+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 31st, 2003 Volume 4, Number 43a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for libnids, thttpd, apache2, gdm, and
fetchmail. The distributors include Conectiva, Debian, Mandrake, and
Slackware.
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
---
One of my favorite Linux network tools has always been ntop. For those of
you who haven't used it, ntop is a command line tool used to gather
information about network traffic. It is similar to 'top,' another
command line tool that is used to report CPU and other resource usage.
Ntop can be used for traffic measurement, monitoring, network usage
analysis, and as a security violation detection tool. Ntop can be
downloaded on http://www.ntop.org, and it is available for a wide range of
operating systems.
Ntop has relatively active community around it. If you need support there
are several mailing lists that are available. Also, the Web site provides
several usage guides so using the tool to its fullest extent should not be
a problem. The documentation provides all of the information that is
necessary. Ntop provides an easy way for administrators to easily
identify bandwidth utilization problems, identifying hosts in promiscuous
mode, and the use of duplicate IP addresses.
One of the more interesting features is that ntop can be started in Web
mode. For example, 'prompt$ ntop -w 3000' will allow a remote user to be
able to access ntop information remotely. (http://server.domain.com:3000)
One of the drawbacks is that ntop is not as robust as some of the
enterprise traffic monitoring systems. The small-time system
administrator should see that as a virtue though. If you only have
several machines to keep track of, it has all the power that you would
ever need. Normally, this is a tool that I use when trying to diagnose
problems. Often, other network reporting tools are too verbose. Ntop
provides just enough information quickly, in order to make decisions that
may affect configuration changes.
By now, hopefully most of you have used, or consistently use ntop. If
not, I urge you to take a look. Ntop can be a great solution to
satisfying your curiosity when you would like to know what is happening on
your network at any given moment.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
---
EnGarde GDSN Subscription Price Reduction -
Guardian Digital, the world's premier open source security company,
announced today that they will be reducing the annual subscription cost of
the Guardian Digital Secure Network for EnGarde Community users from $229
to $60 for a limited time.
http://www.linuxsecurity.com/feature_stories/feature_story-151.html
--------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
10/29/2003 - libnids
Remote buffer overflow vulnerability
A remote attacker may potentially exploit this vulnerability to
execute arbitrary code in the context of the application using this
functionality of libnids.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3747.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
10/29/2003 - thttpd
Multiple vulnerabilities
An information leak and an arbitrary code execution vulnerability have
been fixed.
http://www.linuxsecurity.com/advisories/debian_advisory-3748.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
10/26/2003 - apache2
DoS Vulnerability
A problem was discovered in Apache2 where CGI scripts that output more
than 4k of output to STDERR will hang the script's execution which can
cause a Denial of Service on the httpd process
http://www.linuxsecurity.com/advisories/mandrake_advisory-3744.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
10/28/2003 - gdm
multiple vulnerabilities
These updates fix two vulnerabilities which could allow a local user
to crash or freeze gdm, preventing access to the machine until a
reboot.
http://www.linuxsecurity.com/advisories/slackware_advisory-3745.html
10/28/2003 - fetchmail
denial of service vulnerability
These fix a vulnerability where a specially crafted email could crash
fetchmail, preventing the user from downloading or forwarding their
email.
http://www.linuxsecurity.com/advisories/slackware_advisory-3746.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
