+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| January 30th, 2004 Volume 5, Number 5a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for gnupg, trr19, slocate, screen,
mod_python, gaim, jabber, mc, and tcpdump. The distributors include
Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.
----
>> Enterprise Security for the Small Business <<
Never before has a small business productivity solution been designed with
such robust security features. Engineered with security as a main focus,
the Guardian Digital Internet Productivity Suite is the cost-effective
solution small businesses have been waiting for.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07
----
Today, information is power. Those who have the most information, have
the most power. Companies are constantly plagued with former employees
giving sensitive information to competition. Call centers are attacked
with social engineering techniques, and servers connected to the Internet
are being scanned at an increasing rate. Information security is no
longer a 'nice thing to have,' it is a necessity. Millions of dollars are
now being spent worldwide on corporate information security programs.
In many cases, it is difficult for those less technically inclined to see
the need in having a large budget for information security. It is usually
seen as an IT issue, and something that can be addressed by one device or
a piece of software. Information security is a much broader issue that is
infinitely complex.
Rather than thinking about security from a 'patch and pray' standpoint, it
is better think about it from a wider perspective. A great book to read is
"Information Warfare and Security," by Dorothy Denning. The book is
written for the technical layman, so it is appropriate for those at all
levels. It is a book that should be read by anyone is responsible for any
amount of sensitive information.
Being over 400 pages, it is quite long. However, it is very easy to read
because of its structure. The book is broken up into three parts: An
Introduction, Offensive, and Defensive Information Warfare. Each part is
composed of several chapters and each chapter includes a story or several
stories and then a further analysis. The chapters can be read in sequence
or independently. The great part about this book is that one does not
have to read it in its entirety to get something out of it. No matter
what current information security situation you face, you'll find
inspiration in this book.
Some of my favorite chapters include "Psyops and Perception Management,"
"Secret Codes and Hideaways," and "In a Risky World." Rather than the
typical dry technical book that most of us are used to, you'll find this
book addictive and informative. I found that this book provided a good
social sciences perspective to information security, one that I normally
overlook.
"Information Warfare and Security" was published in 1999 and is
available in most bookstores.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
---
Introduction to Netwox and Interview with Creator Laurent Constantin
In this article Duane Dunston gives a brief introduction to Netwox, a
combination of over 130 network auditing tools. Also, Duane interviews
Laurent Constantin, the creator of Netwox.
http://www.linuxsecurity.com/feature_stories/feature_story-158.html
--------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--------------------------------------------------------------------
Managing Linux Security Effectively in 2004
This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security
routine should be established to ensure that all new vulnerabilities are
addressed. Linux security should be treated as an evolving process.
http://www.linuxsecurity.com/feature_stories/feature_story-157.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
1/26/2004 - gnupg
Signing key vulnerability
This vulnerability can be used to trivially recover the private
key.
http://www.linuxsecurity.com/advisories/debian_advisory-3976.html
1/28/2004 - trr19
Missing privilege release
The binaries don't drop privileges before executing a command,
allowing an attacker to gain access to the local group games.
http://www.linuxsecurity.com/advisories/debian_advisory-3983.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
1/26/2004 - slocate
Heap overflow vulnerability
A local user could exploit this vulnerability to gain "slocate"
group privileges and then read the entire slocate database.
http://www.linuxsecurity.com/advisories/fedora_advisory-3974.html
1/27/2004 - screen
Privilege escalation vulnerability
Updated screen packages are now available that fix a security
vulnerability which may allow privilege escalation for local
users.
http://www.linuxsecurity.com/advisories/fedora_advisory-3982.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
1/27/2004 - mod_python
Denial of service vulnerability
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3980.html
1/27/2004 - gaim
Multiple vulnerabilities
Multiple buffer overflows exist in gaim 0.75 and earlier.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3981.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
1/23/2004 - slocate
Heap overflow
This could be exploited by a local user to gain privileges of the
'slocate' group. The updated packages contain a patch from Kevin
Lindsay that causes slocate to drop privileges before reading a
user-supplied database.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3971.html
1/23/2004 - jabber
Denial of service vulnerability
A vulnerability was found in the jabber program where a bug in the
handling of SSL connections could cause the server process to
crash, resulting in a DoS (Denial of Service).
http://www.linuxsecurity.com/advisories/mandrake_advisory-3972.html
1/27/2004 - gaim
Multiple vulnerabilities
Multiple buffer overflows exist in gaim 0.75 and earlier.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3977.html
1/27/2004 - mc
Buffer overflow vulnerability
This vulnerability could allow remote attackers to execute
arbitrary code during symlink conversion.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3978.html
1/27/2004 - tcpdump
Non-sanitized input vulernability
If fed a maliciously crafted packet, could be exploited to crash
tcpdump or potentially execute arbitrary code.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3979.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
1/26/2004 - gaim
Multiple vulnerabilities
Multiple buffer overflows that affect versions of Gaim 0.75 and
earlier.
http://www.linuxsecurity.com/advisories/redhat_advisory-3973.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
1/26/2004 - gaim
Multiple vulnerabilities
12 vulnerabilities were found in the instant messenger GAIM that
allow remote compromise.
http://www.linuxsecurity.com/advisories/slackware_advisory-3975.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
1/29/2004 - gaim
Multiple vulnerabilities
12 vulnerabilities in gaim can lead to a remote system compromise
with the privileges of the user running GAIM.
http://www.linuxsecurity.com/advisories/suse_advisory-3984.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
