Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The Free Software Foundation blog has posted an articledetailing a newly discovered government surveillance project as well as a new technological countermeasure. The surveillance project is known as HACIENDA, as is reportedly a multi-national effort "to map every server in twenty-seven countries, employing a technique known as port scanning."The countermeasure, developed by Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn, is called TCP Stealth. According to the TCP Stealth whitepaper, the system "replaces the traditional random TCP SQN number with a token that authenticates the client and (optionally) the first bytes of the TCP payload. Clients and servers can enable TCP Stealth by explicitly setting a socket option or linking against a library that wraps existing network system calls."A Linux implementation of the scheme is available.
FSF: GNU hackers discover HACIENDA government surveillance and give us a way to fight back

Debianhas updated libstruts1.2-java(code execution) and php5(multiple vulnerabilities). Fedorahas updated drupal7(F19; F20: denial of service), drupal7-date(F19; F20: cross-site scripting), libndp(F19; F20: code execution), and wordpress(F20: denial of service). Mageiahas updated catfish(M3; M4: privilege escalation), gpgme(code execution), phpmyadmin(multiple vulnerabilities), python-imaging, python-pillow(denial of service), and subversion(M3; M4: information leak). openSUSEhas updated openstack-neutron(13.1: access restriction bypass), apache2(12.3; 13.1: multiple vulnerabilities), apache2-mod_security2(rules bypass), krb5,(code execution), openssl(multiple vulnerabilities), python(12.3; 13.1: information leak), python3(13.1: information leak), and samba(13.1: multiple vulnerabilities). Red Hathas updated openstack-nova(RHEL OpenStack: multiple vulnerabilities). Ubuntuhas updated oxide-qt(14.04: multiple vulnerabilities).
Thursday's security updates

The results from the Linux Foundation TAB election have been announced; the five open seats went to Chris Mason, John Linville, H. Peter Anvin, Grant Likely, and Kristen Accardi.
Linux Foundation Technical Advisory Board election results

The Weekly Edition for August 21, 2014 is available.
[$] Weekly Edition for August 21, 2014

A project as large as GNOME consists of enough constituent parts that it can be a challenge just to keep up with the latest developments of the various applications, libraries, and infrastructure efforts. GUADEC2014 in Strasbourg provided a number of opportunities to get up speed on the various moving pieces. Of course, it is impossible to catch everything at a multi-track event, but there were still quite a few updates worth mentioning.
[$] GNOME development updates from GUADEC

CentOShas updated qemu-kvm(C6: code execution). Debianhas updated cacti(multiple vulnerabilities). openSUSEhas updated gpgme(13.1, 12.3: code execution) and wireshark(13.1: multiple vulnerabilities). Oraclehas updated qemu-kvm(OL6: multiple vulnerabilities). Red Hathas updated kernel-rt(RHE MRG 2.5: multiple vulnerabilities), openstack-neutron(RHEL OSP 4.0: denial of service), and thermostat1-httpcomponents-client(RHSC1: SSL server spoofing). Ubuntuhas updated openjdk-7(14.04 LTS: multiple vulnerabilities).
Security advisories for Wednesday

[Linus Torvalds]The 2014 Kernel Summit was held on August 18-20 in Chicago, IL, USA. Reports from the first day's session are now available to LWN subscribers. Topics covered range from I/O memory management units to the stable and linux-next trees, to performance regressions and code review. Click below (subscribers only) for access to the full set of articles.
[$] The 2014 Kernel Summit takes a lookat using 2-factor authentication for commit access to kernel git repositories. "Having the technology available is one thing, but how to incorporate it into the kernel development process -- in a way that doesn't make developers' lives painful and unbearable? When we asked them, it became abundantly clear that nobody wanted to type in 6-digit codes every time they needed to do a git remote operation. Where do you draw the line between security and usability in this case? We looked at the options available in gitolite, the git repository management solution used at, and found a way that allowed us to trigger additional checks only when someone performed a write operation, such as "git push."Since we already knew the username and the remote IP address of the developer attempting to perform a write operation, we put together a verification tool that allowed developers to temporarily whitelist their IP addresses using their 2-factor authentication token."
Linux Kernel Git Repositories Add 2-Factor Authentication (

CentOShas updated nss-util(C7: incorrect wildcard certificate handling), nss-softokn(C7: incorrect wildcard certificate handling), and nss(C7: incorrect wildcard certificate handling). Fedorahas updated kernel(F19: multiple vulnerabilities) and samba(F19: remote code execution/privilege escalation). Oraclehas updated nss, nss-util, nss-softokn(OL7: incorrect wildcard certificate handling). Red Hathas updated qemu-kvm(RHEL6: multiple vulnerabilities). Scientific Linuxhas updated qemu-kvm(SL6: multiple vulnerabilities). SUSEhas updated flash-player(SLED11 SP3: multiple vulnerabilities). Ubuntuhas updated openssl(10.04 LTS: regression in previous update).
Security advisories for Tuesday

Python core developer Nick Coghlan seeks to dispel worriesthat an eventual Python 4.0 release will be as disruptive as 3.0 was. "Why mention this point? Because this switch to 'Unicode by default' is the most disruptive of the backwards incompatible changes in Python 3 and unlike the others (which were more language specific), it is one small part of a much larger industry wide change in how text data is represented and manipulated. With the language specific issues cleared out by the Python 3 transition, a much higher barrier to entry for new language features compared to the early days of Python and no other industry wide migrations on the scale of switching from 'binary data with an encoding' to Unicode for text modelling currently in progress, I can't see any kind of change coming up that would require a Python 3 style backwards compatibility break and parallel support period."
Coghlan: Why Python 4.0 won't be like Python 3.0

Neil Brown, the MD maintainer, has sent out an alert for a bug which, in fairly abnormal conditions, can lead to data loss on an MD-hosted RAID6 array. "There is no risk to an optimal array or a singly-degraded array. There is also no risk on a doubly-degraded array which is not recovering a device or is not receiving write requests."RAID6 users will likely want to apply the patch, though, which is likely to show up in the next stable kernel update from distributors.
An md/raid6 data corruption bug

The election for half of the members of the Linux Foundation's Technical Advisory board will be held 8:00PM, August 20, at the Kernel Summit/LinuxCon joint reception. As of this writing, there are fewer candidates than open positions. Anybody interested in serving on the TAB is encouraged to make their interest known prior to the election time and, if possible, attend the election.
The Linux Foundation Technical Advisory Board election

Debianhas updated xen(multiple vulnerabilities). Fedorahas updated 389-ds-base(F20: information disclosure), iodine(F19; F20: authentication bypass), kernel(F20: multiple vulnerabilities), krfb(F19; F20: denial of service), pixman(F20: denial of service), and tboot(F19; F20: boot chain bypass). Gentoohas updated libmodplug(multiple vulnerabilities). Mageiahas updated 389-ds-base(information disclosure), dhcpcd(denial of service), flash-player-plugin(multiple vulnerabilities), kernel-linus(M3; M4: multiple vulnerabilities), kernel-tmb(M3; M4: multiple vulnerabilities), and kernel-vserver(multiple vulnerabilities). openSUSEhas updated flash-player(11.4: multiple vulnerabilities). Red Hathas updated nss, nss-util, nss-softokn(RHEL7: incorrect certificate handling). SUSEhas updated krb5(code execution). Ubuntuhas updated kernel(14.04: multiple vulnerabilities) and linux-lts-trusty(12.04: multiple vulnerabilities).
Monday's security updates

Linus has released3.17-rc1 and closed the merge window for this release. He had suggested that the merge window could be extended, but that's not how things turned out. "I'm going to be on a plane much of tomorrow, and am not really supportive of last-minute pull requests during the merge window anyway, so I'm closing the merge window one day early, and 3.17-rc1 is out there now."
Kernel prepatch 3.17-rc1

O'Reilly Radar has posted a retrospective lookat the OpenStreetMap(OSM) project on the occasion of OSM's ten-year anniversary. Tyler Bell calls the project "the most significant development in the Open Geo Data movement"outside of GPS; noting that before OSM's creation, "map data sources were few, and largely controlled by a small collection of private and governmental players. The scarcity of map data ensured that it remained both expensive and highly restrictive, and no one but the largest navigation companies could use map data."Particularly interesting are the various comparisons between the state of the map in 2007 and today; the project's 1.5 million registered users do not seem to be slowing down, even if today's emphasis has shifted somewhat to less-visible features: "nodes are getting connected and turn restrictions added to facilitate navigation, while addresses are being sourced to help with geocoding and place finding."
Ten years of OpenStreetMap (O'Reilly Radar)

Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2014-4227 Remote Security Vulnerability

Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2014-4265 Remote Security Vulnerability

PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
Vuln: PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability

PHP 'ext/spl/spl_dllist.c' Local Denial of Service Vulnerability
Vuln: PHP 'ext/spl/spl_dllist.c' Local Denial of Service Vulnerability

[SECURITY] [DSA 2940-1] libstruts1.2-java security update
Bugtraq: [SECURITY] [DSA 2940-1] libstruts1.2-java security update

[SECURITY] [DSA 3008-1] php5 security update
Bugtraq: [SECURITY] [DSA 3008-1] php5 security update

ToorCon 16 Call For Papers!
Bugtraq: ToorCon 16 Call For Papers!

ArcGIS for Server Vulnerability Disclosure
Bugtraq: ArcGIS for Server Vulnerability Disclosure

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus