[ISN] Linux Advisory Watch - June 4th 2004

InfoSec News isn at c4i.org
Mon Jun 7 02:37:42 EDT 2004


+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  June 4th, 2004                           Volume 5, Number 23a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave at linuxsecurity.com     ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes point

This week, advisories were released for mailman, kde, MySQL, mc, Apache,
Heimdal, utempter, and LHA.  The distributors include Conectiva, FreeBSD:
core, Gentoo, Mandrake, Red Hat, and SuSE.

-----

>> Internet Productivity Suite:  Open Source Security <<

Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.


http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10

-----

Incident Response

One of the most overlooked aspects of information security is incident
response.  Often system administrators and management only take action
after a compromise or critical failure. Incident response includes much
more than sorting out problems after they occur.  It includes incident
preparation, detection mechanisms, containment, eradication, restoration,
and review.

In preparation for a security incident, it is important to establish a
security policy & plan of action and identify a security response team
that is available 24 hours.  Software to be used during an incident should
be installed, tested, and configured during the preparation phase.
During the adrenaline rush of an incident, it is impossible to learn new
software.

Administrators should also take appropriate steps to ensure event
detection.  This includes scanning and reviewing system log files,
installing host and network based intrusion detection systems, and
implementing a remote notification system to notify members of the
security response team via pager or mobile phone.

Upon detection of an incident, it is important to have containment
procedures.  Is the threat a network user?  It is important that the staff
has the knowledge and tools necessary to address the problem at the
firewall level.  If there is a system compromise, is tripwire configured
properly to report exactly what files were modified?  After containment,
the next step is eradication.  How can the problem be eliminated?  The
primary purpose of containment and eradication is limiting damage and
stopping the problem from further damage.

After an incident has commenced, the next step is system restoration.  It
is important to assess the actual damage that took place and restore the
system to its original condition. This may only include fixing a few
files, or restoring completely from a tape-backup.  Finally, after
restoration is important to review how well the incident was handled.

Until next time, cheers!
Benjamin D. Thomas
ben at linuxsecurity.com

----

Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out
successes.

http://www.linuxsecurity.com/feature_stories/feature_story-164.html

--------------------------------------------------------------------

Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.

http://www.linuxsecurity.com/feature_stories/feature_story-162.html

--------------------------------------------------------------------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 5/27/2004 - mailman
   Multiple vulnerabilities

   Fixes cross site scripting and remote password retrieval
   vulnerabilities, plus a denial of service.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4409.html

 5/27/2004 - kde
   Insufficient input sanitation

   The telnet, rlogin, ssh and mailto URI handlers in KDE do not
   check for '-' at the beginning of the hostname passed.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4410.html


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 5/27/2004 - core:sys Buffer cache invalidation vulnerability
   Insufficient input sanitation

   In some situations, a user with read access to a file may be able
   to prevent changes to that file from being committed to disk.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-4408.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 5/27/2004 - MySQL
   Symlink vulnerability

   Two MySQL utilities create temporary files with hardcoded paths,
   allowing an attacker to use a symlink to trick MySQL into
   overwriting important data.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4404.html

 5/27/2004 - mc
   Multiple vulnerabilities

   Multiple security issues have been discovered in Midnight
   Commander including several buffer overflows and string format
   vulnerabilities.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4405.html

 5/27/2004 - Apache
   1.3 Multiple vulnerabilities

   Several security vulnerabilites have been fixed in the latest
   release of Apache 1.3.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4406.html

 5/27/2004 - Heimdal
   Buffer overflow vulnerability

   A possible buffer overflow in the Kerberos 4 component of Heimdal
   has been discovered.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4407.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 5/27/2004 - mailman
   Password leak vulnerability

   Mailman versions >= 2.1 have an issue where 3rd parties can
   retrieve member passwords from the server.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4402.html

 5/27/2004 - kolab-server Plain text passwords
   Password leak vulnerability

   The affected versions store OpenLDAP passwords in plain text.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4403.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 5/27/2004 - utempter
   Symlink vulnerability

   An updated utempter package that fixes a potential symlink
   vulnerability is now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4399.html

 5/27/2004 - LHA
   Multiple vulnerabilities

   Ulf Harnhammar discovered two stack buffer overflows and two
   directory traversal flaws in LHA.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4400.html

 5/27/2004 - tcpdump,libpcap,arpwatch Denial of service vulnerability
   Multiple vulnerabilities

   Upon receiving specially crafted ISAKMP packets, TCPDUMP would
   crash.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4401.html


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

 5/27/2004 - kdelibs/kdelibs3 Insufficient input sanitation
   Multiple vulnerabilities

   The URI handler of the kdelibs3 and kdelibs class library contains
   a flaw which allows remote attackers to create arbitrary files as
   the user utilizing the kdelibs3/kdelibs package.
   http://www.linuxsecurity.com/advisories/suse_advisory-4398.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list