GDS_Lock_MGR Interbase_Lock Environment Variable Buffer Overflow Vulnerability BugTraq ID: 7266 Remote: No Date Published: Apr 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7266 Summary:

Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems.

A problem with Interbase could make it possible for a local user to gain elevated privileges.

A buffer overflow has been discovered in the setuid root program gds_lock_mgr, packaged with Interbase. This problem could allow a local user to execute the program with strings of arbitrary length. By using a custom crafted string, the attacker could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code as root.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability occurs in the INTERBASE_LOCK environment variable. When the gds_lock_mgr program is executed with a string of arbitrary length (usually 1024 bytes) in the INTERBASE_LOCK environment variable, the result is an exploitable buffer overflow.

This could make it possible for a local user to gain administrative access to a host with the vulnerable software installed.

Firebird is based on Borland/Inprise Interbase source code and is therefore also prone to this issue.

2. SETI@home Client Program Information Disclosure Vulnerability BugTraq ID: 7281
Remote: Yes
Date Published: Apr 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7281
Summary:

SETI@home is a client program designed to run on a computer when it is not in use. The client receives data from a central server, which it later analyzes in search of various information. It is available for a variety of platforms including Linux, Unix, and the Microsoft Windows operating system.

A vulnerability has been reported in the SETI@home client program. Specifically, sensitive information is transmitted from the client to the server in plain text. As a result, sensitive operating system and processor information may be disclosed to an attacker.

An attacker could exploit this system by sniffing network traffic transmitted between the client and the server. Access to this type of information may aid in launching attacks against the system running the client.

This vulnerability was reported for SETI@home version 3.03.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. CVSps Unfiltered Escape Sequence Vulnerability BugTraq ID: 7288
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7288
Summary:

CVSps is a program to generate a diff/patch set for CVS repositories. It is available for Linux and Unix variant operating systems.

A vulnerability has been reported for CVSps where some characters were improperly filtered prior to sending them to the command shell. Specifically, escape sequences are not properly filtered from filenames when generating a diff/patch set.

This issue can be exploited by a malicious CVS contributor who names a file with malicious escape and shell metacharacters. When CVSps is used to process the malicious file, it may be possible to execute commands on the underlying shell of the host.

This vulnerability was reported for CVSps 2.0b9 and earlier.

4. AutomatedShops WebC Script Name Remote Buffer Overrun Vulnerability BugTraq ID: 7268
Remote: Yes
Date Published: Apr 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7268
Summary:

WebC is the server-side scripting language interpretting engine used by AutomatedShops products. It is available for Unix, Linux, and Microsoft operating systems.

A problem with the program may make it possible for remote users to gain unauthorized access to systems.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It has been reported that a boundary condition error exists in WebC. Because of this, it may be possible for a remote attacker to gain unauthorized access to a vulnerable host.

The problem is in the handling of long script arguments by the WebC engine. When the program is directly invoked with a script name of excessive length, generally 550 bytes or more, an exploitable boundary condition error occurs. This could allow a remote attacker to execute code with the privileges of the web server process. On UNIX systems, this typically would result in an attacker gaining local unprivileged access, whereas on Microsoft Systems, this could result in an attacker gaining access to the host with the privileges of the user SYSTEM.

5. libesmtp read_smtp_response Buffer Overflow Vulnerability BugTraq ID: 7269
Remote: Yes
Date Published: Apr 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7269
Summary:

libesmtp is a library used by the Balsa e-mail client. Balsa is a graphical e-mail client that incorporates some of the codebase from the mutt e-mail client.

A buffer overflow vulnerability has been reported in libesmtp that may allow an attacker to execute code.

The vulnerability occurs in the read_smtp_response() function in the protocol.c source file.

An attacker can exploit this vulnerability by enticing a victim user to connect to an attacker-controlled SMTP (Simple Mail Transfer Protocol) server and sending a specially crafted response.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for the libesmtp library prior to 0.8.11.

6. Interbase External Table File Verification Vulnerability BugTraq ID: 7291
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7291
Summary:

Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems.

A vulnerability has been reported for Interbase that may result in the corruption of arbitrary system files. The vulnerability exists due to insufficient checks performed when creating or manipulating external databases. Specifically, file existence checks are not made.

An attacker can exploit this vulnerability by creating an external table pointing to an arbitrary system file. When the attacker attempts to modify the external table, the system file will be corrupted with attacker-supplied information. This may result in system instability.

This vulnerability is further exacerbated by the fact that the Interbase service typically runs with root or SYSTEM level privileges.

Firebird is based on Borland/Inprise Interbase source code and is therefore also prone to this issue.

7. Metrics Insecure Local File Creation Vulnerability BugTraq ID: 7293
Remote: No
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7293
Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Metrics is an application designed to measure various software metrics. It is available for the Linux operating system and is included with the Debian 2.2 distribution.

A vulnerability has been discovered in Metrics which could allow an attacker to corrupt sensitive system files. The problem occurs in the
'halstead' and 'gather_stats' scripts, included in the Metrics package.

The vulnerability exists due to the two scripts failing to carry out sufficient security precautions when attempting to create temporary files. As a result, it may be possible for a malicious local user to corrupt sensitive system files.

