SecurityFocus Linux Newsletter #133

SecurityFocus Linux Newsletter #133

This Issue is Sponsored By: SpiDynamics

FREE White Paper: "How A Hacker Launches A Web App Attack!" Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation.

All undetectable by Firewalls and IDS!

Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

Visit us at: http://www.spidynamics.com/mktg/webappsecurity103

I. FRONT AND CENTER

1. Passive Network Traffic Analysis: Understanding a Network...
2. Conducting a Security Audit: An Introductory Overview
3. Cyber Insurance Between the Lines II. LINUX VULNERABILITY SUMMARY
4. PHP-Nuke Statistics Module Mainfile.PHP Cross-Site Scripting...
5. Maelstrom Server Argument Buffer Overflow Vulnerability
6. Maelstrom Player Argument Buffer Overflow Vulnerability
7. PHP-Banner Exchange Path Disclosure Vulnerability
8. Compaq Management Agents Remote Authentication Bypass...
9. Engarde Secure Linux Default Address Daily Log Summary...
10. Snort Spoofed Packet TCP State Evasion Vulnerability
11. BZFlag Reconnect Denial Of Service Vulnerability
12. Platform Load Sharing Facility LSF_ENVDIR Local Command...
13. PHPNuke Remote Main Modules Multiple SQL Injection...
14. WSMP3 Remote Command Execution Vulnerability
15. Apple QuickTime/Darwin Streaming Server QTSSReflector Module...
16. Apple QuickTime/Darwin Streaming MP3Broadcaster ID3 Tag...
17. Polymorph Filename Buffer Overflow Vulnerability
18. CUPS Cupsd Request Method Denial Of Service Vulnerability
19. WSMP3 Remote Information Disclosure Vulnerability
20. Demarc PureSecure Plaintext Password Vulnerability III. LINUX FOCUS LIST SUMMARY
21. hardening scripts (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
22. Tricryption Engine
23. Luna XL
24. ArcSight Enterprise Security Management Software
25. NEW TOOLS FOR LINUX PLATFORMS
26. Encrypted Virtual File System v0.3
27. LFT v2.2
28. mtr v0.54 VI. SPONSOR INFORMATION
29. FRONT AND CENTER

    ---

30. Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring By Kevin Timm

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This article will offer a brief overview of passive network monitoring, which can offer a thorough understanding of the network's topology: what services are available, what operating systems are in use, and what vulnerabilities may be exposed on the network.

http://www.securityfocus.com/infocus/1696

2. Conducting a Security Audit: An Introductory Overview By Bill Hayes

This article will offer a brief overview of security audits: what they are, why they are important, and how they are conducted.

http://www.securityfocus.com/infocus/1697

3. Cyber Insurance Between the Lines
By Mark Rasch

Your company may already have insurance against computer attacks and electronic sabotage, without even knowing it.

http://www.securityfocus.com/columnists/163

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

II. BUGTRAQ SUMMARY

1. PHP-Nuke Statistics Module Mainfile.PHP Cross-Site Scripting Vulnerability BugTraq ID: 7624 Remote: Yes Date Published: May 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7624 Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

The PHP-Nuke 'mainfile.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. In particular, the 'year' URI parameter is not properly sanitized of HTML tags. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software.

Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

2. Maelstrom Server Argument Buffer Overflow Vulnerability BugTraq ID: 7630
Remote: No
Date Published: May 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7630
Summary:

Maelstrom is a multi-platform arcade game.

Maelstrom for Linux has been reported prone to a buffer overflow vulnerability.

The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Specifically, excessive data passed as the 'server' argument to the vulnerable Maelstrom executable, when copied into internal memory, may overrun the boundary of the assigned buffer and corrupt adjacent memory. Memory adjacent to this buffer has been reported to contain values that are crucial to controlling memory management or program execution flow. It may be possible for an attacker to seize control of the vulnerable application and have malicious arbitrary code executed in the context of Maelstrom. Typically setGID games.

It should be noted that although this vulnerability has been reported to affect Maelstrom version 3.0.6 and 3.0.5 previous versions might also be affected.

3. Maelstrom Player Argument Buffer Overflow Vulnerability BugTraq ID: 7632
Remote: No
Date Published: May 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7632
Summary:

Maelstrom is a multi-platform arcade game.

Maelstrom for Linux has been reported prone to a buffer overflow vulnerability.

The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space.

Specifically, excessive data passed as the 'player' argument to the vulnerable Maelstrom executable, when copied into internal memory, may overrun the boundary of the assigned buffer and corrupt adjacent memory. Memory adjacent to this buffer has been reported to contain values that are crucial to controlling memory management or program execution flow. It may be possible for a local attacker to seize control of the vulnerable application and have malicious arbitrary code executed in the context of Maelstrom. Typically setGID games.

It should be noted that although this vulnerability has been reported to affect Maelstrom version 3.0.6 and 3.0.5 previous versions might also be affected.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. PHP-Banner Exchange Path Disclosure Vulnerability BugTraq ID: 7636
Remote: Yes
Date Published: May 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7636
Summary:

PHP-Banner Exchange is banner management software. It is written in PHP and available for a number of operating systems including Microsoft Windows and Unix and Linux variants.

PHP-Banner Exchange is prone to a path disclosure vulnerability. Requesting the directory for the software will cause an error message to be displayed with contains path information.

PHP-Banner Exchange can be used as a module for PHP-Nuke.

Exploitation may be dependant on web server and PHP configuration.

This type of information may aid an attacker in mapping out the filesystem for further attacks against the host.

5. Compaq Management Agents Remote Authentication Bypass Vulnerability BugTraq ID: 7648
Remote: Yes
Date Published: May 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7648
Summary:

Compaq Management Agents is a web-based interface designed to monitor various system device parameters. It is available for a variety of operating systems including Unix, GNU/Linux, and Microsoft Windows.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been reported for Compaq Management Agents (CMA). The problem is said to present itself when anonymous access has been enabled. Supposedly, if the administrator password has been changed from the default, an unauthorized remote user may gain administrative access. This can be accomplished by placing 'administrator' in all fields at the password screen.

Successful exploitation of this issue will allow an attacker to gain administrative access to the CMA interface. This may result in the tampering of sensitive system device settings or possibly other attacks.

This vulnerability has been reported to affect Compaq Management Agents 4.36 and Insight Manager Version 5.0.

6. Slackware rc.M Runlevel Script Unexpected Partition Remounting Weakness BugTraq ID: 7654
Remote: No
Date Published: May 22 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7654
Summary:

The rc.M runlevel script used by Slackware is invoked when a system is entering multi-user mode. During the execution of rc.M the '/sbin/quotacheck' file is invoked, which is used to analyze the usage of files and directories on a target filesystem.

A weakness has been discovered in the rc.M runlevel script when invoking quotacheck. The problem lies in the use of the '-M' command-line switch, in place of the intended '-m' switch. As a result, the '-M' will cause the filesystem and thus corresponding partition to be remounted. When this occurs any normally enforced mount options, such as 'noexec', 'nosuid', etc may not be used.

This may result in an administrator having a false sense of security. Furthermore, access to less restrictive partitions may aid a local attacker in launching unrelated attacks successful.

This vulnerability is said to affect the Slackware 9.0 rc.M script, however earlier releases of Slackware may also be affected.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Engarde Secure Linux Default Address Daily Log Summary Vulnerability BugTraq ID: 7633
Remote: No
Date Published: May 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7633
Summary:

Engarde Secure Linux is the Linux distribution maintained by Guardian Digital.

A problem with the default configuration may prevent administrators from getting daily log summaries.

It has been reported that Engarde Secure Linux does not send daily log summaries to a valid address until the system is properly configured. This may lead to an administrator not getting daily log summaries, or having to manually review logs.

Symantec has not determined the security implications of this issue. However, the vendor has announced this issue in a security advisory.

8. Snort Spoofed Packet TCP State Evasion Vulnerability BugTraq ID: 7635
Remote: Yes
Date Published: May 20 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7635
Summary:

Snort is a freely available, open source intrusion detection system. It is available for Unix, Linux, and Microsoft Windows platforms.

A vulnerability has been reported within the spp_stream4.c source file. The problem is said to occur while maintaining the state of an established session.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Specifically, Snort is said to call UpdateState before verifying the legitimacy of a packet received from a client partaking in a legitimate session. As a result, it may be possible to corrupt stateful inspection carried out by Snort.

