Linux Advisory Watch - June 20th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  June 20th, 2002                          Volume 4, Number 24a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for apache2, webmin, mikmod,
typespeed, noweb, jnethack, ethereal, lprng, gzip, man, kon2, ghostscript,
cups, gzip, BitchX, Xpdf, kernel, and mgetty.  The distributors include
Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSe, and
TurboLinux.  Like last week, many of the advisories are fixes to older
issues and minor problems. The Gentoo and Debian security teams were most
active.

Recently, there has been a lot of noise in the community about Gartner's
latest report (Information Security Hype Cycle) suggesting that IDS
technology fails to provide value relative to its costs and "will be
obsolete by 2005."  The report indicates that IDS' do not add an extra of
security and they are a product of vendor puffery. Gartner's
recommendation is to direct any budgeted IDS funds into better firewalls.

"Functionality is moving into firewalls, which will perform deep packet
inspection for content and malicious traffic blocking, as well as
antivirus activities."  According to the research, IDS technology fails
because the typical IT department does not have the resources to sift
through all of the false positives and false negatives generated by normal
traffic.  If you've ever administered an IDS, I'm sure that you would
agree with that.  One conclusion that I have made over the past few years
is that an IDS is not for the faint of heart.  To reap benefit, a very
skilled administrator is required and onethat has the ability to write
custom signatures and configure in such a way that false
positives/negatives can be minimized.

Although this may be considered my <SOAPBOX> topic, I feel compelled to
mention it.  <SOAPBOX> No matter how many intrusion detection/prevention
systems, firewalls, scanners, and applications are installed to improve
security, systems will ultimately remain insecure until sysadmins start
regularly patching vulnerabilities in a timely matter.  I find it
appalling that scriptkiddies are able to find an insecure application
fingerprint, search on Google to find vulnerable hosts, then exploit it.
Negligence is the greatest cause of problems today. </SOAPBOX> I apologize
for lecturing, it is the "don't care" mindset that frustrates me.

The ironic part about all of this is that if you're reading this, you
probably agree with me and your systems are up-to-date. Education and
awareness are very important.  One must realize that there is no magic
bullet.

Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx



>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security?  Click here to get
a FREE Thawte Apache SSL Guide and find the answers to all your
Apache SSL security needs.

 Click Command:
 http://gothawte.com/rd763.html


FEATURE: Real-Time Alerting with Snort
Real-time alerting is a feature of an IDS or any other monitoring
application that notifies a person of an event in an acceptably short
amount of time. The amount of time that is acceptable is different for
every person.

http://www.linuxsecurity.com/feature_stories/feature_story-144.html


--------------------------------------------------------------------

* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.

 --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2

--------------------------------------------------------------------

LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez

Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will
encounter: Host and Network based.

http://www.linuxsecurity.com/feature_stories/feature_story-143.html



+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 6/17/2003 - apache2
   arbitrary command execution vulnerability

   The APR library contains a vulnerability in the apr_psprintf()
   function which could be used to make apache reference invalid
   memory.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3366.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 6/16/2003 - lyskom-server denial of service vulnerability
   arbitrary command execution vulnerability

   Calle Dybedahl discovered a bug in lyskom-server which could
   result in a denial of service where an unauthenticated user could
   cause the server to become unresponsive as it processes a large
   query.
   http://www.linuxsecurity.com/advisories/debian_advisory-3360.html

 6/16/2003 - webmin
   session ID spoofing vulnerability

   miniserv.pl in the webmin package does not properly handle
   metacharacters, such as line feeds and carriage returns, in
   Base64-encoded strings used in Basic authentication.
   http://www.linuxsecurity.com/advisories/debian_advisory-3361.html

 6/16/2003 - mikmod
   buffer overflow vulnerability

   Ingo Saitz discovered a bug in mikmod whereby a long filename
   inside an archive file can overflow a buffer when the archive is
   being read by mikmod.
   http://www.linuxsecurity.com/advisories/debian_advisory-3362.html

 6/16/2003 - radiusd-cistron buffer overflow vulnerability
   buffer overflow vulnerability

   radiusd-cistron contains a bug allowing a buffer overflow when a
   long NAS-Port attribute is received.
   http://www.linuxsecurity.com/advisories/debian_advisory-3363.html

 6/17/2003 - typespeed
   buffer overflow vulnerability

   radiusd-cistron contains a bug allowing a buffer overflow when a
   long NAS-Port attribute is received.
   http://www.linuxsecurity.com/advisories/debian_advisory-3367.html

 6/17/2003 - noweb
   insecure tmp file vulnerability

   Jakob Lell discovered a bug in the 'noroff' script included in
   noweb whereby a temporary file was created insecurely.
   http://www.linuxsecurity.com/advisories/debian_advisory-3368.html

 6/18/2003 - jnethack
   Multiple vulnerabilities

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/debian_advisory-3376.html

 6/18/2003 - ethereal
   Multiple remote vulnerabilities

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/debian_advisory-3377.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 6/14/2003 - lprng
   Symlink attack

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3355.html

 6/14/2003 - gzip
   Insecure temp files

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3356.html

 6/14/2003 - man
   Format string vulnerability

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3357.html

 6/14/2003 - kon2
   Buffer overflow vulnerability

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3358.html

 6/14/2003 - ghostscript
   Insecure temp file

   Multiple vulnerabilities including a buffer overflow and potential
   malicious code execution vulnerabilities have been fixed.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3359.html

 6/16/2003 - cups
   denial of service vulnerability

   CUPS allows remote attackers to cause a denial of service via a
   partial printing request to the IPP port (631), which does not
   time out.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3364.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 6/17/2003 - ethereal
   multiple vulnerabilities

   Several vulnerabilities in ethereal were discovered by Timo
   Sirainen.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3369.html

 6/17/2003 - gzip
   insecure tmp file vulnerability

   A vulnerability exists in znew, a script included with gzip, that
   would create temporary files without taking precautions to avoid a
   symlink attack.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3370.html

 6/17/2003 - BitchX
   Denial of Service Vulnerability

   A vulnerability exists in znew, a script included with gzip, that
   would create temporary files without taking precautions to avoid a
   symlink attack.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3373.html


+---------------------------------+
|  Distribution: RedHat           | ----------------------------//
+---------------------------------+

 6/18/2003 - Xpdf
   Arbitrary code execution vulnerability

   A vulnerability exists in znew, a script included with gzip, that
   would create temporary files without taking precautions to avoid a
   symlink attack.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3374.html


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

 6/18/2003 - kernel
   Multiple vulnerabilities

   A vulnerability exists in znew, a script included with gzip, that
   would create temporary files without taking precautions to avoid a
   symlink attack.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3375.html


+---------------------------------+
|  Distribution: SuSe             | ----------------------------//
+---------------------------------+

 6/16/2003 - radiusd-cistron denial of service vulnerability
   Multiple vulnerabilities

   radiusd-cistron contains a bug allowing a buffer overflow when a
   long NAS-Port attribute is received.
   http://www.linuxsecurity.com/advisories/suse_advisory-3365.html


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

 6/17/2003 - mgetty
   multiple vulnerabilities

   These vulnerabilities allow remote attackers to cause a denial of
   service and	   possibly execute arbitrary code via a Caller ID
   string with a long CallerName argument as well as allow local
   users to modify fax transmission privilege.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3371.html

 6/17/2003 - gzip
   insecure tmp file vulnerability

   A vulnerability znew in the gzip package that could allow local
   users to overwrite arbitrary files via a symlink attack on
   temporary files.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3372.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux