Security
Brief items
A look at the Auditor Security Collection
The Auditor Security Collection team has just put out a new release. The Auditor Security Collection is a Knoppix-based live CD with a huge selection of security tools that can be used for security audits and penetration testing.The latest release includes two different ISO images -- one for systems with Intel B/G wireless cards, and one without.
We tried Auditor on a workstation and notebook computer. Auditor detected all of the hardware, even the wireless card in the notebook, flawlessly. Unlike Knoppix, Auditor does not automatically attempt to get an IP address by DHCP on boot -- the user must do this manually.
There are far too many applications included with Auditor to go into each one individually. The CD includes several classes of applications, found on the KDE menu in the "Auditor" menu. The menu classes include "Footprinting," "Scanning," "Analyzer," "Spoofing," "Bruteforce," "Forensics" and "Password cracker." Suffice it to say that Auditor includes a comprehensive list of tools for any user who needs to perform a security audit.
Of course, Auditor could be applied to less-than-honest endeavors as well. Using Auditor, we were able to quickly start up EtherApe to start monitoring network traffic on our LAN, use Dsniff to scan for passwords sent over the network, and run Nessus to scan for vulnerabilities. Given a laptop, wireless card and close proximity to a unprotected (or under-protected) wireless network, and a user could walk away with quite a few passwords and usernames just by casual browsing.
In addition to scanning and penetration testing, Auditor would come in handy for forensics on compromised computers with tools like Wipe, Sleuthkit, recover and testdisk. Auditor also includes a decent selection of normal productivity tools, which will come in handy for admins and security consultants to produce full reports on the same machine they use for scanning and penetration testing. Auditor includes several text editors, image capture tools, and even vnc2swf for users who need to make Flash movies of their tests.
The Remote-Exploit website also has links to Flash movies demonstrating various uses of the Auditor Security Collection, including cracking 128-bit WEP and decrypting SSL traffic using a Man in the Middle attack.
In short, Auditor is a one-stop shop for Linux users who want a full selection of security testing tools. We'd recommend that any system administrator take a look at Auditor, and consider adding it to their security tool chest. If nothing else, it should provide an eye-opener as to what kinds of easy-to-use tools are available to potential attackers.
New vulnerabilities
ClamAV: denial of service
| Package(s): | clamav | CVE #(s): | CAN-2005-2056 CAN-2005-2070 | ||||||||||||||||
| Created: | June 27, 2005 | Updated: | July 12, 2005 | ||||||||||||||||
| Description: | Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. A remote attacker could exploit this vulnerability to cause a Denial of Service by sending a specially crafted Quantum archive to the server. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
Heimdal: buffer overflow vulnerabilities
| Package(s): | heimdal | CVE #(s): | CAN-2005-2040 | ||||||||||||
| Created: | June 29, 2005 | Updated: | July 18, 2005 | ||||||||||||
| Description: | It has been reported that the "getterminaltype" function of Heimdal's (before 0.6.5) telnetd server is vulnerable to buffer overflows. An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel: Linux amd64 kernel vulnerabilities
| Package(s): | AMD kernel | CVE #(s): | CAN-2005-1762 CAN-2005-1765 | ||||
| Created: | June 27, 2005 | Updated: | June 29, 2005 | ||||
| Description: | A Denial of Service vulnerability has been discovered in the ptrace()
call on the amd64 platform. By calling ptrace() with specially crafted
("non-canonical") addresses, a local attacker could cause the kernel
to crash. This only affects the amd64 platform. (CAN-2005-1762)
ZouNanHai discovered that a local user could hang the kernel by invoking syscall() with specially crafted arguments. This only affects the amd64 platform when running in the 32 bit compatibility mode. (CAN-2005-1765) | ||||||
| Alerts: |
| ||||||
razor-agents: denial of service
| Package(s): | razor-agents | CVE #(s): | |||||||||
| Created: | June 23, 2005 | Updated: | July 6, 2005 | ||||||||
| Description: | The Vipuls Razor spam detection framework has multiple vulnerabilities. Processing of malformed messages can lead to a remote denial of service by causing the software to execute infinite loops. | ||||||||||
| Alerts: |
| ||||||||||
RealPlayer HelixPlayer arbitrary code execution
| Package(s): | RealPlayer HelixPlayer | CVE #(s): | CAN-2005-1766 CAN-2005-1277 | ||||||||||||||||||||
| Created: | June 27, 2005 | Updated: | July 6, 2005 | ||||||||||||||||||||
| Description: | RealNetworks, Inc. has addressed security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Page editor: Rebecca Sobol
Next page:
Kernel development>>