LINUXsecure_LOGO
Issues on Linux and Security
 
-->
 
 
 
 
 
 
 
home
button Home
 

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.


back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
There are three new stable kernels available: 3.9.4, 3.4.47, and 3.0.80. All contain important fixes.
New stable kernels 3.9.4, 3.4.47, and 3.0.80

A security issue has been identified in the tool used by the Fedora Project to create cloud images. "Images generated by this tool, including Fedora Project ?official? AMIs (Amazon Machine Images), AMIs whose heritage can be traced to official Fedora AMIs, as well as some images using the AMI format in non-Amazon clouds, are affected, as described below."The flaw has been assigned CVE-2013-2069.
Security issue in livecd-tools causes password issue in Fedora cloud images

Long time Debian developer Ray Dassen died on May 18. "The Debian Project honours Ray's great work and his strong dedication to Debian and Free Software. His technical knowledge and his ability to share that knowledge with others will be missed. His contributions will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others."
Debian Project mourns the loss of Ray Dassen

Debianhas updated libdmx(multiple vulnerabilities), libxv(multiple vulnerabilities), libxvmc(multiple vulnerabilities), libfixes(multiple vulnerabilities), libxrender(multiple vulnerabilities), mesa(multiple vulnerabilities), xserver-xorg-video-openchrome(multiple vulnerabilities), libxt(multiple vulnerabilities), libxcursor(multiple vulnerabilities), libxext(multiple vulnerabilities), libxi(multiple vulnerabilities), libxrandr(multiple vulnerabilities), libxp(multiple vulnerabilities), libxcb(multiple vulnerabilities), libfs(multiple vulnerabilities), libxres(multiple vulnerabilities), libxtst(multiple vulnerabilities), libxxf86dga(multiple vulnerabilities), libxinerama(multiple vulnerabilities), libxxf86vm(multiple vulnerabilities), and libxvmc(regression in previous update). openSUSEhas updated kernel(multiple vulnerabilities), firefox(multiple vulnerabilities), and icedtea-web(multiple vulnerabilities). Red Hathas updated kvm(privilege escalation). SUSEhas updated kernel(privilege escalation). Ubuntuhas updated kernel(13.04; 12.10; 12.04 LTS: multiple vulnerabilities), quantal HWE kernel(12.04 LTS: multiple vulnerabilities), and OMAP4 kernel(12.10: multiple vulnerabilities).
Security advisories for Friday

X.Org has disclosed a long list of vulnerabilities that have been fixed in the X Window System client libraries; most of them expose clients to attacks by a hostile server. "Most of the time X clients & servers are run by the same user, with the server more privileged from the clients, so this is not a problem, but there are scenarios in which a privileged client can be connected to an unprivileged server, for instance, connecting a setuid X client (such as a screen lock program) to a virtual X server (such as Xvfb or Xephyr) which the user has modified to return invalid data, potentially allowing the user to escalate their privileges."There are 30 CVE numbers assigned to these vulnerabilities; expect the distributor updates to start flowing shortly.
Numerous security issues in X Window System clients

Sarah Sharp reports on the responseto the availability of a set of Outreach Program for Women internships working on the Linux kernel. "As coordinator for the Linux kernel OPW project, I was really worried about whether applicants would be able to get patches into the kernel. Everyone knows that kernel maintainers are the pickiest bastards^Wperfectionists about coding style, getting the proper Signed-off-by, sending plain text email, etc. I thought a couple applicants would be able to complete maybe one or two patches, tops. Boy was I wrong!"In the end, 41 applicants submitted 374 patches to the kernel, of which 137 were accepted.
Sharp: ??Linux Kernel Internships (OPW) Update

The Qt Blog introduces "Boot to Qt", which is "a light-weight UI stack for embedded linux, based on the Qt Framework - Boot to Qt is built on an Android kernel/baselayer and offers an elegant means of developing beautiful and performant embedded devices."Access is invitation-only currently; a release is forecast for sometime around the end of the year.
Introducing Boot to Qt

Debianhas updated request-tracker4(eight CVE numbers), and the kfreebsd kernel(code execution). Fedorahas updated python-virtualenv(F17, F18: temporary file and information disclosure vulnerabilities), krb5(F17, "UDP ping-pong vulnerability"from 2002), and nginx(F18: denial of service and information disclosure). openSUSEhas updated samba(CIFS share attribute verification failure). Oraclehas updated kernel(EL5: denial of service). Red Hathas updated java-1.5.0-ibm(RHEL5-6: 16 "unspecified"vulnerabilities).
Thursday's security updates

The LWN.net Weekly Edition for May 23, 2013 is available.
[$] LWN.net Weekly Edition for May 23, 2013

Google has announcedthat it will be phasing out the file download feature for projects hosted on Google Code. "Downloads were implemented by Project Hosting on Google Code to enable open source projects to make their files available for public download. Unfortunately, downloads have become a source of abuse with a significant increase in incidents recently. Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads."
Google Code to deprecate downloads

GigaOM assertsthat Google will be taking over the desktop (regardless of the underlying operating system) with its Chrome browser. "For many Chrome is just a browser. For others who use a Chromebox or Chromebook, like myself, it?s my full-time operating system. The general consensus is that Chrome OS, the platform used on these devices, can only browse the web and run either extensions and web apps; something any browser can do. Simply put, the general consensus is wrong and the signs are everywhere."
How Google plans to rule the computing world through Chrome (GigaOM)

The Electronic Frontier Foundation has sent out a releaseabout how the US state of Vermont is going on the offensive against patent trolls. "Not content to strike back against a single troll, Vermont is also poised to pass a bill dealing with the problem as a whole. The Vermont House and Senate recently passed a bill to combat 'bad faith assertions of patent infringement'. And the latest word is that Vermont's governor is about to sign it into law."
EFF: Vermont Is Mad as Hell at Patent Trolls

Designing an enumeration type (i.e. "enum") for a language may seem like a straightforward exercise, but the recently "completed"discussions over Python's PEP 435show that it has a few wrinkles. The discussion spanned several long threads in two mailing lists (python-ideas, python-devel) going back to Januaryin this particular iteration, but the idea is far older than that. Subscribers can click below for the full article from this week's edition.
[$] An "enum"for Python 3

CentOShas updated kernel(C5: denial of service). Fedorahas updated gallery3(F18; F17: cross-site scripting) and openstack-keystone(F18: multiple vulnerabilities). Mandrivahas updated krb5(UDP ping-pong flaw in kpasswd). Red Hathas updated kernel(RHEL5: denial of service). Scientific Linuxhas updated kernel(SL5: denial of service). SUSEhas updated java-1_6_0-openjdk(multiple vulnerabilities) and kernel(privilege escalation). Ubuntuhas updated libtiff(two vulnerabilities).
Security updates for Wednesday

While it is not an official Debian release, the Debian GNU/Hurd team has announced the release of Debian GNU/Hurd 2013. GNU Hurd is a Unix-style kernel based on the Mach microkernel and Debian GNU/Hurd makes much of the Debian system available atop that kernel. Debian GNU/Hurd is currently available for the i386 architecture with more than 10.000 software packages available (more than 75% of the Debian archive, and more to come!). Please make sure to read the configuration information, the FAQ, and the translator primerto get a grasp of the great features of GNU/Hurd. Due to the very small number of developers, our progress of the project has not been as fast as other successful operating systems, but we believe to have reached a very decent state, even with our limited resources.
Debian GNU/Hurd 2013 released

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
Vuln: Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability

Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability
Vuln: Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability

Cisco Wireless LAN Controller CVE-2013-1235 Remote Denial of Service Vulnerability
Vuln: Cisco Wireless LAN Controller CVE-2013-1235 Remote Denial of Service Vulnerability

Cisco WebEx Social CVE-2013-1245 Multiple Security Bypass Vulnerabilities
Vuln: Cisco WebEx Social CVE-2013-1245 Multiple Security Bypass Vulnerabilities

[SECURITY] [DSA 2675-2] libxvmc regression update
Bugtraq: [SECURITY] [DSA 2675-2] libxvmc regression update

[security bulletin] HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information

[SECURITY] [DSA 2692-1] libxxf86vm security update
Bugtraq: [SECURITY] [DSA 2692-1] libxxf86vm security update

[SECURITY] [DSA 2691-1] libxinerama security update
Bugtraq: [SECURITY] [DSA 2691-1] libxinerama security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus

-->