+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | October 3rd, 2003 Volume 4, Number 39a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for proftpd, openssl, marbles, freesweep, webfs, OpenSSL, mpg123, teapop, and proftpd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo, Immunix, Red Hat, Trustix, and Turbolinux. >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache --- Last week, I wrote about some of the problems that are associated with using passwords as a method of authentication. There are several techniques that can be utilized to improve password security, however, users often have such a large number of different passwords they can become difficult to manage. Users are forced to remember multiple passwords to different systems on different networks. This causes users to write down or continuously need their passwords reset. Single sign-on is a technology that can be implemented to relieve some of the strain that passwords put on users and administrators. With SSO, multiple passwords become invisible to the user because they are only required to login initially then the credentials are sent to each application by the way of the single sign-on system. Initially, migrating from a traditional password structure can be a daunting task. The problem is particularly apparent when trying to connect legacy applications. However, the headaches will quickly go away if the system includes the ability for users to reset their own password using other credentials that were given at their initial connection to the system. This functionality could be extremely beneficial to enterprise size organizations that must reset hundreds of passwords a day. A single sign-on system is not the holy grail. Like any feature on a network, it provides its own set of risks. Having a SSO system provides a single point of failure. If the system is down, every application on the network is potentially down. There are always tradeoffs between security and convenience, but many large organizations have felt that this is a risk worth taking. Although SSO provides the possibility of having a single point of failure, it is also possible to configure the system so that it is redundant, providing service if one system goes down. Implementing a system correctly requires a great deal of planning, time, and money. Until next time, cheers! Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx --> FEATURE: R00ting The Hacker Dan Verton, the author of The Hacker Diaries: Confessions of Teenage Hackers is a former intelligence officer in the U.S. Marine Corps who currently writes for Computerworld and CNN.com, covering national cyber-security issues and critical infrastructure protection. http://www.linuxsecurity.com/feature_stories/feature_story-150.html --> EnGarde GDSN Subscription Price Reduction Guardian Digital, the world's premier open source security company, announced today that they will be reducing the annual subscription cost of the Guardian Digital Secure Network for EnGarde Community users from $229 to $60 for a limited time. http://www.linuxsecurity.com/feature_stories/feature_story-151.html --> FEATURE: A Practical Approach of Stealthy Remote Administration This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS). http://www.linuxsecurity.com/feature_stories/feature_story-149.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 9/29/2003 - proftpd Arbitrary code execution vulnerability An attacker who is able to upload and download the same file can exploit this vulnerability to execute arbitrary code with root privileges. http://www.linuxsecurity.com/advisories/connectiva_advisory-3689.html 9/30/2003 - openssl ASN.1 parsing vulnerabilities An SSL/TLS testing suite developed by the NISCC (UK National Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may result in a denial of service. http://www.linuxsecurity.com/advisories/connectiva_advisory-3694.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 9/26/2003 - marbles Buffer overflow vulnerability Steve Kemp discovered a buffer overflow in marbles, when processing the HOME environment variable. This vulnerability could be exploited by a local user to gain gid 'games'. http://www.linuxsecurity.com/advisories/debian_advisory-3686.html 9/28/2003 - freesweep Buffer overflow vulnerability Steve Kemp discovered a buffer overflow in freesweep, when processing several environment variables. This vulnerability could be exploited by a local user to gain gid 'games'. http://www.linuxsecurity.com/advisories/debian_advisory-3687.html 9/29/2003 - webfs Multiple vulnerabilities Multiple vulnerabilities including unauthorized access and buffer overflow have been fixed. http://www.linuxsecurity.com/advisories/debian_advisory-3690.html +---------------------------------+ | Distribution: EnGarde | ----------------------------// +---------------------------------+ 9/30/2003 - OpenSSL ASN.1 parsing vulnerabilities An SSL/TLS testing suite developed by the NISCC (UK National Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may result in a denial of service. http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 9/29/2003 - media-video/mplayer Buffer overflow vulnerability ASN.1 parsing vulnerabilities A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. http://www.linuxsecurity.com/advisories/gentoo_advisory-3691.html 9/29/2003 - net-ftp/proftpd Remote file compromise vulnerability ASN.1 parsing vulnerabilities ISS X-Force discovered a vulnerability that could be triggered when a specially crafted file is uploaded to a proftpd server. http://www.linuxsecurity.com/advisories/gentoo_advisory-3692.html 9/30/2003 - mpg123 Buffer overflow vulnerability mpg123 contains a heap based buffer overflow that would allow an remote attacker to execute arbitrary code on the victims machine. http://www.linuxsecurity.com/advisories/gentoo_advisory-3695.html 9/30/2003 - teapop SQL Injection vulnerability teapop suffers from a sql injection in the postgresql and mysql authentication module. http://www.linuxsecurity.com/advisories/gentoo_advisory-3696.html +---------------------------------+ | Distribution: Immunix | ----------------------------// +---------------------------------+ 9/30/2003 - ASN.1 Parsing vulnerabilities SQL Injection vulnerability An SSL/TLS testing suite developed by the NISCC (UK National Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may result in a denial of service. http://www.linuxsecurity.com/advisories/immunix_advisory-3697.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 9/30/2003 - OpenSSL ASN.1 Parsing vulnerabilities An SSL/TLS testing suite developed by the NISCC (UK National Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may result in a denial of service. http://www.linuxsecurity.com/advisories/redhat_advisory-3698.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 9/29/2003 - 'proftpd' remote exploit ASN.1 Parsing vulnerabilities An error exists in the ASCII upload handling of Proftpd version 1.2.7 and later that can be used to trigger an buffer overflow and thus execute arbitrary code. This has now been fixed. http://www.linuxsecurity.com/advisories/trustix_advisory-3688.html +---------------------------------+ | Distribution: Turbolinux | ----------------------------// +---------------------------------+ 9/30/2003 - proftpd ASCII File Remote Compromise Vulnerability A vulnerability exists in the ProFTPD server that can be triggered by remote attackers when transferring files from the FTP server in ASCII mode. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3699.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------