+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 23, 2004 Volume 5, Number 29a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for MMDF, Mozilla, kernel, php4, webmin, samba, ethereal, l2tpd, mailman, httpd, libxml2, wv, php, Unreal, Opera, mod_ssl and freeswan. The distributors include SCO Group, Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware and Suse. ----- >> Need to Secure Multiple Domain or Host Names? << Securing multiple domain or host names need not burden you with unwanted administrative hassles. Learn more about how the cost-effective Thawte Starter PKI program can streamline management of your digital certificates. Click here to download our Free guide: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte07 ----- Creating New Accounts You should make sure to provide user accounts with only the minimal requirements for the task they need to do. If you provide your secretary, or another general user, with an account, you might want them to only have access to a word processor or drawing program, but be unable to delete data that is not his or hers. Several good rules of thumb when allowing other people legitimate access to your Linux machine: - Limit access privileges given to new users. - Be aware when/where they login from, or should be logging in from. - Make sure to remove inactive accounts - The use of the same user-ID on all computers and networks is advisable to ease account maintenance, as well as permit easier analysis of log data (but I'm sure someone will dispute this). However, it's practically essential if using NFS. There are several other protocols that use UIDs for local and remote access as well. - The creation of group user-IDs should be absolutely prohibited. User accounts also provide accountability, and this is not possible with group accounts. - Be sure shadow passwords are enabled. Shadow passwords is a method for storing the actual user's password in a root-owned file that is not readable by normal users, unlike the regular password file. This protects the passwords from being read and cracked using dictionary attacks. Most (if not all) current distributions already use shadow passwords. - Regularly audit user accounts for invalid or unused accounts, expired accounts, etc. - Check for repeated login failures. The files in /var/log are invaluable resource to track potential security problems. - Be sure to enable quotas on machines with many users, to prevent denial of service attacks involving filling disk partitions, or appending exploits to group-writable files. - Disable group accounts, and unused system accounts, such as sys or uucp. These accounts should be locked, and given non-functional shells. - Many local user accounts that are used in security compromises are ones that have not been used in months or years. Since no one is using them they provide the ideal attack vehicle. Security Tip Written by Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx) Additional tips are available at the following URL: http://www.linuxsecurity.com/tips/ ----- Security Expert Dave Wreski Discusses Open Source Security LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian Digital, Inc. and respected author of various hardened security and Linux publications, to talk about how Guardian Digital is changing the face of IT security today. Guardian Digital is perhaps best known for their hardened Linux solution EnGarde Secure Linux, touted as the premier secure, open-source platform for its comprehensive array of general purpose services, such as web, FTP, email, DNS, IDS, routing, VPN, firewalling, and much more. http://www.linuxsecurity.com/feature_stories/feature_story-170.html --------------------------------------------------------------------- Catching up with Wietse Venema, creator of Postfix and TCP Wrapper Duane Dunston speaks at length with Wietse Venema on his current research projects at the Thomas J. Watson Research Center, including his forensics efforts with The Coroner's Toolkit. Wietse Venema is best known for the software TCP Wrapper, which is still widely used today and is included with almost all unix systems. Wietse is also the author of the Postfix mail system and the co-author of the very cool suite of utilities called The Coroner's Toolkit or "TCT". http://www.linuxsecurity.com/feature_stories/feature_story-169.html ------ --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: SCO Group | ----------------------------// +---------------------------------+ 7/22/2004 - MMDF Multiple vulnerabilities This patch addresses many buffer overflows and cuts down sharply on unnecessary privilege. http://www.linuxsecurity.com/advisories/caldera_advisory-4584.html 7/22/2004 - Mozilla Multiple vulnerabilities This patch resolves a large number of Mozilla vulnerabilities. http://www.linuxsecurity.com/advisories/caldera_advisory-4588.html +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 7/16/2004 - kernel Multiple vulnerabilities This patch addresses a large number of kernel vulnerabilities at once. http://www.linuxsecurity.com/advisories/conectiva_advisory-4564.html 7/16/2004 - php4 Multiple vulnerabilities This patch resolves two vulnerabilities, each of which can cause the execution of arbitrary code. http://www.linuxsecurity.com/advisories/conectiva_advisory-4565.html 7/17/2004 - webmin ACL bypass vulnerability A vulnerability in webmin that would allow unauthenticated users to obtain read access to a module's configuration. http://www.linuxsecurity.com/advisories/conectiva_advisory-4566.html 7/22/2004 - samba Buffer overflow vulnerabilities This patch addresses several buffer overruns within samba. http://www.linuxsecurity.com/advisories/conectiva_advisory-4583.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 7/22/2004 - ethereal Denial of service vulnerabilities Several denial of service vulnerabilities were discovered in ethereal, one of which could be exploited by a remote attacker to crash ethereal with an invalid SNMP packet. http://www.linuxsecurity.com/advisories/debian_advisory-4579.html 7/22/2004 - netkit-telnet-ssl Format string vulnerability Denial of service vulnerabilities Vulnerability in netkit-telnet-ssl could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon. http://www.linuxsecurity.com/advisories/debian_advisory-4580.html 7/22/2004 - l2tpd Buffer overflow vulnerability By exploting this, a remote attacker could potentially cause arbitrary code to be executed by transmitting a specially crafted packet. http://www.linuxsecurity.com/advisories/debian_advisory-4581.html 7/22/2004 - php4 Multiple vulnerabilties Patch fixes both a vulnerability to XSS (Cross Site Scripting) and execution of arbitrary local code. http://www.linuxsecurity.com/advisories/debian_advisory-4582.html 7/22/2004 - mailman Password leak vulnerability A flaw in Mailman 2.1.* allows a remote attacker to retrieve the mailman password of any subscriber by sending a carefully crafted email request to the mailman server. http://www.linuxsecurity.com/advisories/debian_advisory-4587.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 7/16/2004 - ethereal Denial of service vulnerabilities Patches resolve three different ways to crash ethereal. http://www.linuxsecurity.com/advisories/fedora_advisory-4563.html 7/22/2004 - httpd Multiple vulnerabilities This patch fixes a remotely triggerable memory leak and a buffer overflow vulnerability. http://www.linuxsecurity.com/advisories/fedora_advisory-4585.html 7/22/2004 - libxml2 Buffer overflow vulnerability Updated libxml2 packages that fix an overflow when parsing remote resources are now available. http://www.linuxsecurity.com/advisories/fedora_advisory-4586.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 7/16/2004 - wv Buffer overflow vulnerability A buffer overflow vulnerability exists in the wv library that can allow an attacker to execute arbitrary code with the user's privileges. http://www.linuxsecurity.com/advisories/gentoo_advisory-4560.html 7/16/2004 - kernel Denial of service vulnerability By sending a malformed TCP packet, an attacker can hang a machine running IPTables. http://www.linuxsecurity.com/advisories/gentoo_advisory-4561.html 7/16/2004 - php Multiple vulnerabilities Multiple security vulnerabilities, potentially allowing remote code execution, were found and fixed in PHP. http://www.linuxsecurity.com/advisories/gentoo_advisory-4562.html 7/22/2004 - Unreal Tournament Buffer overflow vulnerability Game servers based on the Unreal engine are vulnerable to remote code execution through malformed 'secure' queries. http://www.linuxsecurity.com/advisories/gentoo_advisory-4574.html 7/22/2004 - Opera Multiple spoofing vulnerabilities Opera contains three vulnerabilities, allowing an attacker to impersonate legitimate websites with URI obfuscation or to spoof websites with frame injection. http://www.linuxsecurity.com/advisories/gentoo_advisory-4575.html 7/22/2004 - kernel Multiple vulnerabilities This patch addresses multiple DoS and permission vulnerabilities http://www.linuxsecurity.com/advisories/gentoo_advisory-4576.html 7/22/2004 - l2tpd Buffer overflow vulnerability A buffer overflow in l2tpd could lead to remote code execution. It is not known whether this bug is exploitable. http://www.linuxsecurity.com/advisories/gentoo_advisory-4577.html 7/22/2004 - mod_ssl Format string vulnerability A bug in mod_ssl may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy. http://www.linuxsecurity.com/advisories/gentoo_advisory-4578.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 7/16/2004 - php Multple vulnerabilities This patch resolves an improper memory_limit trigger as well as a possible XSS issue. http://www.linuxsecurity.com/advisories/mandrake_advisory-4557.html 7/16/2004 - ipsec-tools Multiple vulnerabilities Multple vulnerabilities This patch fixes both a Denial of Service attack and an ACL escape. http://www.linuxsecurity.com/advisories/mandrake_advisory-4558.html 7/16/2004 - freeswan Multiple vulnerabilities This patch resolves a DN impersonation attack as well as a denial of service. http://www.linuxsecurity.com/advisories/mandrake_advisory-4559.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 7/22/2004 - php Multiple vulnerabilities Patch resolves memory_limit bug with allows execution of arbitrary code and strip_tags bug which allows XSS (Cross Site Scripting). http://www.linuxsecurity.com/advisories/redhat_advisory-4572.html 7/22/2004 - samba Buffer overflow vulnerabilities Updated samba packages that fix buffer overflows, as well as other various bugs, are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4573.html +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ 7/22/2004 - php Multiple vulnerabilities This patch resolves two bug that could potentially allow XSS (Cross-Site Scripting) and the execution of arbitrary code. http://www.linuxsecurity.com/advisories/slackware_advisory-4571.html +---------------------------------+ | Distribution: Suse | ----------------------------// +---------------------------------+ 7/16/2004 - php4/mod_php4 Multiple vulnerabilities Multiple vulnerabilities Fixes two vulnerabilities, one that leads to direct code execution, and the other a possible XSS. http://www.linuxsecurity.com/advisories/suse_advisory-4556.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------