Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The Weekly Edition for May 29, 2015 is available.
[$] Weekly Edition for May 29, 2015

The Document Foundation has announced the availability of the LibreOffice viewer for Android systems. And it's not just for viewing: "LibreOffice Viewer also offers basic editing capabilities, like modifying words in existing paragraphs and changing font styles such as bold and italics. Editing is still an experimental feature which has to be enabled separately in the settings, and is not stable enough for mission critical tasks."
LibreOffice Viewer for Android released

The folks at Banyan have looked into the security stateof the images stored on Docker Hub and published their results. "More than a third of all images have high priority vulnerabilities and close to two-thirds have high or medium priority vulnerabilities. These statistics are especially troublesome because these images are also some of the most downloaded images (several of them have hundreds of thousands of downloads)."
A security study of Docker images

Arch Linuxhas updated curl(information leak). Debian-LTShas updated dulwich(code execution), eglibc(code execution), exactimage(denial of service), and libnokogiri-ruby(information disclosure from 2012). Fedorahas updated ca-certificates(F20: CA update), hostapd(F21; F20: denial of service), java-1.8.0-openjdk(F20: insecure tmp file use), LibRaw(F21: denial of service), mingw-LibRaw(F21: denial of service), openslp(F20: two denial of service flaws, one from 2010, one from 2012), php(F21; F20: multiple vulnerabilities), postgresql(F22: three vulnerabilities), and rawtherapee(F22: denial of service). Mageiahas updated fuse(privilege escalation), kernel-linus(denial of service), and kernel-tmb(denial of service). openSUSEhas updated glibc, glibc-testsuite, glibc-utils, glibc.i686(13.2, 13.1: two vulnerabilities). SUSEhas updated firefox(SLE12: multiple vulnerabilities).
Security updates for Thursday

In 2013, we reportedthat had started to redirect the download links clicked on by some users, providing those users with an installer program that bundled in not just the software the user had requested, but a set of side-loaded "utilities"as well. The practice raised the ire of many in the community, even though it was an optional service that SourceForge offered to project owners. Matters may have changed recently, however, as the GIMP project discovered that "GIMP for Windows"downloads had suddenly become side-loading installers—and that the project could no longer access the SourceForge account that was used to distribute them.
[$] SourceForge replacing GIMP Windows downloads

LWN staff celebrated the US Memorial Day holiday on Monday this week, so the Weekly Edition will come out on the holiday schedule ? one day later than usual. We will return to our normal schedule next week. Thank you all, as always, for supporting LWN.
This week's edition will be one day late

Ars Technica reportsthat the US Justice Department has sided with Oracle in its dispute with Google. "The dispute centers on Google copying names, declarations, and header lines of the Java APIs in Android. Oracle filed suit, and in 2012, a San Francisco federal judge sided with Google. The judge ruled that the code in question could not be copyrighted. Oracle prevailed on appeal, however. A federal appeals court ruled that the "declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection."Google maintained that the code at issue is not entitled to copyright protection because it constitutes a "method of operation"or "system"that allows programs to communicate with one another."(Thanks to Martin Michlmayr)
White House sides with Oracle, tells Supreme Court APIs are copyrightable (ArsTechnica)

Debianhas updated ntfs-3g(incomplete fix in previous update). Debian-LTShas updated ntfs-3g(incomplete fix in previous update). Red Hathas updated kernel(RHEL6.4: privilege escalation) and qemu-kvm(RHEL6.5: code execution). Ubuntuhas updated ntfs-3g(15.04: incomplete fix in previous update) and openldap(15.04, 14.10, 14.04, 12.04: denial of service).
Wednesday's security updates

The GNOME community is mourning the loss of developer Marco Pesenti Gritti, who passed away on May 23. "He was the most passionate and dedicated hacker I knew, and I know he was extremely respected in the GNOME community, for his work on Epiphany, Evince and Sugar among many others, just like he was at litl. Those who knew him personally know he was also an awesome human being."
Mourning Marco Pesenti Gritti

Scott Kitterman has posted a series of emailsaround the the Ubuntu Community Council's decision to remove Jonathan Riddell as the leader of the Kubuntu project. He has also stated his intentto leave the Ubuntu community. "I also wish to extend my personal apology to the Kubuntu community for keeping this private for as long as we did. Generally, I don?t believe such an approach is consistent with our values, but I supported keeping it private in the hope that it would be easier to achieve a mutually beneficial resolution of the situation privately. Now that it?s clear that is not going to happen, I (and others in the KC) could not in good faith keep this private."
Jonathan Riddell forced out of Kubuntu