This issue can be triggered by forging a packet to a server containing the legitimate client source IP and port. When encountered by Snort, the state of the session is updated before verifying that the packet is a legitimate part of the established session. However when the packet is received by the server, due to invalid sequence and acknowledgement data, the packet will be dropped.

An attacker could exploit this vulnerability to trigger a situation under which legitimate session traffic transmitted would no longer be detected by Snort.

This vulnerability has been reported to affected Snort 2.0.0rc2, however other versions may also be affected.

It should be noted that this is a theoretical issue and has not yet been officially confirmed.

9. BZFlag Reconnect Denial Of Service Vulnerability BugTraq ID: 7649
Remote: Yes
Date Published: May 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7649
Summary:

BZFlag is a multi-player action game. It is available for a number of operating systems, including Microsoft Windows and Unix/Linux variants.

BZFlag is prone to a denial of service vulnerability. Users that have established a session with BZFlag may cause a denial of service by reconnecting and flooding BZFlag ports with excessive amounts of data. This may reportedly cause a server crash or a memory leak that could exhaust available resources. Though unconfirmed, exploitation could result in memory corruption, which may allow for execution of malicious code.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue was reported in BZFlag 1.7g0. Other versions are also likely affected.

1. Platform Load Sharing Facility LSF_ENVDIR Local Command Execution Vulnerability BugTraq ID: 7655 Remote: No Date Published: May 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7655 Summary:

Load Sharing Facility is a high availability and load balancing software package distributed and maintained by Platform. It is available for Unix, Linux, and Microsoft Windows.

A problem in the software for the Unix and Linux platform may make it possible for a local user to gain unauthorized privileges.

It has been reported that Load Sharing Facility (LSF) does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system.

The problem is in the handling of environment variables. When the lsadmin program is executed, shortly after starting execution it calls the lim program. The path to this program is specified in the configuration file. However, it is possible to change the location that will be checked for this program by altering the LSF_ENVDIR environment variable to force lsadmin to look for the lim program in a different location. By doing so, it is possible to create a malicious copy of the lim program which would be executed with the privileges of the lsadmin program. The lsadmin program is typically installed with elevated privileges.

1. PHPNuke Remote Main Modules Multiple SQL Injection Vulnerabilities BugTraq ID: 7631 Remote: Yes Date Published: May 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7631 Summary:

PHPNuke is a freely available, open source web content management system. It is maintained by Francisco Burzi, and available for the Unix, Linux, and Microsoft Operating Systems.

Multiple input checking problems may make it possible for remote users to pass malicious data to the database.

It has been reported that multiple problems exist in the PHPNuke main modules. SQL injection issues exist in the Sections, Avantgo, Surveys, Downloads, Reviews, and Web_Links modules. This could allow an attacker pass malicious SQL code to the database. It should be noted that multiple path disclosure issues also exist.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Each of these modules does not properly handle the backtick character at precise locations in queries. Because of this, it is possible to create a custom command that will be executed with the privileges of the PHPNuke application.

1. WSMP3 Remote Command Execution Vulnerability BugTraq ID: 7645 Remote: Yes Date Published: May 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7645 Summary:

WsMp3 is a web server designed to stream MP3 files over the internet. It is available for the Linux operating system.

A vulnerability has been reported for WsMp3. The problem is said to occur due to insufficient sanitization of HTTP POST requests. Specifically, WsMp3 fails to strip directory traversal sequences (../) from requests. As a result, an attacker may be capable of running arbitrary executables. This may lead to the complete compromise of a target system.

All files executed in this manner would be invoked with the privileges of WsMp3d, typically root.

This vulnerability is said to affect WsMp3 0.0.10 and earlier.

1. Apple QuickTime/Darwin Streaming Server QTSSReflector Module Integer Overflow Vulnerability BugTraq ID: 7659 Remote: Yes Date Published: May 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7659 Summary:

The Darwin/QuickTime Streaming Servers are used as a web interface for Streaming Server configuration. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

A vulnerability has been reported for Apple Quicktime/Darwin Streaming Server. The problem is said to occur within the QTSSReflector module while processing the ANNOUNCE command. Specifically, by specifying the Content-Length of an ANNOUNCE request to 0xffffffff (4294967295) it may be possible to overflow an unsigned integer. As a result, an unexpected calculation may occur within the affected module, causing the server to crash. Due to the nature of the value that is supplied to Content-Length, this issue may actually be a result of signed/unsigned variable mismatching. This behavior however has not been confirmed.

It should be noted that it has been speculated that this issue may be exploitable to corrupt process memory. If so, it may be possible for an attacker to overwrite sensitive values in an attempt to execute arbitrary instructions with the privileges of the server.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Apple has confirmed that this issue may be exploitable to trigger a denial of service. However, it is believed that remote exploitability is unlikely as it would require an administrator to manually configure the service to permit unauthenticated broadcasts.

1. Apple QuickTime/Darwin Streaming MP3Broadcaster ID3 Tag Handling Vulnerability BugTraq ID: 7660 Remote: Yes Date Published: May 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7660 Summary:

The Apple QuickTime/Darwin MP3 Broadcaster is encoding software used to stream online broadcasts. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

MP3Broadcaster has been reported prone to a vulnerability when processing malformed ID3 tag information. The issue presents itself, under specific conditions, when the user invokes the MP3Broadcaster utility using the '-X -l' command line options, to generate a list based off malicious MP3 files. When a malformed integer within the ID3 data of a malicious MP3 file is processed, a miscalculation may occur which could potentially result in the corruption of process memory. This is likely due to insufficient sanity checks performed when handling signed integer values contained within MP3 file ID3 tags.

Apple has confirmed that this issue may be exploitable to trigger a denial of service. However, it is believed that remote exploitability is unlikely, as it would require an administrator to manually configure the service to permit unauthenticated broadcasts.

1. Polymorph Filename Buffer Overflow Vulnerability BugTraq ID: 7663 Remote: No Date Published: May 22 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7663 Summary:

Polymorph is a tool designed to convert filenames that are corrupted/created in a windows environment into a more readable format for Unix platforms.

Polymorph for Linux has been reported prone to a buffer overflow vulnerability.

The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space.

Specifically, excessive data (2080 bytes) passed as the '-f' file argument to the vulnerable Polymorph executable, when copied into internal memory, may overrun the boundary of the assigned buffer and corrupt adjacent memory. Memory adjacent to this buffer has been reported to contain values that are crucial to controlling program execution flow. Therefore it is possible for a local attacker to seize control of the vulnerable application and have malicious arbitrary code executed in the context of the user running Polymorph.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

It should be noted that although this vulnerability has been reported to affect Polymorph version 0.4.0 previous versions might also be affected.

1. CUPS Cupsd Request Method Denial Of Service Vulnerability BugTraq ID: 7637 Remote: Yes Date Published: May 20 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7637 Summary:

CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix based systems.

The cupsd has been reported prone to a denial of service vulnerability.

The issue presents itself when a remote attacker invokes an incomplete HTTP POST request. The cupsd does not adequately apply a time-out process for the operation and service is denied to subsequent cupsd requests.

This issue may be exploited by remote attackers to deny cupsd service to legitimate users.

1. WSMP3 Remote Information Disclosure Vulnerability BugTraq ID: 7642 Remote: Yes Date Published: May 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7642 Summary:

WsMp3 is a web server designed to stream MP3 files over the internet. It is available for the Linux operating system.

A vulnerability has been reported for WsMp3. The problem is said to occur due to insufficient sanitization of HTTP GET requests. Specifically, WsMp3 fails to strip directory traversal sequences (../) from requests. As a result, an attacker may be capable of accessing the contents of sensitive system resources. Information obtained in this manner may aid an attacker in launching further attacks against the target system.

All files accessed in this manner will be done so with the privileges of WsMp3d, typically root.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability is said to affect WsMp3 0.0.10 and earlier.

1. Demarc PureSecure Plaintext Password Vulnerability BugTraq ID: 7650 Remote: No Date Published: May 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7650 Summary:

Demarc PureSecure is a commercially available graphical front-end for Snort, in addition to being a generalized network monitoring solution. Snort is a popular open-source NIDS (Network Intrusion Detection System). Demarc PureSecure will run on most Linux and Unix variants, as well as Microsoft Windows NT/2000/XP operating systems.

A problem with the Demarc PureSecure software could make unauthorized access to user credentials possible.

It has been reported that a problem exists in the method used in the storage of passwords by Demarc PureSecure. This could lead to users gaining unauthorized access to passwords, and potentially unauthorized access to the central/remote logging server.

Specifically, Demarc PureSecure stores certain user passwords on the disk using plain-text format by default. A local user with access sufficient to read the files used by the Demarc PureSecure may disclose the usernames and passwords.

Information gathered in this way may be used to aid in further attacks launched against the vulnerable system.

It should be noted that although this vulnerability has been reported to affect Demarc PureSecure version 1.0.6 previous versions might also be affected.

III. LINUX FOCUS LIST SUMMARY

1. hardening scripts (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/91/322483

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. Tricryption Engine by ERUCES Platforms: N/A Relevant URL: http://www.eruces.com/default.asp?-=3Tech-TricryptionEngine Summary:

The ERUCES Tricryption Engine is an enabling technology platform based on the most advanced high-volume encryption and automated key management system on the market today. The Tricryption Engine is the only data security platform that can scale to meet the continually growing encryption requirements companies must implement. As organizations look for methods to protect increasing amounts of electronic data, they need to deploy solutions that will completely prohibit unauthorized users from reading or tampering with protected data, while at the same time remove the constraints of system performance and on-going management. With its patent-pending automated encryption key management process, the Tricryption Engine platform can be used to protect all types of electronic data, from databases to multimedia files.

2. Luna XL
by Chrysalis-ITS
Platforms: Linux, Solaris, Windows 2000, Windows NT Relevant URL:
http://www.chrysalis-its.com/trusted_systems/luna_xl.htm Summary:

Luna XL delivers high-performance hardware-based SSL acceleration for your secure web server, adding security to high value e-business transactions. Luna XL offers trench-tested key management for your SSL sessions without the performance penalty.

3. ArcSight Enterprise Security Management Software by ArcSight
Platforms: AIX, Linux, Solaris, Windows 2000, Windows NT Relevant URL:
http://www.arcsight.com/product.htm
Summary:

ArcSight is designed to distribute agents throughout the network, which will report events to central management stations. Administrators can then view events, control security policies and even replay a sequence of events to watch the attack unfold.

V. NEW TOOLS FOR LINUX PLATFORMS

1. Encrypted Virtual File System v0.3 by sd Relevant URL: http://hysteria.sk/evfs Platforms: Linux Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

EVFS is a Linux virtual filesystem which sits on top of VFS to access the underlying filesystem. This means users can mount any directory containing encrypted data to any other directory (=clone), but the second will be encrypted/decrypted transparently until it is unmounted. It has multi-user support so that regular users can mount their own evfs filesystems from and to directories they own. Therefore it's possible to have a totally encrypted filesystem, each user with their own key.

2. LFT v2.2
by MainNerve
Relevant URL:
http://www.MainNerve.com/fft/
Platforms: FreeBSD, Linux, MacOS, OpenBSD, Solaris, SunOS Summary:

LFT (formerly FFT) is an alternative traceroute program for displaying the route packets take to an IP network host/socket. Unlike Van Jacobson's traceroute, which is available on almost every platform today, LFT uses TCP in order to elicit ICMP TIME_EXCEEDEDs or other IP route data. As a result, LFT often executes much faster and sees behind some configurations of firewalls. Its stateful engine lets the user know when it encounters a stateful firewall or other interesting conditions. It also does AS number and netblock name lookups en route. Most importantly, LFT can trace specific TCP-based protocol routes (not just IP) to assist network engineers with manual fault isolation of network application problems.

3. mtr v0.54
by Matt Kimball and Roger Wolff
Relevant URL:
http://www.bitwizard.nl/mtr/
Platforms: Linux, Solaris
Summary:

mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.

VI. SPONSOR INFORMATION

FREE White Paper: "How A Hacker Launches A Web App Attack!" Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation.

All undetectable by Firewalls and IDS!

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

Visit us at: http://www.spidynamics.com/mktg/webappsecurity103