Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > linux-secnews > 03 > 050026.html (Request Expert securityfocus.com Support)

SecurityFocus Linux Newsletter #130

From: John Boletta <jboletta(at)securityfocus.com>
Date: Mon May 05 2003 - 13:10:36 EDT

SecurityFocus Linux Newsletter #130

This issue is sponsored by: KaVaDo

The only integrated Web Application Security Suite


ScanDo - Web Application Scanner
InterDo - Web Application Firewall

KaVaDo Inc., Web Application Security without Compromise Read more at: http://www.securityfocus.com/Kavado-linux-secnews

I. FRONT AND CENTER

  1. Honeypots: Simple, Cost-Effective Detection
  2. Introduction to Simple Oracle Auditing
  3. Madonna's Borderline MP3 Tactics II. LINUX VULNERABILITY SUMMARY
  4. Bugzilla Local Dependency Graph HTML Injection Vulnerability
  5. Bugzilla Default HTML Template Cross-Site Scripting...
  6. Bugzilla Insecure Temporary File Handling Vulnerabilities
  7. Mike Bobbit Album.PL Remote Command Execution Vulnerability
  8. Opera 7.10 Permanent Denial Of Service Vulnerability
  9. Opera JavaScript Console Single Quote Attribute Injection...
  10. Opera 6/7 Remote Heap Corruption Vulnerability
  11. Truegalerie Unauthorized Administrative Access Vulnerability
  12. Multiple SquirrelMail Cross Site Scripting Vulnerabilities
  13. Multiple PHP-Nuke HTML Injection Vulnerabilities
  14. Xoops MyTextSanitizer HTML Injection Vulnerability
  15. Macromedia ColdFusion MX Error Message Path Disclosure...
  16. Oracle Net Services Link Buffer Overflow Vulnerability
  17. Netscape Navigator Directory Cross-Domain Scripting Vulnerability
  18. Linux-ATM LES Command Line Argument Buffer Overflow Vulnerability III. LINUX FOCUS LIST SUMMARY
  19. Martian Source (Thread)
  20. SUMMARY: Linux Security Courses (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
  21. iView Security Analytics
  22. DirectorySmart
  23. EncrLib ECC Cryptographic Library
  24. NEW TOOLS FOR LINUX PLATFORMS
  25. SSHVnc v0.0.1 Alpha
  26. msulogin v0.9
  27. Prelude Library v0.8.5 VI. SPONSOR INFORMATION
  28. FRONT AND CENTER
  29. Honeypots: Simple, Cost-Effective Detection By Lance Spitzner

This is the fourth article in an ongoing series on honeypots. This article will examine the role of honeypots in detection.

http://www.securityfocus.com/infocus/1690

Do you need help?X

2. Introduction to Simple Oracle Auditing by Pete Finnigan

This article will introduce the reader to the basics of auditing an Oracle database. Oracle's RDBMS is a functionally rich product and there are a number of auditing alternatives available to the reader. Because auditing Oracle is such a huge subject, doing all of it justice would take an entire book, so this paper will cover the basics of why, when and how to conduct an audit. It will also use a couple of good example cases to illustrate how useful Oracle audit can be to an organization.

http://www.securityfocus.com/infocus/1689

3. Madonna's Borderline MP3 Tactics
By Mark Rasch

The material girl's foul-mouthed revenge on music traders could be interpreted as a deceptive trade practice, or even outright fraud.

http://www.securityfocus.com/columnists/158

II. BUGTRAQ SUMMARY

  1. Bugzilla Local Dependency Graph HTML Injection Vulnerability BugTraq ID: 6861 Remote: Yes Date Published: Apr 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6861 Summary:

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Windows operating systems.

Do you need more help?X

Bugzilla versions 2.16 and later include a feature that allows users to generate bug dependency graphs on their local system via the GraphViz suite.

