[ISN] Linux Advisory Watch - December 16th 2005

InfoSec News isn at c4i.org
Sun Dec 18 15:40:40 EST 2005


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  December 16th, 2005                          Volume 6, Number 51a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for courier, osh, curl, ethereal,
phpMyAdmin, Openswan, Xmail, Ethereal, perl, openvpn, thunderbird,
xmovie, mplayer, and ffmpeg.  The distributors include Debian,
Gentoo, Mandriva.

----

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec

----

SELinux Policy Development: Modifying Policy

Once you have your list of all your allow statements, examine them
carefully and try to understand what you are allowing before adding
them to policy. One weakness of audit2allow is that it is unaware of
macros contained in the policy, so grep through your policy sources
for allow statements close to the ones you'd like to add and try to
find appropriate macros to use instead. If you're planning on doing
a lot of policy customization it's a good idea to familiarize yourself
with the existing policy sources so you're aware what macros are
available.

The $policy/policy/support/obj_perm_sets.spt is one good place to
start, it contains macros that expand out to useful permissions
groupings. For example, rather than allowing a domain the ioctl,
read, getattr, lock, write, and append permissions to a given type,
you can simply assign it the rw_file_perms macro instead. This helps
keep policy readable later on.

Once you have generated your needed allow statements, add them to
the $policy/policy/modules/admin/local.te file and recompile the
policy. If your application still won't work in enforcing mode,
just repeat the process until you can run it with no SELinux audit
errors.

Always keep your policy changes in the:
$policy/policy/modules/admin/local.* files. T

hese files are included in the package empty and intended for
local policy customization. If you change a file that belongs to
a service and contains rules already your changes will be lost
when the policy is upgraded, so keep local changes in the local.te
and local.fc files where they belong.

If you find a problem in existing policy, add your changes to
local.* but provide a patch to the policy maintainers so they can
include it in a later build. Most SELinux policies are being
constantly developed and revised since the technology is still
fairly new, and your upstream maintainers will thank you for your
help.

Policy development can be difficult at the beginning, but I think
you'll find that as you make progress you'll be learning not only
about SELinux but about the details of what your applications are
really doing under the hood. You'll not only be making your system
more secure, you'll be learning about the low level details of
your system and its services. SELinux development has already
resulted in upstream patches to many applications that had hidden
bugs that were only found because SELinux alerted policy developers
to the kernel level actions the applications were attempting.

I hope you enjoyed reading this SELinux series as much as I
enjoyed writing it. Until next time, stay secure and keep your
policy locked down tight.

Read Entire Aricle:
http://www.linuxsecurity.com/content/view/120837/49/

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New courier packages fix unauthorised access
  8th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120959


* Debian: New osh packages fix privilege escalation
  9th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120969


* Debian: New curl packages fix potential security problem
  12th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120980


* Debian: New ethereal packages fix arbitrary code execution
  13th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120987


* Debian: New Linux 2.4.27 packages fix several vulnerabilities
  14th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121004


* Debian: New Linux 2.6.8 packages fix several vulnerabilities
  14th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121005


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: phpMyAdmin Multiple vulnerabilities
  11th, December, 2005

Multiple flaws in phpMyAdmin may lead to several XSS issues and local
and remote file inclusion vulnerabilities.

http://www.linuxsecurity.com/content/view/120975


* Gentoo: Openswan, IPsec-Tools Vulnerabilities in ISAKMP
  12th, December, 2005

Openswan and IPsec-Tools suffer from an implementation flaw which may
allow a Denial of Service attack.

http://www.linuxsecurity.com/content/view/120981


* Gentoo: Xmail Privilege escalation through sendmail
  14th, December, 2005

The sendmail program in Xmail is vulnerable to a buffer overflow,
potentially resulting in local privilege escalation.

http://www.linuxsecurity.com/content/view/121002


* Gentoo: Ethereal Buffer overflow in OSPF protocol dissector
  14th, December, 2005

Ethereal is missing bounds checking in the OSPF protocol dissector
that could lead to abnormal program termination or the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/121003


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated curl package fixes format string vulnerability
  8th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120966


* Mandriva: Updated perl package fixes format string vulnerability
  8th, December, 2005

Jack Louis discovered a new way to exploit format string errors in
the Perl programming language that could lead to the execution of
arbitrary code.


http://www.linuxsecurity.com/content/view/120967


* Mandriva: Updated openvpn packages fix multiple vulnerabilities
  10th, December, 2005

Two Denial of Service vulnerabilities exist in OpenVPN.  The first
allows a malicious or compromised server to execute arbitrary code on
the client (CVE-2005-3393).  The second DoS can occur if when in TCP
server mode, OpenVPN received an error on accept(2) and the resulting
exception handler causes a segfault (CVE-2005-3409). The updated
packages have been patched to correct these problems.<P>


http://www.linuxsecurity.com/content/view/120974


* Mandriva: Updated mozilla-thunderbird package fix vulnerability in
enigmail
  13th, December, 2005

A bug in enigmail, the GPG support extension for Mozilla MailNews and
Mozilla Thunderbird was discovered that could lead to the encryption
of an email with the wrong public key.	This could potentially
disclose confidential data to unintended recipients. The updated
packages have been patched to prevent this problem.

http://www.linuxsecurity.com/content/view/120986


* Mandriva: Updated ethereal packages fix vulnerability
  14th, December, 2005

A stack-based buffer overflow was discovered in the OSPF dissector in
Ethereal.  This could potentially be abused to allow remote attackers
to execute arbitrary code via crafted packets. The updated packages
have been patched to prevent this problem.

http://www.linuxsecurity.com/content/view/121010


* Mandriva: Updated xine-lib packages fix buffer overflow
vulnerability
  14th, December, 2005

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.


http://www.linuxsecurity.com/content/view/121011


* Mandriva: Updated xmovie packages fix buffer overflow vulnerability
  14th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121012


* Mandriva: Updated gstreamer-ffmpeg packages fix buffer overflow
vulnerability
  14th, December, 2005

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.


http://www.linuxsecurity.com/content/view/121013


* Mandriva: Updated mplayer packages fix buffer overflow
vulnerability
  14th, December, 2005

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

http://www.linuxsecurity.com/content/view/121014


* Mandriva: Updated ffmpeg packages fix buffer overflow vulnerability
  14th, December, 2005

Simon Kilvington discovered a vulnerability in FFmpeg libavcodec,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

http://www.linuxsecurity.com/content/view/121015


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list