+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 1st, 2004 Volume 5, Number 39a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for kernel, imlib, getmail, sendmail, vnc, CUPS, cadaver, tcpdump, freenet6, apache, subversion, sharutils, webmin, and NetPBM. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, and Trustix. ----- SSL123 - New from Thawte Get SSL123 the new full 128-bit capable digital certificate - issued within minutes for US $159.00. Free reissues and experienced 24/5 multi-lingual support included for the life of the certificate. Click Here to Read More: http://ad.doubleclick.net/clk;9216017;9649395;w ----- Physical Security The first ``layer'' of security you need to take into account is the physical security of your computer systems. Who has direct physical access to your machine? Should they? Can you protect your machine from their tampering? Should you? How much physical security you need on your system is very dependent on your situation, and/or budget. If you are a home user, you probably don't need a lot (although you might need to protect your machine from tampering by children or annoying relatives). If you are in a Lab environment, you need considerably more, but users will still need to be able to get work done on the machines. Many of the following sections will help out. If you are in a Office, you may or may not need to secure your machine off hours or while you are away. At some companies, leaving your console unsecured is a termination offense. Obvious physical security methods such as locks on doors, cables, locked cabinets, and video surveillance are all a good idea, but beyond the scope of this document. Make use of /etc/shutdown.allow to prevent someone from rebooting your machine. This file is consulted when the machine is rebooted using the Control-Alt-Del keys. It contains a list of usernames that are authorized to reboot the machine. Excerpt from the LinuxSecurity Administrator's Guide: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html Written by: Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx) ----- AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. http://www.linuxsecurity.com/feature_stories/feature_story-173.html --------------------------------------------------------------------- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html ------ --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 9/27/2004 - kernel vulnerability fix This announcement fixes a missing[1] Discretionary Access Control (DAC) check in the chown system call that allowed a local user to change the group ownership of arbitrary files to a group that he or she belongs to, leading to a privileges escalation vulnerability. http://www.linuxsecurity.com/advisories/conectiva_advisory-4868.html 9/28/2004 - imlib and imlib2 Fix for a buffer overflow Marcus Meissner noticed that due to improper bounds checking, imlib[3] and imlib2[4] are vulnerable to a buffer overflow when decoding runlength-encoded bitmaps. http://www.linuxsecurity.com/advisories/conectiva_advisory-4871.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 9/27/2004 - getmail symlink vulnerability A security problem has been discovered in getmail, a POP3 and APOP mail gatherer and forwarder. An attacker with a shell account on the victims host could utilise getmail to overwrite arbitrary files when it is running as root. http://www.linuxsecurity.com/advisories/debian_advisory-4840.html 9/27/2004 - sendmail pre-set password Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing "sasl-bin" to use sasl in connection with sendmail, the sendmail configuration script use fixed user/pass information to initialise the sasl database. http://www.linuxsecurity.com/advisories/debian_advisory-4880.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 9/28/2004 - vnc update fixes several bugs This package updates VNC to the latest released version, 4.0. It also fixes several bugs not fixed upstream. http://www.linuxsecurity.com/advisories/fedora_advisory-4872.html 9/28/2004 - CUPS update fixes a denial of service problem This update fixes a denial of service problem causing loss of browse services. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0558 to this issue. http://www.linuxsecurity.com/advisories/fedora_advisory-4873.html 9/29/2004 - system-config-display update fixes reconfig mode update fixes a denial of service problem This release fixes reconfig mode for system-config-display for Fedora Core 2. http://www.linuxsecurity.com/advisories/fedora_advisory-4874.html 9/30/2004 - cadaver security vulnerabilities Updated cadaver packages that fix multiple security vulnerability are now available. http://www.linuxsecurity.com/advisories/fedora_advisory-4878.html 9/30/2004 - tcpdump multiple security vulnerabilities Updated tcpdump packages that fix multiple security vulnerabilities are now available. http://www.linuxsecurity.com/advisories/fedora_advisory-4879.html 9/30/2004 - freenet6 wrong file permissions Simon Josefsson noticed that the tspc.conf configuration file in freenet6, a client to configure an IPv6 tunnel to freenet6.net, is set world readable. http://www.linuxsecurity.com/advisories/fedora_advisory-4881.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 9/24/2004 - apache Exposure of protected directories A bug in the way Apache handles the Satisfy directive can lead to the exposure of protected directories to unauthorized users. http://www.linuxsecurity.com/advisories/gentoo_advisory-4861.html 9/27/2004 - X.org, XFree86 Integer and stack overflows in libXpm Exposure of protected directories libXpm, the X Pixmap library that is a part of the X Window System, contains multiple stack and integer overflows that may allow a carefully-crafted XPM file to crash applications linked against libXpm, potentially allowing the execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4862.html 9/29/2004 - subversion Metadata information leak An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users. http://www.linuxsecurity.com/advisories/gentoo_advisory-4877.html 10/1/2004 - sharutils Buffer overflows sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution. http://www.linuxsecurity.com/advisories/gentoo_advisory-4883.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 9/27/2004 - webmin vulnerability A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory. http://www.linuxsecurity.com/advisories/mandrake_advisory-4851.html 9/28/2004 - NetPBM update fixes a number of temporary file bugs A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities. http://www.linuxsecurity.com/advisories/mandrake_advisory-4869.html 9/28/2004 - Openoffice.org update fixes temporary file vulnerabilities update fixes a number of temporary file bugs A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. http://www.linuxsecurity.com/advisories/mandrake_advisory-4870.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 9/30/2004 - gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, postgresql Insecure tempfile handling update fixes a number of temporary file bugs Trustix Security Engineers identified that all these packages had one or more script(s) that handled temporary files in an insecure manner. While it is not believed that any of these holes could lead to privilege escalation, it would be possible to trick the scripts to overwrite data writable by the user that invokes the script. http://www.linuxsecurity.com/advisories/trustix_advisory-4882.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------