Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
On the Tor blog, Nick Mathewson reportson an informal survey he did for "severe"bugs in Torover the last few years. It breaks down the 70 bugs he found into different categories that are correlated with some recommendations for ways to try to avoid them in the future. For example: "Recommendation 5.1: all backward compatibility code should have a timeout date. On several occasions we added backward compatibility code to keep an old version of Tor working, but left it enabled for longer than we needed to. This code has tended not to get the same regular attention it deserves, and has also tended to hold surprising deviations from the specification. We should audit the code that's there today and see what we can remove, and we should never add new code of this kind without adding a ticket and a comment planning to remove it."Many of the recommendations are likely applicable to other projects.
Mathewson: Mid-2016 Tor bug retrospective, with lessons for future coding

GitLab 8.8 has been releasedwith pipeline visualization, .gitignoretemplates, the GitLab Container Registry, and more. "In this release, we are supercharging GitLab CI. First with Pipelines and now with GitLab Container Registry. GitLab Container Registry is a secure and private registry for Docker images. It isn't just a standalone registry; it's completely integrated with GitLab. In fact, our container registry is actually the first Docker registry that is fully-integrated with git repository management and comes out of the box with GitLab 8.8. So if you've upgraded, you already have it! Our integrated Container Registry requires no additional installation. It allows for easy upload and download of images from GitLab CI. And it's free."
GitLab 8.8 released with Pipelines and .gitignore templates

Debianhas updated atheme-services(denial of service). Fedorahas updated gsi-openssh(F23: privilege escalation), imlib2(F23; F22: multiple vulnerabilities), and websvn(F23; F22: cross-site scripting). Mageiahas updated glibc(multiple vulnerabilities), golang(denial of service), pcre(two vulnerabilities), and xerces-j2(denial of service). Red Hathas updated jq(RHELOSP7 for RHEL7; RHELOSP6 for RHEL7: code execution) and kernel(RHEL6.6: two remote denial of service vulnerabilities). SUSEhas updated IBM Java 1.6.0(SLES10-SP4: multiple vulnerabilities).
Tuesday's security updates has an interview with Dietrich Ayalaabout using old smartphones for home automation. "Ayala spent a lot of time studying the readouts from sensors, as well as from the phone?s microphone, camera, and, radios, that would enable a remote user to draw conclusions about what was happening at home. This contextual information could then be codified into more useful notifications. With ambient light, for example, if it suddenly goes dark in the daytime, maybe someone is standing over a device, explained Ayala. Feedback from the accelerometer can be analyzed to determine the difference between footsteps, an earthquake, or someone picking up the device. Scripts can use radio APIs to determine if a person moving around is carrying a phone with a potentially revealing Bluetooth signature."
Repurposing Old Smartphones for Home Automation (

Debianhas updated wireshark(multiple vulnerabilities). Debian-LTShas updated extplorer(cross-site request forgery), graphicsmagick(multiple vulnerabilities), and imagemagick(multiple vulnerabilities). Fedorahas updated cacti(F23; F22: SQL injection), dosfstools(F23: two vulnerabilities), libksba(F22: denial of service), libndp(F23; F22: man-in-the-middle attacks), mingw-openssl(F23: multiple vulnerabilities), moodle(F23: multiple vulnerabilities), openvpn(F22: multiple vulnerabilities), pgpdump(F23; F22: denial of service), php-symfony(F23; F22: buffer overflow), qemu(F22: multiple vulnerabilities), rpm(F22: two vulnerabilities), thunderbird(F23: multiple vulnerabilities), and wordpress(F23; F22: two cross-site scripting vulnerabilities). Mageiahas updated apache-mod_nss(invalid handling of +CIPHER operator), bugzilla(cross-site scripting), jansson(denial of service), libgd(denial of service), libreoffice(code execution), networkmanager(information leak), openvpn(multiple vulnerabilities), p7zip(code execution), php-ZendFramework2(insecure ciphertexts), and wpa_supplicant(two vulnerabilities). openSUSEhas updated kernel(Leap42.1: multiple vulnerabilities). Oraclehas updated docker-engine(OL7; OL6: privilege escalation) and kernel 3.8.13(OL7; OL6: multiple vulnerabilities), kernel 2.6.39(OL6; OL5: multiple vulnerabilities), kernel 2.6.32(OL6; OL5: multiple vulnerabilities). Red Hathas updated kernel(RHEL6.4: two remote denial of service vulnerabilities). Scientific Linuxhas updated libndp(SL7: man-in-the-middle attacks). Slackwarehas updated curl(server spoofing). SUSEhas updated firefox(SLE11-SP4,SP3: multiple vulnerabilities), java-1_6_0-ibm(SOSC5, SMP2.1, SM2.1, SLES11SP3,SP2: multiple vulnerabilities), and java-1_7_0-ibm(SOSC5, SMP2.1, SM2.1, SLES11SP3,SP2: multiple vulnerabilities).
Security advisories for Monday

Version 1.2.0of the Roundcube web-based email system has been released. The headline feature this time around would appear to be support for encrypted mail with PGP; the encryption can be handled either centrally in the server, or in the browser via the "Mailvelope"browser plugin. A complete list of changes can be found in the changelog.
Roundcube Webmail 1.2.0 released

For those who are curious about how the CoreOS remote SSH vulnerability came to be, the company has posted a detailed report. "This misconfiguration was abetted by confirmation bias. The expected outcome of the change to the CoreOS PAM configuration was for users who presented a password present in an authentication database to be successfully authenticated. Because of the pam_permit failure case explained above, this was the observed behavior in testing, so the change was assumed to be correct. No attempt was made to determine whether the observed behavior could be explained in some other way, such as the system allowing any presented password."
A report on the CoreOS remote SSH vulnerability

Arch Linuxhas updated bugzilla(cross-site scripting). Debianhas updated librsvg(three vulnerabilities). Debian-LTShas updated expat(code execution) and libgd2(denial of service). Mageiahas updated dhcpcd(code execution from 2014), expat(code execution), gdk-pixbuf2.0(code execution), icu(code execution), imagemagick/ruby-rmagic(multiple vulnerabilities), libxml2(two denial of service flaws), perl(denial of service), and xerces-c(code execution). openSUSEhas updated libksba(13.2: two vulnerabilities) and php5(42.1: multiple vulnerabilities). Red Hathas updated Red Hat OpenShift Enterprise 3.1(unauthorized access) and Red Hat OpenShift Enterprise 3.2(three vulnerabilities). SUSEhas updated openssl(SLE10: multiple vulnerabilities).
Security updates for Friday

Over at InfoWorld, Jim Reno comparesthe security of virtual machines (VMs) and containers. "Which is more secure?"is a question that is often asked, but the answer, of course, is "it depends". Reno analyzes the attack surface of each to help in the choosing between VMs and containers. "Many legacy VM applications treat VMs like bare metal. In other words, they have not adapted their architectures specifically for VMs or for security models not based on perimeter security. They might install many services on the same VM, run the services with root privileges, and have few or no security controls between services. Rearchitecting these applications (or more likely replacing them with newer ones) might use VMs to provide security separation between functional units, rather than simply as a means of managing larger numbers of machines. Containers are well suited for microservices architectures that ?string together? large numbers of (typically) small services using standardized APIs. Such services often have a very short lifetime, where a containerized service is started on demand, responds to a request, and is destroyed, or where services are rapidly ramped up and down based on demand. That usage pattern is dependent on the fast instantiation that containers support. From a security perspective it has both benefits and drawbacks."
Linux containers vs. VMs: A security comparison (InfoWorld)

On his blog, Josh Berkus asksabout the effects of changing how PostgreSQL numbers its releases. There is talk of moving from an x.y.z scheme to an x.y scheme, where x would increase every year to try to reduce "the need to explain to users that 9.5 to 9.6 is really a major version upgrade requiring downtime". He is wondering what impacts that will have on users, tools, scripts, packaging, and so on. "The problem is the first number, in that we have no clear criteria when to advance it. Historically, we've advanced it because of major milestones in feature development: crash-proofing for 7.0, Windows port for 8.0, and in-core replication for 9.0. However, as PostgreSQL's feature set matures, it has become less and less clear on what milestones would be considered "first digit"releases. The result is arguments about version numbering on the mailing lists every year which waste time and irritate developers."
Berkus: Changing PostgreSQL Version Numbering

Greg Kroah-Hartman has released the 4.5.5, 4.4.11, and 3.14.70stable kernels. Users of those series should upgrade.
Stable kernels 4.5.5, 4.4.11, and 3.14.70

Arch Linuxhas updated p7zip(two code execution flaws). Debianhas updated swift-plugin-s3(replay attack). Debian-LTShas updated icedove(armhf: three vulnerabilities), nss(multiple vulnerabilities), and phpmyadmin(multiple vulnerabilities). Mageiahas updated cacti(two SQL injection flaws), chromium-browser-stable(multiple vulnerabilities), dosfstools(two vulnerabilities), libarchive(code execution), libksba(three vulnerabilities), libndp(man-in-the-middle attacks), mariadb(multiple vulnerabilities), moodle(multiple vulnerabilities), qemu(multiple vulnerabilities), and xymon(multiple vulnerabilities). openSUSEhas updated php5(13.2: multiple vulnerabilities). SUSEhas updated firefox(SLE10: multiple vulnerabilities). Ubuntuhas updated firefox(fix to previous security update), oxide-qt(16.04, 15.10, 14.04: multiple vulnerabilities), and thunderbird(multiple vulnerabilities).
Thursday's security advisories

The Weekly Edition for May 19, 2016 is available.
[$] Weekly Edition for May 19, 2016

Arch Linuxhas updated expat(code execution) and lib32-expat(code execution). CentOShas updated libndp(C7: man-in-the-middle attacks). Debianhas updated expat(code execution). Debian-LTShas updated libidn(information disclosure), librsvg(denial of service), and xen(multiple vulnerabilities). Fedorahas updated dhcp(F22: denial of service). openSUSEhas updated cacti(Leap42.1, 13.2: SQL injection), Chromium(SPH for SLE12: multiple vulnerabilities), go(Leap42.1: two vulnerabilities), GraphicsMagick(Leap42.1, 13.2: multiple vulnerabilities), imlib2(13.2: multiple vulnerabilities), libressl(13.2: multiple vulnerabilities), librsvg(Leap42.1, 13.2: denial of service), mercurial(Leap42.1, 13.2: code execution), mysql-community-server(Leap42.1, 13.2: multiple vulnerabilities), ntp(Leap42.1: multiple vulnerabilities), ocaml(13.2: information leak), poppler(13.2: denial of service), and proftpd(Leap42.1, 13.2: weak key usage). Oraclehas updated kernel(OL6: multiple vulnerabilities), kernel 4.1.12(OL7; OL6: three vulnerabilities), libndp(OL7: man-in-the-middle attacks), and qemu-kvm(OL6: multiple vulnerabilities). Scientific Linuxhas updated kernel(SL7: privilege escalation) and thunderbird(SL5,7: two vulnerabilities). SUSEhas updated xen(SLE12: multiple vulnerabilities). Ubuntuhas updated expat(code execution), libarchive(code execution), libksba(multiple vulnerabilities), and samba(12.04: regression in previous update).
Security advisories for Wednesday

Docker Engine 1.11 has been released, built on runCand containerd. "runC is the first implementation of the Open Containers Runtime specificationand the default executor bundled with Docker Engine. Thanks to the open specification, future versions of Engine will allow you to specify different executors, thus enabling the ecosystem of alternative execution backends without any changes to Docker itself. By separating out this piece, an ecosystem partner can build their own compliant executor to the specification, and make it available to the user community at any time ? without being dependent on the Engine release schedule or wait to be reviewed and merged into the codebase."
Docker 1.11: The first runtime built on containerd and based on OCI technology

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability

[slackware-security] libarchive (SSA:2016-145-01)
Bugtraq: [slackware-security] libarchive (SSA:2016-145-01)

[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

MSA-2016-01: PowerFolder Remote Code Execution Vulnerability
Bugtraq: MSA-2016-01: PowerFolder Remote Code Execution Vulnerability

[SECURITY] [DSA 3586-1] atheme-services security update
Bugtraq: [SECURITY] [DSA 3586-1] atheme-services security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus