Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Debian 8, codenamed "Jessie", has been released. It comes with a wide array of upgraded packages including GNOME 3.14, KDE Plasma Workspaces and KDE Applications 4.11.13, Python 2.7.9 and 3.4.2, Perl 5.20.2, PHP 5.6.7, PostgreSQL 9.4.1, MariaDB 10.0.16 and MySQL 5.5.42, Linux 3.16.7-ctk9, and lots more. "With this broad selection of packages and its traditional wide architecture support, Debian once again stays true to its goal of being the universal operating system. It is suitable for many different use cases: from desktop systems to netbooks; from development servers to cluster systems; and for database, web, or storage servers. At the same time, additional quality assurance efforts like automatic installation and upgrade tests for all packages in Debian's archive ensure that "Jessie"fulfills the high expectations that users have of a stable Debian release."
Debian 8 "Jessie"released

The Rust blog has posted a guideto using Rust's foreign function interface (FFI) with C code. Highlighted in particular are Rust's safe abstractions, which are said to impose no costs. "Most features in Rust tie into its core concept of ownership, and the FFI is no exception. When binding a C library in Rust you not only have the benefit of zero overhead, but you are also able to make it safer than C can! Bindings can leverage the ownership and borrowing principles in Rust to codify comments typically found in a C header about how its API should be used."
Rust Once, Run Everywhere

Arch Linuxhas updated powerdns(denial of service) and powerdns-recursor(denial of service). Debian-LTShas updated subversion(multiple vulnerabilities). Fedorahas updated lcms(F20: denial of service) and php(F21: multiple vulnerabilities). Mageiahas updated chromium-browser-stable(M4: multiple vulnerabilities), chrony(M4: multiple vulnerabilities), lftp(M4: SSL server spoofing), libksba(M4: denial of service), ntop(M4: cross-site scripting), setup(M4: information disclosure), and t1utils(M4: multiple vulnerabilities). openSUSEhas updated firefox(13.1; 13.2: code execution) and socat(13.1: denial of service). Oraclehas updated kernel(kernel 3.8.18 (O6, O7); kernel 2.6.39 (O5, O6); kernel 2.6.32 (O5, O6): multiple vulnerabilities). Red Hathas updated novnc(RHEL OSP4: VNC session hijacking). Ubuntuhas updated firefox(code execution), usb-creator(12.04, 14.04, 14.10; 15.04: privilege escalation), and wpa_supplicant(14.04, 14.10: code execution).
Friday's security updates

The Ubuntu 15.04 release is out. "Ubuntu Server 15.04 includes the Kilo release of OpenStack, alongside deployment and management tools that save devops teams time when deploying distributed applications - whether on private clouds, public clouds, x86 or ARM servers, or on developer laptops. Several key server technologies, from MAAS to Ceph, have been updated to new upstream versions with a variety of new features. This release also includes the first release of snappy Ubuntu Core, a new distribution model based on transactional updates."LWN looked at Snappyin January.
Ubuntu 15.04 (Vivid Vervet) released

Ars Technica reportson a wpa_supplicant bugthat might leave Linux and other systems open to remote code execution. "That's because the code fails to check the length of incoming SSID information and writes information beyond the valid 32 octets of data to memory beyond the range it was allocated. SSID information 'is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets,' [wpa_supplicant maintainer Jouni] Malinen wrote, and the code 'was not sufficiently verifying the payload length on one of the code paths using the SSID received from a peer device. This can result in copying arbitrary data from an attacker to a fixed length buffer of 32 bytes (i.e., a possible overflow of up to 223 bytes). The overflow can override a couple of variables in the struct, including a pointer that gets freed. In addition, about 150 bytes (the exact length depending on architecture) can be written beyond the end of the heap allocation.'"
Wi-Fi software security bug could leave Android, Windows, Linux open to attack (Ars Technica)

Arch Linuxhas updated glibc(code execution). Fedorahas updated chrony(F21: three vulnerabilities), gnupg2(F20: denial of service), java-1.7.0-openjdk(F20: unspecified), java-1.8.0-openjdk(F21: unspecified), kernel(F21; F20: denial of service), ntp(F20: two vulnerabilities), python(F20: denial of service from 2013), spatialite-tools(F21: three vulnerabilities), and sqlite(F21: three vulnerabilities). Oraclehas updated kvm(OL5: two vulnerabilities).
Security updates for Thursday

The Weekly Edition for April 23, 2015 is available.
[$] Weekly Edition for April 23, 2015

Few readers will have failed to notice by now that the attempted merging of the kdbus interprocess communication system into the 4.1 kernel has failed to go as well as its proponents would have liked. As of this writing, the discussion continues and nothing has been merged. This article constitutes an attempt to derive a bit of light from the massive amounts of heat that have been generated so far, with a specific focus on the issue of metadata and capabilities.
[$] The kdbuswreck introducesSourcegraph. "Sourcegraph is a code search engine and browsing tool that semantically indexes all the open source code available on the web. You can search for code by repository, package, or function and click on fully linked code to read the docs, jump to definitions, and instantly find usage examples. And you can do all of this in your web browser, without having to configure any editor plugin."
Sourcegraph: A free code search tool for open source developers (

Arch Linuxhas updated firefox(code execution). CentOShas updated kernel(C6: multiple vulnerabilities), kvm(C5: two vulnerabilities), and qemu-kvm(C6: privilege escalation). Debianhas updated curl(multiple vulnerabilities) and subversion(two vulnerabilities). Debian-LTShas updated wireshark(multiple vulnerabilities). Fedorahas updated ceph-deploy(F21: information leak), firefox(F20: multiple vulnerabilities), libzip(F21; F20: code execution), mingw-gnutls(F21: denial of service), mingw-libtasn1(F21; F20: denial of service), openstack-neutron(F20: denial of service), python-virtualenv(F21; F20: insecure software download), qt5-qtwebkit(F21; F20: denial of service), and qtwebkit(F21; F20: denial of service). openSUSEhas updated Chromium(13.2, 13.1: multiple vulnerabilities). Oraclehas updated glibc(OL6: two vulnerabilities), kernel(OL6: multiple vulnerabilities), and qemu-kvm(OL6: privilege escalation). Red Hathas updated kernel(RHEL5.9: privilege escalation), kvm(RHEL5: two vulnerabilities), and qemu-kvm(RHEL6: privilege escalation). Scientific Linuxhas updated kernel(SL6: multiple vulnerabilities), kvm(SL5: two vulnerabilities), and qemu-kvm(SL6: privilege escalation). Slackwarehas updated bind(denial of service), gnupg(multiple vulnerabilities), httpd(multiple vulnerabilities), libssh(two vulnerabilities), firefox(multiple vulnerabilities), thunderbird(multiple vulnerabilities), mutt(denial of service), ntp(two vulnerabilities), openssl(multiple vulnerabilities), php(multiple vulnerabilities), ppp(two vulnerabilities), proftpd(unauthenticated copying of files), qt(multiple vulnerabilities), and seamonkey(multiple vulnerabilities). SUSEhas updated mariadb(SLE12: multiple vulnerabilities).
Security advisories for Wednesday

Version 5.1 of the GNU Compiler Collection is out. "GCC 5.1 is a major release containing substantial new functionality not available in GCC 4.9.x or previous GCC releases."Some of that new functionality includes full C++14 language support, quite a few optimization improvements, partial OpenACCsupport, OpenMP 4.0 support, an experimental JIT library, and more; see the changelogfor details.
GCC 5.1 released

The Daily Dot reportsthat the Tor project is receiving some funding from the US Defense Advanced Research Projects Agency (DARPA) to improve Tor's hidden services. "The Dark Net road map moving forward is ambitious. Tor plans to double the encryption strength of hidden service?s identity key and to allow offline storage for that key, a major security upgrade. Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites."
How Tor is building a new Dark Net with help from the U.S. military (The Daily Dot)

Fedora 22 Beta has been released. It comes in Workstation, Server, and Cloud editions, as well as several spins. This version replaces yum with DNF for package management, as discussed in this recent LWN article. The Cloud edition features the latest versions of rpm-ostree and rpm-ostree-toolbox and introduces the Atomic command line tool. The Server edition features a new database server role based on PostgreSQL, an updated Cockpit, and XFS as the default filesystem. The Workstation product has also seen a number of enhancements and improvements, including a redesigned GNOME Shell notification system, transitional Wayland support, and much more.
Announcing the release of Fedora 22 Beta

Arch Linuxhas updated jdk8-openjdk(multiple vulnerabilities), jre8-openjdk(multiple vulnerabilities), jre8-openjdk-headless(multiple vulnerabilities), and tcpdump(denial of service). CentOShas updated glibc(C6: two vulnerabilities). Debian-LTShas updated python-django-markupfield(information leak). Red Hathas updated glibc(RHEL6: two vulnerabilities) and kernel(RHEL6: multiple vulnerabilities). Scientific Linuxhas updated glibc(SL6: two vulnerabilities). SUSEhas updated Real Time Linux Kernel(SLERTE11 SP3: multiple vulnerabilities). Ubuntuhas updated mysql-5.5(14.10, 14.04, 12.04: multiple vulnerabilities), openjdk-6(12.04, 10.04: multiple vulnerabilities), openjdk-7(14.10, 14.04: multiple vulnerabilities), and php5(14.10, 14.04, 12.04, 10.04: multiple vulnerabilities).
Tuesday's security updates

O'Reilly has posted an excerpt from Puppet Best Practices, an upcoming book about the Puppet system configuration tool. It's a good place to look for those wanting an introduction to how Puppet works. "Puppet can be somewhat alien to technologists who have a background in automation scripting. Where most of our scripts scripts are procedural, Puppet is declarative. While a declarative language has many major advantages for configuration management, it does impose some interesting restrictions on the approaches we use to solve common problems."
The Puppet design philosophy (O'Reilly)

OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
Vuln: OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability

python-fedora Open Redirection and Cross Site Scripting Vulnerabilities
Vuln: python-fedora Open Redirection and Cross Site Scripting Vulnerabilities

X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability
Vuln: X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability

Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities
Vuln: Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities

Incorrect handling of self signed certificates in OpenFire XMPP Server
Bugtraq: Incorrect handling of self signed certificates in OpenFire XMPP Server

SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=-
Bugtraq: SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=-

Zeppelin - SSH script - Advanced Information Security Corporation
Bugtraq: Zeppelin - SSH script - Advanced Information Security Corporation

4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes
Bugtraq: 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus