[ISN] Linux Advisory Watch - July 23rd 2004
InfoSec News
isn at c4i.org
Mon Jul 26 06:28:53 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| July 23, 2004 Volume 5, Number 29a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave at linuxsecurity.com ben at linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for MMDF, Mozilla, kernel, php4,
webmin, samba, ethereal, l2tpd, mailman, httpd, libxml2, wv, php, Unreal,
Opera, mod_ssl and freeswan. The distributors include SCO Group,
Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware and Suse.
-----
>> Need to Secure Multiple Domain or Host Names? <<
Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital
certificates. Click here to download our Free guide:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte07
-----
Creating New Accounts
You should make sure to provide user accounts with only the minimal
requirements for the task they need to do. If you provide your secretary,
or another general user, with an account, you might want them to only have
access to a word processor or drawing program, but be unable to delete
data that is not his or hers.
Several good rules of thumb when allowing other people legitimate access
to your Linux machine:
- Limit access privileges given to new users.
- Be aware when/where they login from, or should be logging in from.
- Make sure to remove inactive accounts
- The use of the same user-ID on all computers and networks is
advisable to ease account maintenance, as well as permit easier
analysis of log data (but I'm sure someone will dispute this).
However, it's practically essential if using NFS. There are several
other protocols that use UIDs for local and remote access as well.
- The creation of group user-IDs should be absolutely prohibited.
User accounts also provide accountability, and this is not possible
with group accounts.
- Be sure shadow passwords are enabled. Shadow passwords is a method
for storing the actual user's password in a root-owned file that is
not readable by normal users, unlike the regular password file.
This protects the passwords from being read and cracked using
dictionary attacks. Most (if not all) current distributions already
use shadow passwords.
- Regularly audit user accounts for invalid or unused accounts,
expired accounts, etc.
- Check for repeated login failures. The files in /var/log are
invaluable resource to track potential security problems.
- Be sure to enable quotas on machines with many users, to prevent
denial of service attacks involving filling disk partitions, or
appending exploits to group-writable files.
- Disable group accounts, and unused system accounts, such as sys
or uucp. These accounts should be locked, and given non-functional
shells.
- Many local user accounts that are used in security compromises are
ones that have not been used in months or years. Since no one is
using them they provide the ideal attack vehicle.
Security Tip Written by Dave Wreski (dave at guardiandigital.com)
Additional tips are available at the following URL:
http://www.linuxsecurity.com/tips/
-----
Security Expert Dave Wreski Discusses Open Source Security
LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.
http://www.linuxsecurity.com/feature_stories/feature_story-170.html
---------------------------------------------------------------------
Catching up with Wietse Venema, creator of Postfix and TCP Wrapper
Duane Dunston speaks at length with Wietse Venema on his current research
projects at the Thomas J. Watson Research Center, including his forensics
efforts with The Coroner's Toolkit. Wietse Venema is best known for the
software TCP Wrapper, which is still widely used today and is included
with almost all unix systems. Wietse is also the author of the Postfix
mail system and the co-author of the very cool suite of utilities called
The Coroner's Toolkit or "TCT".
http://www.linuxsecurity.com/feature_stories/feature_story-169.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: SCO Group | ----------------------------//
+---------------------------------+
7/22/2004 - MMDF
Multiple vulnerabilities
This patch addresses many buffer overflows and cuts down sharply
on unnecessary privilege.
http://www.linuxsecurity.com/advisories/caldera_advisory-4584.html
7/22/2004 - Mozilla
Multiple vulnerabilities
This patch resolves a large number of Mozilla vulnerabilities.
http://www.linuxsecurity.com/advisories/caldera_advisory-4588.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
7/16/2004 - kernel
Multiple vulnerabilities
This patch addresses a large number of kernel vulnerabilities at
once.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4564.html
7/16/2004 - php4
Multiple vulnerabilities
This patch resolves two vulnerabilities, each of which can cause
the execution of arbitrary code.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4565.html
7/17/2004 - webmin
ACL bypass vulnerability
A vulnerability in webmin that would allow unauthenticated users
to obtain read access to a module's configuration.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4566.html
7/22/2004 - samba
Buffer overflow vulnerabilities
This patch addresses several buffer overruns within samba.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4583.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
7/22/2004 - ethereal
Denial of service vulnerabilities
Several denial of service vulnerabilities were discovered in
ethereal, one of which could be exploited by a remote attacker to
crash ethereal with an invalid SNMP packet.
http://www.linuxsecurity.com/advisories/debian_advisory-4579.html
7/22/2004 - netkit-telnet-ssl Format string vulnerability
Denial of service vulnerabilities
Vulnerability in netkit-telnet-ssl could potentially allow a
remote attacker to cause the execution of arbitrary code with the
privileges of the telnet daemon.
http://www.linuxsecurity.com/advisories/debian_advisory-4580.html
7/22/2004 - l2tpd
Buffer overflow vulnerability
By exploting this, a remote attacker could potentially cause
arbitrary code to be executed by transmitting a specially crafted
packet.
http://www.linuxsecurity.com/advisories/debian_advisory-4581.html
7/22/2004 - php4
Multiple vulnerabilties
Patch fixes both a vulnerability to XSS (Cross Site Scripting) and
execution of arbitrary local code.
http://www.linuxsecurity.com/advisories/debian_advisory-4582.html
7/22/2004 - mailman
Password leak vulnerability
A flaw in Mailman 2.1.* allows a remote attacker to retrieve the
mailman password of any subscriber by sending a carefully crafted
email request to the mailman server.
http://www.linuxsecurity.com/advisories/debian_advisory-4587.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
7/16/2004 - ethereal
Denial of service vulnerabilities
Patches resolve three different ways to crash ethereal.
http://www.linuxsecurity.com/advisories/fedora_advisory-4563.html
7/22/2004 - httpd
Multiple vulnerabilities
This patch fixes a remotely triggerable memory leak and a buffer
overflow vulnerability.
http://www.linuxsecurity.com/advisories/fedora_advisory-4585.html
7/22/2004 - libxml2
Buffer overflow vulnerability
Updated libxml2 packages that fix an overflow when parsing remote
resources are now available.
http://www.linuxsecurity.com/advisories/fedora_advisory-4586.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
7/16/2004 - wv
Buffer overflow vulnerability
A buffer overflow vulnerability exists in the wv library that can
allow an attacker to execute arbitrary code with the user's
privileges.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4560.html
7/16/2004 - kernel
Denial of service vulnerability
By sending a malformed TCP packet, an attacker can hang a machine
running IPTables.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4561.html
7/16/2004 - php
Multiple vulnerabilities
Multiple security vulnerabilities, potentially allowing remote
code execution, were found and fixed in PHP.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4562.html
7/22/2004 - Unreal
Tournament Buffer overflow vulnerability
Game servers based on the Unreal engine are vulnerable to remote
code execution through malformed 'secure' queries.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4574.html
7/22/2004 - Opera
Multiple spoofing vulnerabilities
Opera contains three vulnerabilities, allowing an attacker to
impersonate legitimate websites with URI obfuscation or to spoof
websites with frame injection.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4575.html
7/22/2004 - kernel
Multiple vulnerabilities
This patch addresses multiple DoS and permission vulnerabilities
http://www.linuxsecurity.com/advisories/gentoo_advisory-4576.html
7/22/2004 - l2tpd
Buffer overflow vulnerability
A buffer overflow in l2tpd could lead to remote code execution. It
is not known whether this bug is exploitable.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4577.html
7/22/2004 - mod_ssl
Format string vulnerability
A bug in mod_ssl may allow a remote attacker to execute arbitrary
code when Apache is configured to use mod_ssl and mod_proxy.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4578.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
7/16/2004 - php
Multple vulnerabilities
This patch resolves an improper memory_limit trigger as well as a
possible XSS issue.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4557.html
7/16/2004 - ipsec-tools Multiple vulnerabilities
Multple vulnerabilities
This patch fixes both a Denial of Service attack and an ACL
escape.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4558.html
7/16/2004 - freeswan
Multiple vulnerabilities
This patch resolves a DN impersonation attack as well as a denial
of service.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4559.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
7/22/2004 - php
Multiple vulnerabilities
Patch resolves memory_limit bug with allows execution of arbitrary
code and strip_tags bug which allows XSS (Cross Site Scripting).
http://www.linuxsecurity.com/advisories/redhat_advisory-4572.html
7/22/2004 - samba
Buffer overflow vulnerabilities
Updated samba packages that fix buffer overflows, as well as other
various bugs, are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4573.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
7/22/2004 - php
Multiple vulnerabilities
This patch resolves two bug that could potentially allow XSS
(Cross-Site Scripting) and the execution of arbitrary code.
http://www.linuxsecurity.com/advisories/slackware_advisory-4571.html
+---------------------------------+
| Distribution: Suse | ----------------------------//
+---------------------------------+
7/16/2004 - php4/mod_php4 Multiple vulnerabilities
Multiple vulnerabilities
Fixes two vulnerabilities, one that leads to direct code
execution, and the other a possible XSS.
http://www.linuxsecurity.com/advisories/suse_advisory-4556.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list