+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | October 31st, 2003 Volume 4, Number 43a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for libnids, thttpd, apache2, gdm, and fetchmail. The distributors include Conectiva, Debian, Mandrake, and Slackware. >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache --- One of my favorite Linux network tools has always been ntop. For those of you who haven't used it, ntop is a command line tool used to gather information about network traffic. It is similar to 'top,' another command line tool that is used to report CPU and other resource usage. Ntop can be used for traffic measurement, monitoring, network usage analysis, and as a security violation detection tool. Ntop can be downloaded on http://www.ntop.org, and it is available for a wide range of operating systems. Ntop has relatively active community around it. If you need support there are several mailing lists that are available. Also, the Web site provides several usage guides so using the tool to its fullest extent should not be a problem. The documentation provides all of the information that is necessary. Ntop provides an easy way for administrators to easily identify bandwidth utilization problems, identifying hosts in promiscuous mode, and the use of duplicate IP addresses. One of the more interesting features is that ntop can be started in Web mode. For example, 'prompt$ ntop -w 3000' will allow a remote user to be able to access ntop information remotely. (http://server.domain.com:3000) One of the drawbacks is that ntop is not as robust as some of the enterprise traffic monitoring systems. The small-time system administrator should see that as a virtue though. If you only have several machines to keep track of, it has all the power that you would ever need. Normally, this is a tool that I use when trying to diagnose problems. Often, other network reporting tools are too verbose. Ntop provides just enough information quickly, in order to make decisions that may affect configuration changes. By now, hopefully most of you have used, or consistently use ntop. If not, I urge you to take a look. Ntop can be a great solution to satisfying your curiosity when you would like to know what is happening on your network at any given moment. Until next time, cheers! Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx --- EnGarde GDSN Subscription Price Reduction - Guardian Digital, the world's premier open source security company, announced today that they will be reducing the annual subscription cost of the Guardian Digital Secure Network for EnGarde Community users from $229 to $60 for a limited time. http://www.linuxsecurity.com/feature_stories/feature_story-151.html -------------------------------------------------------------------- CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 10/29/2003 - libnids Remote buffer overflow vulnerability A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of the application using this functionality of libnids. http://www.linuxsecurity.com/advisories/connectiva_advisory-3747.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 10/29/2003 - thttpd Multiple vulnerabilities An information leak and an arbitrary code execution vulnerability have been fixed. http://www.linuxsecurity.com/advisories/debian_advisory-3748.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 10/26/2003 - apache2 DoS Vulnerability A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process http://www.linuxsecurity.com/advisories/mandrake_advisory-3744.html +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ 10/28/2003 - gdm multiple vulnerabilities These updates fix two vulnerabilities which could allow a local user to crash or freeze gdm, preventing access to the machine until a reboot. http://www.linuxsecurity.com/advisories/slackware_advisory-3745.html 10/28/2003 - fetchmail denial of service vulnerability These fix a vulnerability where a specially crafted email could crash fetchmail, preventing the user from downloading or forwarding their email. http://www.linuxsecurity.com/advisories/slackware_advisory-3746.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------