This vulnerability was discovered in Metrics version 1.0 however, earlier versions may also be affected.

8. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities BugTraq ID: 7295
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7295
Summary:

Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges.

Multiple remote buffer overflow vulnerabilities have been reported for Samba and Samba-TNG. The overflows are reported to occur in both stack and heap-based memory. This issue occurs due to insufficient bounds checking when copying user-supplied data to internal buffers.

Although it has not been confirmed, it is likely that these issues can be exploited to execute arbitrary code, with the privileges of Samba (which typically runs as root).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

These issues are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1.

The precise technical details regarding these vulnerabilities is currently unknown. This BID will be updated as further information is made available.

It should be noted that these vulnerabilities may be similar to the issue described in BID 7294.

9. Invision Board functions.php SQL Injection Vulnerability BugTraq ID: 7290
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7290
Summary:

Invision Board is web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems.

An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the load_skin() function of the functions.php script file. Specifically, the value supplied for the 'skinid' variable is not properly cast as an integer type.

An attacker may be able to exploit this vulnerability by manipulating
'skinid' URI parameter to include malicious SQL commands and queries which
may result in information disclosure, or database corruption. The consequences depend on the nature of specific queries. This issue may allow the attacker to exploit latent vulnerabilities in the underlying database.

This vulnerability was reported for Invision Board 1.1.1.

1. Amavis Header Parsing Mail Relaying Weakness BugTraq ID: 7306 Remote: Yes Date Published: Apr 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7306 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Amavis is a freely available, open source virus scanning software package. It is available for the UNIX and Linux operating systems.

A problem with the software may make it possible to perform unauthorized actions in vulnerable configurations.

It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions.

The problem is in the handling of headers. Due to improper e-mail header processing, Amavis may send e-mails to addresses specified in a To: field in the message body rather than the RCPT TO: field specified via SMTP. This could make it possible to relay e-mails through some configurations.

1. Opera JavaScript Java Method Access Vulnerability BugTraq ID: 7271 Remote: Yes Date Published: Apr 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7271 Summary:

Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux.

It has been reported that it is possible in some versions of Opera to call some potentially dangerous Java methods (such as exec) from within JavaScript. The issue is due to a failure to block or catch calls to methods which could be abused. Opera also includes support for objects, so it will be possible to use the objects returned by these method calls.

Exploitation could occur via a malicious web page which includes hostile JavaScript.

This could be used to execute commands on a client system running a vulnerable version of the web browser. Other attacks may also be possible, depending on the method called, such as connecting to other systems on the same local network as the client.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue was reported for Opera 6.01 on Windows platforms. It is unknown if other versions or platforms are affected.

1. AutomatedShops WebC Symbolic Link Following Configuration File Weakness BugTraq ID: 7272 Remote: No Date Published: Apr 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7272 Summary:

WebC is the server-side scripting language interpretting engine used by AutomatedShops products. It is available for Unix, Linux, and Microsoft operating systems.

A problem with the program may make it possible for local users to execute the program with a malicious configuration file.

It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous variables.

When WebC is invoked, it typically loads its configuration file from the same directory in which it is executing. An attacker could create a symbolic link to the binary from an arbitrary directory containing a malicious configuration file, and potentially enable debugging variables in the program. This could aid in exploitation of other vulnerabilities, since enabling debugging will cause the environment to be dumped to a local file.

1. Citrix ICA Client Server Key Verification Vulnerability BugTraq ID: 7276 Remote: Yes Date Published: Apr 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7276 Summary:

Citrix ICA Client is a remote desktop software package. It is available for a number of platforms including Microsoft Windows and Unix/Linux variants. ICA Client implements the ICA protocol.

A vulnerability has been reported in the Citrix ICA Client. When the ICA client initiates a session with the server, the client does not validate the server's public key in any way, allowing for potential man in the middle attacks.

An attacker could therefore cause the ICA client to connect to a server under their control and send the client a public key to which they possess the private key.

1. Multiple Vendor I/O System Call File Existence Weakness BugTraq ID: 7279 Remote: No Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7279 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A weakness has been discovered in the implementation of various I/O system calls. The problem occurs due to varying error return times, when accessing existent and non-existent files. This issue has been confirmed to affect the open() system call, however it is likely that other similar calls are also affected.

An attacker could exploit this vulnerability by calling the open() system call on unreadable files. By making requests for various unreadable files, it may be possible for an attacker to deduce a timing window that can be used to verify the existence of the file.

It should be noted that a fix for this weakness might not be plausible, as the kernel is meant to be as efficient as possible. However, the specific problem may occur due to a differing sequence of events while attempting to access non-existent files. A solution may be to have an identical sequence of permission checking on directories, before checking for the file.

It has been reported that this weakness has successfully been exploited on various Linux and BSD releases. However, this weakness likely exists in other operating systems including Sun Solaris and Microsoft Windows.

1. Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability BugTraq ID: 7287 Remote: Yes Date Published: Apr 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7287 Summary:

Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux.

A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. Specifically, if the 'Connection:' and 'Range:' HTTP headers are blank, the web server will crash.

An attacker can exploit this vulnerability by connecting to a vulnerable server and sending blank 'Connection:' and 'Range:' HTTP headers. This will result in a denial of service condition.

This vulnerability was reported for Abyss Web Server 1.1.2.

1. SETI@home Client Program Remote Buffer Overflow Vulnerability BugTraq ID: 7292 Remote: Yes Date Published: Apr 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7292 Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SETI@home is a client program designed to run on a computer when it is not in use. The client receives data from a central server, which it later analyzes in search of various information. It is available for a variety of platforms including Linux, Unix, and the Microsoft Windows operating system.

A vulnerability has been discovered in the SETI@home client program. Due to insufficient bounds checking when processing server data, it may be possible for a remote attacker to trigger a buffer overflow.

This issue could be exploited by forging an HTTP request which mimics a server response handler. When a vulnerable client attempts to process the malicious server response, a buffer overflow will be triggered.

Successful exploitatation of this issue may allow an attacker to execute arbitrary commands on a target system, with the privileges of the user invoking the software.

This vulnerability affects SETI@home clients prior to 3.08.

1. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability BugTraq ID: 7294 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7294 Summary:

Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges.

A buffer overflow vulnerability has been reported for Samba that could allow an anonymous remote attacker to execute arbitrary code.

The vulnerability occurs in the 'call_trans2open()' function when copying data into a 1024 byte static buffer. Sufficient bounds checking is not performed when a call to the 'Strncpy()' function is invoked. The length argument supplied to 'Strncpy()' is exactly the length of the user-supplied data. As a result, an attacker could exploit this vulnerability by sending data in excess of 1024 bytes.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation of this vulnerability could allow an anonymous attacker to overwrite sensitive stack variables, including the
'open_trans2open()' functions' saved return address. The ability to
influence sensitive memory could be leveraged by the attacker to execute arbitrary code with the privileges of the Samba server process.

III. LINUX FOCUS LIST SUMMARY

1. Re Live Upgrade for Linux (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/318023

2. after ptrace patch. (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/317959

3. SecurityFocus Article Announcement (Thread) Relevant URL:

http://online.securityfocus.com/archive/91/317882

4. Red Hat: To patch or to upgrade? (Thread) Relevant URL:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/91/317881

5. Live Upgrade for Linux (Thread)
Relevant URL:

http://online.securityfocus.com/archive/91/317880

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. AppScan by Sanctum, Inc. Platforms: , Linux Relevant URL: http://www.sanctuminc.com/solutions/appscan/index.html Summary:

AppScan speeds the process of finding and fixing application vulnerabilities throughout your site. A vital tool for your in-house evelopers, QA personnel and security experts, AppScan analyzes applications, points to potential security loopholes and provides guidance and advice on how to mend any bugs discovered.

2. Cobion OrangeBox Web
by Cobion
Platforms: Linux, Solaris, Windows 2000, Windows NT, Windows XP Relevant uRL:
http://www.cobion.com/index.php?l_ort=2002-03-06-16-41-24 Summary:

Using the built-in intelligent filter technology of Cobions' OrangeBox Web, the internet can be used more efficiently by blocking defined content. Individual user policies can be defined and configured, which gives you the possibility to allow or to deny access to inappropriate websites selectively. The integration of Cobion's OrangeBox Web in your company ensures an intelligent selection of internet content.

3. Kerio MailServer
by Kerio Technologies Inc.
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant uRL:
http://www.kerio.com/us/kms_home.html
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Kerio MailServer represents a new generation of mail servers designed for corporate networks. To help combat increasing security threats, Kerio MailServer offers a wide range of features to keep email from being intercepted, infected by computer viruses, or sent as spam

V. NEW TOOLS FOR LINUX PLATFORMS

1. Scapy v0.9.9 by Philippe Biondi Relevant URL: http://www.cartel-securite.fr/pbiondi/scapy.html Platforms: Linux, POSIX Summary:

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do about the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk/arpspoof, firewalk, irpas, tethereal, and tcpdump.

2. NAT Monitor v0.7
by thedayofcondor
Relevant URL:
http://natmonitor.sourceforge.net/
Platforms: Linux, POSIX
Summary:

NAT Monitor is a graphical monitor to keep tracks of hosts' bandwidth usage in a Linux-NAT local network. NAT Monitor draws a stacked graph with a different color for every LAN host. It autodetects hosts and has a nice summary statistic.

3. Shadow-JPEG v1.1
by Carlo Comin
Relevant URL:
http://www.spine-group.org/toolIG.htm
Platforms: Linux
Summary:

ShadowJPEG is a steganography example. It hides a file at the end of a JPEG image file. Cryptography is implemented using a simple private-key system which is used to encrypt the data before the injection.

VI. SPONSORSHIP INFORMATION

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ALERT: How A Hacker Launches A 'CROSS-SITE SCRIPTING ATTACK’ Hackers use Cross-Site Scripting to steal Login names and passwords, all undetectable by IDS and Firewalls!

Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.securityfocus.com/SPIDynamics-linux-secnews