+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 24th, 2004 Volume 5, Number 38a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for lukemftpd, cvs, Heimdal, mpg123, SnipSnap, Foomatic, CUPS, and login_radius. The distributors include Debian, FreeBSD, Gentoo, Mandrake, OpenBSD, and Suse. ----- SSL123 - New from Thawte Get SSL123 the new full 128-bit capable digital certificate - issued within minutes for US $159.00. Free reissues and experienced 24/5 multi-lingual support included for the life of the certificate. Click Here to Read More: http://ad.doubleclick.net/clk;9216013;9649389;v ----- SSL, S-HTTP, HTTPS and S/MIME Often times users ask about the differences between the various security and encryption protocols, and how to use them. While this isn't an encryption document, it is a good idea to explain briefly what each are, and where to find more information. SSL: SSL, or Secure Sockets Layer, is an encryption method developed by Netscape to provide security over the Internet. It supports several different encryption protocols, and provides client and server authentication. SSL operates at the transport layer, creates a secure encrypted channel of data, and thus can seamlessly encrypt data of many types. This is most commonly seen when going to a secure site to view a secure online document with Communicator, and serves as the basis for secure communications with Communicator, as well as many other Netscape Communications data encryption. More information can be found at http://www.consensus.com/security/ssl-talk-faq.html. Information on Netscape's other security implementations, and a good starting point for these protocols is available at http://home.netscape.com/info/security-doc.html. S-HTTP: S-HTTP is another protocol that provides security services across the Internet. It was designed to provide confidentiality, authenticity, integrity, and non-repudiability (cannot be mistaken for someone else, and I cannot deny my actions later) while supporting multiple key management mechanisms and cryptographic algorithms via option negotiation between the parties involved in each transaction. S-HTTP is limited to the specific software that is implementing it, and encrypts each message individually. [ From RSA Cryptography FAQ, page 138] S/MIME: S/MIME, or Secure Multipurpose Internet Mail Extension, is an encryption standard used to encrypt electronic mail, or other types of messages on the Internet. More information on S/MIME can be found at http://home.netscape.com/assist/security/smime/overview.html. Excerpt from the LinuxSecurity Administrator's Guide: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html Written by: Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx) ----- AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. http://www.linuxsecurity.com/feature_stories/feature_story-173.html --------------------------------------------------------------------- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html ------ --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 9/21/2004 - lukemftpd fix arbitrary code execution Przemyslaw Frasunek discovered a vulnerability in tnftpd or lukemftpd respectively, the enhanced ftp daemon from NetBSD. An attacker could utilise this to execute arbitrary code on the server. http://www.linuxsecurity.com/advisories/debian_advisory-4837.html +---------------------------------+ | Distribution: FreeBSD | ----------------------------// +---------------------------------+ 9/20/2004 - cvs number of vulnerabilities A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian Krahmer, and Derek Price. http://www.linuxsecurity.com/advisories/freebsd_advisory-4826.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 9/19/2004 - Heimdal ftpd root escalation Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges. http://www.linuxsecurity.com/advisories/gentoo_advisory-4828.html 9/21/2004 - mpg123 Buffer overflow vulnerability mpg123 decoding routines contain a buffer overflow bug that might lead to arbitrary code execution. http://www.linuxsecurity.com/advisories/gentoo_advisory-4829.html 9/17/2004 - SnipSnap HTTP response splitting SnipSnap is vulnerable to HTTP response splitting attacks such as web cache poisoning, cross-user defacement, and cross-site scripting. http://www.linuxsecurity.com/advisories/gentoo_advisory-4832.html 9/20/2004 - Foomatic Arbitrary command execution The foomatic-rip filter in foomatic-filters contains a vulnerability which may allow arbitrary command execution on the print server. http://www.linuxsecurity.com/advisories/gentoo_advisory-4833.html 9/20/2004 - CUPS Denial of service vulnerability A vulnerability in CUPS allows remote attackers to cause a denial of service when sending a carefully-crafted UDP packet to the IPP port. http://www.linuxsecurity.com/advisories/gentoo_advisory-4834.html 9/20/2004 - Mozilla, Firefox, Thunderbird, Epiphany New releases fix vulnerabilities Denial of service vulnerability New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including the remote execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4835.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 9/17/2004 - gdk-pixbuf/gtk+2 image loading vulnerabilities Denial of service vulnerability A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753). http://www.linuxsecurity.com/advisories/mandrake_advisory-4824.html 9/17/2004 - gdk-pixbuf/gtk+2 image loading vulnerabilities Denial of service vulnerability A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753). http://www.linuxsecurity.com/advisories/mandrake_advisory-4825.html +---------------------------------+ | Distribution: OpenBSD | ----------------------------// +---------------------------------+ 9/21/2004 - login_radius security flaw Eilko Bos has reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. http://www.linuxsecurity.com/advisories/openbsd_advisory-4838.html +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ 9/17/2004 - gtk2, gdk-pixbuf remote code execution security flaw Chris Evans has discovered a heap based, a stack based and an integer overflow in the XPM and ICO loaders of those libraries. http://www.linuxsecurity.com/advisories/suse_advisory-4813.html 9/17/2004 - XFree86-libs, xshared remote command execution security flaw Chris Evans reported three vulnerabilities in libXpm which can be exploited remotely by providing malformed XPM image files. http://www.linuxsecurity.com/advisories/suse_advisory-4814.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------