HTML will not be sanitized when these graphs are generated locally. Malicious HTML and script may be included in bug summaries. When the dependency graph is generated, the HTML and script code may be contained in the ALT and NAME attributes to the AREA tags in the client-side image map.

This may be exploited to cause HTML or script code to be interpreted by the web client of a user who generates a dependency graph which contains malicious data. Though unconfirmed, in some browsers this may result in HTML/script code being executed with relaxed permissions if it is executed in a local context. If this is possible, it may be possible to gain unauthorized access to local resources.

Earlier versions of Bugzilla which are configured use a remote server to generate dependency graphs are not affected by this vulnerability.

2. Bugzilla Default HTML Template Cross-Site Scripting Vulnerabilities BugTraq ID: 6868
Remote: Yes
Date Published: Apr 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6868
Summary:

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Windows operating systems.

Multiple cross-site scripting vulnerabilities exist in the default HTML templates for Bugzilla. User-supplied input is not sanitized of HTML and script code before being output by Bugzilla. Hostile script code and HTML could be passed through Bugzilla and interpreted in the browser of a web user who visits a Bugzilla site. This will occur in the security context of the site hosting Bugzilla.

Successful exploitation may allow for theft of cookie-based authentication credentials or other attacks which could compromise the integrity or other security properties of the bug tracking system.

Can we help you?X

Default HTML templates were not prone to these issues in Bugzilla versions prior to 2.16. English, Russian and German HTML template localizations are reported to be affected, though templates for other languages may also be affected.

3. Bugzilla Insecure Temporary File Handling Vulnerabilities BugTraq ID: 7412
Remote: Unknown
Date Published: Apr 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7412
Summary:

Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Windows operating systems.

Bugzilla creates temporary files insecurely. Multiple instances of this problem were reported. An attacker could exploit this issue by creating a symbolic link named after one of the temporary files created by Bugzilla. If the symbolic link points to a file which is writeable by the web server hosting Bugzilla, file corruption could result when Bugzilla attempts to perform temporary file operations on attacker-created symbolic links.

Although unconfirmed, there is a potential for privilege escalation if the attacker can cause files to be corrupted with custom data via symbolic link attacks. Loss of critical data is also possible if this issue is successful, which could also result in a denial of service.

4. Mike Bobbit Album.PL Remote Command Execution Vulnerability BugTraq ID: 7444
Remote: Yes
Date Published: Apr 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7444
Summary:

Mike Bobbit Album.pl is a web-based photo album implemented in Perl. It is available for a variety of platforms including Windows and Linux variant operating systems.

A remote command execution vulnerability has been reported for Album.pl. The vulnerability reportedly exists when alternate configuration files are used. Thus, it may be possible for a remote attacker to execute arbitrary commands in the context of the web server process.

Can't find what you're looking for?X

A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

5. Opera 7.10 Permanent Denial Of Service Vulnerability BugTraq ID: 7430
Remote: Yes
Date Published: Apr 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7430
Summary:

Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux.

Allegedly, a vulnerability exists in Opera 7.10 that may result in a denial of service. The problem reportedly occurs when processing a 'news:' URL of excessive length. When the URL is processed, an access violation error supposedly occurs, effectively causing Opera to malfunction until reinstallation.

It has also been reported that reinstalling Opera may not always fix this issue. This may be due to data not being properly removed when Opera is uninstalled.

This issue has been reported to affect Opera 7.10. It is likely that earlier versions may also be vulnerable.

6. Opera JavaScript Console Single Quote Attribute Injection Vulnerability BugTraq ID: 7449
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7449
Summary:

Don't know where to look next?X

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in Opera's JavaScript console program. The console program consists of three HTML files, one of which is 'console.html'. Any unhandled exceptions thrown by any JavaScript are listed in the console and are converted into clickable links.

The vulnerability is present in the regular expressions used by
'console.html' to format exception messages. Specifically, exception
messages are not parsed for quote characters. It is possible, by inserting of single quote (') characters, to add additional attributes to URIs that may make it possible to execute arbitrary attacker-supplied script code through the file:// URI handler. This may lead to disclosure of local file contents to remote attackers.

This issue is a variant of the vulnerability described in BID 6755, using single quote characters instead of double quotes. It is reported that this variant also affects patched versions of the browser. Opera 7.10 attempts to address this issue by sanitizing single quote characters, but is still prone to the issue if the hexadecimal code for the single quote HTML entity is used.

7. Opera 6/7 Remote Heap Corruption Vulnerability BugTraq ID: 7450
Remote: Yes
Date Published: Apr 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7450
Summary:

Opera is a web browser available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A vulnerability has been reported for Opera versions 7.10 and earlier, on the Microsoft Windows platform. The problem is said to occur due to insufficient bounds checking on filename extensions. As a result, it may be possible for an attacker to corrupt heap-based memory. This may allow for the execution of arbitrary code or a prolonged denial of service.

If this issue were exploited, Opera may continuously crash until the
'dcache4.url' file has been deleted. This is due to the malicious filename
being stored within the cache-index.

Confused? Frustrated?X

8. Truegalerie Unauthorized Administrative Access Vulnerability BugTraq ID: 7427
Remote: Yes
Date Published: Apr 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7427
Summary:

Truegalerie is web-based photo album software implemented in PHP and is available for a variety of platforms including Microsoft Windows and Linux variant systems.

A vulnerability has been reported for Truegalerie that may result in unauthorized administrative access. The vulnerability exists due to insufficient sanitization of some URI values. Specifically, the values for the URI parameter 'loggedin' are not properly verified.

An attacker can exploit this vulnerability by manipulating the 'loggedin' URI parameter to obtain administrative access to the site hosting Truegalerie.

This vulnerability was reported for Truegalerie 1.0.

9. Multiple SquirrelMail Cross Site Scripting Vulnerabilities BugTraq ID: 7431
Remote: Yes
Date Published: Apr 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7431
Summary:

SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems.

Cross site scripting vulnerabilities have been discovered in the following areas within SquirrelMail: mail_fetch plugin, calendar plugin, mailbox display and mailer headers.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

An attacker may exploit these vulnerabilities by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the webmail system.

This may allow for theft of cookie-based authentication credentials and other attacks.

This issue was reported for SquirrelMail 1.2.10; earlier versions may also be affected.

  1. Multiple PHP-Nuke HTML Injection Vulnerabilities BugTraq ID: 7432 Remote: Yes Date Published: Apr 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7432 Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Multiple HTML injection vulnerabilities have been reported in PHP-Nuke. PHP-Nuke does not sufficiently sanitize HTML and script code from various input fields. This input may be displayed throughout various places in the forum, private messages, user profiles, comments, news and possibly other modules.

In some instances, hostile HTML and script code will not be sanitized from HTML elements which are considered safe to use. Form fields for certain modules may also permit injection of HTML and script code.

Code that is injected through exploitation of these issues may be rendered by web clients visiting the site hosting PHP-Nuke. This will occur in the context of the site. Exploitation could allow theft of cookie-based authentication credentials or other attacks.

These issues were reported in PHP-Nuke 6.5 Final. Other versions may also be affected.

  1. Xoops MyTextSanitizer HTML Injection Vulnerability BugTraq ID: 7434 Remote: Yes Date Published: Apr 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7434 Summary:
Do you need help?X

Xoops is open-source, freely available web portal software written in object-oriented PHP. It is back-ended by a MySQL database and will run on most Unix and Linux distributions.

The MyTextSanitizer script is used by Xoops to filter unsupported and malicious characters. It is also capable of filtering malicious scripts.

A script code injection vulnerability has been discovered in the MyTextSanitizer script. The problem occurs due to insufficient filtering of script code embedded within HTML 'img' tags. As a result, an attacker may be capable of placing malicious HTML or script code within 'newbb' posts, private messages, and news posts.

Successful exploitation of this vulnerability may allow a malicious Xoops user to execute arbitrary HTML or script code within the browser of a legitimate user. This may allow for the theft of cookie-based authentication credentials that may escalate to session hijacking. Other attacks are also possible.

This vulnerability affects Xoops releases prior to 1.3.10 and 2.0.1.

  1. Macromedia ColdFusion MX Error Message Path Disclosure Vulnerability BugTraq ID: 7443 Remote: Yes Date Published: Apr 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7443 Summary:

ColdFusion MX is the application server for developing and hosting infrastructure distributed by Macromedia. It is available as a standalone product for Unix, Linux, and Microsoft Operating Systems.

A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers.

When certain malformed URL requests are received by the server, an error message is returned containing the full path of the ColdFusion installation. Specifically, when a request for the /CFIDE/probe.cfm page is made on the server process on port 8500, an error message is returned which contains path information.

Do you need more help?X

Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.

  1. Oracle Net Services Link Buffer Overflow Vulnerability BugTraq ID: 7453 Remote: Yes Date Published: Apr 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7453 Summary:

Oracle has announced a buffer overflow vulnerability in Oracle Net Services for the Oracle Database Server.

The vulnerability exists due to insufficient boundary checks performed by the Oracle server for values supplied to the 'CREATE DATABASE LINK' query.

The 'CREATE DATABASE LINK' privileges are assigned to the CONNECT role thus low privileged accounts are able to create database links.

A malicious attacker with CONNECT privileges can exploit this vulnerability to create a specially crafted database link and then executing a select query from the link. Once the link is selected the buffer overflow condition will be triggered resulting in the corruption of sensitive stack memory. Successful exploitation will result in the execution of attacker-supplied code with the privileges of the database server. On Windows systems, the Oracle Database Server is executed with SYSTEM privileges and on Unix and Linux systems, the Database Server runs as the 'oracle' user.

  1. Netscape Navigator Directory Cross-Domain Scripting Vulnerability BugTraq ID: 7456 Remote: Yes Date Published: Apr 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7456 Summary:

Netscape is a web browser which is available for a number of platforms, including Microsoft Windows and Unix and Linux variants.

A vulnerability has been reported that could allow an attacker to fool Netscape into running script in a foreign domain. If a dot (.) is appended to the end of the hostname in a URI, Netscape may accept the directory name as the actual domain. This could permit a malicious web page to access the DOM (Document Object Model) of another foreign domain.

An attacker could exploit this by enticing a user to visit a malicious URI and then running malicious script code which can access the properties of a foreign domain. This could lead to theft of cookie-based authentication credentials, information disclosure or other attacks.

Can we help you?X

This issue was reported for Netscape Navigator 7.02. It is likely that other versions of Netscape are vulnerable to this issue. As well, browsers based on Mozilla may be vulnerable too.

  1. Linux-ATM LES Command Line Argument Buffer Overflow Vulnerability BugTraq ID: 7437 Remote: No Date Published: Apr 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7437 Summary:

Linux-atm is a set of drivers and tools designed to support ATM networking under Linux.

The linux-atm 'les' executable has been reported prone to a buffer overflow vulnerability.

This issue is due to a lack of sufficient bounds checking performed on data supplied via the '-f' command line argument to the 'les' executable. Excessive supplied data may overrun the bounds of an internal memory buffer (of approximately 244 bytes in size) and corrupt adjacent memory. Because adjacent memory may contain values that are crucial to the control of execution flow, arbitrary code execution is possible.

Although this vulnerability reportedly affects linux-atm 2.4.0, previous versions may also be affected.

It should be noted that it is not currently known whether this application requires elevated privileges to run. No distributions are currently known which install LES setuid.

