+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 5th, 2003 Volume 4, Number 35a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for sendmail, gdm, node, pam_smb,
vmware, horde, phpwebsite, eroaster, mindi, gallery, atari800, sendmail,
and up2date. The distributors include Conectiva, Debian, Gentoo, Red Hat,
and Turbo Linux.
Recently, I discovered an interesting information security project titled
"Towards a Taxonomy of Information Assurance." The founder , Abe Usher,
originally posted on a security mailing list asking for comments from the
open source community. The project Web site states the following as the
purpose: "My intent is that this taxonomy could be used by the academic
community, industry, and government in improving the precision of
communication used in discussing information assurance/security topics."
The author indicates that his research on information assurance has not
yet uncovered a taxonomy that "is sufficiently detailed for application
with real world problems."
The entire taxonomy has been divided into three categories: security
services, information states, and security countermeasures. Security
services includes availability, authentication, confidentiality,
integrity, and non-repudiation. Security countermeasures includes
technology, policies, people, and information states includes
transmission, storage, and processing. Each of these sections have been
further sub- divided into more detailed categories. The best way to
understand how the taxonomy is organized is to visit the project Web site:
http://www.sharp-ideas.net/ia/information_assurance.htm
Ok, a taxonomy?! So what! What potential uses could this have? The
first thing that I thought of was document classification. Like many of
you, over the last few years I have collected many security and open
source documents that I use for reference. Generally, I prefer to keep a
local copy of all useful documents to ensure that they will always be
available. As my digital library has grown, indexing has become much more
complex. At the moment, it is difficult to fully organize efficiently.
Using a completed information security taxonomy as reference, I will now
be able to create a comprehensive directory structure to store all of my
documents. In addition to better organization, a completed taxonomy will
assist persons interested in learning more about information security.
It will give students a better overview of everything included in
information security. I applaud Abe Usher for his efforts. I would also
like to encourage readers to submit any suggestions or ideas to him.
Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
FEATURE: A Practical Approach of Stealthy Remote Administration This paper
is written for those paranoid administrators who are looking for a
stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).
http://www.linuxsecurity.com/feature_stories/feature_story-149.html
--------------------------------------------------------------------
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
--------------------------------------------------------------------
Expert vs. Expertise: Computer Forensics and the Alternative OS
No longer a dark and mysterious process, computer forensics have been
significantly on the scene for more than five years now. Despite this,
they have only recently gained the notoriety they deserve.
http://www.linuxsecurity.com/feature_stories/feature_story-147.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
8/29/2003 - 'sendmail' remote vulnerability
Sendmail versions 8.12.8 and before (but only of the 8.12.x branch)
have a remote vulnerability related to DNS maps.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3587.html
9/1/2003 - gdm
Multiple vulnerabilities
This update fixes multiple vulnerabilities including an arbitrary file
content disclosure, crash as a result of using free(), and segfault
while checking authorization data.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3591.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
8/29/2003 - 'node' buffer overflow, format string
Multiple vulnerabilities
Morgan alias SM6TKY discovered and fixed several security
relatedproblems in LinuxNode, an Amateur Packet Radio Node program.
The buffer overflow he discovered can be used to gain unauthorised
root access and can be remotely triggered.
http://www.linuxsecurity.com/advisories/debian_advisory-3583.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
9/1/2003 - pam_smb
Remote buffer overflow vulnerability
If a long password is supplied, this can cause a buffer overflow which
could be exploited to execute arbitrary code with the privileges of
the process which invokes PAM services.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3588.html
9/1/2003 - vmware
Insecure symlink vulnerability
The previous GLSA 200308-03 was wrong when it stated that
vmware-workstation-4.0.1-5289 would fix the problems described in the
advisory.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3589.html
9/1/2003 - horde
Remote session hijacking
An attacker could send an email to the victim who ago use of HORDE MTA
in order to push it to visit a website. The website in issue log all
theaccesses and describe in the particular the origin of every victim.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3590.html
9/2/2003 - 'phpwebsite' SQL injection vulnerability
Remote session hijacking
phpwebsite contains an sql injection vulnerability in the
calendar module which allows the attacker to execute sql queries.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3592.html
9/2/2003 - 'eroaster' temporary file vulnerability
Remote session hijacking
Previous eroaster versions allowed local users to overwrite arbitrary
files via a symlink attack on a temporary file that is used as a
lockfile.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3593.html
9/2/2003 - 'mindi' temporary file vulnerability
Remote session hijacking
Mindi creates files in /tmp which could allow local user to
overwrite arbitrary files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3594.html
9/2/2003 - 'gallery' cross-site scripting vulnerability
Remote session hijacking
Cross-site scripting (XSS) vulnerability in search.php of Gallery
1.1 through 1.3.4 allows remote attackers to insert arbitrary web
script via the searchstring parameter.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3595.html
9/2/2003 - 'atari800' buffer overflow
Remote session hijacking
atari800 contains a buffer overflow which could be used by an
attacker to gain root privileges.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3596.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
8/29/2003 - 'sendmail' DNS maps DoS
Remote session hijacking
Updated Sendmail packages are available to fix a vulnerability in
the handling of DNS maps
http://www.linuxsecurity.com/advisories/redhat_advisory-3584.html
8/29/2003 - 'up2date' required update
Remote session hijacking
New versions of the up2date and rhn_register clients are available
and are required for continued access to Red Hat Network.
http://www.linuxsecurity.com/advisories/redhat_advisory-3585.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
8/29/2003 - pam_smb
vulnerability
The remote buffer overflow in the pam_smb module that an attacker
can exploit the pam_smb configured to authenticate a remotely
accessible service.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3586.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
