Kerberos
Vendor: MIT
Several double-free vulnerabilities were reported in the Kerberos 5 Key Distribution Center (KDC) software. A remote user may be able to execute arbitrary code and compromise the Kerberos domain.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2004/Aug/1011106.html

Samba CIFS
Vendor: Samba.org
A vulnerability was reported in Samba. A remote authenticated user can cause smbd to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Aug/1011097.html

Squid
Vendor: Squid-cache.org
A vulnerability was reported in Squid in the processing of NTLM authentication strings. A remote user can cause denial of service conditions.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011148.html

OpenSSH
Vendor: OpenSSH.org
A configuration vulnerability was reported in the default configuration of OpenSSH when used with anonymous public services such as anonymous CVS. A remote user can connect to arbitrary hosts via the target service.
Impact: Host/resource access via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011143.html

Opera
Vendor: Opera Software
A vulnerability was reported in the Opera browser in the processing of the 'embed' tag. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2004/Sep/1011142.html

Linux Kernel
Vendor: kernel.org
An integer overflow vulnerability was reported in the Linux kernel in kNFSd.
A remote user can cause the target system to crash.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2004/Sep/1011138.html

WinZip
Vendor: WinZip Computing, Inc.
Some vulnerabilities were reported in WinZip. A remote or local user may be able to execute arbitrary code.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2004/Sep/1011132.html

MICROSOFT PLAYS DOWN SP2 SECURITY GLITCHES Glitches between Windows XP Service Pack 2 (SP2) and critical applications continue to emerge, with McAfee admitting its flagship VirusScan product prior to version 7.1 requires a customised patch to be operational with Windows Security Center, part of SP2.
http://www.net-security.org/news.php?id=5936

NEW VIRUS MAKES SPYWARE SLEAZIER
A new worm, the W32/Rhot-GR, invades users' privacy in their home or workplace by taking control of their webcams and microphones to spy on them.
Like earlier worms, it also steals personal data.
http://www.net-security.org/news.php?id=5956

SSH BOUNCING - HOW TO GET THROUGH FIREWALLS EASILY Often you'll have firewalls or other network equipment that doesn't allow direct SSH access to machines behind it. Using a bit of trickery, you can get through without seemingly jumping through any hoops.
http://www.net-security.org/news.php?id=5962

"La sicurezza di Qmail"
Perché Qmail è considerato (e nei fatti è) uno dei server di email più sicuri? Un premio per chi riusciva a trovare un buco è risultato non assegnato. Il motivo sta nella sua architettura interna, che riduce notevolmente le possibilità di "bucare" il programma.
http://www.ziobudda.net/Admin/redir_news.php?id=18863

Pierre "Dark-Angel" Falda segnala la pubblicazione di un whitepaper sulle tecniche e tipologie di attacco al kernel di linux. Il doc spiega in dettaglio queste tecniche e la loro implementazione applicandole alla costruzione di rootkit ed al bypass di alcuni security tool. Il link è:
http://darkangel.antifork.org/publications/lkepd.html

Hidden Data in Electronic Documents
By Deborah Kernan
The paper will examine the problem of hidden data in electronic documents and the potential for the inadvertent release of sensitive information. The types of data that can be hidden and the steps to take in order to minimize or eliminate this data will also be discussed.
http://www.sans.org/rr/papers/index.php?id=1455

Linux NTFS 1.9.4 (NTFS Tools and Library) Linux NTFS provides Linux drivers and user space tools for the proprietary filesystem used by Windows NT, 2000, XP, and 2003. It also provides support for the Logical Disk Manager (LDM) that controls Windows' Dynamic Disks and is used to create software Mirrors, Stripes, RAID, etc.
http://freshmeat.net/releases/172004/

"Pluto Journal Settembre 2004"
Finalmente, dopo una lunga gestazione, ecco pubblicato l'ultimo numero dell'e-magazine del PLUTO.
http://www.ziobudda.net/Admin/redir_news.php?id=18884

Malware
Title: Malware Might Become a Problem for Macintosh
Source: E-Commerce Times
Date Written: September 7, 2004
Date Collected: September 7, 2004
According to Neel Mehta of Internet Security Systems' X-Force, virus writers will start to target Apple's Macintosh Operating System, better known as Mac OS, as it becomes more popular. March 20, 2004, researchers discovered a benign proof-of-concept Trojan called MP3Concept, targeting Apple computers.
The Trojan embeds an .mp3 music file in an application; when the user opens the application, the Trojan opens iTunes to play the music file. A more malicious virus was discovered May 12, called Microsoft Word 2004 OS X Web Install. When activated, a script tries to delete the root directory on Mac OS X; however, the user must be logged in as root for the malware to work.
Symantec's Nancy Mohler recommends that Mac users start practicing security before the threat grows, arguing that users must not take security for granted on any platform.
http://www.ecommercetimes.com/story/36347.html

Oh, So That's How C++ Variables and Constants Work!
Variables are the building blocks of C coding, and in this chapter by Jesse Liberty and David Horvath, you'll learn how to manipulate, define, and display variables in C++.
http://www.informit.com/articles/article.asp?p=330332&f1=nl;67;2004-09-07

Wireless Security
Tom M. Thomas explains the basics of setting up security for a wireless network. He warns technicians of the various ways in which a wireless network can be breached, and provides help in protecting against those attacks.
http://www.informit.com/articles/article.asp?p=177383&f1=nl;99;2004-09-07

Details Emerge on the First Windows Mobile Virus (Part 1 of 3) This three-part series by Cyrus Peikari, Seth Fogie, and Ratter/29A discusses the development of viruses for the Windows Mobile platform. Part 1 describes the first, WinCE4.Dust.
http://www.informit.com/articles/article.asp?p=337069&f1=nl;37;2004-09-07

"Xorg 6.8.0 released"
E' stata rilasciata oggi una delle più attese release di Xorg.
http://www.ziobudda.net/Admin/redir_news.php?id=18901

"RealPlayer 10 per Linux"
A chi puo' interessare ? :)
http://www.ziobudda.net/Admin/redir_news.php?id=18892

SERVICE PACK 2 RIMANDABILE AL 2005
Microsoft permette ai propri utenti di rinviare l'installazione del Service Pack 2 per Windows XP al prossimo anno, un arco di tempo che servira' a molti per tastare a fondo l'imponente aggiornamento di sicurezza
URL: http://punto-informatico.it/pi.asp?i=49509
Also - http://software.silicon.com/security/0,39024655,39123819,00.htm
Also - http://www.microsoft-watch.com/article2/0,1995,1643908,00.asp

COLLEZIONE DI FIX PER MAC OS X
Un nuovo aggiornamento per Mac OS X corregge una serie di falle di sicurezza contenuti in diversi componenti del sistema operativo, tra cui Kerberos, Apache e OpenSSH
URL: http://punto-informatico.it/pi.asp?i=49508

Windows SP2 Includes New Firewall
One big change that computer users will notice from Windows XP Service Pack
2 (known as SP2) involves a new firewall that is part of the service pack's advanced security technologies and enhancements. SP2 now is available for downloading from Microsoft's security Web site. Instructions are on the Web site.
http://www.technewsworld.com/story/36468.html

MANDRAKELINUX ADVISORIES: CDRECORD, ZLIB, IMLIB2 Three security advisories from MandrakeSoft.
http://nl.internet.com/ct.html?rtr=on&s=1,13w5,1,9gir,30y4,85jl,7pty

IPV6 ON FEDORA CORE 2 MINI-HOWTO
"These instructions are for Fedora Core 2 users, and describe how to set up
IPv6 automatically tunnelling (6to4) on an IPv4 network..."
http://nl.internet.com/ct.html?rtr=on&s=1,13w5,1,ejvz,a6fl,85jl,7pty

GENTOO LINUX ADVISORY: STAR
"star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker..."
http://nl.internet.com/ct.html?rtr=on&s=1,13w5,1,18ns,4zzc,85jl,7pty

FEDORA CORE ADVISORIES: KDEBASE, KDELIBS, LHA Three security advisories from the Fedora Project.
http://nl.internet.com/ct.html?rtr=on&s=1,13w5,1,910,hib3,85jl,7pty

Vulnerabilities & Exploits
Title: WinZip offers fix for security flaw
Source: C-Net News
Date Written: September 7, 2004
Date Collected: September 8, 2004
WinZip Computing has released a fix for a flaw in its popular file compression tool WinZip. The flaw, affecting versions 3.x, 6.x, 7.x, 8.x, and 9.x of the software, could allow an attacker to overflow a buffer and execute arbitrary code. Secunia rates the flaw as "highly critical."
However, WinZip has released the patch only for version 9, and recommends that users upgrade to version 9 to get the patch at no cost. New users can get a free evaluation version of the patch, but will have to pay for a $29 license after twenty-one days. WinZip says it has no reports of the flaw being exploited in the wild. Winamp has also released an updated version of its media player to address a flaw that made computers vulnerable to spyware.
http://news.com.com/WinZip+offers+fix+for+security+flaw/2100-1002_3-5348506.html

Vulnerabilities & Exploits
Title: McAfee to eradicate app assassin bug
Source: The Register
Date Written: September 8, 2004
Date Collected: September 8, 2004
McAfee is promising to release updated signatures for its antivirus software to address a false positive that labels the popular ISPWizard, an internet service provider (ISP) connection manager, as the BackDoor-AKZ Trojan. The error only affects users with the September 1, 2004, McAfee update and older versions of ISPWizard, and mistakenly deletes the program, making it impossible for users to connect to their service provider. ISPWizard is used by smaller ISPs, particularly in the United States. McAfee says users who have daily updates should have a fix already, while those with weekly updates will get the patch on Wednesday, September 8. ISPWizard developer Mark Griffiths has criticized McAfee for its "shoot first" approach to deleting files without warning users. McAfee says it tests all of its antivirus updates against two terabytes of "known good" code, but ISPWizard code was not previously included among know goods. McAfee also claims ISPWizard resembles known malwares, a claim Mr. Griffiths rejects, saying the antivirus software matches non-code portions of the program.
http://www.theregister.co.uk/2004/09/08/mcafee_ispwizard_snafu
Also - http://www.theregister.co.uk/2004/09/07/mcafee_false_alarm

LEGGE URBANI, LA SITUAZIONE
di Daniele Minotti - La contestata normativa e' in vigore con tutto il peso di un testo che punisce severamente comportamenti assai diffusi. Un riassunto ragionato della situazione
URL: http://punto-informatico.it/pi.asp?i=49538

URBANI, LEGGE BRUTTA. CON UN PERO'
di Giorgio Lunardi - Una lettura diversa della contestata normativa mette al sicuro gli utenti domestici che fanno uso personale del file sharing. Ma apre inquietanti punti interrogativi
URL: http://punto-informatico.it/pi.asp?i=49531

Metasploit Framework, Part 2 (Infocus article) Newly updated. This article provides insight into the Metasploit Framework, a very useful tool for the penetration tester. Part two of three.
http://www.securityfocus.com/infocus/1790

GCC 3.4.2
"Mark explains, 'there are no new features in this release, but there are a lot of improvements for various languages and architectures...'"
http://nl.internet.com/ct.html?rtr=on&s=1,13zt,1,i4bq,otu,85jl,7pty

Vulnerabilities & Exploits
Title: More big security holes in Linux
Source: InfoWorld
Date Written: September 9, 2004
Date Collected: September 9, 2004
Open-source developers have reported two security holes in Linux components that can allow attackers to gain control of a PC. By tricking a user into viewing a specially crafted image file, an attacker can exploit a bug in the Imlib library, used by graphics-viewing applications, to execute malicious code. The bug is caused by a boundary error in the decoding of runlength-encoded bitmap images, which can be exploited to cause a buffer overflow. Gentoo, MandrakeSoft SA, and other Linux vendors have begun distributing fixes for the bug, which affects Imlib 1.x and imlib2 1.x. Red Hat Incorporated also warned of three security holes in LHA, a compression and decompression utility for LHarc-format archives, which affect all versions through 1.14. The vulnerabilities could allow the execution of malicious code if a user were to extract or test a malicious archive or pass a specially crafted command line to the lha command. The third bug could allow an attacker to create a directory with shell meta characters in its name, leading to arbitrary command execution. Security firm Secunia announced that all three of the bugs could be avoided by staying away from untrusted archives, and patches are available.
http://www.infoworld.com/article/04/09/09/HNmorelinuxholes_1.html
Also - http://www.eweek.com/article2/0,1759,1644280,00.asp

INSTALLING GENTOO
"This article describes my experience installing Gentoo, some things I learned along the way, and describes the Gentoo features I found the most interesting..."
http://nl.internet.com/ct.html?rtr=on&s=1,142q,1,82ei,6c85,85jl,7pty

Malware
Title: New MyDoom Variants Could Forewarn Major Attack
Source: EWeek.com
Date Written: September 10, 2004
Date Collected: September 10, 2004
Antivirus researchers have discovered four new variants of the MyDoom worm--U, V, W, and X--within twenty-four hours, sparking concerns that a major virus attack may be imminent. Though none of the variants appears particularly innovative, the quick release of four variants in a row reminds researchers of July 2004, when four minor variants of Bagle were followed by a more effective version. Security experts are also looking out for major attacks as the third anniversary of the September 11, 2001, terrorist attacks nears. Some of the new variants contain the phrase "proof of concept" in their code and are missing some of the features of previous variants.
http://www.eweek.com/article2/0,1759,1644712,00.asp

Vulnerabilities & Exploits
Title: McAfee app raids Mac users' inboxes
Source: The Register
Date Written: September 9, 2004
Date Collected: September 10, 2004
Apple Computer has pulled McAfee Virex 7.5 from its .Mac online service after users reported widespread problems with the software. In some cases, the antivirus software deleted all of users' e-mails from their inboxes.
Users are advised to remove Virex 7.5 from their systems and to use Virex
7.2.1 instead. This announcement follows news that a McAfee antivirus update mistakenly targets ISPWizard, a connection software used by internet service providers (ISP), and deletes it from computers, preventing users from connecting to their ISPs.
http://www.theregister.co.uk/2004/09/09/apple_pulls_virex

Vulnerabilities & Exploits
Title: McAfee's Trojan horse error gets developer's goat
Source: C-Net News
Date Written: September 10, 2004
Date Collected: September 10, 2004
Mark Griffiths, developer of ISPWizard, says he has not ruled out the possibility of a lawsuit against McAfee antivirus after an update misidentified his software as the Backdoor-AKZ Trojan and deleted it from users' computers, cutting many off from their internet service providers (ISP). Mr. Griffiths estimates a 50% loss in revenue for the month due to the error, while one of his customers lost $3,000 after users switched to another ISP. Allan Bell, McAfee marketing director for the Asia-Pacific region, says his company checks virus signatures against a database of 30 million "known good" files to prevent such false positives, and encourages developers to submit code for the database. Mr. Griffiths criticized McAfee for how the company handled the problem and for taking too long to address the error.
http://news.com.com/McAfee's+Trojan+error+ires+developer/2100-7350_3-5361660.html

Port Scan Attack Detector 1.3.3
Port Scan Attack Detector (psad) is a collection of three lightweight system daemons written in Perl and C that are designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rulesets. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate.
http://freshmeat.net/releases/172464/

g00d reading! 'n' bye
Security News MainTainer:

The Jackal a.k.a. jAcKallO < jackal [at] capitanlug.it >

(AreaSessantuno Member) / (SpiPPolatori Collaborator) (HackerAlliance Member) / (Security News MainTainer) (Socio fondatore e Presidente del CapitanLUG.iT)