Copy Link
Add to Bookmark
Report
Net-Sec Issue 060
HNS Newsletter
Issue 60 - 23.04.2001
http://net-security.org
http://security-db.com
This is a newsletter delivered to you by Help Net Security. It covers weekly
roundups of security events that were in the news the past week. Visit Help
Net Security for the latest security news - http://www.net-security.org.
Subscribe to this weekly digest on:
http://www.net-security.org/text/newsletter
Archive of the newsletter in TXT and PDF format is available here:
http://www.net-security.org/news/archive/newsletter
Current subscriber count to this digest: 2258
Table of contents:
1) General security news
2) Security issues
3) Security world
4) Featured products
5) Featured article
6) Security software
7) Defaced archives
========================================================
Advertisement - HAL 2001
========================================================
Between 10th and 12th August, thousands of hackers will populate the
green fields of the campus of the University of Twente, converting it into
a large doubleplus-extrawired campsite. When not visiting lectures or
workshops, we'll be engaged in technical or political discussions, or
maybe just relaxing somewhere in the grass.
If you can truly celebrate the Internet and embrace new technologies,
without forgetting your responsibility to tell others that new technologies
come with new risks to the individual and to society as a whole, then this
is the place to be this summer. To be sure of an entrance ticket, register
now! Visit us at http://www.hal2001.org
========================================================
General security news
---------------------
----------------------------------------------------------------------------
AVOIDING SECURITY HOLES WHEN DEVELOPING AN APPLICATION
This series of articles tries to put the emphasis on the main security holes that
can appear within applications. It shows ways to avoid those holes by changing
development habits a little. This article, focuses on memory organization and
layout and explains the relationship between a function and memory. The last
section shows how to build shellcode.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://mercury.chem.pitt.edu/~tiho/LinuxFocus/English/March2001/article183.shtml
USING GNUPG WITH PINE FOR SECURE E-MAIL
Many people have no problems sending sensitive data via e-mail. Most of us do
not know how easy it is for anybody to read it. Just because somebody holds
the title of "Systems Administrator" does not mean they can be trusted. What
is stopping them from reading your e-mail? Nothing. This is where PGP comes
in; it is easy-to-use encryption meant for the common person.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxsecurity.com/feature_stories/feature_story-83.html
EX-SOVIET STATES A HOTBED FOR HACKING
Tonu Samuel says he is part of the solution to the growing threat from
computer hackers and cybercriminals. The Estonian Internet company
whose system Samuel hacked into says he is part of the problem. Their
dispute is a small one in a small nation, but it captures the challenges
facing companies and governments in the Internet age.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://chicagotribune.com/news/nationworld/article/0,2669,SAV-0104150339,FF.html
PREPARING FOR THE SCRIPT-FORM ATTACK
"Today we live in an electronic era, with the use of the Internet growing by
leaps and bounds. Along with this growth, we have unfortunately witnessed
an increase in the distribution of viruses, DoS attacks, and the break-in and
modification of home pages on Web servers operated by government agencies,
commercial organizations, and academia. The purpose of this article is to
acquaint readers with a relatively new type of network-based attack that
can cost your organization money. I will describe what I call a "script-form"
attack; I will first examine how this attack can occur, and some prevention
methods."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.sysadminmag.com/current/0105o/0105o.htm
FROM TEEN HACKERS TO JOB HUNTERS
At age 3, Patrick Roanhouse got his first computer. At 7, he figured out
how to construct a modem out of scrap parts. By 14, he was running
around cyberspace under the alias "Anarchist" and working up all sorts of
havoc. Then he met the 2600 Club. The group, which publishes a popular
hacker magazine, has an almost mythical reputation. It has been investigated
by the Secret Service and has inspired monthly gatherings in more than 100
cities around the world. Patrick thought 2600 would teach him how to hack.
Instead, it taught him about job hunting, stock options and business plans.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.washtech.com/news/media/9091-1.html
CHINESE DEFACERS UNDER INVESTIGATION
Chinese defacers, possibly angry about the downing of one of their nation's
fighter jets last week, are under investigation by U.S. officials related to the
defacement of nine U.S. Web sites.
Link: http://www.law.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=law/View&c=Article&cid=ZZZE6G3MILC&live=true&cst=1&pc=5&pa=0&s=News&ExpIgnore=true&showsummary=0
MANTRAP COMING TO INDIA
'Mantrap' will trap the attacker or any malicious intruder by employing 'decoys'
at various strategic points of the system and will 'distract' him/her away from
the original system. According to Times of India Online, the solution developed
by PeakXV Networks, will be soon introduced in India.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.timesofindia.com/today/17info5.htm
JUMPSTART FOR SOLARIS SYSTEMS PART II
This is the second of two articles examining JumpStart, a tool that enables
Solaris system administrators to install and configure systems remotely. In
the first article we introduced Sun's JumpStart system as well as the
JumpStart Architecture and Security Scripts (JASS) toolkit from Sun. We
also showed how the JumpStart system allows a system administrator to
automate the installation of Solaris systems, while the JASS toolkit builds
on top of JumpStart to allow the automated installation of hardened
systems. This article will focus on the use of the JASS toolkit in the
installation of a bastion mail host.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/sun/articles/jumpstart2.html
IP INSECURITY
Stolen credit card numbers, hacked federal computer systems and other high
profile online assaults have put many users on their guards and focused the
attention of security managers on high-level intrusion-detection systems,
chains of firewalls and other high-level defenses. But many forget that, no
matter how hard they try to secure a site, vulnerabilities built into the fabric
of the Internet still leave them at risk - even though measures to shut down
the most glaringly common vulnerabilities are easily available.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.computerworld.com/cwi/story/0,1199,NAV47_STO59610,00.html
IPTABLES BASICS NHF
"I'm sure many of you have been wondering how to use iptables to set up a
basic firewall. I was wondering the same thing for a long time until I recently
figured it out. I'll try to explain the basics to at least get you started."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html
FTP ATTACKS
FTP used to be the king of the Internet. If you wanted to download something
you went to your favorite ftp server or used Archie to find the file. Even today,
the number of ftp servers is staggering, and many ftp sites contain several
hundred gigabytes of online archives (take a look at your local sunsite). FTP
was built to be an extremely flexible protocol, and therein lie many of it's
problems. The FTP protocol not only allows you to transfer files from an ftp
server to your machine but from one ftp server to another ftp server directly.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/closet/closet20010418.html
INTRUSION DETECTION
If a firewall is like having a security guard at your office door, checking
the credentials of everyone coming and going, then an intrusion-detection
system (IDS) is like having a network of sensors that tells you when
someone has broken in, where they are and what they're doing.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.itworld.com/News/2001/4/CED010416STO59611/
INFECTABLE OBJECTS, PART FIVE - HTML AND OTHER SCRIPTS
One of the more interesting developments in the virus world has been the
extension of viruses from compiled executable files into script files. There is
now an expanding range of script file types that can contain malicious code.
This article,the fifth and final in a series by SecurityFocus writer Robert Vibert,
will offer an overview of script file types that can contain viral code, including
batch files, Java, JavaScript and HTML files.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.securityfocus.com/focus/virus/articles/infobj5.html
BUG WATCH: IS LINUX SAFE FROM ATTACK?
Fresh concerns have come to light regarding the vulnerabilities of open source
operating systems to virus attacks. Last week's Red Worm virus was the latest
in a long line to target Linux. There's been a long-standing belief throughout
the Linux community that hackers and virus writers had better things to do
than target them with malicious attacks - a belief that is beginning to erode.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://thebusiness.vnunet.com/News/1120613
ACCUBYTE LEAVES CUSTOMER CREDIT CARD DETAILS EXPOSED
Customers of computer components supplier Accubyte have been encouraged
to check their credit card records for fraudulent misuse after it admitted that
its previously lax security left confidential information exposed.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.theregister.co.uk/content/8/18328.html
NEW TOOLS ADDRESS DENIAL-OF-SERVICE THREAT
Concerns about denial-of-service attacks are resulting in a growing number of
products and services aimed at helping companies detect, trace and block the
threat. But most of the technologies do little to prevent such attacks outright,
users said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.cnn.com/2001/TECH/internet/04/17/dos.tools.idg/index.html
'SANDBOXING' TECHNOLOGY CAN STIFLE HACKERS
Forget the popular myth of the teen hacker. An older, more sophisticated
hacker is out there, spreading malicious code disguised as files and standard
Internet apps into corporate networks. It's this fear of the unknown that's
starting to scare some IT managers into adding behavior-blocking, or
"sandboxing," technology, as a last line of defense at the desktop. Behavior
blocking prevents malicious code from doing something it's not authorized to
do. If a downloaded executable program tries to erase the PC's hard drive or
copy its address book, for instance, the software stops it cold.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.networkweek.com/wire/story/TWB20010418S0011
INTERNET BANKS 'IN DENIAL' ON HACKING THEFTS
At least four large internet banks in Britain have been attacked by computer
hackers, it emerged yesterday at the launch of a national police unit to tackle
cybercrime. It is believed that in each case at least hundreds of thousands of
pounds was stolen, but the banks concerned have been reluctant to report
the thefts for fear it will damage the credibility of banking online.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.guardianunlimited.co.uk/internetnews/story/0,7369,474815,00.html
CRACKERS EXPAND PRIVATE WAR
As China and the United States attempt to peacefully end their diplomatic
standoff sparked by the mid-air collision between a U.S. spy plane and a
Chinese fighter jet, crackers from both countries continue to wage private
wars on the Internet. American cracker group PoizonBOx has defaced at
least a hundred Chinese websites since April 4. Chinese hackers are now
vowing to retaliate with a planned week-long all-out crack attack on
American websites and networks which will start on May 1.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.wired.com/news/politics/0,1283,43134,00.html
SECURITY OF CENSUS DATA 'GUARANTEED'
The public and private agencies involved in the UK Census claim to have taken
all precautions to guarantee that the data will be secure. Information held at
the main purpose-built processing centre is stored on a closed network of
servers with no connection to the outside world, said Census project service
director Tom Rowe. "The system is on a local area network, with no network
connections. Anything which people could hack wouldn't be allowed," he said.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://thebusiness.vnunet.com/News/1120701
IMMUNIX REVIEW
If you get the security mailing list for your Linux distribution or browse CERT's
advisories, you've probably noticed that a majority of security advisories are
tied to buffer overflows. One aspect of security, then, is to prevent these
attacks whenever possible. This is where WireX and their Immunix distribution
and StackGuard compiler come in. WireX's StackGuard compiler is based on
the egcs compiler, but has been rewritten to remove buffer overflow
vulnerabilities. The Immunix distribution is based on Red Hat Linux 7.0,
but the majority of the distribution has been compiled with the StackGuard
compiler instead of the standard GNU compilers.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.unixreview.com/reviews/articles/0104/0104e.shtml
CODED WARNING
Hacking attacks are on the increase in the UK and concerns are mounting
that the country's leading organisations are not fully prepared to cope with
the problem. A report published last week claimed that a third of the UK's
major companies and public sector organisations had been hacked into by
cyber-terrorists. Speaking in the Commons, the foreign secretary, Robin
Cook, said: "Computers now manage most of our critical national infrastructure
but with these new opportunities there also comes the risk of new threats. A
computer-based attack could cripple the nation more quickly than a military
strike."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.guardian.co.uk/online/story/0,3605,474650,00.html
THE UNWIELDY E-COMMERCE SECURITY QUESTION
Government agencies and non-governmental nonprofit organizations have been
very busy announcing massive Internet fraud cases. Furthermore, the news
announcing cybercrimes has yet to ebb. One search engine lists more than
180,000 pages discussing the problem of credit card fraud.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.osopinion.com/perl/story/8993.html
NETWORK ENCRYPTION KEYS
[Q] My new 3Com wireless network has only one problem - each PC uses a
different grid to enter the encryption key.
[A]Those are just different ways to present the same number. An encryption
key - used to secure transmissions from one PC to another in your home
network - of 1122334455 will be displayed as 11.22.33.44.55 in the software
on one computer and as 11223 34455 on another. As long as both include the
same sequence of numbers, things will work.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.washtech.com/news/software/9146-1.html
EUDORA ADDS NEW SECURITY IN VERSION 5.1
Eudora, a standalone e-mail program, is noteworthy for its support of the
Macintosh operating system. The Eudora version that can be used under
the Mac OS X is currently in beta. Version 5.1 enables more secure
connections for sending and receiving e-mail and conducting online
transactions over the Internet by employing the Secure Socket Layer
Internet security standard.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1006-200-5671480.html
PONYING UP FOR REAL-TIME SECURITY ALERTS
CERT Coordination Center, formerly known as the Computer Emergency Response
Team at Carnegie Mellon University, and the Electronic Industries Alliance (EIA),
an electronics industry trade organization, on Thursday launched the Internet
Security Alliance (ISA). The new organization will deliver up-to-the-minute
warnings on viruses and security attacks to companies willing to pay anywhere
from $2,500 to $70,000 annually for its service. Members will receive warnings
roughly 45 days before the information is available to the public.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://news.cnet.com/news/0-1003-200-5665677.html
FIREWALL DESIGN WHITE PAPER
"First of all let's define what a firewall is but a bit differently. Here I will digress
a bit from the commonly accepted wisdom, and will define a firewall as an
access nexus in the digital communication infrastructure of any organization.
That is you build a firewall not only to protect your internal data but to also be
able to overall enhance your communication abilities. This paper here is not a
set of instructions of how to built an access nexus it is more like a white paper
of things you should expect from such a device and be able to ask for them
from you vendor. Please do tell them that they are currently availlable on
Open Source Servers."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.unix.gr/fwdesign.html
$50,000 PRIZE TO HACK U.K. WEB SERVER
Computer hackers from around the world are being invited to break into a
locked-down Web server in a competition launched for to publicise Britain's
largest security conference, Infosec. US-based security firm Argus Systems
Group will offer the prize money to any hacker that can penetrate its PitBull
security software, which is used commercially to secure Web sites from
intruders.
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.zdnet.co.uk/news/2001/15/ns-22334.html
CIH STILL A SERIOUS THREAT THREE YEARS LATER
"Thursday, April 26, 2001 is the date that Win95.CIH is scheduled to once again
drop its vicious payload. Chen Ing-Hau wrote Chernobyl, a variant of the CIH
family, in May or June of 1998 while a student at the Tatung Institute of
Technology. Some say that CIH may just be the most prolific virus in circulation,
as well as having one of the most destructive payloads around. Chernobyl
attempts to continuously overwrite the hard disk, which crashes the system,
and overwrites the BIOS, which may render the computer unbootable. We at
SecurityPortal want to remind our readers to install and use updated antivirus
software NOW, to avoid Malware such as CIH before they strike. Malware in
the CIH family continue to be major players in our Top 20 Virus/Malware list
each week."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://securityportal.com/articles/cih20010420.html
NETBSD SECURITY PROCESSES AND SERVICES
"This document covers secure processes and services for NetBSD Operating
Systems and Networks. Most of the information in this document can easily
be translated to other BSD systems, however. The NetBSD Operating System
comes with a full host of built in and (as of release 1.5) kernel level enabled
by default security tools for the Systems and Networks Administrator. As of
the 1.5 release, the default installation is bulletproof in regards to remote
attacks, this makes it even more appealing."
Link: http://www.net-security.org/cgi-bin/news.cgi?url=http://www.diverge.org/doc/nsps/
----------------------------------------------------------------------------
Security issues
---------------
All vulnerabilities are located at:
http://net-security.org/text/bugs
----------------------------------------------------------------------------
QPC POPD BUFFER OVERFLOW VULNERABILITY
The pop daemon that ships with the QVT/NET software suite contains an
unchecked buffer in the logon function. When a username or password of
584 bytes or more gets fed to the server the buffer will overflow and will
trigger an access violation, after which the server dies.
Link: http://www.net-security.org/text/bugs/987418109,21193,.shtml
QPC FTPD DIRECTORY TRAVERSAL VULNERABILITY
The ftpd daemon that ships with above mentioned packages is vulnerable to a
directory traversal problem. Adding '../' (''s excluded) to a listing request ('ls')
any user can gain read access to other directories than his/her own.
Link: http://www.net-security.org/text/bugs/987418481,53996,.shtml
DEBIAN LINUX - MULTIPLE KERNEL PROBLEMS
The kernels used in Debian GNU/Linux 2.2 have been found to have multiple
security problems.
Link: http://www.net-security.org/text/bugs/987418235,95064,.shtml
DEBIAN LINUX - EXUBERANT-CTAGS PROBLEMS
Colin Phipps discovered that the exuberant-ctags packages as distributed with
Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in
version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5.
Link: http://www.net-security.org/text/bugs/987418545,9980,.shtml
RED HAT LINUX - UPDATED PINE PACKAGES
Previous versions of the pine email client, and the pico editor have had various
temporary file creation issues that allow any user with local system access, to
cause files owned by anyone including root to potentially be overwritten if the
right set of conditions are met.
Link: http://www.net-security.org/text/bugs/987418417,29761,.shtml
TREND MICRO INTERSCAN VIRUSWALL 3.01 VULNERABILITY
A combination of bugs found in the ISADMIN service that would allow an
attacker to remotely compromise a system running Trend Micro Interscan
Viruswall 3.01. Notice, file paths may change between various distributions
so they may not be totally accurate.
Link: http://www.net-security.org/text/bugs/987418647,24350,.shtml
SOLARIS IPCS VULNERABILITY
Eeye: We have discovered a buffer overflow in the /usr/bin/i86/ipcs utility provided with
Solaris 7. The problem exists in the parsing of the TZ (TIMEZONE) environment
variable. By exploiting this vulnerability an attacker can achieve local sys group
privileges. IPCS is used for gathering information on active inter-process
communication facilities. Exploitation of this vulnerability would be very
difficult, but not impossible.
Link: http://www.net-security.org/text/bugs/987418882,57858,.shtml
DCFORUM ALLOWS REMOTE READ/WRITE/EXECUTE
In line 121 of file dcboard.cgi, there is a line "require < prefix>< az hidden form
field>< suffix>;". (The exact line was not quoted do to copyright limitations.)
The perl statement "require EXPR" will open the file EXPR, parse it, and execute
it, as regular perl, as if the entire contents of that file appeared at that point.
Therefore, an attacker who writes a file containing perl commands to the server
will be able to execute them by setting the az field to the name of his file on the
server. To make matters worse, no input checking is done on the az field, so as
long the file is located anywhere on the server, an attacker can reference it,
using double dots to undo the prefix and a %00 to truncate off the suffix.
Getting the file onto the server is no problem either. DCForum, by default, allows
any user to upload any file, by setting az=upload_file. However, there are other
ways of getting files onto the server, so even servers that disable uploading are
vulnerable.
Link: http://www.net-security.org/text/bugs/987517406,83674,.shtml
BUBBLEMON 1.31 VULNERABILITY
Users can execute programs/shellscript by clicking on the bubblemon app.
bubblemon is installed sgid kmem on FreeBSD and does not drop its egid
before executing programs.
Link: http://www.net-security.org/text/bugs/987517561,18230,.shtml
ACTIVESYNC CAN ACCESS LOCKED WORKSTATION
MS ActiveSync can access files (Outlook appts, contacts, synced files, etc)
from a Win2K workstation even though the workstation has been locked. By
simply dropping the HP into the dock, or hooking it up to the COM port
(depending on which sync method is configured), it will sync and download
data from a "locked" workstation.
Link: http://www.net-security.org/text/bugs/987517714,84422,.shtml
MICROSOFT ISA SERVER DENIAL OF SERVICE
Microsoft ISA Server 1.0 on Windows 2000 Server SP1 is vulnerable to a simple
network-based attack which stops all incoming and outgoing web traffic from
passing through the firewall until the firewall is rebooted or the affected service
is restarted. If the firewall is configured to use the "Web Publishing" feature
(inbound HTTP proxy to a web server), this attack can be performed remotely.
Link: http://www.net-security.org/text/bugs/987517821,75691,.shtml
GUNINSKI - DANGERS OF DOUBLECLICKING
By double clicking from Window Explorer or Internet Explorer on filenames with
innocent extensions the user may be tricked to execute arbitrary programs.
Link: http://www.net-security.org/text/bugs/987594992,20897,.shtml
IPLANET WEB SERVER 4.X PRODUCT ALERT
iPlanet has identified a security vulnerability in the iPlanet Web Server Enterprise
Edition 4.x products. This problem does not affect any releases of the product
prior to the 4.x versions; however it does affect all iPlanet applications operating
on the iPlanet Web Server platform. A patch and implementation instructions
to address it are now available.
Link: http://www.net-security.org/text/bugs/987595169,63098,.shtml
LOTUS DOMINO WEBSERVER PATH REVEALING
Lotus Domino is a webserver. It has a simple physical path revealing problem.
Link: http://www.net-security.org/text/bugs/987595856,48919,.shtml
SAMBA 2.0.8 SECURITY FIX
This release fixes a significant security vulnerability that allows local users to
corrupt local devices (such as raw disks).For most users the Samba Team
recommends Samba 2.2.0 which has just been released. Version 2.2.0 has all
the security fixes plus many new features and other bug fixes. Version 2.0.8
is meant for very conservative sites that want a absolutely minimal security
fix rather than a large update.
Link: http://www.net-security.org/text/bugs/987595922,56064,.shtml
EUDORA FILE LEAKAGE PROBLEM
An attacker may be able to get any file from a users hard drive if he can make
the recieving party to forward a mail containing a false attachment reference
to this local file.
Link: http://www.net-security.org/text/bugs/987596714,99006,.shtml
DEBIAN LINUX - SAMBA SYMLINK ATTACK
Marcus Meissner discovered that samba was not creating temporary files safely
in two places: When a remote user queried a printer queue samba would create
a temporary file in which the queue data would be written. This was doing using
a predictable filename and insecurely, allowing a local attacker to trick samba
into overwriting arbitrary files. smbclient "more" and "mput" commands also
create temporary files in /tmp insecurely. Both problems have been fixed in
version 2.0.7-3.2. and we recommand that you upgrade your samba
package immediately.
Link: http://www.net-security.org/text/bugs/987596849,60354,.shtml
NETSCAPE REMOTE JAVASCRIPT VULNERABILITY
There is a vulnerability related to javascript in versions below 4.77 of Netscape
that allow a remote webserver (which the user is accessing at a particular time)
to, for example, obtain information about the client using the "about:" protocol,
such as browser history (about:global) or even browser configuration
(about:config).
Link: http://www.net-security.org/text/bugs/987596977,37269,.shtml
PROBLEM WITH IPLANET CALENDAR SERVER 5.0P2
the standard install of iPlanet Calendar server stores the NAS LDAP admin
username and password in plaintext in the world readable file:
-rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18
/opt/SUNWics5/cal/bin/config/ics.conf
in the fields
local.authldapbinddn (username)
and
local.authldapbindcred (password)
this potentially gives all local users full read/write access to the underlying NAS
LDAP database (which is normally used for admin facilities such as storing user /
group profiles, passwords, ACLs, SSL certificates and/or other sensitive company
information), and full administrative control of the local NAS server. this access
could in turn lead to compromise of other facilities such as web/e-commerce
sites, directories etc.
Link: http://www.net-security.org/text/bugs/987674342,69070,.shtml
LINUX-MANDRAKE - KERNEL UPDATE
A number of security problems have been found in the Linux kernels prior to
the latest 2.2.19 kernel.
Link: http://www.net-security.org/text/bugs/987680482,55033,.shtml
DEBIAN - SAMBA FOR SPARC WAS INCORRECTLY BUILT
The updated samba packages that were mentioned in DSA-048-1 were
unfortunately compiled incorrectly: the stable chroot we used turned out
to be running unstable instead. A new package with version 2.0.7-3.2.1
have been made that are correctly compiled.
Link: http://www.net-security.org/text/bugs/987680525,81086,.shtml
VMWARE SYMLINK PROBLEMS
While mounting virtual disk drives using the vmware-mount.pl script, a
temporary file named vmware-mount.pl.PID where PID is the current pid
of the command will be created in an insecure manner. This allows an
attacker to overwrite any local file, if root mounts a VMware's virtual
partition (mounting is usually done as root).
Link: http://www.net-security.org/text/bugs/987747822,9604,.shtml
NETOPIA MAC OS X TIMBUKTU VULNERABILITY
At the login screen of the freshly updated Mac OS X with preview version of
Timbuktu for Mac OS X we have found a Timbuktu icon in the upper left hand
portion of the screen. The menu contains all of the goodies (open timbuktu,
turn tcp on/off, about, etc) Timbuktu users have known and loved from the
classic OS. The menu About Timbuktu when clicked on gives you full control
to the apple menu and system preferences without even being logged into
OS X. Having access to the System Preferences without being logged in can
allow access to the users panel where someone could change passwords or
any system setting. Essentially, you've got admin access to the entire system
prefs window and the users panel even shows the hidden admin/root user.
Link: http://www.net-security.org/text/bugs/987748824,30773,.shtml
----------------------------------------------------------------------------
Security world
--------------
All press releases are located at:
http://net-security.org/text/press
----------------------------------------------------------------------------
SG2000 CARRIER-CLASS NET SECURITY GATEWAY - [16.04.2001]
ServGate Technologies, Inc., a pioneer in next generation network processor
based security gateways, today unveiled a network security gateway designed
to meet the rigorous demands of service providers and large enterprises, the
ServGate SG2000. The ServGate SG2000 is an all-in-one security device that
supports gigabit wire-speed stateful inspection firewall and 3DES IPSec VPN
performance. Based on next-generation network processor technology, the
SG2000 meets the rigorous performance, availability, and scalability demands
of today's rapidly changing network security environment.
Press release:
< http://www.net-security.org/text/press/987433347,44793,.shtml >
----------------------------------------------------------------------------
RED HAT ANNOUNCES RED HAT LINUX 7.1 - [16.04.2001]
Red Hat, Inc., the leader in developing, deploying and managing open source
solutions, announced today the availability of Red Hat Linux 7.1, the latest
version of the world's most popular open source server operating environment.
Red Hat Linux 7.1 includes the new 2.4 kernel with improved SMP support for
superior performance on Intel multi-processor platforms. Red Hat Linux 7.1 also
delivers new configuration tools that enable users to effortlessly set up and
administer DNS, Web and print servers. This release features Red Hat Network
connectivity, including software manager.
Press release:
< http://www.net-security.org/text/press/987433963,40528,.shtml >
----------------------------------------------------------------------------
SERVERPROTECT CERT. FOR CITRIX METAFRAME SERVERS - [16.04.2001]
Awarded Citrix MetaFrame 1.8 Certification by Independent Testing Lab;
Advances to Premier Level of Citrix Business Alliance Trend Micro Inc., a
worldwide leader in network antivirus and Internet content security solutions,
announced that its file server antivirus solution, ServerProtect 5, has earned
certification for Citrix MetaFrame 1.8 software. WTS-Center, a German
independent testing laboratory, certified that ServerProtect successfully
met rigorous functionality and performance criteria.
Press release:
< http://www.net-security.org/text/press/987439949,90898,.shtml >
----------------------------------------------------------------------------
SECURITY INTELLIGENCE PRODUCT LAUNCHED - [17.04.2001]
SecureInfo Corporation delivers a web-based security intelligence service,
focusing on Information Systems Security and the protection of critical
corporate data. Powered by over 300 years of combined security industry
experience, TESS stands alone in the groundbreaking Security Intelligence
for Business Continuity (SI4BC) category of security products. To further
strengthen its leadership position in the SI4BC category and remain true
to its industry trademark The One Stop Security Shop, SecureInfo
Corporation has created a suite of applications that empower Information
Technology Professionals to proactively create and take charge of their
organizations network security policy and certification process.
Press release:
< http://www.net-security.org/text/press/987516593,52439,.shtml >
----------------------------------------------------------------------------
SANDSTORM ANNOUNCES PHONESWEEP 3.0 - [17.04.2001]
Sandstorm Enterprises announces the new release of its popular PhoneSweep
telephone scanner, used by security professionals to audit telephone systems
for vulnerabilities. Now used in more than 30 countries, PhoneSweep discovers
undocumented or misconfigured modems that are exploitable by criminals,
hackers and "crackers." PhoneSweep is similar to an attacker's "war dialer," in
that it will dial a large block or set of telephone numbers and report its findings.
But PhoneSweep 3.0's capabilities extend beyond mere hacker freeware.
PhoneSweep includes a recognition engine that can identify hundreds of
different remote access systems. The program can dynamically control
many modems simultaneously, slashing scanning time. And PhoneSweep
can repeatedly call a set of known "good" numbers to confirm the
availability and proper operation of modems required for emergency
remote access.
Press release:
< http://www.net-security.org/text/press/987516790,14570,.shtml >
----------------------------------------------------------------------------
INTRUSION.COM'S CHANNELPLUS PROGRAM - [17.04.2001]
Intrusion.com, Inc., a leading provider of enterprise security solutions for the
information-driven economy, today strengthened its commitment to helping
companies meet the growing demand for security solutions through the launch
of its ChannelPlus program. The new program provides channel partners with
a deeper level of product and customer knowledge to meet the needs of
customers seeking market-leading security solutions.
Press release:
< http://www.net-security.org/text/press/987516844,27925,.shtml >
----------------------------------------------------------------------------
CYBERGUARD SPONSORS SC MAGAZINE AWARDS - [17.04.2001]
As information security breaches continue to dominate headlines around the
world and hackers and cyberthieves grow bolder, the spotlight on companies
who provide world-leading security solutions shines brighter. For the fifth year,
SC Magazine, a division of WestCoast Publishing, will hold a major awards event
in London in conjunction with an important information security conference. At
the banquet, to be held on April 24 at the Royal Lancaster Hotel in Hyde Park,
London, winners in a number of general and specific security categories will be
announced.
Press release:
< http://www.net-security.org/text/press/987516933,50154,.shtml >
----------------------------------------------------------------------------
MERILUS COLLABORATES WITH RSA SECURITY - [17.04.2001]
Merilus, Inc., a leader in digital security innovation, announced that is
has joined the RSA Security's RSA Secured Partner Program to support
interoperability between Merilus GateKeeper products and RSA SecurID
authentication and RSA BSAFE encryption technology. As part of the
program, the Merilus GateKeeper product has been awarded both the
"RSA Secured RSA SecurID Ready" certification and "RSA Secured RSA
BSAFE enabled" certification signaling its compatibility with RSA Security's
authentication and encryption software. The RSA Secured certification
ensures that Merilus GateKeeper products are compatible with RSA
Security's market-leading security products and technologies.
Press release:
< http://www.net-security.org/text/press/987517015,43546,.shtml >
----------------------------------------------------------------------------
SECUREINFO CORPORATION HIPAA SOLUTION - [18.04.2001]
Don Richey, Administrator of Guadalupe Valley Hospital and Keith Frederick,
President and CEO of SecureInfo Corporation, will meet in Seguin, Texas to
sign a Consulting Services Agreement; to help fulfill part of their mission
statement To serve, our community, patients
with the best possible
healthcare
delivered efficiently
Guadalupe Valley Hospital is dedicated to
ensuring that the appropriate information privacy and information security
measures are implemented to protect their patients records. With the
Information Security Expertise of SecureInfo Corporation, applying the
privacy and security standards of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), they will take the steps necessary
to keep their neighbors medical records confidential and secure.
Press release:
< http://www.net-security.org/text/press/987599218,10869,.shtml >
----------------------------------------------------------------------------
INTRUSION PREVENTION FOR ITANIUM PROCESSOR - [19.04.2001]
Argus Systems Group, Inc., an international vendor of Internet security and
intrusion prevention systems, today announced its pending support of Intel
Itanium-based enterprise servers with its PitBull LX intrusion prevention
systems. PitBull LX for the Itanium-based platform is to run on the Linux 2.4.x
operating system kernel and is estimated to be available in Q3 2001.
Press release:
< http://www.net-security.org/text/press/987599807,825,.shtml >
----------------------------------------------------------------------------
'TOTAL ENTERPRISE SECURITY SERVICE' PRESENTED - [19.04.2001]
SecureInfo Corporation delivers a web-based security intelligence service,
focusing on Information Systems Security and the protection of critical
corporate data. Powered by over 300 years of combined security industry
experience, TESS stands alone in the groundbreaking Security Intelligence
for Business Continuity (SI4BC) category of security products.
Press release:
< http://www.net-security.org/text/press/987679170,57137,.shtml >
----------------------------------------------------------------------------
MAC CLIENT SUPPORT FOR INTEL VPN PRODUCTS - [20.04.2001]
PGP Security, a Network Associates company, today introduced Virtual Private
Networking client software that will enable Intel VPN Gateways to support the
Mac Operating System. PGP Security's award winning VPN client technology
paired with Intel VPN Gateways provides Mac OS users with a secure encrypted
tunnel to transfer information among partners, employees and customers across
organizations and locations.
Press release:
< http://www.net-security.org/text/press/987747653,17172,.shtml >
----------------------------------------------------------------------------
GUARDENT JOINS INTERNET SECURITY ALLIANCE - [20.04.2001]
Guardent, Inc., the leading provider of security and privacy programs for Global
2000 organizations, today announced its full support of the Internet Security
Alliance (ISA). Formally launched today, ISA assembles a roster of global leaders
from multiple industry segments to create the most comprehensive, business-led
network for up-to-the-minute threat reports, best practice standards, risk
management strategies, certification and more.
Press release:
< http://www.net-security.org/text/press/987747705,78850,.shtml >
----------------------------------------------------------------------------
Featured products
-------------------
The HNS Security Database is located at:
http://www.security-db.com
Submissions for the database can be sent to: staff@net-security.org
----------------------------------------------------------------------------
LT AUDITOR+
Blue Lance´s LT Auditor+ is a Windows-based intrusion detection/audit trail
security software solution. LT Auditor+ is designed to protect organizational
assets accessible through NT and/or Novell networks. LT Auditor+ provides
around-the-clock monitoring of network activity across the enterprise. LT
Auditor+ is used to secure corporate assets against unauthorized access,
fraud and theft.
Read more:
< http://www.security-db.com/product.php?id=436 >
This is a product of Blue Lance, for more information:
< http://www.security-db.com/info.php?id=97 >
----------------------------------------------------------------------------
GENUITY SITE SCAN
Genuity Site Scan Service can help a business strengthen its network perimeter
security by periodically looking for potential weaknesses and generating
recommendations about how to fix them. With Genuity Site Scan, organizations
can reduce their susceptibility to Internet attacks.
Read more:
< http://www.security-db.com/product.php?id=147 >
This is a product of Genuity, for more information:
< http://www.security-db.com/info.php?id=27 >
----------------------------------------------------------------------------
QUADRASOLVE SECURE SERVER APPLIANCE
The QuadraSolve Secure Server Appliance ships with the easy to use, browser
based remote administration tool -RSAM, making configuration and management
simple. Setting up the QuadraSolve for Web hosting can be done in minutes.
These servers are razor-thin when it comes to form-factor
if you´re an ISP,
you can squeeze 41 of these into a single data center cabinet, providing long
term cost savings on that real estate.
Read more:
< http://www.security-db.com/product.php?id=253 >
This is a product of LinuxSolve, for more information:
< http://www.security-db.com/info.php?id=47 >
----------------------------------------------------------------------------
Featured article
----------------
All articles are located at:
http://www.net-security.org/text/articles
Articles can be contributed to staff@net-security.org
----------------------------------------------------------------------------
STARTING POINTS OF A SECURE LINUX SYSTEM by Aleksandar Stancin
Here we go again. After some time has passed, I decided to write another
article concerning some overall security aspects of installing and running linux,
and as you can see it's connected to the very first one 'Securing a default
linux installation' and makes a good reading companion to it. To keep it short
and simple, here are some good pointers to enhancing your system's security.
But remember, there's no absolute security, so keep your eyes open, subscribe
yourself to good sec-related mailing lists, and keep your software up-to-date.
Read more:
< http://www.net-security.org/text/articles/starting.shtml >
----------------------------------------------------------------------------
Security Software
-------------------
All programs are located at:
http://net-security.org/various/software
----------------------------------------------------------------------------
ELDOS KEEPER 2.5.4
EldoS Keeper is designed to keep all your passwords and account-related
information in secure, encrypted files so that you don't need to remember
or write down the information. The only thing you need to remember is the
password to the file where all the information is stored. EldoS Keeper keeps
all records in a hierarchical form, allowing you to organize the data as you
like. Version 2.54 adds password expiration tracking.
Info/Download:
< http://www.net-security.org/various/software/988018687,61436,windows.shtml >
----------------------------------------------------------------------------
SUBSEVEN: FIREWALL 1.0
From the developer: "This is a remarkable trojan blocker, and fake server. If
you are being hacked using Subseven then go for this program. It has many
features. Including chatting to the client. This is a must download for internet
security. You can even sometimes preprogram the ports to stop other trojans
like T3000 etc."
Info/Download:
< http://www.net-security.org/various/software/988018773,18730,windows.shtml >
----------------------------------------------------------------------------
Defaced archives
------------------------
[16.04.2001]
Original: http://www.xerox.com.cn/
Defaced: http://defaced.alldas.de/mirror/2001/04/16/www.xerox.com.cn/
OS: Windows
Original: http://wwwgps.incra.gov.br/
Defaced: http://defaced.alldas.de/mirror/2001/04/16/wwwgps.incra.gov.br/
OS: Windows
Original: http://www.systematics.co.il/
Defaced: http://defaced.alldas.de/mirror/2001/04/16/www.systematics.co.il/
OS: Windows
Original: http://office.lefcobank.ru/
Defaced: http://defaced.alldas.de/mirror/2001/04/16/office.lefcobank.ru/
OS: Linux
Original: http://www.governmentclub.org/
Defaced: http://defaced.alldas.de/mirror/2001/04/16/www.governmentclub.org/
OS: Windows
[17.04.2001]
Original: http://www.carlsberg-beer.co.kr/
Defaced: http://defaced.alldas.de/mirror/2001/04/17/www.carlsberg-beer.co.kr/
OS: Windows
Original: http://esenler-bld.gov.tr/
Defaced: http://defaced.alldas.de/mirror/2001/04/17/esenler-bld.gov.tr/
OS: SCO
[18.04.2001]
Original: http://audiology.meei.harvard.edu/
Defaced: http://defaced.alldas.de/mirror/2001/04/18/audiology.meei.harvard.edu/
OS: Windows
Original: http://crnet.mgh.harvard.edu/
Defaced: http://defaced.alldas.de/mirror/2001/04/18/crnet.mgh.harvard.edu/
OS: Windows
Original: http://www.puma.co.jp/
Defaced: http://defaced.alldas.de/mirror/2001/04/18/www.puma.co.jp/
OS: Windows
Original: http://www.nato.lv/
Defaced: http://defaced.alldas.de/mirror/2001/04/18/www.nato.lv/
OS: Windows
[19.04.2001]
Original: http://www.microsoft.be/
Defaced: http://defaced.alldas.de/mirror/2001/04/19/www.microsoft.be/
OS: Windows
Original: http://www.ericsson.com.tw/
Defaced: http://defaced.alldas.de/mirror/2001/04/19/www.ericsson.com.tw/
OS: Windows
Original: http://www.cybernanny.net/
Defaced: http://defaced.alldas.de/mirror/2001/04/19/www.cybernanny.net/
OS: FreeBSD
Original: http://www.jenniferaniston.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/19/www.jenniferaniston.com/
OS: Windows
Original: http://www.melgibson.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/19/www.melgibson.com/
OS: Windows
[20.04.2001]
Original: http://www.emicrosoft.org/
Defaced: http://defaced.alldas.de/mirror/2001/04/20/www.emicrosoft.org/
OS: Windows
Original: http://www.poderjudicial.gov.bo/
Defaced: http://defaced.alldas.de/mirror/2001/04/20/www.poderjudicial.gov.bo/
OS: Linux
Original: http://www.chinaconsulatechicago.org/
Defaced: http://defaced.alldas.de/mirror/2001/04/20/www.chinaconsulatechicago.org/
OS: Windows
Original: http://www.microsoft.com.gr/
Defaced: http://defaced.alldas.de/mirror/2001/04/20/www.microsoft.com.gr/
OS: SCO
Original: http://www.hackers.com.mx/
Defaced: http://defaced.alldas.de/mirror/2001/04/20/www.hackers.com.mx/
OS: Linux
[21.04.2001]
Original: http://molbio.princeton.edu/
Defaced: http://defaced.alldas.de/mirror/2001/04/21/molbio.princeton.edu/
OS: Windows
Original: http://www.fellows.lanl.gov/
Defaced: http://defaced.alldas.de/mirror/2001/04/21/www.fellows.lanl.gov/
OS: Windows
Original: http://www.quantum.com/
Defaced: http://defaced.alldas.de/mirror/2001/04/21/www.quantum.com/
OS: Windows
Original: http://www.e-net.com.tw/
Defaced: http://defaced.alldas.de/mirror/2001/04/21/www.e-net.com.tw/
OS: Windows
----------------------------------------------------------------------------
========================================================
Advertisement - HNS Security Database
========================================================
HNS Security Database consists of a large database of security related
companies, their products, professional services and solutions. HNS
Security Database will provide a valuable asset to anyone interested in
implementing security measures and systems to their companies' networks.
Visit us at http://www.security-db.com
========================================================
Questions, contributions, comments or ideas go to:
Help Net Security staff
staff@net-security.org
http://net-security.org
http://security-db.com