Linux Advisory Watch - November 21st 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  November 21st, 2003                      Volume 4, Number 46a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for zebra, hylafax, minimalist, Glibc,
XFree86, Sane, postgresql, and apache.  The distributors include
Conectiva, Debian, Mandrake, RedHat, SuSE, and Trustix.

---

>> Free Trial SSL Certificate from Thawte <<

Take your first step towards giving your online business a competitive
advantage. Test-drive a Thawte SSL certificate our easy online guide will
show you how.

Get started now:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte27

---

One of the more powerful and cutting edge technologies in security today
is honeypots.  Those who have a need for better network monitoring and
increased intrusion detection capabilities should find value in their
usage.  The concept of honeypots has been around for many years, but until
recently they haven't had much widespread use.  More recently, research
has been done to precisely define what honeypots are, and the development
of honeypot type classification.  With community involvement, Lance
Spitzner uses the following definition to define honeypots: "A honeypot is
an information system resource whose value lies in unauthorized or illicit
use of that resource."

To the average IT person, honeypots may be somewhat confusing. How could
any system value from 'unauthorized or illicit' use? Isn't it the
responsibility of security professionals to ensure that there is no
wrongful use to IT systems?  I don't think this analogy is completely
appropriate, but a honeypot is similar to a police sting operation.  The
name honeypot almost implies that the IT resource is 'bait' to lure
unauthorized users.  While this could be true, I'm not sure that it is the
best way to think about honeypots. Lance's definition contains the word
value.  What value is there in setting up an easy target to lure
unauthorized user? That's almost like buying a car and always leaving it
unlocked with the keys in it, parking it by your normal car, hoping
someone will steal your 'honeycar' rather than the car that you use
everyday. In my opinion, that is a very expensive protection system.

A better approach is to have specific goals in mind when implementing
honeypots.  Are you going to use this as research, simply to gain
knowledge to help you better protect against the enemy, or are you a
corporate user who wants to use a honeypot as a supplement to your
intrusion detection system?  Often, corporate IDS' have so many alerts, it
is nearly impossible to sort out real events.  Honeypots provide an
excellent method of identifying unauthorized traffic and activity, simply
because any traffic hitting a honeypot is by default unauthorized.
Honeypots have many uses and should not be installed just for the 'cool'
factor.  If one is mis-configured and sitting on your network, it is
potentially a huge security threat.

To find out more, I suggest the Honeynet project:
http://www.honeynet.org/


Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx

---

OpenVPN: An Introduction and Interview with Founder, James Yonan In this
article, Duane Dunston gives a brief introduction to OpenVPN and
interviews its founder James Yonan.

http://www.linuxsecurity.com/feature_stories/feature_story-152.html

--------------------------------------------------------------------

CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2

--------------------------------------------------------------------

FEATURE: R00ting The Hacker

Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
Hackers is a former intelligence officer in the U.S. Marine Corps who
currently writes for Computerworld and CNN.com, covering national
cyber-security issues and critical infrastructure protection.

http://www.linuxsecurity.com/feature_stories/feature_story-150.html

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 11/20/2003 - zebra
   Denial of service vulnerabilities

   Multiple denial of service vulnerabilities have been resolved.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3801.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 11/17/2003 - hylafax
   Multiple format string vulnerabilities

   The SuSE Security Team discovered several exploitable formats string
   vulnerabilities in hylafax, a flexible client/server fax system, which
   could lead to executing arbitrary code as root on the fax server.
   http://www.linuxsecurity.com/advisories/debian_advisory-3793.html

 11/17/2003 - minimalist
   Unsanitized input vulnerability

   A security-related problem has been discovered in minimalist, a mailing
   list manager, which allows a remote attacker to execute arbitrary
   commands.
   http://www.linuxsecurity.com/advisories/debian_advisory-3794.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 11/19/2003 - Glibc
   Buffer overflow vulnerability

   A bug was discovered in the getgrouplist function in glibc that can
   cause a buffer overflow if the size of the group list is too small to
   hold all the user's groups.  This overflow can cause segementation
   faults in various user applications, some of which may lead to
   additional security problems.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3800.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 11/20/2003 - XFree86
   Multiple integer overflows

   Updated XFree86 packages for Red Hat Linux 9 provide security fixes to
   font libraries and XDM.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3802.html


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

 11/18/2003 - Sane
   Denial of service vulnerability

   Several bugs in sane were fixed to avoid remote denial-of-service
   attacks. These attacks can even be executed if the remote attacker is
   not allowed to access the sane server by not listing the attackers IP
   in the file sane.conf.
   http://www.linuxsecurity.com/advisories/suse_advisory-3799.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 11/17/2003 - glibc
   Buffer overflow vulnerability

   The getgrouplist function in GNU libc allows may attackers to cause a
   denial of service (segmentation fault) and execute arbitrary code when
   a user is a member of a large number of groups, which can cause a
   buffer overflow.
   http://www.linuxsecurity.com/advisories/tawie_advisory-3789.html

 11/17/2003 - postgresql
   Buffer overflow vulnerability

   Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before
   7.3.4, allows remote attackers to execute arbitrary code.
   http://www.linuxsecurity.com/advisories/tawie_advisory-3790.html

 11/17/2003 - apache
   Multiple vulnerabilities

   Multiple stack-based buffer overflows in mod_alias and mod_rewrite have
   been fixed. Improper handling of CGI redirect paths has been fixed.
   http://www.linuxsecurity.com/advisories/tawie_advisory-3791.html

 11/17/2003 - coreutils/fileutils/anonftp Integer overflow vulnerability
   Multiple vulnerabilities

   An integer overflow in ls in the fileutils or coreutils packages may
   allow local users to cause a denial of service or execute arbitrary
   code via a large -w value, which could be remotely exploited via
   applications that use ls, such as wu-ftpd.
   http://www.linuxsecurity.com/advisories/tawie_advisory-3792.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux