Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Thanks to Josh Triplett for sending us this Google Project Zero reportabout a dump of unitialized memory caused by Cloudflare's reverse proxies. "A while later, we figured out how to reproduce the problem. It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse for reasons I'll explain later). My working theory was that this was related to their "ScrapeShield"feature which parses and obfuscates html - but because reverse proxies are shared between customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security. "
Cloudflare Reverse Proxies are Dumping Uninitialized Memory

Security updates have been issued by Debian(libreoffice and phpmyadmin), Fedora(kopete and xrdp), Oracle(kernel and qemu-kvm), Red Hat(kernel and qemu-kvm), Scientific Linux(kernel and qemu-kvm), and Ubuntu(LibreOffice and php7.0).
Security updates for Friday

Over at the Red Hat Developers blog, Martin Sebor looks atsome new (or enhanced) warnings available in GCC 7 that will help catch various types of memory errors. For example: "The -Wformat-overflow=leveloption detects certain and likely buffer overflow in calls to the sprintffamily of formatted output functions. The option starts by determining the size of the destination buffer, which can be allocated either statically or dynamically. It then iterates over directives in the format string, calculating the number of bytes each result in output. For integer directives like %iand %xit tries to determine either the exact value of the argument or its range of values and uses the result to calculate the exact or minimum and maximum number of bytes the directive can produce. Similarly for floating point directives such as %aand %f, and string directives such as %s. When it determines that the likely number of bytes a directive results in will not fit in the space remaining in the destination buffer it issues a warning."
Memory Error Detection Using GCC (Red Hat Developers blog)

Andrey Konovalov has announcedthe discovery and fix of a local privilege escalation in the Linux kernel. Using the syzkallerfuzzer (which LWN looked ataround one year ago), he found a double-free in the Datagram Congestion Control Protocol (DCCP) implementation that goes back to at least September 2006 (2.6.18), but probably all the way back to the introduction of DCCP in October 2005 (2.6.14). "[At] this point we have a use-after-free on some_object. An attacker can control what object that would be and overwrite it's content with arbitrary data by using some of the kernel heap spraying techniques. If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel. I'll publish an exploit in a few days, giving people time to update."
Ancient local privilege escalation vulnerability in the kernel announced

Greg Kroah-Hartman has announced the release of the 4.9.12and 4.4.51stable kernels. As usual, there are important fixes in the updates and users of those kernels should upgrade.
Stable kernels 4.9.12 and 4.4.51

Security updates have been issued by Arch Linux(bzip2, kernel, and linux-zen), CentOS(kernel), Debian(bitlbee, kernel, and tomcat7), Fedora(diffoscope, mujs, pcre, plasma-desktop, and tomcat), Mageia(libpcap/tcpdump and spice), Oracle(kernel), Red Hat(kernel, kernel-rt, and python-oslo-middleware), SUSE(php5 and util-linux), Ubuntu(imagemagick), and openSUSE(gd, kernel, libXpm, and libquicktime).
Security updates for Thursday

The final version of the LEDE router distribution's 17.01.0 release is now available. "LEDE 17.01.0 "Reboot"incorporates thousands of commits over the last nine months of effort. With this release, the LEDE development team closes out an intense effort to modernize many parts of OpenWrt and incorporate many new modules, packages, and technologies."LWN recently reviewed a release-candidate versionof LEDE 17.01.
LEDE v17.01.0 final

The Google security blog carries the newsof the first deliberately constructed SHA-1 hash collision. "We started by creating a PDF prefix specifically crafted to allow us to generate two documents with arbitrary distinct visual contents, but that would hash to the same SHA-1 digest. In building this theoretical attack in practice we had to overcome some new challenges. We then leveraged Google?s technical expertise and cloud infrastructure to compute the collision which is one of the largest computations ever completed."The SHA-1 era is truly coming to an end, even if most attackers lack access to the computing resources needed for this particular exploit.
Announcing the first SHA1 collision

The Weekly Edition for February 23, 2017 is available.
[$] Weekly Edition for February 23, 2017

Tuukka Turunen presentsa roadmap for Qt. "Qt 3D was first released with Qt 5.7 and in Qt 5.8 the focus was mostly on stability and performance. With Qt 5.9 we are providing many new features which significantly improve the functionality of Qt 3D. Notable new features include support for mesh morphing and keyframe animations, using Qt Quick items as a texture for 3D elements, as well as support for physically based rendering and particles. There are also multiple smaller features and improvements throughout the Qt 3D module."
Turunen: Qt Roadmap for 2017

CentOShas updated firefox(C7; C6; C5: multiple vulnerabilities). Debianhas updated tomcat7(regression in previous update) and tomcat8(regression in previous update). Gentoohas updated archive-tar-minitar(file overwrites) and ghostscript-gpl(multiple vulnerabilities). openSUSEhas updated profanity(42.2, 42.1: user impersonation). SUSEhas updated php7(SLE12: multiple vulnerabilities). Ubuntuhas updated kernel(14.04: three vulnerabilities), linux, linux-raspi2(16.10: three vulnerabilities), linux, linux-snapdragon(16.04: multiple vulnerabilities), linux, linux-ti-omap4(12.04: three vulnerabilities), linux-lts-trusty(12.04: three vulnerabilities), linux-lts-xenial(14.04: multiple vulnerabilities), and tcpdump(multiple vulnerabilities).
Wednesday's security advisories

Issues of when and how to enforce free-software licenses, and who should do it, have been on some people's mindsrecently, and Richard Fontana from Red Hat decided to continue the discussion at FOSDEM. This was a fairly lawyerly talk; phrases like "alleged violation"and "I think that..."were scattered throughout it to a degree not normally found in talks by developers. This is because Fontana is a lawyer at Red Hat, and he was talking about ideas which, while they are not official Red Hat positions, were developed following discussions between him and other members of the legal team at Red Hat. Subscribers can click below for the full report of the talk by guest author Tom Yates.
[$] Principled free-software license enforcement

The year-2038 apocalypseis now just under 21 years away. For those who are curious about how the GNU C Library plans to deal with this problem, there is a draft design documentout for review. "In order to avoid duplicating APIs for 32-bit and 64-bit time, glibc will provide either one but not both for a given application; the application code will have to choose between 32-bit or 64-bit time support, and the same set of symbols (e.g. time_t or clock_gettime) will be provided in both cases."
A draft glibc year-2038 design document

The 2017 Linux Plumbers Conference is set for September 13 to 15 in Los Angeles, California. The core of this event is the microconferences, focused gatherings that address a specific range of problems. The call for microconferencesfor the 2017 event is now out. "Good microconferences result in solutions to these problems and concerns, while the best microconferences result in patches that implement those solutions."
Linux Plumbers Conference call for microconferences

A group of Google developers has announcedthe release of (an early version of) a new global filesystem called "Upspin". "Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an 'app' or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network."
The "Upspin"global filesystem

[SECURITY] [DSA 3788-2] tomcat8 regression update
Bugtraq: [SECURITY] [DSA 3788-2] tomcat8 regression update

[security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
Bugtraq: [security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1
Bugtraq: APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

PDFMate PDF Converter Pro - Buffer Overflow Vulnerability
Bugtraq: PDFMate PDF Converter Pro - Buffer Overflow Vulnerability

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus