December 18, 2018

NetBSD 5.1 Released: Highly Portable Unix-like Open Source operating system

The NetBSD development team has released NetBSD 5.1. According to NetBSD blog, NetBSD 5.1 is the first feature update of the NetBSD 5.0 release branch. It includes security and bug fixes, as well as improved hardware support and new features for this open source highly portable Unix-like operarting system.

Highlights of this version:

  • RAIDframe parity maps, which greatly improve parity rewrite times after unclean shutdown
  • X.Org updates
  • Support for many more network devices
  • Xen PAE dom0 support
  • Xen PCI pass-through support

More details are valaible at http://www.NetBSD.org/releases/formal-5/NetBSD-5.1.html.

NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. NetBSD is developed and supported by a large and vivid international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

NetBSD 5.1 is available to download here.

Source:[netbsd.org]

Red Hat: Vulnerability in OpenSSL

Red Hat released update packages for openssl that fix one security issue for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having important security impact.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

[ad code=6 align=left]

With reference to Red Hat support forum, A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenSSL applications. Under certain specific conditions, it may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or possibly execute arbitrary code with the permissions of the application. (CVE-2010-3864)

Note, this issue does not affect the Apache HTTP Server. Refer to Red Hat Bugzilla bug 649304 for more technical details on how to determine if your application is affected.

This update is recommended to all OpenSSL users. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

Mr. Rob Hulswit has reported this bug to Red Hat.

Update For ProFTPD FTP server

ProFTPD team released ProFRPD version 1.3.3c.The ProFTPD server is a configurable GPL-licensed FTP server software for Linux and Unix based operating systems. With reference to ProFTPD release note, the following bugs have been addressed in this version:

- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
  commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
  functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.

This popular and secure FTP server has been used by many high traffic websites such as SourceForge, Linksys, Slackware, ibiblio.org and many more.

Live Hacking V1.2 Released

Dr. Ali Jahangiri, the respected security expert and author, is pleased to announce an update to the Live Hacking CD, a Linux distribution designed for ethical computer hacking. The updated Live CD contains the tools and utilities you need to test and hack your own network in the same way a malicious hacker would. New in this version is the metasploit penetration testing framework and a range of IPv6 foot-printing tools.

The metasploit framework, one of the new tools included with this release, can be used to test your network using the frameworks internal database of known weaknesses and exploits.

As the number of available IPv4 addresses decreases more and more organizations are deploying IPv6. Also included in this new release of the Live Hacking CD is the THC-IPV6 tool, a set of tools to attack the inherent protocol weaknesses of IPv6 and ICMP6.

‘The Live Hacking CD has been an outstanding success’ said Dr. Ali Jahangiri. ‘Now with this new updated version we are putting more tools into the hands of IT professionals so they can defend against the malicious activities of cyber criminals.’

Download Live Hacking V1.2 Here.

First Android Rootkit at Defcon 18

Nicholas J. Percoco revealed the first rootkit for Andirod at DefCon 18, hacking conference.

Android is a software stack for mobile devices that includes an operating system, middleware and key applications and uses a modified version of the Linux kernel.

Android platform ranks as the fourth most popular smart-phone device platform in the United States as of February 2010. More than 60,000 cell phones with Android operating system are shipping every day.

Percoco developed a kernel-level Android rootkit in the form of a loadable kernel module. As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a ‘trigger number’. This ultimately results in full root access on the Android device.

An attacker can proceed to read all SMS messages on the device/incur the owner with long-distance costs, even potentially pin-point the mobile device’s exact GPS location. Such a rootkit could be delivered over-the-air or installed alongside a rogue app with reference to Defcon website.