SecurityFocus Linux Newsletter #135

SecurityFocus Linux Newsletter #135

ALERT: Top 10 Web Application Attack Techniques and Methods to Combat them.

Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation. All undetectable by Firewalls and IDS!  

Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.securityfocus.com/SPIDynamics-linux-secnews3

I. FRONT AND CENTER

1. The Enemy Within: Firewalls and Backdoors
2. Adding Security to the Cert
3. Learning to Love Big Brother
4. Welcome to the SecurityFocus Firewalls Focus Area
5. Welcome to the SecurityFocus Pen-Test Focus Area II. LINUX VULNERABILITY SUMMARY
6. myServer HTTP GET Argument Buffer Overflow Vulnerability
7. XMame Lang Local Buffer Overflow Vulnerability
8. Cafelog b2 B2MenuTop Script B2INC Variable Include Vulnerability
9. Geeklog Image Upload Extension Validation Vulnerability
10. Zeus Web Server Admin Interface VS_Diag.CGI Cross Site...
11. Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability
12. Red Hat Linux EXT3 Filesystem Data Corruption Vulnerability
13. Multiple GPS Local And Remote Vulnerabilities
14. Geeklog Authentication SQL Injection Vulnerability
15. GNU GCC Implicit Struct Copy Memory Corruption Vulnerability
16. PHP Transparent Session ID Cross Site Scripting Vulnerability
17. Red Hat Linux Kernel MXCSR Handler Unspecified Vulnerability
18. Apache Tomcat Insecure Directory Permissions Vulnerability
19. Linux Kernel Fragment Reassembly Remote Denial Of Service...
20. Webfroot Shoutbox Expanded.PHP Remote Command Execution...
21. Webfroot Shoutbox Expanded.PHP Remote Directory Traversal...
22. Cafelog b2 B2Functions Script B2INC Variable Include...
23. CafeLog b2 Blog.Header Script SQL Injection Vulnerability
24. Pi3Web SortName Buffer Overflow Vulnerability
25. Multiple Vendor kon2 Local Buffer Overflow Vulnerability
26. Red Hat Linux TTY Layer Kernel Panic Denial Of Service... III. LINUX FOCUS LIST SUMMARY
27. deny deleting a file for users.. trying a solution (Thread)
28. deny deleting a file for users (Thread)
29. Linux firewall/IDS/NAT suggestions (Thread)
30. New Focus Areas on SecurityFocus.com (Thread)
31. process accounting (Thread) IV. NEW PRODUCTS FOR LINUX PLATFORMS
32. e-Security Management Platform
33. Novell Account Management
34. Tripwire Manager
35. NEW TOOLS FOR LINUX PLATFORMS
36. Passcheck v2.99
37. CanIt v1.11(Stable)
38. Cerberus Intrusion Detection System v0.0.3 VI. SPONSOR INFORMATION
39. FRONT AND CENTER

    ---

40. The Enemy Within: Firewalls and Backdoors by Bob Rudis, CISSP, and Phil Kostenbade, CISSP

This article presents an overview of modern backdoor techniques, discusses how they can be used to bypass the security infrastructure that exists in most network deployments and issues a wake-up call for those relying on current technologies to safeguard their systems/networks.

http://www.securityfocus.com/infocus/1701

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Adding Security to the Cert
By Tim Mullen

Shiftless third-party prep courses have made MCSE certification less valuable. Is Microsoft's new security cert doomed to the same fate?

http://www.securityfocus.com/columnists/166

2. Welcome to the SecurityFocus Firewalls Focus Area By Marcus Ranum

SecurityFocus is very pleased to announce the roll-out of the new Firewalls focus area.

http://www.securityfocus.com/columnists/165

3. Welcome to the SecurityFocus Firewalls Focus Area By Marcus Ranum

SecurityFocus is very pleased to announce the roll-out of the new Firewalls focus area.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1700

4. Welcome to the SecurityFocus Pen-Test Focus Area By Ivan Arce

The new SecurityFocus Pen-Test focus area offers a unique forum for the exchange of pen-test information.

http://www.securityfocus.com/infocus/1699

II. BUGTRAQ SUMMARY

1. myServer HTTP GET Argument Buffer Overflow Vulnerability BugTraq ID: 7770 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7770 Summary:

myServer is an application and web server for Microsoft Windows and Linux operating systems.

myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP requests of excessive length. Specifically, when the web server processes an argument passed to a malicious HTTP GET request that consists of more than 4100+ bytes, the web server will crash. This will result in a denial of service condition.

