Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
We live in an era of celebrity vulnerabilities; at the moment, an unpleasant kernel bug called "Dirty COW"(or CVE-2016-5195) is taking its turn on the runway. This one is more disconcerting than many due to its omnipresence and the ease with which it can be exploited. But there is also some unhappiness in the wider community about how this vulnerability has been handled by the kernel development community. It may well be time for the kernel project to rethink its approach to serious security problems.
[$] Dirty COW and clean commit messages

Debian-LTShas updated bind9(denial of service). Fedorahas updated libgit2(F23: two vulnerabilities). Mageiahas updated kernel(three vulnerabilities), libtiff(multiple vulnerabilities, two from 2015), and openslp(code execution). openSUSEhas updated dbus-1(13.2: code execution), ghostscript-library(42.1: three vulnerabilities, one from 2013), roundcubemail(42.1: two vulnerabilities), and squidGuard(42.1: cross-site scripting from 2015). Red Hathas updated bind(RHEL6&5: denial of service) and bind97(RHEL5: denial of service). Scientific Linuxhas updated bind(SL6&5: denial of service) and bind97(SL5: denial of service). Ubuntuhas updated bind9(12.04: denial of service).
Friday's security updates interviewsSylvain Zimmer, founder of the Common Searchproject, which is an effort to create an open web search engine. "Being transparent means that you can actually understand why our top search result came first, and why the second had a lower ranking. This is why people will be able to trust us and be sure we aren't manipulating results. However for this to work, it needs to apply not only to the results themselves but to the whole organization. This is what we mean by 'radical transparency.' Being a nonprofit doesn't automatically clear us of any ulterior motives, we need to go much further. As a community, we will be able to work on the ranking algorithm collaboratively and in the open, because the code is open source and the data is publicly available. We think that this means the trust in the fairness of the results will actually grow with the size of the community."
Ranking the Web With Radical Transparency (

The security hole fixed in the stable kernels released todayhas been dubbed Dirty COW(CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indicationthat it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entryand advisoryare worth looking at as well.
More information about Dirty COW (aka CVE-2016-5195)

CentOShas updated java-1.8.0-openjdk(C7; C6: multiple vulnerabilities). Debianhas updated kernel(multiple vulnerabilities, one from 2015). Debian-LTShas updated kernel(multiple vulnerabilities, one from 2015) and libxvmc(code execution). Fedorahas updated glibc-arm-linux-gnu(F23: denial of service) and perl-DBD-MySQL(F23: denial of service). Oraclehas updated java-1.8.0-openjdk(OL7; OL6: multiple vulnerabilities). Red Hathas updated java-1.6.0-sun(multiple vulnerabilities), java-1.7.0-oracle(multiple vulnerabilities), and java-1.8.0-oracle(RHEL7&6: multiple vulnerabilities). Scientific Linuxhas updated java-1.8.0-openjdk(SL7&6: multiple vulnerabilities). SUSEhas updated quagga(SLE11: code execution). Ubuntuhas updated kernel(12.04; 14.04; 16.04; 16.10: privilege escalation), linux-lts-trusty(12.04: privilege escalation), linux-lts-xenial(14.04: privilege escalation), linux-raspi2(16.04: privilege escalation), linux-snapdragon(16.04: privilege escalation), and linux-ti-omap4(12.04: privilege escalation).
Security advisories for Thursday

The 4.8.3, 4.7.9, and 4.4.26stable kernel updates have been released. There's nothing in the announcements to indicate this, but they all contain a fix for CVE-2016-5195, a bug that can allow local attackers to overwrite files they should not have write access to. So the "all users must upgrade"message seems more than usually applicable this time around.
An important set of stable kernel updates

The Weekly Edition for October 20, 2016 is available.
[$] Weekly Edition for October 20, 2016

Debianhas updated quagga(stack overrun) and tor(denial of service). Debian-LTShas updated dwarfutils(multiple vulnerabilities), guile-2.0(two vulnerabilities), libass(two vulnerabilities), libgd2(two vulnerabilities), libxv(insufficient validation), and tor(denial of service). Fedorahas updated epiphany(F24: unspecified), ghostscript(F24; F23: multiple vulnerabilities), glibc-arm-linux-gnu(F24: denial of service), guile(F24: two vulnerabilities), libgit2(F24: two vulnerabilities), openssh(F23: null pointer dereference), qemu(F24: multiple vulnerabilities), and webkitgtk4(F24: unspecified). Mageiahas updated asterisk(denial of service), flash-player-plugin(multiple vulnerabilities), kernel(multiple vulnerabilities), and mailman(password disclosure). Red Hathas updated java-1.8.0-openjdk(RHEL6, 7: multiple vulnerabilities), kernel(RHEL6.7: use-after-free), and mariadb-galera(RHOSP8: SQL injection/privilege escalation).
Security advisories for Wednesday

Canonical has announced the availability of a live kernel patch service for the 16.04 LTS release. "It?s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads."Up to three systems can be patched for free; the service requires a fee thereafter. There is a long FAQ about the service in this blog post; it appears to be based on the mainline live-patching functionality with some Canonical add-ons.
Live kernel patches for Ubuntu

Sebastian Kügler reportson KDE's Plasma team meeting. "We took this opportunity to also look and plan ahead a bit further into the future. In what areas are we lacking, where do we want or need to improve? Where do we want to take Plasma in the next two years?"Specific topics include release schedule changes, UI and theming improvements, feature backlog, Wayland, mobile, and more. (Thanks to Paul Wise)
Kügler: Plasma?s road ahead

Debian-LTShas updated libarchive(three vulnerabilities), libxrandr(insufficient validation), libxrender(insufficient validation), and quagga(stack overrun). openSUSEhas updated ffmpeg(Leap42.1; SPH for SLE12: multiple vulnerabilities) and kcoreaddons(Leap42.1, 13.2; SPH for SLE12: HTML injection). Red Hathas updated atomic-openshift(RHOSCP: authentication bypass), kernel(RHEL6.5: privilege escalation), and openssl(RHEL6.7: multiple vulnerabilities).
Tuesday's security updates

The mainline kernel has support for a wide range of hardware. One place where support has traditionally been lacking, though, is graphics adapters. As a result, a great many people are still using proprietary, out-of-tree GPU drivers. Daniel Vetter went before the crowd at Kernel Recipes 2016to say that the situation is not as bad as some think; indeed, he said, in this area as well as others, world domination is proceeding according to plan.
[$] Graphics world domination may be closer than it appears

Over on the Red Hat Enterprise Linux Blog, Dan Walsh writesabout using Linux capabilities to help secure Docker containers. "Let?s look at the default list of capabilities available to privileged processes in a docker container: chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, net_raw, sys_chroot, mknod, audit_write, setfcap. In the OCI/runc spec they are even more drastic only retaining, audit_write, kill, and net_bind_serviceand users can use ocitools to add additional capabilities. As you can imagine, I like the approach of adding capabilities you need rather than having to remember to remove capabilities you don?t."He then goes through the capabilities listed describing what they govern and when they might need to be turned on for a container application.
Secure Your Containers with this One Weird Trick (RHEL Blog)

Arch Linuxhas updated guile(two vulnerabilities). Debianhas updated libgd2(denial of service). Debian-LTShas updated icedove(multiple vulnerabilities), libarchive(file overwrite), libdbd-mysql-perl(denial of service), and mpg123(denial of service). Fedorahas updated chromium(F24: multiple vulnerabilities). Gentoohas updated oracle-jdk-bin(multiple vulnerabilities). openSUSEhas updated thunderbird(13.1: multiple vulnerabilities) and tiff(13.1: denial of service). Oraclehas updated openssl(OL5: multiple vulnerabilities). Red Hathas updated chromium-browser(RHEL6: multiple vulnerabilities).
Security advisories for Monday

The 4.8.2, 4.7.8, and 4.4.25stable kernels have been released. Each contains the usual set of important fixes.
A set of stable kernels

Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
Vuln: Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability

IBM Security Guardium Database Activity Monitor CVE-2016-0236 Remote Command Injection Vulnerability
Vuln: IBM Security Guardium Database Activity Monitor CVE-2016-0236 Remote Command Injection Vulnerability

Joomla! Huge-IT Slideshow Extension Multiple Security Vulnerabilities
Vuln: Joomla! Huge-IT Slideshow Extension Multiple Security Vulnerabilities

Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities
Vuln: Adobe Acrobat and Reader APSB16-33 Multiple Memory Corruption Vulnerabilities

Puppet Enterprise Web Interface Authentication Redirect
Bugtraq: Puppet Enterprise Web Interface Authentication Redirect

Puppet Enterprise Web Interface User Enumeration
Bugtraq: Puppet Enterprise Web Interface User Enumeration

Puppet Enterprise Web Interface Authentication Redirect
Bugtraq: Puppet Enterprise Web Interface Authentication Redirect

Oracle Netbeans IDE v8.1 Import Directory Traversal
Bugtraq: Oracle Netbeans IDE v8.1 Import Directory Traversal

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus