[ISN] Linux Advisory Watch - January 13th 2005

InfoSec News isn at c4i.org
Mon Jan 16 01:25:29 EST 2006


+---------------------------------------------------------------------+
|  LinuxSecurity.com                               Weekly Newsletter  |
|  January 13th, 2005                            Volume 7, Number 2a  |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, perhaps the most interesting articles include hylafax,
hal, poppler, pdftohtml, libpaperl, xpdf, gpdf, and apache2.  The
distributors include Gentoo and Mandriva.

----

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec

----

IPv6 approach for TCP SYN Flood attack over VoIP, Part IV
By: Suhas Desai

6. IPv6 Approaches

Service Providers are scrambling to offer voice, video, data and
innovative services such as gaming, interactive TV and messaging, on
a single pipe. At the same time, network equipment is being upgraded
to IPV6.But some Real-Time IPV6 Security overwhelms performance due
to the application intelligence which is the rapid inspection of
VoIP signaling SIP, H.323 and audio packets, and the prompt opening
and shutting of .pinholes. to allow the passage of valid voice traffic
over wireless networks.

A firewall enabled for application filtering and IPv6 can drop
application performance by a staggering 90 % or more compared to best
case IPV4 results.

Given methods are used to IPv6 Application performance:

- Emulate real application traffic .data, voice, video over tens of
  thousands of clients and/or servers.

- Measure performance and Quality of Experience with Web pages/s,
  VoIP call set-up time, FTP file transfer rate and instant message
  passing with TCP SYN handshaking signals.

  Multiply services over IPv4/v6 must address three additional
  challenges that will impact network performance must be handled
  following DoS attacks.  IPv6 approaches can handle these with
  Network tester configurations.

6.2 DoS Attacks

* Must be filtered, including traditional layer 3-4 attacks such as
  TCP SYN Flood which is ported to IPv6.

* ICMPv6 attacks

* Application layer attacks (such as SIP setup/teardown flood and
  RTP stream Insertion).

* Application attacks are particularly effective because they degrade
  the CPU performance.

6.3 VoIP Attack Vulnerability

VoIP attack vulnerability simulates DoS attacks to measure impact
on VoIP with

- Traditional DoS attacks (TCP SYN flood, ping of Death)

- VoIP voice insertion-simulate rogue RTP streams.

- VoIP DoS simulates bursts of call setups and teardowns on the
  same addresses

6.4 Performance Challenges

6.4.1 Longer IPv6 addresses:

Firewall rule sets and ACL must work IPv6 addresses. It can degrade
performance.

6.4.2 IPv6 variable-length headers:

Parsing more complex encryption and authentication header sections
must be parsed and filtered and it may also need to perform

encryption/decryption or calculation of message authentication
codes to be filter on application-layer headers and content.

6.4.3 IPv6 DoS attacks

IPv6/v4 and IPv4/v6 tunneling can hide application-layer attacks
within complex handcrafted TCP SYN packets.

6.5 Triple-Play Methodology

It is a new approach needed to ensure that application aware devices
do not become bottlenecks:

6.5.1	Real-Time Application Performance.

6.5.2	Add DoS attacks over IPv6 including SIP setup-teardown
attacks. Quantify the reduction in application performance.


Read Entire Article:
http://www.linuxsecurity.com/content/view/121205/49/

----------------------

EnGarde Secure Community 3.0.3 Released

 Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.3 (Version 3.0, Release 3). This release
includes several bug fixes and feature enhancements to the
Guardian Digital WebTool, the SELinux policy, and the LiveCD
environment.

http://www.linuxsecurity.com/content/view/121150/65/

---


Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: HylaFAX Multiple vulnerabilities
  6th, January, 2006

HylaFAX is vulnerable to arbitrary code execution and unauthorized
access vulnerabilities.

http://www.linuxsecurity.com/content/view/121181



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated HAL packages fixes card reader bug
  5th, January, 2006

HAL in Mandriva 2006 doesn't correctly handle card readers
advertising  themselves as SCSI removable disk, which was preventing
HAL from correctly creating entries in fstab when the user inserts a
memory card.	    Updated packages have been patched to address
this issue.

http://www.linuxsecurity.com/content/view/121171


* Mandriva: Updated poppler packages fix several vulnerabilities
  5th, January, 2006

Heap-based buffer overflow in the StreamPredictor function in Xpdf
3.01 allows remote attackers to execute arbitrary code via a PDF file
with an out-of-range numComps (number of components) field.
(CVE-2005-3192) Heap-based buffer overflow in the
JPXStream::readCodestream function in the JPX stream parsing code
(JPXStream.c) for xpdf 3.01 and earlier allows user-complicit
attackers to cause a denial of service (heap corruption) and possibly
execute arbitrary code via a crafted PDF file
with large size values that cause insufficient memory to be
allocated.

http://www.linuxsecurity.com/content/view/121172


* Mandriva: Updated pdftohtml packages fix several vulnerabilities
  5th, January, 2006

Heap-based buffer overflow in the StreamPredictor function in Xpdf
3.01 allows remote attackers to execute arbitrary code via a PDF file
with an out-of-range numComps (number of components) field.
(CVE-2005-3192) Heap-based buffer overflow in the
JPXStream::readCodestream function in the JPX stream parsing code
(JPXStream.c) for xpdf 3.01 and earlier allows user-complicit
attackers to cause a denial of service (heap corruption) and possibly
execute arbitrary code via a crafted PDF file with large size values
that cause insufficient memory to be allocated.

http://www.linuxsecurity.com/content/view/121173


* Mandriva: New libpaper1 packages provide libpaper1 to x86_64
platform
  5th, January, 2006

Corporte Desktop 3.0/x86_64 did not ship with the libpaper1 library
which prevented the included gpdf and kpdf programs from working.
This update provides libpaper1.

http://www.linuxsecurity.com/content/view/121174


* Mandriva: Updated xpdf packages fix several vulnerabilities
  5th, January, 2006

Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service
(heap corruption) and possibly execute arbitrary code via a crafted
PDF file with an out-of-range number of components (numComps), which
is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121175


* Mandriva: Updated gpdf packages fix several vulnerabilities
  5th, January, 2006

Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF
functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and
earlier, allow user-complicit attackers to cause a denial of service
(heap corruption) and possibly execute arbitrary code via a crafted
PDF file with an out-of-range number of components (numComps), which
is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121176


* Mandriva: Updated apache2 packages fix vulnerabilities
  5th, January, 2006

A flaw was discovered in mod_imap when using the Referer directive
with image maps that could be used by a remote attacker to perform a
cross- site scripting attack, in certain site configurations, if a
victim could be forced to visit a malicious URL using certain web
browsers(CVE-2005-3352).

http://www.linuxsecurity.com/content/view/121177

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list