III. LINUX FOCUS LIST SUMMARY

  1. Martian Source (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/320231

Can't find what you're looking for?X

2. SUMMARY: Linux Security Courses (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/319988

IV. NEW PRODUCTS FOR LINUX PLATFORMS

  1. iView Security Analytics by The Illumen Group Platforms: N/A Relevant URL: http://www.illumen.com/products.cfm?detailsid=2 Summary:

iView Security Analytics software provides detailed, easy-to-read and interpret reports of Internet data traffic for today's connected enterprise. iView uses highly optimized algorithms that process and classify firewall's raw information to generate reports accurately and efficiently. Developed by The Illumen Group, Inc., a trusted veteran in the ever-changing Internet security market, iView?s reports can be leveraged to help secure and protect an organization while improving Internet resource utilization. With iView, you have the power to... - DEVELOP and enforce acceptable use policies - DETERMINE whether Internet bandwidth is adequate for the organization's needs. - QUANTIFY and deploy bandwidth shaping policies - REVEAL denied events and attempted intrusions - DOCUMENT and investigate attacks from both internal and external sources - COMBAT those attacks with more comprehensive security policies

2. DirectorySmart
by OpenNetwork Technologies
Platforms: AIX, HP-UX, Linux, Solaris, Windows NT Relevant URL:
http://www.opennetwork.com/solutions/
Summary:

By defining and enforcing eBusiness rules through user security and secure access, DirectorySmart enables eBusinesses to provide self-service applications and create tight customer feedback loops. DirectorySmart scales to millions of users and is designed for the largest and most complex of computing environments. DirectorySmart makes it possible for enterprises to manage information access for thousands, or even millions, of users, all of whom require different levels of application access, without adding dramatically to the burden on corporate IT departments or risking the security of sensitive corporate data.

3. EncrLib ECC Cryptographic Library
by Encryption Software
Platforms: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT Relevant URL:
http://www.encrsoft.com/products/encrlib.html Summary:

EncrLib ECC Cryptographic Library is a C++, secure, powerful, portable, easy-to-use, and extremely fast public-key encryption and digital signature solution, based on the most exciting public-key development in the cryptographic community of the last decade -- Elliptic Curve Cryptography (ECC).

Don't know where to look next?X

V. NEW TOOLS FOR LINUX PLATFORMS

  1. SSHVnc v0.0.1 Alpha by Lee David Painter Relevant URL: http://www.sshtools.com Platforms: Os Independent Summary:

SSHVnc is a standalone Java VNC viewer that secures VNC a ccess by integrating the popular TightVNC viewer with the SSH Tools Java SSH API. It features a clean and easy to use interf ace.

2. msulogin v0.9
by Solar Designer
Relevant URL:
http://www.openwall.com/msulogin/
Platforms: Linux, POSIX, UNIX
Summary:

msulogin is the single-user mode login program used to force the console user to login under a root account before a shell is started. Unlike other implementations of sulogin, this one supports having multiple root accounts on a system. msulogin has been developed as a part of Openwall GNU/*/Linux and is being made available separately primarily for use by other distributions. Currently, msulogin supports only systems with shadow passwords and getspnam(3).

3. Prelude Library v0.8.5
by yoann
Relevant URL:
http://www.prelude-ids.org/
Platforms: POSIX
Summary:

The Prelude Library is a collection of generic functions providing communication between the Prelude Hybrid IDS suite's components. It provides a convenient interface for sending alerts to Prelude Manager with transparent SSL, failover and replication support, asynchronous events and timer interfaces, an abstracted configuration API (hooking at the commandline, the configuration line, or wide configuration, available from the Manager), and a generic plugin API. It allows you to easily turn your favorite security program into a Prelude sensor.

VI. SPONSOR INFORMATION


This issue is sponsored by: KaVaDo

The only integrated Web Application Security Suite


ScanDo - Web Application Scanner
InterDo - Web Application Firewall
Confused? Frustrated?X

KaVaDo Inc., Web Application Security without Compromise Read more at: http://www.securityfocus.com/Kavado-linux-secnews

Received on Mon May 5 15:03:59 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:27 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library