It is possible that this vulnerability may also allow the execution of arbitrary instructions. Any instructions carried out through this vulnerability would be with the privileges of the web server process. However, the possibility of code execution has not been confirmed.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for myServer version 0.4.1 It is likely that other versions are also affected.

2. XMame Lang Local Buffer Overflow Vulnerability BugTraq ID: 7773
Remote: No
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7773
Summary:

Xmame is a port of the MAME arcade emulator. It is available for Linux and Unix systems.

Xmame is prone to a locally exploitable buffer overflow. The issue exists in the xmame.x11 executable. This is due to insufficient bounds checking of the command line parameter used to specify language settings (--lang). By specifying an excessively long language parameter, it is possible to corrupt stack memory with attacker-supplied values. This could be exploited to control execution flow and cause execution of malicious instructions.

Some builds of Xmame require setuid root privileges to operate properly, particularly those builds with svgalib/xf86_dga support enabled. Successful exploitation on some systems could result in execution of arbitrary code with elevated privileges.

3. Cafelog b2 B2MenuTop Script B2INC Variable Include Vulnerability BugTraq ID: 7786
Remote: Yes
Date Published: Jun 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7786
Summary:

CafeLog b2 allows users to generate news pages and weblogs dynamically. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

A remote file include vulnerability has been reported in Cafelog b2. Due to insufficient sanitization of user-supplied values in the b2menutop.php script, it is possible for a remote attacker to influence the location of included files.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the '$b2inc' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the web server. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for Cafelog 0.6.2.

4. Geeklog Image Upload Extension Validation Vulnerability BugTraq ID: 7744
Remote: Yes
Date Published: May 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7744
Summary:

Geeklog is open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog allows weblog users to upload images. Uploaded images should have certain extensions (such as .jpg or .gif). However, Geeklog does not sufficiently validate image upload extensions. This issue exists in the users and stories modules. It may be possible for an attacker to upload a file with an arbitrary extension, such as a script, and then request the file.

Depending on web server configuration, this could result in execution of arbitrary commands or file corruption. More sophisticated attacks could also occur, given that this vulnerability allows a remote attacker to place files with arbitrary extensions on the host.

5. Zeus Web Server Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability BugTraq ID: 7751
Remote: Yes
Date Published: May 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7751
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Zeus Web Server is a proprietary webserver for Unix, Linux, Sun, BSD, HP-UX, and Apple OS X platforms.

The web-based administration interface included in Zeus Web Server is vulnerable to cross site scripting attacks. Specifically, the vs_diag.cgi application does not sufficiently sanitize user-supplied input. Thus, it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code. Attacker-supplied HTML and script code may be executed on a web client visiting the malicious link in the context of the vulnerable server.

It is important to note that the user must supply a username and password for the administrative interface before the script will execute. The vendor has stated that cookies are not used to store any sort of authentication credentials. Thus, this vulnerability cannot be exploited to obtain administrative passwords and other sensitive information.

This vulnerability was reported for Zeus 4.2r2 and earlier.

6. Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability BugTraq ID: 7760
Remote: Yes
Date Published: May 30 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7760
Summary:

The /bin/mail utility is a mail processing system which can be used to send and receive e-mail messages. It is available for the Unix and Linux operating systems.

A vulnerability has been discovered in /bin/mail on the Linux operating system. The problem occurs when processing the 'CC:' field within an e-mail message. Due to insufficient bounds checking, handling approximately 8824 bytes of data will trigger a buffer overrun.

