+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 8th, 2003 Volume 4, Number 31a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for wget, postfix, kernel, atari800,
xfstt, kdelibs, mindi, phpgroupware, eroaster, libc, kdelibs, php, core,
stunnel, man-db, Konqueror, and wuftpd. The distributors include
Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, FreeBSD,
Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux.
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
One of the most common causes of software vulnerabilities is poor
programming practices. Often, developers sacrifice security to add
additional features. Although most coders wish to write securely, many do
not. At most universities security is not addressed in programming
classes. The only training a student may receive is learning how to check
input variables. I now understand that more universities are beginning to
take software development security more seriously.
For those of us who code at work, or just as a hobby, how can we ensure
that we.re coding with best security practices? I recently had the
pleasure of reading the recent O.Reilly book Secure Coding: Principles &
Practices by Mark G. Graff and Kenneth R. van Wyk. Like all O.Reilly
books, it is moderately technical and will not bore you with irrelevant
narratives. The book weighs in at just over 200 pages and retails for
$29.95 USD. I would normally consider this a bit pricy for a small book.
However, in this case the information provided is well worth the money.
Every serious developer should have a copy. This book is intended for
moderately skilled programmers all the way up to expert level.
The best part of the book is that it is written primarily as informational
text and theory. It contains very little source code. The authors chose
to focus on the practice of secure coding, rather than specific
techniques. The information found in this book can provide a strong
foundation to the knowledge necessary to begin the secure development
process. The beginning of the book provides an introduction to all types
of attacks that affect software. Next, a chapter is devoted to secure
design including coding steps, issues, and practices to be avoided. The
book ends with techniques on how to successfully test software before
release. Another valuable part of the book is the case studies provided.
Each section contains several real world examples that can help you better
understand each concept.
As previously stated, Secure Coding: Principles & Practices is highly
recommended. If you have been waiting for the perfect book on secure
coding, this may be it!
http://www.bestwebbuys.com/books/compare/isbn/0596002424/isrc/b-home-search
Until Next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
Expert vs. Expertise: Computer Forensics and the Alternative OS
No longer a dark and mysterious process, computer forensics have been
significantly on the scene for more than five years now. Despite this,
they have only recently gained the notoriety they deserve.
http://www.linuxsecurity.com/feature_stories/feature_story-147.html
REVIEW: Linux Security Cookbook
There are rarely straightforward solutions to real world issues,
especially in the field of security. The Linux Security Cookbook is an
essential tool to help solve those real world problems. By covering
situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook
distinguishes itself as an indispensible reference for security oriented
individuals.
http://www.linuxsecurity.com/feature_stories/feature_story-145.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
8/2/2003 - wu-ftpd off-by-one vulnerability
There is an off-by-one buffer overflow vulnerability in the
fb_realpath() function, which handles filename paths in wu-ftpd.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3518.html
8/4/2003 - wget
buffer overflow vulnerability
An attacker can create a long (more than 256 characters),
specially crafted URL that when parsed by wget can cause the
execution of arbitrary code or program misbehavior.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3519.html
8/5/2003 - postfix
remote denial of service vulnerability
There are multiple vulnerabilities in postfix.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3530.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
8/1/2003 - wu-ftpd buffer overflow vulnerability
remote denial of service vulnerability
iSEC Security Research reports that wu-ftpd contains an off-by-one
bugin the fb_realpath function which could be exploited by a
logged-in user(local or anonymous) to gain root privileges.
http://www.linuxsecurity.com/advisories/debian_advisory-3507.html
8/1/2003 - kernel
mulitple vulnerabilities
A number of vulnerabilities have been discovered in the Linux
kernel.
http://www.linuxsecurity.com/advisories/debian_advisory-3508.html
8/1/2003 - atari800
multiple vulnerabilities
Steve Kemp discovered multiple buffer overflows in atari800, an
Atariemulator.
http://www.linuxsecurity.com/advisories/debian_advisory-3509.html
8/1/2003 - xfstt
multiple vulnerabilities
There are multiple vulnerabilities in xfstt.
http://www.linuxsecurity.com/advisories/debian_advisory-3510.html
8/1/2003 - kdelibs
Multiple remote vulnerabilities
Potential unauthorized access and man-in-the-middle attacks have
been fixed.
http://www.linuxsecurity.com/advisories/debian_advisory-3515.html
8/2/2003 - mindi
insecure tmp file vulnerability
mindi, a program for creating boot/root disks, does not
takeappropriate security precautions when creating temporary
files.
http://www.linuxsecurity.com/advisories/debian_advisory-3520.html
8/3/2003 - postfix
multiple vulnerabilities
There are multiple vulnerabiilities in postfix.
http://www.linuxsecurity.com/advisories/debian_advisory-3521.html
8/5/2003 - man-db multiple vulnerabilities
multiple vulnerabilities
There are multiple vulnerabilities in suid install of man-db.
http://www.linuxsecurity.com/advisories/debian_advisory-3531.html
8/5/2003 - kernel
vulnerability
This advisory provides a correction to the previous kernel
updates,which contained an error introduced in
kernel-source-2.4.18 version2.4.18-7. This error could result in
a kernel "oops" under certaincircumstances.
http://www.linuxsecurity.com/advisories/debian_advisory-3532.html
8/5/2003 - kernel
vulnerability
This advisory provides a correction to the previous kernel
updates,which contained an error introduced in
kernel-source-2.4.18 version2.4.18-7.
http://www.linuxsecurity.com/advisories/debian_advisory-3533.html
8/6/2003 - phpgroupware
multiple vulnerabilities
Several vulnerabilities have been discovered in phpgroupware.
http://www.linuxsecurity.com/advisories/debian_advisory-3536.html
8/6/2003 - eroaster
insecure temporary file vulnerabilitiy
eroaster does nottake appropriate security precautions when
creating a temporary filefor use as a lockfile.
http://www.linuxsecurity.com/advisories/debian_advisory-3537.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
8/4/2003 - 'postfix' remote denial-of-service
insecure temporary file vulnerabilitiy
Michal Zalewski has discovered a vulnerability in the Postfix MTA
which could lead to a remote DoS attack.
http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html
8/6/2003 - 'stunnel' signal handler race DoS
insecure temporary file vulnerabilitiy
Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and
SPOP3. A potential vulnerability has been found when stunnel is
configured to listen to incoming connections for these services.
http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
8/4/2003 - libc
buffer overflow vulnerability
An off-by-one error exists in a portion of realpath(3) that
computesthe length of the resolved pathname.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3522.html
8/5/2003 - libc
realpath off-by-one vulnerability
An off-by-one error exists in a portion of realpath(3) that
computesthe length of the resolved pathname.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3534.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
8/1/2003 - kdelibs
authentication vulnerability
A vulnerability in Konqueror was discovered where it could
inadvertently send authentication credentials to websites other
than the intended site in clear text via the HTTP-referer header
when authentication credentials are passed as part of a URL in the
form http://user:password@xxxx/.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3511.html
8/1/2003 - wu-ftpd off-by-one vulnerability
authentication vulnerability
There is an off-by- one bug in the fb_realpath() function which
could be used by a remote attacker to obtain root privileges on
the server.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3512.html
8/4/2003 - postfix
multiple vulnerabilities
Two vulnerabilities were discovered in the postfix MTA by Michal
Zalewski.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3523.html
8/4/2003 - php
session handling vulnerability
A vulnerability was discovered in the transparent session ID
support in PHP4 prior to version 4.3.2.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3524.html
+---------------------------------+
| Distribution: NetBSD | ----------------------------//
+---------------------------------+
8/4/2003 - core
denial of service vulnerability
It is possible to crash an OSI connected system remotely by
sending ita carefully prepared OSI networking packet.
http://www.linuxsecurity.com/advisories/netbsd_advisory-3525.html
8/4/2003 - libc
off-by-one vulnerability
In the library function realpath, there was a string
manipulationmistake which could lead to 1-byte buffer overrun.
http://www.linuxsecurity.com/advisories/netbsd_advisory-3526.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
8/1/2003 - wu-ftpd off-by-one vulnerability
off-by-one vulnerability
An off-by-one bug has been discovered in versions of wu-ftpd up to
andincluding 2.6.2.
http://www.linuxsecurity.com/advisories/redhat_advisory-3513.html
8/4/2003 - postfix
multiple vulnerabilities
Two security issues have been found in Postfix that affect the
Postfixpackages in Red Hat Linux 7.3, 8.0, and 9.
http://www.linuxsecurity.com/advisories/redhat_advisory-3527.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
8/1/2003 - Konqueror
Multiple vulnerabilities
Note that this update addresses a security problem in Konqueror
which may cause authentication credentials to be leaked to an
unintended website through the HTTP-referer header when they have
been entered into Konqueror as a URL
http://www.linuxsecurity.com/advisories/slackware_advisory-3516.html
+---------------------------------+
| Distribution: SuSe | ----------------------------//
+---------------------------------+
8/1/2003 - wuftpd
off-by-one vulnerability
There is a single byte buffer overflow in the WU ftp daemon
(wuftpd), a widely used ftp server for Linux-like systems.
http://www.linuxsecurity.com/advisories/suse_advisory-3514.html
8/4/2003 - postfix
multiple vulnerabilities
Michal Zalewski has reported problems in postfix which can lead to
a remote DoS attack or allow attackers to bounce-scan private
networks.
http://www.linuxsecurity.com/advisories/suse_advisory-3528.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
8/4/2003 - wu-ftpd off-by-one vulnerability
multiple vulnerabilities
This vulnerability may allow remote authenticated users to execute
arbitrary code via commands that cause long pathnames.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3529.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
