Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2 talks with Paul Ramsey, senior strategist at the open source company Boundless. "Boundless is the ?Red Hat of geospatial?, which says a bit about our business model, but doesn?t really explain our technology. GIS professionals and IT professionals (and, really, anyone with a custom mapping problem) use our tools to store their data, in a spatial SQL database (PostGIS), publish maps and data over the web (GeoServer), and view or edit data in web browsers (OpenLayers) or on the desktop (QGIS). Basically, our tools let developers build web applications that understand and can attractively visualize location. We help people take spatial data out of the GIS department and use it to improve workflows and make decisions anywhere in the organization. This is part of what we see as a move towards what we call Spatial IT, where spatial data is used to empower decision-making across an enterprise."
Mapping the world with open source (

Debianhas updated wireshark(multiple vulnerabilities). Mageiahas updated clamav(two vulnerabilities) and perl-Plack(information disclosure). Mandrivahas updated libvncserver(multiple vulnerabilities) and phpmyadmin(multiple vulnerabilities). openSUSEhas updated rubygem-sprockets-2_1(directory traversal), rubygem-sprockets-2_2(directory traversal), and wireshark(multiple vulnerabilities). Red Hathas updated RHOSE(two vulnerabilities). Ubuntuhas updated squid3(14.10, 14.04: denial of service).
Security advisories for Wednesday

CentOShas updated libXfont(C5: multiple vulnerabilities). Fedorahas updated kde-runtime(F20: code execution) and moodle(F20: multiple vulnerabilities). Mageiahas updated chromium-browser-stable(multiple vulnerabilities) and graphicsmagick(denial of service). Mandrivahas updated ffmpeg(multiple vulnerabilities), imagemagick(multiple vulnerabilities), and ruby(multiple vulnerabilities). openSUSEhas updated ImageMagick(13.2, 13.1, 12.3: denial of service) and zeromq(13.2: man-in-the-middle attack). Oraclehas updated libXfont(OL5: multiple vulnerabilities). Red Hathas updated chromium-browser(RHEL6: multiple vulnerabilities) and libXfont(RHEL5: multiple vulnerabilities). Scientific Linuxhas updated libXfont(SL5: multiple vulnerabilities). SUSEhas updated firefox(SLES10 SP4: multiple vulnerabilities). Ubuntuhas updated EC2 kernel(10.04: two vulnerabilities), kde-runtime(12.04: code execution), kernel(10.04; 12.04; 14.04; 14.10: multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), and linux-ti-omap4(12.04: multiple vulnerabilities).
Tuesday's security updates

As of the 3.18-rc6release, 11,186 non-merge changesets have been pulled into the mainline repository for the 3.18 development cycle. That makes this release about 1,000 changesets smaller than its immediate predecessors, but still not a slow development cycle by any means. Since this cycle is getting close to its end, it's a good time to look at where the code that came into the mainline during this cycle came from.
[$] Some 3.18 development statistics

Ars Technica reportson a recently discovered bug in WordPress 3 sites that could be used to launch malicious script-based attacks on site visitors? browsers. "The vulnerability, discovered by Jouko Pynnonen of Klikki Oy, allows an attacker to craft a comment on a blog post that includes malicious JavaScript code. On sites that allow comments without authentication?the default setting for WordPress?this could allow anyone to post malicious scripts within comments that could target site visitors or administrators. A proof of concept attack developed by Klikki Oy was able to hijack a WordPress site administrator?s session and create a new WordPress administrative account with a known password, change the current administrative password, and launch malicious PHP code on the server. That means an attacker could essentially lock the existing site administrator out and hijack the WordPress installation for malicious purposes."WordPress 4.0 is not vulnerable to the attack.
Four-year-old comment security bug affects 86 percent of WordPress sites (Ars Technica)

Fedorahas updated clamav(F20: denial of service), facter(F20: privilege escalation), libreoffice(F20: code execution), libvirt(F20: multiple vulnerabilities), libxml2(F19: denial of service), owncloud(F19: security restriction bypass), php-sabredav-Sabre_CalDAV(F19: security restriction bypass), php-sabredav-Sabre_CardDAV(F19: security restriction bypass), php-sabredav-Sabre_DAV(F19: security restriction bypass), php-sabredav-Sabre_DAVACL(F19: security restriction bypass), php-sabredav-Sabre_HTTP(F19: security restriction bypass), php-sabredav-Sabre_VObject(F19: security restriction bypass), polarssl(F20; F19: two vulnerabilities), python(F19: script execution), python-pillow(F20; F19: multiple vulnerabilities), and wget(F20: symlink attack). Gentoohas updated aircrack-ng(multiple vulnerabilities), ansible(code execution), asterisk(multiple vulnerabilities), and openswan(denial of service). Mageiahas updated imagemagick(multiple vulnerabilities), moodle(multiple vulnerabilities), and polarssl(two vulnerabilities). Mandrivahas updated krb5(ticket forgery), libvirt(information disclosure), php-smarty(two vulnerabilities), qemu(multiple vulnerabilities), srtp(denial of service), and wireshark(multiple vulnerabilities). openSUSEhas updated openssl(TLS handshake problem). SUSEhas updated firefox(SLES11 SP2: multiple vulnerabilities).
Security advisories for Monday

The 3.18-rc6prepatch is out, right on schedule. Linus says: "Steady progress towards final release, although we still have a big unknown worry in a regression that Dave Jones reported and that we haven't solved yet. In the process of chasing that one down, there's been a fair amount of looking at various low-level details, and that found some dubious issues, but no smoking gun yet."
Kernel prepatch 3.18-rc6

MusicBrainz, the not-for-profit project that maintains an assortment of "open content"music metadata databases, has announceda new effort named AcousticBrainz. AcousticBrainz is designed to be an open, crowd-sourced database cataloging various "audio features"of music, including "low-level spectral information such as tempo, and additional high level descriptors for genres, moods, keys, scales and much more."The data collected is more comprehensive than MusicBrainz's existing AcoustIDdatabase, which deals only with acoustic fingerprinting for song recognition. The new project is a partnership with the Music Technology Group at Universitat Pompeu Fabra, and uses that group's free-software toolkit Essentiato perform its acoustic analyses. A follow-up postdigs into the AcousticBrainz analysis of the project's initial 650,000-track data set, including examinations of genre, mood, key, and other factors.
Introducing AcousticBrainz

Greg Kroah-Hartman has released three new stable kernels: 3.10.61, 3.14.25, and 3.17.4, each containing important updates and fixes.
A Friday kernel collection

The second version of the kdbus patches have been postedto the Linux kernel mailing list by Greg Kroah-Hartman. The biggest change since the original patch set (which we looked atin early November) is that kdbus now provides a filesystem-based interface (kdbusfs) rather than the /dev/kdbusdevice-based interface. There are lots of other changes in response to v1 review comments as well. "kdbus is a kernel-level IPC implementation that aims for resemblance to [the] protocol layer with the existing userspace D-Bus daemon while enabling some features that couldn't be implemented before in userspace."
Version 2 of the kdbus patches posted

CentOShas updated libxml2(C5: denial of service). Debianhas updated drupal7(multiple vulnerabilities). Fedorahas updated kernel(F20: multiple vulnerabilities). Gentoohas updated adobe-flash(multiple vulnerabilities). Mageiahas updated boinc-client(denial of service), ffmpeg(M3; M4: multiple vulnerabilities), hawtjni(M3: code execution), kdebase4-runtime, kwebkitpart(code execution), kdebase4-workspace(M4: privilege escalation), kdenetwork4(M3: multiple vulnerabilities), kernel(M3; M4: multiple vulnerabilities), kernel-vserver(M3: multiple vulnerabilities), krb5(ticket forgery), libvirt(information disclosure), php-smarty(M3; M4: code execution), privoxy(denial of service), python-djblets(M4: multiple vulnerabilities), python-imaging, python-pillow(multiple vulnerabilities), qemu(M4: multiple vulnerabilities), ruby(multiple vulnerabilities), srtp(M3: denial of service), and wireshark(multiple vulnerabilities). Mandrivahas updated asterisk(BS1: multiple vulnerabilities). openSUSEhas updated gnutls(multiple vulnerabilities) and libvirt(password leak). Oraclehas updated bash(O5; O6; O7: multiple vulnerabilities), libvirt(O6: multiple vulnerabilities), libXfont(O6; O7: multiple vulnerabilities), libxml2(O5: denial of service), mariadb(O7: multiple vulnerabilities), and mysql55-mysql(O5: multiple vulnerabilities). Red Hathas updated java-1.5.0-ibm(RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm(RHEL6: multiple vulnerabilities), java-1.7.1-ibm(RHEL6,7: multiple vulnerabilities), and libxml2(RHEL5: denial of service). Scientific Linuxhas updated libxml2(SL5: denial of service). Ubuntuhas updated apparmor(14.04: privilege escalation) and ruby1.8, ruby1.9.1, ruby2.0, ruby2.1(12.04, 14.04, 14.10: denial of service).
Friday's security updates

On his blog, Paul McKenney investigates a bugin read-copy update (RCU) in preparation for the 3.19 merge window. "Of course, we all have specific patches that we are suspicious of. So my next step was to revert suspect patches and to otherwise attempt to outguess the bug. Unfortunately, I quickly learned that the bug is difficult to reproduce, requiring something like 100 hours of focused rcutorture testing. Bisection based on 100-hour tests would have consumed the remainder of 2014 and a significant fraction of 2015, so something better was required. In fact, something waybetter was required because there was only a very small number of failures, which meant that the expected test time to reproduce the bug might well have been 200 hours or even 300 hours instead of my best guess of 100 hours."
McKenney: Stupid RCU Tricks: rcutorture Catches an RCU Bug

Mandrivahas updated clamav(BS1.0: denial of service from 2013) and php-ZendFramework(BS1.0: authentication bypass). openSUSEhas updated emacs(13.1: multiple vulnerabilities). Red Hathas updated java-1.6.0-ibm(RHEL5&6: multiple vulnerabilities) and java-1.7.0-ibm(RHEL5: multiple vulnerabilities). SUSEhas updated firefox(SLE11SP3: multiple vulnerabilities). Ubuntuhas updated oxide-qt(14.10, 14.04: multiple vulnerabilities).
Security advisories for Thursday

The Weekly Edition for November 20, 2014 is available.
[$] Weekly Edition for November 20, 2014

Mozilla has announcedthat it is not renewing the longstanding arrangement with Google that made Google the default search engine in Firefox in exchange for a sizable payment. Instead, when the current deal ends, Firefox will adopt different default search engines in different regions, a move described as a "more local and flexible approach to increase choice and innovation on the Web."Yahoo will be the default search engine in the United States, Yandex in Russia, and Baidu in China. Mozilla CEO Chris Beard frames this change in terms of Mozilla's independence and non-commercial status. "This is why our independence matters. Being non-profit lets us make different choices. Choices that keep the Web open, everywhere and independent."The Yahoo deal, at least, lasts for five years, and one of the conditions was that Yahoo will support Mozilla's Do Not Trackheader. Google will remain a pre-installed search engine option, and will continue to provide Firefox's Safe Browsing and Geolocation features.
Mozilla drops Google in favor of a multiple-search-partner plan

tnftp CVE-2014-8517 Arbitrary Command Execution Vulnerability
Vuln: tnftp CVE-2014-8517 Arbitrary Command Execution Vulnerability

Oracle Java SE CVE-2014-6504 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2014-6504 Remote Security Vulnerability

Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability
Vuln: Oracle Java SE CVE-2014-6512 IP Address Spoofing Vulnerability

FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability
Vuln: FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability

[SECURITY] [DSA 3077-1] openjdk-6 security update
Bugtraq: [SECURITY] [DSA 3077-1] openjdk-6 security update

[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information

[ MDVSA-2014:229 ] libvncserver
Bugtraq: [ MDVSA-2014:229 ] libvncserver

CVE-2014-5439 - Root shell on Sniffit [with exploit]
Bugtraq: CVE-2014-5439 - Root shell on Sniffit [with exploit]

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus