+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 3rd, 2003 Volume 4, Number 39a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for proftpd, openssl, marbles,
freesweep, webfs, OpenSSL, mpg123, teapop, and proftpd. The distributors
include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo,
Immunix, Red Hat, Trustix, and Turbolinux.
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
---
Last week, I wrote about some of the problems that are associated with
using passwords as a method of authentication. There are several
techniques that can be utilized to improve password security, however,
users often have such a large number of different passwords they can
become difficult to manage. Users are forced to remember multiple
passwords to different systems on different networks. This causes users
to write down or continuously need their passwords reset.
Single sign-on is a technology that can be implemented to relieve some of
the strain that passwords put on users and administrators. With SSO,
multiple passwords become invisible to the user because they are only
required to login initially then the credentials are sent to each
application by the way of the single sign-on system.
Initially, migrating from a traditional password structure can be a
daunting task. The problem is particularly apparent when trying to
connect legacy applications. However, the headaches will quickly go away
if the system includes the ability for users to reset their own password
using other credentials that were given at their initial connection to the
system. This functionality could be extremely beneficial to enterprise
size organizations that must reset hundreds of passwords a day.
A single sign-on system is not the holy grail. Like any feature on a
network, it provides its own set of risks. Having a SSO system provides a
single point of failure. If the system is down, every application on the
network is potentially down. There are always tradeoffs between security
and convenience, but many large organizations have felt that this is a
risk worth taking. Although SSO provides the possibility of having a
single point of failure, it is also possible to configure the system so
that it is redundant, providing service if one system goes down.
Implementing a system correctly requires a great deal of planning, time,
and money.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
--> FEATURE: R00ting The Hacker
Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
Hackers is a former intelligence officer in the U.S. Marine Corps who
currently writes for Computerworld and CNN.com, covering national
cyber-security issues and critical infrastructure protection.
http://www.linuxsecurity.com/feature_stories/feature_story-150.html
--> EnGarde GDSN Subscription Price Reduction
Guardian Digital, the world's premier open source security company,
announced today that they will be reducing the annual subscription cost of
the Guardian Digital Secure Network for EnGarde Community users from $229
to $60 for a limited time.
http://www.linuxsecurity.com/feature_stories/feature_story-151.html
--> FEATURE: A Practical Approach of Stealthy Remote Administration
This paper is written for those paranoid administrators who are
looking for a stealthy technique of managing sensitive servers
(like your enterprise firewall console or IDS).
http://www.linuxsecurity.com/feature_stories/feature_story-149.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
9/29/2003 - proftpd
Arbitrary code execution vulnerability
An attacker who is able to upload and download the same file can
exploit this vulnerability to execute arbitrary code with root
privileges.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3689.html
9/30/2003 - openssl
ASN.1 parsing vulnerabilities
An SSL/TLS testing suite developed by the NISCC (UK National
Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
result in a denial of service.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3694.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
9/26/2003 - marbles
Buffer overflow vulnerability
Steve Kemp discovered a buffer overflow in marbles, when processing the
HOME environment variable. This vulnerability could be exploited by a
local user to gain gid 'games'.
http://www.linuxsecurity.com/advisories/debian_advisory-3686.html
9/28/2003 - freesweep
Buffer overflow vulnerability
Steve Kemp discovered a buffer overflow in freesweep, when processing
several environment variables. This vulnerability could be exploited
by a local user to gain gid 'games'.
http://www.linuxsecurity.com/advisories/debian_advisory-3687.html
9/29/2003 - webfs
Multiple vulnerabilities
Multiple vulnerabilities including unauthorized access and buffer
overflow have been fixed.
http://www.linuxsecurity.com/advisories/debian_advisory-3690.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
9/30/2003 - OpenSSL
ASN.1 parsing vulnerabilities
An SSL/TLS testing suite developed by the NISCC (UK National
Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
result in a denial of service.
http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
9/29/2003 - media-video/mplayer Buffer overflow vulnerability
ASN.1 parsing vulnerabilities
A remotely exploitable buffer overflow vulnerability was found in
MPlayer. A malicious host can craft a harmful ASX header, and trick
MPlayer into executing arbitrary code upon parsing that header.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3691.html
9/29/2003 - net-ftp/proftpd Remote file compromise vulnerability
ASN.1 parsing vulnerabilities
ISS X-Force discovered a vulnerability that could be triggered when a
specially crafted file is uploaded to a proftpd server.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3692.html
9/30/2003 - mpg123
Buffer overflow vulnerability
mpg123 contains a heap based buffer overflow that would allow an remote
attacker to execute arbitrary code on the victims machine.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3695.html
9/30/2003 - teapop
SQL Injection vulnerability
teapop suffers from a sql injection in the postgresql and mysql
authentication module.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3696.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
9/30/2003 - ASN.1 Parsing vulnerabilities
SQL Injection vulnerability
An SSL/TLS testing suite developed by the NISCC (UK National
Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
result in a denial of service.
http://www.linuxsecurity.com/advisories/immunix_advisory-3697.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
9/30/2003 - OpenSSL
ASN.1 Parsing vulnerabilities
An SSL/TLS testing suite developed by the NISCC (UK National
Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
result in a denial of service.
http://www.linuxsecurity.com/advisories/redhat_advisory-3698.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
9/29/2003 - 'proftpd' remote exploit
ASN.1 Parsing vulnerabilities
An error exists in the ASCII upload handling of Proftpd version 1.2.7
and later that can be used to trigger an buffer overflow and thus
execute arbitrary code. This has now been fixed.
http://www.linuxsecurity.com/advisories/trustix_advisory-3688.html
+---------------------------------+
| Distribution: Turbolinux | ----------------------------//
+---------------------------------+
9/30/2003 - proftpd
ASCII File Remote Compromise Vulnerability
A vulnerability exists in the ProFTPD server that can be triggered by
remote attackers when transferring files from the FTP server in ASCII
mode.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3699.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