If you run PostgreSQL and have applied one of the updates that were released on May 22, it would be a good idea to read this pageabout an unfortunate bug in those releases. In some cases, the problem can cause the server to fail to restart after a crash. There is a new release in the works; meanwhile, a workaround is available.
Trouble with the May 22 PostgreSQL update

Ars Technica takes a lookat the latest malware threat. "A worm that targets cable and DSL modems, home routers, and other embedded computers is turning those devices into a proxy network for launching armies of fraudulent Instagram, Twitter, and Vine accounts as well as fake accounts on other social networks. The new worm can also hijack routers' DNS service to route requests to a malicious server, steal unencrypted social media cookies such as those used by Instagram, and then use those cookies to add "follows"to fraudulent accounts. This allows the worm to spread itself to embedded systems on the local network that use Linux-based operating systems. The malware, dubbed "Linux/Moose"by Olivier Bilodeau and Thomas Dupuy of the security firm ESET Canada Research, exploits routers open to connections from the Internet via Telnet by performing brute-force login attempts using default or common administrative credentials. Once connected, the worm installs itself on the targeted device."
The Moose is loose: Linux-based worm turns routers into social network bots (Ars Technica)

Arch Linuxhas updated nbd(denial of service), pgbouncer(denial of service), postgresql(multiple vulnerabilities), webkitgtk(information disclosure), and webkitgtk2(information disclosure). Debianhas updated ipsec-tools(denial of service), nbd(denial of service), postgresql-9.1(multiple vulnerabilities), postgresql-9.4(multiple vulnerabilities), tiff(multiple vulnerabilities), and zendframework(multiple vulnerabilities). Debian-LTShas updated ntfs-3g(privilege escalation). Fedorahas updated firefox(F22: multiple vulnerabilities), hostapd(F22: denial of service), java-1.8.0-openjdk(F22: file overwrites), kernel(F20: two vulnerabilities), libarchive(F21: denial of service), LibRaw(F22; F20: denial of service), mingw-LibRaw(F22; F22; F20: denial of service), openstack-glance(F22: access restriction bypass), php(F22: multiple vulnerabilities), php-ZendFramework2(F22: CRLF injection), phpMyAdmin(F22: two vulnerabilities), qemu(F22; F20: code execution), quassel(F22: denial of service), suricata(F22: denial of service), thunderbird(F22: multiple vulnerabilities), wordpress(F22: cross-site scripting), and xen(F22; F21; F20: privilege escalation). Mageiahas updated chromium-browser-stable(multiple vulnerabilities) and kernel(memory corruption). openSUSEhas updated coreutils(13.2: multiple vulnerabilities), firefox(13.2, 13.1: multiple vulnerabilities), libraw(13.2, 13.1: denial of service), LibVNCServer(13.2: code execution), quassel(13.2, 13.1: SQL injection), thunderbird(13.2, 13.1: multiple vulnerabilities), and wireshark(13.2; 13.1: multiple vulnerabilities). Red Hathas updated chromium-browser(RHEL6: multiple vulnerabilities). SUSEhas updated KVM(SLES11SP2: code execution), MySQL(SLE11SP3: multiple vulnerabilities), and Xen(SLES11SP2; SLES11SP1; SLES10SP4: two vulnerabilities). Ubuntuhas updated kernel(14.04: denial of service), linux-lts-trusty(12.04: denial of service), and postgresql-9.1, postgresql-9.3, postgresql-9.4(15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).
Security advisories for Tuesday

The Fedora 22 release is out. "If this release had a human analogue, it'd be Fedora 21 after it'd been to college, landed a good job, and kept its New Year's Resolution to go to the gym on a regular basis. What we're saying is that Fedora 22 has built on the foundation we laid with Fedora 21 and the work to create distinct editions of Fedora focused on the desktop, server, and cloud (respectively). It's not radically different, but there are a fair amount of new features coupled with features we've already introduced but have improved for Fedora 22."LWN's preview of Fedora 22was published in the May 21 Weekly Edition.
Fedora 22 released

An anonymous reader has pointed out that Mandriva is currently being liquidated(page in French). The company brought in ?553,000 in 2013, but that is seemingly not enough to keep it going in 2015. It is a sad end for a company that has been pursuing the desktop Linux dream since 1998.
The end for Mandriva

Drupal Views Module Access Bypass Vulnerability
Vuln: Drupal Views Module Access Bypass Vulnerability

php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability
Vuln: php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability

PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
Vuln: PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability

PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
Vuln: PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability

[security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege
Bugtraq: [security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege

Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution
Bugtraq: Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution

[SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices
Bugtraq: [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices

DbNinja 3.2.6 Flash XSS Vulnerabilities
Bugtraq: DbNinja 3.2.6 Flash XSS Vulnerabilities

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus