Welcome to LinuxSecure
I found some scripts on my workstation that have not been
published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can
contact me, if you are interested in one or more of them.
- A tool for the backup of network components. The script runs as a daemon and can be configured via config files.
It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage.
There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
- Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a
status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the
mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send,
mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem
(deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before,
dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
- A logscanner and a scanner for the checkpoint objects file.
- A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
- A ftp-script for the honeynet.
- Various backupscripts in Perl and Bash.
- Various iptables scrips.
- A script called minilinux to create a small linux out of a huge running system.
- Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
- A snort admin interface in php.
- A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.
back to top
| Whats New|
|[2005-02-18] mp3riot version 1.3 released|
|[2004-10-08] mp3riot version 1.2 is out.|
|[2004-04-30] Added section Bridging|
|[2004-01-09] working progress on mp3riot version 1.2|
|Thanks to Josh Triplett for sending us this Google Project Zero reportabout a dump of unitialized memory caused by Cloudflare's
reverse proxies. "A while later, we figured out how to reproduce the
problem. It looked like that if an html page hosted behind cloudflare had a
specific combination of unbalanced tags, the proxy would intersperse pages
of uninitialized memory into the output (kinda like heartbleed, but
cloudflare specific and worse for reasons I'll explain later). My working
theory was that this was related to their "ScrapeShield"feature which
parses and obfuscates html - but because reverse proxies are shared between
customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
|Cloudflare Reverse Proxies are Dumping Uninitialized Memory|
|Security updates have been issued by Debian(libreoffice and phpmyadmin), Fedora(kopete and xrdp), Oracle(kernel and qemu-kvm), Red Hat(kernel and qemu-kvm), Scientific Linux(kernel and qemu-kvm), and Ubuntu(LibreOffice and php7.0).
|Security updates for Friday|
|Over at the Red Hat Developers blog, Martin Sebor looks atsome new (or enhanced) warnings available in GCC 7 that will help catch various types of memory errors. For example: "The -Wformat-overflow=leveloption detects certain and likely buffer overflow in calls to the sprintffamily of formatted output functions. The option starts by determining the size of the destination buffer, which can be allocated either statically or dynamically. It then iterates over directives in the format string, calculating the number of bytes each result in output. For integer directives like %iand %xit tries to determine either the exact value of the argument or its range of values and uses the result to calculate the exact or minimum and maximum number of bytes the directive can produce. Similarly for floating point directives such as %aand %f, and string directives such as %s. When it determines that the likely number of bytes a directive results in will not fit in the space remaining in the destination buffer it issues a warning."|
|Memory Error Detection Using GCC (Red Hat Developers blog)|
|Andrey Konovalov has announcedthe discovery and fix of a local privilege escalation in the Linux kernel. Using the syzkallerfuzzer (which LWN looked ataround one year ago), he found a double-free in the Datagram Congestion Control Protocol (DCCP) implementation that goes back to at least September 2006 (2.6.18), but probably all the way back to the introduction of DCCP in October 2005 (2.6.14). "[At] this point we have a use-after-free on some_object. An attacker can
control what object that would be and overwrite it's content with
arbitrary data by using some of the kernel heap spraying techniques.
If the overwritten object has any triggerable function pointers, an
attacker gets to execute arbitrary code within the kernel.
I'll publish an exploit in a few days, giving people time to update."|
|Ancient local privilege escalation vulnerability in the kernel announced|
|Greg Kroah-Hartman has announced the release of the 4.9.12and 4.4.51stable kernels. As usual, there are
important fixes in the updates and users of those kernels should upgrade.
|Stable kernels 4.9.12 and 4.4.51|
|Security updates have been issued by Arch Linux(bzip2, kernel, and linux-zen), CentOS(kernel), Debian(bitlbee, kernel, and tomcat7), Fedora(diffoscope, mujs, pcre, plasma-desktop, and tomcat), Mageia(libpcap/tcpdump and spice), Oracle(kernel), Red Hat(kernel, kernel-rt, and python-oslo-middleware), SUSE(php5 and util-linux), Ubuntu(imagemagick), and openSUSE(gd, kernel, libXpm, and libquicktime).
|Security updates for Thursday|
|The final version of the LEDE router distribution's 17.01.0 release is now
available. "LEDE 17.01.0 "Reboot"incorporates thousands of commits over the last
nine months of effort. With this release, the LEDE development team
closes out an intense effort to modernize many parts of OpenWrt and
incorporate many new modules, packages, and technologies."LWN
recently reviewed a release-candidate
versionof LEDE 17.01.
|LEDE v17.01.0 final|
|The Google security blog carries
the newsof the first deliberately constructed SHA-1 hash collision.
"We started by creating a PDF prefix specifically crafted to allow us
to generate two documents with arbitrary distinct visual contents, but that
would hash to the same SHA-1 digest. In building this theoretical attack in
practice we had to overcome some new challenges. We then leveraged Google?s
technical expertise and cloud infrastructure to compute the collision which
is one of the largest computations ever completed."The SHA-1 era is truly coming to an end, even if most attackers lack access
to the computing resources needed for this particular exploit.
|Announcing the first SHA1 collision|
|The LWN.net Weekly Edition for February 23, 2017 is available.
|[$] LWN.net Weekly Edition for February 23, 2017|
|Tuukka Turunen presentsa roadmap for
Qt. "Qt 3D was first released with Qt 5.7 and in Qt 5.8 the focus was mostly on stability and performance. With Qt 5.9 we are providing many new features which significantly improve the functionality of Qt 3D. Notable new features include support for mesh morphing and keyframe animations, using Qt Quick items as a texture for 3D elements, as well as support for physically based rendering and particles. There are also multiple smaller features and improvements throughout the Qt 3D module."|
|Turunen: Qt Roadmap for 2017|
|CentOShas updated firefox(C7; C6; C5: multiple vulnerabilities).
Debianhas updated tomcat7(regression in previous update) and tomcat8(regression in previous update).
Gentoohas updated archive-tar-minitar(file overwrites) and ghostscript-gpl(multiple vulnerabilities).
openSUSEhas updated profanity(42.2, 42.1: user impersonation).
SUSEhas updated php7(SLE12: multiple vulnerabilities).
Ubuntuhas updated kernel(14.04:
three vulnerabilities), linux, linux-raspi2(16.10: three vulnerabilities), linux,
linux-snapdragon(16.04: multiple vulnerabilities), linux, linux-ti-omap4(12.04: three
three vulnerabilities), linux-lts-xenial(14.04: multiple vulnerabilities), and tcpdump(multiple vulnerabilities).
|Wednesday's security advisories|
|Issues of when and how to enforce free-software licenses, and who
should do it, have been on
some people's mindsrecently, and Richard Fontana from Red Hat decided
to continue the discussion at FOSDEM. This was a fairly lawyerly talk;
phrases like "alleged violation"and "I think that..."were scattered
throughout it to a degree not normally found in talks by developers.
This is because Fontana is a lawyer at Red Hat, and he was talking about
ideas which, while they are not official Red Hat positions, were developed
discussions between him and other members of the legal team at Red Hat.
Subscribers can click below for the full report of the talk by guest author Tom Yates.
|[$] Principled free-software license enforcement|
|The year-2038 apocalypseis now just under
21 years away. For those who are curious about how the GNU C Library
plans to deal with this problem, there is a
draft design documentout for review. "In order to avoid
duplicating APIs for 32-bit and 64-bit time, glibc will provide either one
but not both for a given application; the application code will have to
choose between 32-bit or 64-bit time support, and the same set of symbols
(e.g. time_t or clock_gettime) will be provided in both cases."|
|A draft glibc year-2038 design document|
|The 2017 Linux Plumbers Conference is set for September 13 to 15 in Los
Angeles, California. The core of this event is the microconferences,
focused gatherings that address a specific range of problems. The call
for microconferencesfor the 2017 event is now out. "Good
microconferences result in solutions to these problems and concerns, while
the best microconferences result in patches that implement those
|Linux Plumbers Conference call for microconferences|
|A group of Google developers has announcedthe release of (an early version of) a new global filesystem called
"Upspin". "Upspin looks a bit like a global file system, but its
real contribution is a set of interfaces, protocols, and components from
which an information management system can be built, with properties such
as security and access control suited to a modern, networked world. Upspin
is not an 'app' or a web service, but rather a suite of software
components, intended to run in the network and on devices connected to it,
that together provide a secure, modern information storage and sharing
|The "Upspin"global filesystem|