Linux Advisory Watch - January 23rd 2004

vuln-newsletter-admins@xxxxxxxxxxxxxxxxx · Fri, 23 Jan 2004 11:37:46 -0500 (EST)

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  January 23rd, 2004                        Volume 5, Number 4a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for cvs, screen, kdepim, mc, tcpdump,
kernel, slocate, honeyd, isakmpd, and lftp.  The distributors include
Conectiva, Debian, Guardian Digital EnGarde Secure Linux, Gentoo, OpenBSD,
Red Hat, Trustix, and Turbolinux.

----
>> Combating Junk Email <<
Guardian Digital Secure Mail Suites comprehensive anti-spam capabilities
create an impenetrable barrier between spammers and your inbox.
Eliminates virtually all inappropriate & unsolicited mail using the most
advanced junk mail technologies.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn01
----

In all business environments management must give a certain level of trust
to staff in order for work to get done.  In security, trust is extremely
important.  Security managers must trust staff to properly setup and
configure systems, give appropriate access, and fix vulnerabilities as
they arise. Trusting staff to get the job done is a fundamental part of
doing business.  As a manager, how can one be sure that the security staff
is properly addressing security issues?  How can one be sure that
vulnerabilities are fixed and logs are monitored?  Peter F. Drucker, a
well known writer on business management topics once wrote, "if you cannot
measure it, you cannot manage it."

This is directly relevant to security.  How can a manager be sure that the
backups are getting done?  Are the IDS and firewall logs properly
monitored?  A manager can easily have trust in employees, but assurance
also must be provided. Management should require staff to log backups, log
reviews, server patching, etc.  Rather than trusting staff to get the job
done, it is necessary to have assurance.  All general security maintenance
tasks can be, and should be audit-able.

How will extra paper work help security?  Will staff get fed up with all
of the extra documentation?  The purpose of extra documentation is not to
burden staff, it is to increasingly justify security spending.  If a
security department is properly doing its job, incidents will have little
affect. However, if the department isn't doing its job, something
catastrophic could happen.  It is hard for people not in security to see
the value in spending more money when there are no security incidents.
Having audit-able documented evidence of thwarted security attempts, log
reviews, etc. can have a huge impact on the image of the security
department.  Rather than relying on trust, giving assurance and
quantifying security will help get the budget necessary to have the
appropriate level of protection.

Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx

---

Managing Linux Security Effectively in 2004

This article examines the process of proper Linux security management in
2004.  First, a system should be hardened and patched.  Next, a security
routine should be established to ensure that all new vulnerabilities are
addressed.  Linux security should be treated as an evolving process.

http://www.linuxsecurity.com/feature_stories/feature_story-157.html

--------------------------------------------------------------------

FEATURE: OSVDB: An Independent and Open Source Vulnerability Database This
article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major
contributor.

http://www.linuxsecurity.com/feature_stories/feature_story-156.html

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 1/20/2004 - cvs
   Chroot escape vulnerability

   By requesting malformed modules[2] a remote attacker can attempt
   to create files and directories on the server's root file system.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-3962.html

 1/20/2004 - screen
   Buffer overflow vulnerability

   This vulnerability could be exploited by an attacker who is able
   to send about 2Gb of data to the user's screen session.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-3963.html

 1/20/2004 - kdepim
   Buffer overflow vulnerability

   A carefully constructed .VCF file, if opened or previewed, could
   cause the execution of arbitrary code with the victim's
   privileges.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-3964.html

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 1/16/2004 - mc
   Improper execution vulnerability

   A malicious archive (such as a .tar file) could cause arbitrary
   code to be executed if opened by Midnight Commander.
   http://www.linuxsecurity.com/advisories/debian_advisory-3955.html

 1/16/2004 - tcpdump
   Multiple vulnerabilities

   A number of buffer overflows could be exploited to crash tcpdump,
   or execute arbitrary code with the privileges of tcpdump.
   http://www.linuxsecurity.com/advisories/debian_advisory-3957.html

 1/19/2004 - netpbm-free Insecure temporary files
   Multiple vulnerabilities

   Many of these programs were found to create temporary files in an
   insecure manner.
   http://www.linuxsecurity.com/advisories/debian_advisory-3960.html

 1/19/2004 - kernel
   MIPS version of mremap() fix

   A flaw in bounds checking in mremap() in the Linux kernel may
   allow a local attacker to gain root privileges.
   http://www.linuxsecurity.com/advisories/debian_advisory-3961.html

 1/20/2004 - slocate
   Heap buffer overflow

   This vulnerability could grant a local attacker "slocate" group
   privileges, which can access the list of all file pathnames on the
   system.
   http://www.linuxsecurity.com/advisories/debian_advisory-3965.html

+---------------------------------+
|  EnGarde                        | ----------------------------//
+---------------------------------+

 1/19/2004 - 'tcpdump' multiple vulnerabilities
   Heap buffer overflow

   By sending specially constructed packets across the wire a
   malicious remote attacker could cause tcpdump to crash or
   potentially run arbitrary code as the user under which tcpdump was
   being run.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3958.html

 1/19/2004 - tcpdump
   Multiple vulnerabilities

   Several buffer overflows were recently discovered in tcpdump which
   could cause tcpdump to crash or run arbitrary code.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3959.html

+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 1/22/2004 - honeyd
   Honeyd remotely identifiable

   Identification of Honeyd installations allows an adversary to
   launch attacks specifically against Honeyd.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3969.html

+---------------------------------+
|  Distribution: OpenBSD          | ----------------------------//
+---------------------------------+

 1/16/2004 - isakmpd
   SA deletion vulnerability

   Several message handling flaws in isakmpd(8) have been reported by
   Thomas Walpuski.
   http://www.linuxsecurity.com/advisories/openbsd_advisory-3956.html

+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 1/21/2004 - mc
   Buffer overflow vulnerability

   This vulnerability allows remote attackers to execute arbitrary
   code during symlink conversion.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3966.html

 1/22/2004 - slocate
   Heap overflow vulnerability

   A local user could exploit this vulnerability to gain "slocate"
   group privileges and then read the entire slocate database.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3970.html

+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 1/21/2004 - slocate
   Privilege escalation vulnerability

   Exploiting this would allow an attacker to obtain a list of all
   files in the filesystem.
   http://www.linuxsecurity.com/advisories/trustix_advisory-3967.html

+---------------------------------+
|  Distribution: Turbolinux       | ----------------------------//
+---------------------------------+

 1/22/2004 - lftp
   and tcpdump Multiple vulnerabilities

   lftp: buffer overflow tcpdump: multiple vulnerabilities
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3968.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------