Linux Advisory Watch - July 25th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  July 25th, 2003                          Volume 4, Number 29a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for apache, kernel, nfs-utils, cups,
phpgroupware, fdclone, several, gnupg, phpgroupware, mpg123, mozilla,
semi, ethereal, and xpdf.  The distributors include Conectiva, Debian,
Guardian Digital's EnGarde Linux, Gentoo, Mandrake, Red Hat, Trustix,
TurboLinux, and YellowDog Linux.

When a child wants to get a candy bar at a local market, what normally
happens?  Most often, the child pleads a case to his/her parents and hopes
for the best.  If he/she is well behaved, the child may get the candy bar.
However, if the child has recently been disobedient, the parent would
probably refuse to buy it.  How does this relate to information security?
A healthy security budget can be considered your candy bar.  It can be
difficult to lock down a security budget.  In today.s sluggish economy,
all money spent must be fully justified and approved.  How can decision
makers in an organization be persuaded to spend adequate money on
security?

Decision makers in an organization need justification for every project.
Rather than using FUD for persuasion, it can be more effective to prepare
a business case for each project.  For example, if an upgrade to the
current email server farm is seriously needed to better manage Spam and
Viruses, a business case would be helpful to provide proper justification.
Writing one forces the proper amount of research and consideration of
alternatives.

What is normally found in a business case?  Generally, an executive
summary is the first major section included.  It should be no more than a
single type written page, and summarize all information found in the
remaining portion of the document.  It is advisable to write the executive
summary last.  Next, it is logical to include an introduction section.
This section should provide background information, the purpose of the
particular business case, and information regarding the subject matter.
It is a good idea to provide a bulleted list with key goals & objectives,
and discuss organizational environmental factors.  The analysis portion of
the newsletter should follow.  It should include an explanation of the
project goals & objectives, the scope, justification of business risks,
and alternative solutions.  Finally, the business case should include a
section on business impact.  This should include benefits, a high-level
ROI analysis, proposed time frame, and a listing of project risks.

Business cases can be written many different ways.  It is most important
that the audience is considered.  More information can on writing business
cases can be found on Google.  Also, if you contact me, I can point you to
several helpful resources.

Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx



==> INTRODUCING: Secure Mail Suite from Guardian Digital <==

Unparalleled E-Mail Security. Secure Mail Suite is the most Dynamic,
Rigorous Protection for Your Email System on the market today. It Clobbers
Spam.  Detects and Disables Viruses. And its Killer Firewall Keeps Your
Data -- and Your System and Safe and Secure. All in an Easy-to-Manage
Application that's Simple to Administer and Maintain.

Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security.
It's based on Open-Source Engineering, so it's constantly Improving.  And
with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard
for You -- for Many Reliable Years.

Secure Mail Suite. Sweet!
  From the First Name in Open-Source Security. Guardian Digital.

 --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2



REVIEW: Linux Security Cookbook

There are rarely straightforward solutions to real world issues,
especially in the field of security. The Linux Security Cookbook is an
essential tool to help solve those real world problems. By covering
situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook
distinguishes itself as an indispensible reference for security oriented
individuals.

http://www.linuxsecurity.com/feature_stories/feature_story-145.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

--------------------------------------------------------------------

>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.


 Click Command:
 http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25

--------------------------------------------------------------------

FEATURE: Real-Time Alerting with Snort
Real-time alerting is a feature of an IDS or any other monitoring
application that notifies a person of an event in an acceptably short
amount of time. The amount of time that is acceptable is different for
every person.

http://www.linuxsecurity.com/feature_stories/feature_story-144.html



+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+


 7/22/2003 - nfs-utils buffer overflow vulnerability
   denial of service vulnerability

   http://www.linuxsecurity.com/advisories/connectiva_advisory-3482.html

 7/22/2003 - kernel
   multiple vulnerabilities

   http://www.linuxsecurity.com/advisories/connectiva_advisory-3483.html

 7/22/2003 - cups
   multiple vulnerabilities

   http://www.linuxsecurity.com/advisories/connectiva_advisory-3484.html

 7/24/2003 - phpgroupware
   XSS vulnerability

   http://www.linuxsecurity.com/advisories/connectiva_advisory-3486.html

 7/24/2003 - apache
   denial of service vulnerability

   http://www.linuxsecurity.com/advisories/connectiva_advisory-3487.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 7/24/2003 - fdclone
   insecure tmp file vulnerability

   http://www.linuxsecurity.com/advisories/debian_advisory-3488.html


+---------------------------------+
|  Distribution: EnGarde          | ----------------------------//
+---------------------------------+

 7/24/2003 - several
   local 'kernel' vulnerabilities

   http://www.linuxsecurity.com/advisories/engarde_advisory-3485.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 7/19/2003 - gnupg
   Unauthorized acess

   http://www.linuxsecurity.com/advisories/gentoo_advisory-3475.html

 7/19/2003 - nfs-utils Denial of service
   Unauthorized acess

   http://www.linuxsecurity.com/advisories/gentoo_advisory-3476.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 7/24/2003 - phpgroupware
   multiple vulnerabilities

   http://www.linuxsecurity.com/advisories/mandrake_advisory-3489.html

 7/24/2003 - xpdf
   arbitrary command execution vulnerability

   http://www.linuxsecurity.com/advisories/mandrake_advisory-3490.html

 7/24/2003 - mpg123
   denial of service vulnerability

   http://www.linuxsecurity.com/advisories/mandrake_advisory-3491.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 7/21/2003 - 2.4 kernel mulitple vulnerabilities
   denial of service vulnerability

   http://www.linuxsecurity.com/advisories/redhat_advisory-3477.html

 7/21/2003 - mozilla
   heap overflow vulnerability

   http://www.linuxsecurity.com/advisories/redhat_advisory-3478.html

 7/24/2003 - semi
   arbitrary code execution vulnerability

   http://www.linuxsecurity.com/advisories/redhat_advisory-3493.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 7/18/2003 - 'nfs-utils' Denial of Service
   arbitrary code execution vulnerability

   http://www.linuxsecurity.com/advisories/trustix_advisory-3472.html


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

 7/24/2003 - nfs-utils off-by-one vulnerability
   arbitrary code execution vulnerability

   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3492.html


+---------------------------------+
|  Distribution: YDL              | ----------------------------//
+---------------------------------+

 7/18/2003 - nfs-utils Buffer overflow vulnerability
   arbitrary code execution vulnerability

   http://www.linuxsecurity.com/advisories/yellowdog_advisory-3473.html

 7/18/2003 - ethereal
   Multiple vulnerabilities

   http://www.linuxsecurity.com/advisories/yellowdog_advisory-3474.html

 7/24/2003 - semi
   arbitrary code execution vulnerability

   http://www.linuxsecurity.com/advisories/yellowdog_advisory-3494.html

 7/24/2003 - xpdf
   arbitrary command execution vulnerability

   http://www.linuxsecurity.com/advisories/yellowdog_advisory-3495.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux