Issues on Linux and Security
button Home

Welcome to LinuxSecure

I found some scripts on my workstation that have not been published and may be interesting for some people. Actually, I will not prepare them for publishing, but you can contact me, if you are interested in one or more of them.

  • A tool for the backup of network components. The script runs as a daemon and can be configured via config files. It reads in the config files containing the passwords of the components once, so you can store them in a crypt storage. There exist severeal templates for ssh, scp, telnet. The intention is to make automated backups from router, switches, firewalls etc.
  • Postfixanalyser was written for the trendmicro mail virusscanner. You can search for mails and you will get a status for the found mails: when did the system receive it, when was it working with the mail the last time, whats the status of the mail, where there any problem while delivering the mail. The second feature was a simple statistic: bytes and number of mails received and send, mails by status (received from extern, queued, sent to trend, received from trend, queued, delivered) and mails by problem (deferred and not sent to scanner (scanner rejected), deferred and not sent to scanner (scanner down), sent to trend, but deferred before, dereffed and not sent to extern (mta rejected), deferred and not sent to extern (mta down), sent to extern, but deferred befor).
  • A logscanner and a scanner for the checkpoint objects file.
  • A tool, that parses the registry of the genugate firewall and produces a more human readable output in html.
  • A ftp-script for the honeynet.
  • Various backupscripts in Perl and Bash.
  • Various iptables scrips.
  • A script called minilinux to create a small linux out of a huge running system.
  • Pigsparty was a small projetct that was never finished. The idea was to convert snort rule sets into iptables rule sets.
  • A snort admin interface in php.
  • A perlmodule and some programs (e.g. mfl) for the preparation and analysis of longitudinal data with a focus of same domains.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Thierry Reding looks at Tegra supportin Linux 4.7. "The XUSB driver has been under development for a ridiculously long time. One of the reasons is that it relies on the XUSB pad controller to configure its pins as required by the board design. The XUSB pad controller is very likely one of the least-intuitive pieces of hardware I've ever encountered, and the attempts to come up with a device tree binding to describe it have been very numerous. We did finally settle on something earlier this year and after the existing code was updated for the new binding, we're finally able to support super-speed USB on Tegra124 and later."(Thanks to Martin Michlmayr)
Reding: What's new for Tegra in Linux v4.7

The developers of "Project Triforce,"an effort to run the "american fuzzy lop"fuzz-testing tool in a system-wide manner, have posted a detailed descriptionof what they are up to. "AFL is an awesome tool. The power of an easy to use, feedback-driven fuzzer has produced an absolutely staggering number of bugs. Still, at first AFL required being able to build the executable, something sadly not available on a lot of targets. With the addition of AFL's qemu_mode, it became possible to fuzz binaries without source, exposing a whole new world of targets to AFL. I'd been on a number of Linux container engagements recently where we'd managed to escape through kernel exploits. I fell asleep one night to several AFL screens running, and I awoke suddenly with a crazy idea: 'Run AFL on the Linux Kernel.'"
Project Triforce: Run AFL on Everything!

The Mozilla blog has announcedthe first recipients of its Mozilla Open Source Support (MOSS) ?Mission Partners? awards. "For many years people with visual impairments and the legally blind have paid a steep price to access the Web on Windows-based computers. The market-leading software for screen readers costs well over $1,000. The high price is a considerable obstacle to keeping the Web open and accessible to all. The NVDA Projecthas developed an open source screen reader that is free to download and to use, and which works well with Firefox. NVDA aligns with one of the Mozilla Manifesto?sprinciples: ?The Internet is a global public resource that must remain open and accessible.?"The NVDA project received $15,000. Other award recipients include Tor, Tails, Caddy, Mio, DNSSEC/DANE Chain Stapling, Godot Engine, and PeARS. (Thanks to Paul Wise)
Open Source Projects as part of MOSS ?Mission Partners? Program

Arch Linuxhas updated chromium(multiple vulnerabilities), libdwarf(multiple vulnerabilities), libpurple(multiple vulnerabilities), phpmyadmin(multiple vulnerabilities), vlc(code execution), and xerces-c(code execution). Debianhas updated libpdfbox-java(XML External Entity (XXE) attacks). Debian-LTShas updated gimp(use-after-free), java-common(OpenJDK 6 no longer supported), libcommons-fileupload-java(denial of service), mysql-connector-java(information disclosure), nss(denial of service), and tomcat7(denial of service). Fedorahas updated drupal7(F24: privilege escalation), mirrormanager(F24; F23; F22: unspecified), optipng(F23: code execution), python(F23: man-in-the-middle attack), and qemu(F24: multiple vulnerabilities). Gentoohas updated claws-mail(multiple vulnerabilities), freexl(multiple vulnerabilities), hostapd(multiple vulnerabilities), imagemagick(multiple vulnerabilities), libssh(multiple vulnerabilities), plib(code execution from 2011), and sudo(privilege escalation). openSUSEhas updated libarchive(13.2: denial of service), libav(Leap42.1: two vulnerabilities), libtasn1(Leap42.1: denial of service), libtorrent-rasterbar(13.1: denial of service), mariadb(Leap42.1: multiple vulnerabilities), p7zip(Leap42.1: code execution), php5(Leap42.1: multiple vulnerabilities), and rsync(Leap42.1: unsafe destination path). Oraclehas updated kernel 2.6.32(OL6; OL5: privilege escalation). Red Hathas updated kernel-rt(RHEMRG2.5: multiple vulnerabilities). Scientific Linuxhas updated kernel(SL7: two vulnerabilities). Slackwarehas updated php(multiple vulnerabilities).
Security updates for Monday

The 4.7-rc5kernel prepatch is out. "I think things are calming down, although with almost two thirds of the commits coming in since Friday morning, it doesn't feel that way - my Fridays end up feeling very busy. But looking at the numbers, we're pretty much where we normally are at this time of the rc series."
Kernel prepatch 4.7-rc5

The just-released 4.6.3, 4.4.14, and 3.14.73 stable kernels contain a set of netfilter fixes that, it has just been disclosed, fix a couple of severe local privilege-escalation vulnerabilities. Anybody who is running a site with user and network namespaces enabled will want to update their kernels in short order. The fixes were originally committed into 4.6-rc2 in April with no comment regarding their implications.
A couple of unpleasant local kernel vulnerabilities

Greg Kroah-Hartman has released stable kernel updates 4.6.3, 4.4.14, and 3.14.73. Each contains important fixes throughout the tree.
Three new stable kernels

CentOShas updated kernel(C7: multiple vulnerabilities), libxml2(C6; C7: multiple vulnerabilities), ocaml(C7: information leak), setroubleshoot(C7: multiple vulnerabilities), and setroubleshoot-plugins(C7: multiple vulnerabilities). Fedorahas updated python(F24: startTLS stripping), setroubleshoot(F24: code execution), and setroubleshoot-plugins(F24: code execution). Oraclehas updated kernel(O7: multiple vulnerabilities), libxml2(O6; O7: multiple vulnerabilities), ocaml(O7: information leak), and setroubleshoot and setroubleshoot-plugins(O7: multiple vulnerabilities). Red Hathas updated kernel(RHEL7: multiple vulnerabilities), kernel-rt(RHEL7: multiple vulnerabilities), and ocaml(RHEL7: information leak). Scientific Linuxhas updated libxml2(SL 6,7: multiple vulnerabilities) and setroubleshoot and setroubleshoot-plugins(SL7; SL6: multiple vulnerabilities). SUSEhas updated kernel(SLE11: multiple vulnerabilities).
Friday's security updates

It seems that the Comodo TLS certificate authority (CA) has filed for three trademarks using variations of "Let's Encrypt". As might be guessed, the Let's Encrypt project is less than pleasedby Comodo trying to coopt its name. "Since March of 2016 we have repeatedly asked Comodo to abandon their ?Let?s Encrypt? applications, directly and through our attorneys, but they have refused to do so. We are clearly the first and senior user of ?Let?s Encrypt? in relation to Internet security, including SSL/TLS certificates ? both in terms of length of use and in terms of the widespreadpublic association of that brand with our organization. If necessary, we will vigorously defend the Let?s Encrypt brand we?ve worked so hard to build. That said, our organization has limited resources and a protracted dispute with Comodo regarding its improper registration of our trademarks would significantly and unnecessarily distract both organizations from the core mission they should share: creating a more secure and privacy-respecting Web. We urge Comodo to do the right thing and abandon its ?Let?s Encrypt? trademark applications so we can focus all of our energy on improving the Web."[Thanks to Paul Wise.]
Defending Our Brand (Let's Encrypt)

Version 4.7 of the Xen hypervisor has been released. "With dozens of major improvements, many more bug fixes and small improvements, and significant improvements to Drivers and Devices, Xen Project 4.7 reflects a thriving community around the Xen Project Hypervisor."Some of the new features include live patching, better dom0 robustness, better migration support between non-identical hosts, scheduler improvements, and more. See the release notesfor more information.
Xen 4.7 released

Debian-LTShas updated squidguard(cross-site scripting). Fedorahas updated php-symfony-security-acl(F24: unspecified). Also, Fedora has sent out a reminderthat Fedora 22 will reach its end of life on July 19. Mageiahas updated chromium-browser-stable(multiple vulnerabilities), kernel-linus(multiple vulnerabilities, one from 2013), kernel-tmb(multiple vulnerabilities, one from 2013), libimobiledevice(socket listening on all network interfaces), and python(three vulnerabilities). openSUSEhas updated libarchive(42.1: code execution), mariadb(13.2: many unspecified vulnerabilities), and obs-service-source_validator(42.1; 13.2: code execution). Red Hathas updated libxml2(RHEL6&7: multiple vulnerabilities) and setroubleshoot and setroubleshoot-plugins(RHEL7: three vulnerabilities).
Thursday's security advisories

The Weekly Edition for June 23, 2016 is available.
[$] Weekly Edition for June 23, 2016

Back in 2009, Sony removed the "install other OS"optionfrom its PS3 game consoles, removing the ability to install Linux on those machines. It then went after developers who figured out how to jailbreak the device. Ars technica reportsthat Sony has now settled a class-action lawsuit over those actions. "Under the terms of the accord, which has not been approved by a California federal judge yet, gamers are eligible to receive $55 if they used Linux on the console. The proposed settlement, which will be vetted by a judge next month, also provides $9 to each console owner that bought a PS3 based on Sony's claims about 'Other OS' functionality."The lawyers, instead, get over $2 million.
Sony agrees to pay millions to gamers to settle PS3 Linux debacle (ars technica)

CentOShas updated setroubleshoot(C6: multiple vulnerabilities) and setroubleshoot-plugins(C6: multiple vulnerabilities). Debian-LTShas updated icedove(multiple vulnerabilities) and python2.7(three vulnerabilities). Fedorahas updated expat(F24: multiple vulnerabilities), php-zendframework-zendxml(F23; F22: insecure ciphertexts), php-ZendFramework2(F23; F22: insecure ciphertexts), and xen(F22: two vulnerabilities). openSUSEhas updated Chromium(13.1: multiple vulnerabilities), ImageMagick(Leap42.1: command execution), and vlc(Leap42.1; 13.2: multiple vulnerabilities). Oraclehas updated openssl(OL5: multiple vulnerabilities) and setroubleshoot and setroubleshoot-plugins(OL6: multiple vulnerabilities). Red Hathas updated python-django-horizon(RHOSP8.0; RHELOSP7 for RHEL7; RHELOSP6 for RHEL7; RHELOSP5 for RHEL7; RHELOSP5 for RHEL6: cross-site scripting) and setroubleshoot and setroubleshoot-plugins(RHEL6: multiple vulnerabilities).
Security advisories for Wednesday

Version 1.3 of the Elixirprogramming language has been released. "Elixir v1.3 brings many improvements to the language, the compiler and its tooling, specially Mix (Elixir?s build tool) and ExUnit (Elixir?s test framework). The most notable additions are the new Calendar types, the new cross-reference checker in Mix, and the assertion diffing in ExUnit."
Elixir v1.3 released

GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities

Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Bugtraq: BigTree CMS

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection
Bugtraq: [fd] CVE ID request: Untangle NGFW

MyLittleForum v2.3.5 PHP Command Injection
Bugtraq: MyLittleForum v2.3.5 PHP Command Injection

[slackware-security] php (SSA:2016-176-01)
Bugtraq: [slackware-security] php (SSA:2016-176-01)

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus