Author: JT Smith
bind, gnucash, dhcp, at vixie-cron, lam, pvm, radvd, selinux-targeted-
policy, tcsh, openoffice, gamin, cmd5checkpw, uim, UnAce, MediaWiki,
phpBB, phpWebSite, xli, xloadimage, firefox, squid, kdenetwork,
nvidia, curl, uw-imap, and cyrus-sasl. The distributors include
Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.
VULNERABILITIES IN WEB APPLICATIONS
By Raymond Ankobia
This is by no means an exhaustive list but an indication of some serious flaws
exploited by hackers. Hacking Exposed: Web Applications (ISBN 007222438X) as
a good source for the subject area.
Buffer Overflow Attack: Usually perpetrated in a form of
stack, heap or format string attack [3]. Without doubt, one of the oldest problems
exposed by poor programming; yet attacks continue to be perpetrated on large
scale, simply due to lack of rigorous security routines in web applications.
To get the system to run their own code, attackers construct an input string
sometimes with other malicious code that is long enough to overrun memory space
assigned to it [7]. By doing so, this spills over and overwrites the stack below,
overwriting what was initially in that address space. If the code contains malicious
payload, it may subvert the system and escalate any privileges it may have garnered.
SQL Injection Attack: Most e-commerce web sites use dynamic
content to attract and appeal to potential customers by displaying their wares
using dynamic SQL queries and front-end scripts. An attacker could inject special
characters and commands into a SQL database and modify the intended query. Chaining
additional commands with intent of causing unexpected behavior could alter the
meaning to a query. Not only could the attacker be able to read the entire database,
but also in some circumstances, alter prices of these commodities.
Cross Site Scripting Attack: (XSS Attacks) This attack is
executed by embedding malicious message in an HTML form [4] [3] and posting
it as a message to say a newsgroup or bulletin board. By viewing the message,
the user unintentionally gets the code interpreted and executed by the web browser
triggering its associated payload.
Input Validation Attack: Typically used by most active attackers
to check for client side validation of fields and if successful then try to
escalate privileges gained [3]. Poorly validated client-side (typically a web
browser) allows an attacker to tamper with parameters sent to the server. Server-side
may also compromised if trust is implicit and validation poorly executed from
the client-side.
Phishing Attack: This attack is mainly executed due to vulnerability
in some versions of web browsers. Attackers are able to create bogus websites
and masquerade as legitimate commercial ones. They normally operate by sending
spoofed emails to unsuspecting customers, advising them to visit their bank’s
website to reactivate or update their accounts. The embedded addresses in these
emails tend to have some hidden characters cleverly constructed to make the
page appear to be a legitimate one. On clicking the embedded website address,
the unsuspecting user is redirected to a fake website where the credentials
and details of bank accounts are taken and later used to empty the accounts.
[4] This anomaly is due to obfuscation techniques used by the URL to parse information. URL may be parsed in different ways using
decimal, hexadecimal and dWord format. A particular vulnerability in Internet explorer allowed an attacker to construct and hide
information by simply using the @ symbol in ways that makes it possible to redirect traffic to bogus sites.
Mobile code: Most common languages used for developing mobile
code include Java, ActiveX control and Shockwave. Traditionally the programme
gets downloaded from a web server onto the customer‚s machine. Environments
used for execution include Virtual Machines (in browsers) or downloadable plug-ins.
These programmes could be maliciously crafted to subvert the security and system
functionality by causing crashes and disruption of normal operating environment.
Insecure Configuration Management: The communicating parties
end points, especially their web servers, are poorly configured. Often ignored,
but the area most attacked by hackers as a way of bypassing security offered
by encryption and other security mechanisms [4]. Apache and IIS dominate commercial
deployment of web servers and some of the earlier releases are riddled with
bugs. Simply installing these applications with default settings is a bad practice.
Poorly programmed sample scripts are exploited by attackers who may easily take
control of the server resources.
Google Hacking: Google’s search engine traverses the Internet,
crawling websites, and taking snapshots of each web page it examines and caches
its results. Next time a query is received, the search is performed on these
cached pages, allowing for faster retrieval [4]. Hackers exploit these caches
for vulnerable sites. The mechanism used by Google is explained in great depth
in a white paper written by Foundstone (www.foundstone.com)
called SiteDigger,. Tools such as these are the Swiss army knives of hackers.
Using search engines, hackers find vulnerability scanning reports and intrusion
detection alerts and log files. These are then used to find suitable targets
to exploit.
Read full feature:
http://www.linuxsecurity.com/content/view/118427/49/
LinuxSecurity.com
Feature Extras:Getting
to Know Linux Security: File Permissions – Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.The
Tao of Network Security Monitoring: Beyond Intrusion Detection
– To be honest, this was one of the best books that I’ve read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.Encrypting
Shell Scripts – Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn’t have a “ps -ef” loop running in an attempt to capture
that sensitive info (though some applications mask passwords in “ps” output).
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline.
| Conectiva | ||
| Conectiva: mod_python Fix for mod_python vulnerability |
||
2nd, March, 2005
|
||
| Debian | ||
| Debian: New bsmtpd packages fix arbitrary command execution |
||
25th, February, 2005
|
||
| Fedora | ||
| Fedora Core 2 Update: gaim-1.1.4-0.FC2 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: gaim-1.1.4-0.FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: bind-9.2.5rc1-1 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: gnucash-1.8.11-0.fc3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: dhcp-3.0.1-40_FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: at-3.1.8-64_FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: vixie-cron-4.1-24_FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: lam-7.1.1-1_FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: pvm-3.4.5-2_FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: radvd-0.7.3-1_FC3 | ||
25th, February, 2005
|
||
| Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.83 | ||
28th, February, 2005
|
||
| Fedora Core 3 Update: firefox-1.0.1-1.3.1 | ||
28th, February, 2005
|
||
| Fedora Core 3 Update: tcsh-6.13-10.FC3.1 | ||
28th, February, 2005
|
||
| Fedora Core 3 Update: openoffice.org-1.1.3-6.5.0.fc3 | ||
28th, February, 2005
|
||
| Fedora Core 3 Update: gamin-0.0.25-1.FC3 | ||
2nd, March, 2005
|
||
| Gentoo | ||
| Gentoo: cmd5checkpw Local password leak vulnerability |
||
25th, February, 2005
|
||
| Gentoo: uim Privilege escalation vulnerability | ||
28th, February, 2005
|
||
| Gentoo: UnAce Buffer overflow and directory traversal vulnerabilities |
||
28th, February, 2005
|
||
| Gentoo: MediaWiki Multiple vulnerabilities | ||
28th, February, 2005
|
||
| Gentoo: phpBB Multiple vulnerabilities | ||
1st, March, 2005
|
||
| Gentoo: Gaim Multiple Denial of Service issues |
||
1st, March, 2005
|
||
| Gentoo: phpWebSite Arbitrary PHP execution and path disclosure |
||
1st, March, 2005
|
||
| Gentoo: xli, xloadimage Multiple vulnerabilities | ||
2nd, March, 2005
|
||
| Red Hat |
||
| RedHat: Critical: firefox security update | ||
1st, March, 2005
|
||
| RedHat: Moderate: squid security update | ||
3rd, March, 2005
|
||
| RedHat: Low: kdenetwork security update | ||
3rd, March, 2005
|
||
| SuSE | ||
| SuSE: kernel / nvidia bugfix update | ||
25th, February, 2005
|
||
| SuSE: curl buffer overflow in NTLM | ||
28th, February, 2005
|
||
| SuSE: uw-imap authentication bypass | ||
1st, March, 2005
|
||
| SuSE: cyrus-sasl remote code execution | ||
3rd, March, 2005
|
||