Successful exploitation of this issue could allow an attacker to execute arbitrary commands with the privileges of /bin/mail. It should be noted that local exploitation of this vulnerability may be inconsequential. However, a malicious e-mail message referenced by the vulnerability utility or a remote CGI interface may both be sufficient conduits for remote exploitation.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Red Hat Linux EXT3 Filesystem Data Corruption Vulnerability BugTraq ID: 7795
Remote: No
Date Published: Jun 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7795
Summary:

A potential data corruption vulnerability has been identified in the Red Hat Linux kernel.

The potential issue may be exploitable under very restrictive circumstances. In an ext3 file-system environment where the system is processing heavy complex memory mapped file I/O loads, if the mapped writes are to a partial page at the end of a file, a file may be simultaneously unlinked and the corresponding mapped file blocks reallocated. This action may potentially cause the corruption of arbitrary files.

If an attacker can recreate the necessary environment, it may be possible to create a condition where arbitrary files are corrupted.

8. Multiple GPS Local And Remote Vulnerabilities BugTraq ID: 7736
Remote: Yes
Date Published: May 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7736
Summary:

Graphical Process Statistics (gps) is graphical process monitoring software. gps provides functionality for polling processes over a network. It is available for Unix and Linux variants.

gps is prone to multiple local and remote vulnerabilities. The following issues were reported:

A flaw in the implementation of the rgpsp source connection acceptance policy could permit unauthorized hosts to make connections. This could occur even if not permitted by the /etc/rgpsp.conf file.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Multiple unspecified potential buffer overflows were addressed that could allow for execution of malicious instructions in the context of the software.

Misformatting of rgpsp protocol command line parameters could potentially cause the protocol to fail.

A buffer overrun could occur if rgpsp attempts to handle process information with excessive command line data. Command line data in excess of 128 characters could potentially corrupt memory. This may be exploited to execute arbitrary code in the context of the user running rgpsp.

This BID will be divided into separate records when further analysis of these issues is complete. It should be noted that these issues were all fixed as of version 1.1.0, which was released April 28th, 2002. Fixes span a number of earlier releases, so it is possible that these issues have been public knowledge for some time. Further information will be included in individual BIDs.

9. Geeklog Authentication SQL Injection Vulnerability BugTraq ID: 7742
Remote: Yes
Date Published: May 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7742
Summary:

Geeklog is open-source weblog software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Geeklog is reported to be prone to SQL injection attacks during authentication. This is due to insufficient sanitization of cookie values, which will be used in database queries. This could permit an attacker to inject SQL code.

It has been demonstrated that vulnerability may allow a remote attacker to modify query logic and gain access to arbitrary Geeklog accounts, allowing for compromise of the software. It may also be possible, depending on the database implementation and other factors, to launch attacks against the database. This could result in disclosure of sensitive information or other consequences.

1. GNU GCC Implicit Struct Copy Memory Corruption Vulnerability BugTraq ID: 7743 Remote: Yes Date Published: May 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7743 Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

GNU gcc is a C programming language compiler designed for the Linux and Unix operating systems. It supports the use of various command-line optimization switches that can be used to significantly reduce the number of instructions needed to execute.

A potential vulnerability has been reported for the GNU gcc compiler. The problem is said to affect versions prior to 3.2.3. The problem is said to occur when the '-O2' optimization switch has been used during the compilation of a program implementing implicit structure copying.

When carrying out the structure copying procedures, values stored within previously declared structures may be unexpectedly corrupted. Furthermore, new data meant to replace data within a structure may not be copied correctly. As a result, this issue may also result in the disclosure of sensitive internal program data.

Successful exploitation of this issue could potentially allow an attacker to modify internal data structures in such a way that the execution flow of the process may be controlled. This may be possible through the corruption of a function pointer or bounds checking parameter.

1. PHP Transparent Session ID Cross Site Scripting Vulnerability BugTraq ID: 7761 Remote: Yes Date Published: May 30 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7761 Summary:

PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems.

PHP contains an option known as transparent session IDs. This feature allows session IDs to be embedded with a URL.

A cross-site scripting vulnerability has been discovered in PHP version 4.3.1 and earlier. The problem occurs when the 'session.use_trans_sid' global parameter has been enabled.

Due to insufficient sanitization of the PHPSESSID URI parameter, it is possible for an attacker to embed malicious script code within a link. By embedding malicious code in such a way that an HTML tag will be prematurely terminated, it may be possible to execute arbitrary script code.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation of this issue would allow an attacker to execute arbitrary script code in a victim's browser within the context of the visited website. This may allow for the theft of sensitive information, such as session ID's, or possibly other attacks.

It should be noted that PHP versions prior to release 4.2.0 do not support transparent session IDs by default. Support must be specified during initial compilation.

1. Red Hat Linux Kernel MXCSR Handler Unspecified Vulnerability BugTraq ID: 7793 Remote: No Date Published: Jun 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7793 Summary:

The Intel MXCSR register contains control/status information for the SSE registers.

The Red Hat Linux Kernel MXCSR handler code has been reported prone to an unspecified vulnerability.

The issue presents itself when low-level MXCSR kernel code encounters a malformed address. It has been reported that the MXCSR code fails to sufficiently handle malformed address data and will leave garbage in the CPU state registers.

Although speculative, it has been conjectured that this issue may allow an attacker to corrupt CPU state registers and trigger a denial of service condition if the kernel relies on current register contents. Although unconfirmed other attacks may also be possible.

It should be noted that this vulnerability will only affect systems running on the Intel architectures.

This BID will be updated as further technical details are released.

1. Apache Tomcat Insecure Directory Permissions Vulnerability BugTraq ID: 7768 Remote: No Date Published: Jun 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7768 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Tomcat is a web server and JSP/Servlet container that is developed by Apache as part of the Jakarta project.

Apache Tomcat may be installed with world-readable permissions for the /opt/tomcat/ directory. Files in this directory may contain sensitive information, such as authentication credentials. Local users may potentially gain unauthorized access to these files as a result.

This issue was reported for Apache Tomcat versions prior to 4.1.24 on Gentoo Linux. It is not known if other distributions are similarly affected.

1. Linux Kernel Fragment Reassembly Remote Denial Of Service Vulnerability BugTraq ID: 7797 Remote: Yes Date Published: Jun 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7797 Summary:

The Linux kernel is the core of all Linux operating systems. It is community-maintained.

A problem in the kernel network code could make a remote denial of service possible.

It has been reported that the Linux kernel does not properly handle some specific types of network traffic. Because of this, an attacker may be able to cause excessive consumption of resources with malicious TCP/IP packets, resulting in a denial of service.

The problem is in the handling packet reassembly. By sending maliciously crafted packet fragments to a system using the vulnerable kernel, it would be possible to consume an excessive amount of resources during the packet reassembly phase. This could cause the system to become unstable.

This vulnerability has been reported to be similar to the issue described in 7601.

1. Webfroot Shoutbox Expanded.PHP Remote Command Execution Vulnerability BugTraq ID: 7772 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7772 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Webfroot Shoutbox is a web application designed to allow web site visitors a chance to leave messages. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of input into the expanded.php script.

An attacker can exploit this vulnerability to insert malicious PHP code into the web server logs which can then be executed by the PHP interpreter when the logs are requested. This will allow an attacker to execute arbitrary commands on a vulnerable system in the context of the web server.

This vulnerability was reported to affect Webfroot Shoutbox 2.32 and earlier.

1. Webfroot Shoutbox Expanded.PHP Remote Directory Traversal Vulnerability BugTraq ID: 7775 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7775 Summary:

Webfroot Shoutbox is a web application designed to allow web site visitors a chance to leave messages. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

A problem in Shoutbox may result in traversal attacks. The vulnerability exists due to insufficient sanitization of user-supplied values to the expanded.php script, and could allow the viewing of potentially sensitive files by attackers.

