+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 6, 2004 Volume 5, Number 31a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
This week, advisories were released for Xsco, OpenSSL, uudecode, samba,
sox, phpMyAdmin and wv. The distributors include SCO Group, Conectiva,
Gentoo, Mandrake, Red Hat.
-----
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn10
-----
Using Pam
Pluggable Authentication Modules is a method for authenticating users.
Using PAM, programmers can provide a more easy and versatile means of
performing authentication functions. The ability to change from basic
password authentication to the use of smart cards or even biometrics can
be changed without having to recompile programs or require serious
modifications.
Additionally, PAM can be used to modify the terms of access by users as
well as system resources.
Just a few of the things you can do with PAM:
- Use a different encryption method for passwords such as MD5,
making them harder to brute force decode;
- Set resource limits on all your users so they can't perform
denial of service attacks (number of processes, amount of
memory, etc)
- Enable shadow passwords on the fly
- Allow specific users to login only at specific times from
specific places
Within a few hours of installing and configuring your system, you can
prevent many attacks before they even occur. For example, use PAM to
disable the system-wide usage of .rhosts files in user's home directories
by adding these lines to /etc/pam.d/login:
#
# Disable rsh/rlogin/rexec for users
#
login auth required pam_rhosts_auth.so no_rhosts
Set filesystem limits instead of allowing unlimited as is the default.
You can control the per-user limits using the resource- limits PAM module
and /etc/pam.d/limits.conf. For example, limits for group 'users' might
look like this:
@users hard core 0
@users hard nproc 50
@users hard rss 5000
This says to limit the creation of core files to zero bytes, restrict the
number of processes to 50, and restrict memory usage per user to 5 Meg.
The Linux-PAM System Administrators' Guide is a "draft" document that
describes the usage of the default PAM modules.
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html
Keep in mind that there is the potential to create a situation whereby
even root doesn't have access to the system, creating all kinds of
configuration headaches. Use caution.
Security Tip Written by Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx)
Additional tips are available at the following URL:
http://www.linuxsecurity.com/tips/
----
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
---------------------------------------------------------------------
Security Expert Dave Wreski Discusses Open Source Security
LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.
http://www.linuxsecurity.com/feature_stories/feature_story-170.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: SCO Group | ----------------------------//
+---------------------------------+
7/30/2004 - Xsco
Buffer overflow vulnerability
UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow
that could be exploited to gain root privileges.
http://www.linuxsecurity.com/advisories/caldera_advisory-4622.html
7/30/2004 - Xsco
Buffer overflow vulnerability
OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer
overflow that could be exploited to gain root privileges.
http://www.linuxsecurity.com/advisories/caldera_advisory-4623.html
7/30/2004 - OpenSSL
Multiple vulnerabilities
This patch addresses a large number of outstanding OpenSSL
vulnerabilities
http://www.linuxsecurity.com/advisories/caldera_advisory-4624.html
7/30/2004 - uudecode
Insecure tempfile vulnerability
If a user uses uudecode to extract data into open shared
directories, such as /tmp, this vulnerability could be used by a
local attacker to overwrite files or lead to privilege escalation.
http://www.linuxsecurity.com/advisories/caldera_advisory-4625.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
7/30/2004 - samba
Buffer overflow vulnerabilities
Exploitation of these vulnerabilites could lead to execution of
arbitrary code.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4620.html
7/30/2004 - sox
Buffer overflow vulnerabilities
Ulf H=E4rnhammar found two buffer overflow vulnerabilities[2] in
SoX. They occurred when the sox or play commands handled malicious
.WAV files.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4621.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
7/30/2004 - samba
Buffer overflow vulnerabilities
Two buffer overflows vulnerabilities were found in Samba,
potentially allowing the remote execution of arbitrary code.
(Note: this announcement takes the ERRATA released by Gentoo into
account).
http://www.linuxsecurity.com/advisories/gentoo_advisory-4617.html
7/30/2004 - phpMyAdmin
Multiple vulnerabilities
Multiple vulnerabilities in phpMyAdmin may allow a remote attacker
with a valid user account to alter configuration variables and
execute arbitrary PHP code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4618.html
7/30/2004 - SoX
Buffer overflow vulnerabilities
By enticing a user to play or convert a specially crafted WAV file
an attacker could execute arbitrary code with the permissions of
the user running SoX.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4619.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
7/30/2004 - wv
Buffer overflow vulnerabilty
iDefense discovered a buffer overflow vulnerability in the wv
package which could allow an attacker to execute arbitrary code
with the runner's privileges.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4615.html
7/30/2004 - OpenOffice.org Multiple vulnerabilities
Buffer overflow vulnerabilty
These updated packages contain fixes to libneon to correct the
several format string vulnerabilities in it, as well as a
heap-based buffer overflow vulnerability.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4616.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
7/30/2004 - sox
Buffer overflow vulnerabilities
A malicious WAV file could cause arbitrary code to be executed
when the file was played or converted.
http://www.linuxsecurity.com/advisories/redhat_advisory-4613.html
7/30/2004 - ipsec-tools Key verification vulnerability
Buffer overflow vulnerabilities
When configured to use X.509 certificates to authenticate remote
hosts, psec-tools versions 0.3.3 and earlier will attempt to
verify that host certificate, but will not abort the key exchange
if verification fails.
http://www.linuxsecurity.com/advisories/redhat_advisory-4614.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