An attacker can exploit this vulnerability by manipulating the value of the 'conf' URI parameter submitted to the expanded.php script to obtain any files readable by the web server.

Information obtained in this manner may allow an attacker to launch further, potentially destructive attacks against a vulnerable system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported to affect Webfroot Shoutbox 2.32 and earlier.

1. Cafelog b2 B2Functions Script B2INC Variable Include Vulnerability BugTraq ID: 7782 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7782 Summary:

CafeLog b2 WebLog Tool allows users to generate news pages and weblogs dynamically. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

A remote file include vulnerability has been reported in Cafelog b2. Due to insufficient sanitization of user-supplied values by the b2functions.php script, it is possible for a remote attacker to influence the location of included files.

An attacker may exploit this by supplying a path to a maliciously created file, located on an attacker-controlled host as a value for the '$b2inc' parameter.

If the remote file is a malicious PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the web server. Successful exploitation may provide local access to the attacker.

This vulnerability was reported for Cafelog 0.6.1.

1. CafeLog b2 Blog.Header Script SQL Injection Vulnerability BugTraq ID: 7783 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7783 Summary:

Cafelog b2 WebLog Tool allows users to generate news pages and weblogs dynamically. It is implemented in PHP and is available for the Unix, Linux, and Microsoft Windows platforms.

The Cafelog b2 tool does not properly sanitize user input sent to the blog.header.php script. Because of this, it is possible for an attacker to pass malicious SQL code to the underlying database.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The problems is in the checking of the $posts variable of the script. SQL code may be inserted into the variable, and will in turn be executed by the database server. Requests could include adding, deleting, and modifying data. Additionally, this may allow a remote attacker to exploit vulnerabilities that exist in the underlying database.

1. Pi3Web SortName Buffer Overflow Vulnerability BugTraq ID: 7787 Remote: Yes Date Published: Jun 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7787 Summary:

Pi3Web is a free, multi platform, configurable HTTP server and development environment. It is available for Unix/Linux variants and Microsoft Windows operating systems.

Pi3Web is prone to a buffer overflow vulnerability. This is due to insufficient bounds checking of URI parameters. It is possible to trigger this condition by specifying a 'SortName' URI parameter of excessive length. Excess data will overrun adjacent regions of memory. This condition could be exploited to cause a denial of service or possibly to execute malicious instructions in the context of the server.

This issue was reported for Pi3Web 2.0.2 Beta 1 on Windows platforms.

It was originally believed that this condition only existed with certain indexing configurations but additional reports indicate that this is not the case.

20. Multiple Vendor kon2 Local Buffer Overflow Vulnerability BugTraq ID: 7790
Remote: No
Date Published: Jun 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7790
Summary:

kon2 is a Kanji emulator for the Linux console.

A buffer overflow vulnerability has been reported for the kon2 utility shipped with various Linux distributions. Exploitation of this vulnerability may result in a local attacker obtaining elevated privileges on a vulnerable system.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability exists due to insufficient bounds checking performed on some commandline options passed to the vulnerable utility.

A local attacker can exploit this vulnerability by invoking kon2 with overly long commandline options. This will trigger the overflow condition and may result in an attacker obtaining root privileges.

This vulnerability was reported for kon2 0.3.9b and earlier.

21. Red Hat Linux TTY Layer Kernel Panic Denial Of Service Vulnerability BugTraq ID: 7791
Remote: No
Date Published: Jun 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7791
Summary:

The TTY layer is used to process input and output supplied to and from the console.

A vulnerability has been reported in the TTY layer that may result in a kernel panic.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

III. LINUX FOCUS LIST SUMMARY

1. deny deleting a file for users.. trying a solution (Thread) Relevant URL:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/91/324095

2. deny deleting a file for users (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/323979

3. Linux firewall/IDS/NAT suggestions (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/323965

4. New Focus Areas on SecurityFocus.com (Thread) Relevant URL:

http://www.securityfocus.com/archive/91/323731

5. process accounting (Thread)
Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/archive/91/323685

IV. NEW PRODUCTS FOR LINUX PLATFORMS

1. 1. e-Security Management Platform by e-Security Platforms: AIX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, Solaris, SunOS, True64 UNIX, Windows 2000, Windows NT Relevant URL: http://www.esecurityinc.com/ Summary:

e-Security is the leading provider of Security Event Management software. The e-Security Management Platform aggregates, standardizes, analyzes and reports all security event information from multiple devices across the enterprise (Firewalls, Intrusion Detection Systems, Anti-Virus, VPNs, etc.) in a centralized console in real-time. This information is then correlated with the Security Focus Attack and Vulnerability Database, the most comprehensive database of known threats available, to deliver customers insight into their vulnerabilities, expert advice, and recommended steps toward remediation.

2. Novell Account Management
by Novell
Platforms: AIX, FreeBSD, HP-UX, Linux, OS/390, Solaris, Windows 2000, Windows NT
Relevant URL:
http://www.novell.com/products/edirectory/accountmanagement/ Summary:

To protect your servers and their resources, you need a uniform way to control and manage user account information across your various network platforms, including OS/390, Linux, Solaris, AIX, HP-UX, Windows NT Domain, Windows 2000 AD, Windows 2000/NT standalone and FreeBSD. Novell® Account Management is a cross-platform access-management product that provides consistent protection so your server platforms can work together reliably, as one Net. In addition, with Novell Account Management you can do the following:

3. Tripwire Manager
by Tripwire, Inc.
Platforms: Linux, Solaris, Windows 2000, Windows NT Relevant URL:
http://www.tripwire.com/products/manager/index.cfm? Summary:

Tripwire Manager is a fully functional, cross-platform management console that allows you to easily manage all installations of Tripwire for Servers across an enterprise network. Tripwire Manager eliminates the need to manually monitor multiple discrete network platforms and point solutions. Instead, you have a comprehensive view of data and network integrity status from a single, centralized console. Tripwire Manager saves time by pinpointing integrity violations and reduces management costs by providing rapid access to detailed reports and actionable data.

V. NEW TOOLS FOR LINUX PLATFORMS

1. Passcheck v2.99 by merlin262 Relevant URL: http://savannah.nongnu.org/projects/passcheck/ Platforms: Linux Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Passcheck is a drop-in replacement or rewrite of the original cracklib, and shares no code with the original. It features an enhanced dictionary check, and the ability to use the standard system wordlist.

2. CanIt v1.11(Stable)
by David F. Skoll
Relevant URL:
http://www.canit.ca/
Platforms: POSIX, UNIX
Summary:

CanIt is a server-based spam-control system built around SpamAssassin, MIMEDefang, Apache, and PostgreSQL. It features sophisticated spam-handling techniques which minimize the amount of spam you receive while guaranteeing that you'll never lose a valid email. CanIt achieves extraordinarily accurate discrimination through human intervention, and includes mechanisms to minimize the amount of human intervention required.

3. Cerberus Intrusion Detection System v0.0.3 by visage
Relevant URL:
http://www.javaspot.net/articles/cids
Platforms: Linux, POSIX
Summary:

CIDS is an intrusion detection system, not based on packets, but rather based on actual intrusion recognition (as in a remote login from root, etc). It also logs scanning attempts and all remote attempts. It is good for private users looking for some form of security on their box.

VI. SPONSOR INFORMATION

This issue brought to you by: SPI Dynamics

ALERT: Top 10 Web Application Attack Techniques and Methods to Combat them.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Learn why 70% of today's successful hacks involve Web Application attacks such as: SQL Injection, XSS, Cookie Manipulation, and Parameter Manipulation. All undetectable by Firewalls and IDS!  

Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.securityfocus.com/SPIDynamics-linux-secnews3 Received on Mon Jun 9 15:00:46 2003