+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 1st, 2004 Volume 5, Number 39a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for kernel, imlib, getmail, sendmail,
vnc, CUPS, cadaver, tcpdump, freenet6, apache, subversion, sharutils,
webmin, and NetPBM. The distributors include Conectiva, Debian, Fedora,
Gentoo, Mandrake, and Trustix.
-----
SSL123 - New from Thawte
Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US $159.00. Free reissues and experienced 24/5
multi-lingual support included for the life of the certificate.
Click Here to Read More:
http://ad.doubleclick.net/clk;9216017;9649395;w
-----
Physical Security
The first ``layer'' of security you need to take into account is the
physical security of your computer systems. Who has direct physical access
to your machine? Should they? Can you protect your machine from their
tampering? Should you?
How much physical security you need on your system is very dependent on
your situation, and/or budget.
If you are a home user, you probably don't need a lot (although you might
need to protect your machine from tampering by children or annoying
relatives). If you are in a Lab environment, you need considerably more,
but users will still need to be able to get work done on the machines.
Many of the following sections will help out. If you are in a Office, you
may or may not need to secure your machine off hours or while you are
away. At some companies, leaving your console unsecured is a termination
offense.
Obvious physical security methods such as locks on doors, cables, locked
cabinets, and video surveillance are all a good idea, but beyond the scope
of this document.
Make use of /etc/shutdown.allow to prevent someone from rebooting your
machine. This file is consulted when the machine is rebooted using the
Control-Alt-Del keys. It contains a list of usernames that are authorized
to reboot the machine.
Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx)
-----
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/feature_stories/feature_story-173.html
---------------------------------------------------------------------
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
9/27/2004 - kernel
vulnerability fix
This announcement fixes a missing[1] Discretionary Access Control
(DAC) check in the chown system call that allowed a local user to
change the group ownership of arbitrary files to a group that he
or she belongs to, leading to a privileges escalation
vulnerability.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4868.html
9/28/2004 - imlib
and imlib2 Fix for a buffer overflow
Marcus Meissner noticed that due to improper bounds checking,
imlib[3] and imlib2[4] are vulnerable to a buffer overflow when
decoding runlength-encoded bitmaps.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4871.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
9/27/2004 - getmail
symlink vulnerability
A security problem has been discovered in getmail, a POP3 and APOP
mail gatherer and forwarder. An attacker with a shell account on
the victims host could utilise getmail to overwrite arbitrary
files when it is running as root.
http://www.linuxsecurity.com/advisories/debian_advisory-4840.html
9/27/2004 - sendmail
pre-set password
Hugo Espuny discovered a problem in sendmail, a commonly used
program to deliver electronic mail. When installing "sasl-bin" to
use sasl in connection with sendmail, the sendmail configuration
script use fixed user/pass information to initialise the sasl
database.
http://www.linuxsecurity.com/advisories/debian_advisory-4880.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
9/28/2004 - vnc
update fixes several bugs
This package updates VNC to the latest released version, 4.0. It
also fixes several bugs not fixed upstream.
http://www.linuxsecurity.com/advisories/fedora_advisory-4872.html
9/28/2004 - CUPS
update fixes a denial of service problem
This update fixes a denial of service problem causing loss of
browse services. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0558 to this issue.
http://www.linuxsecurity.com/advisories/fedora_advisory-4873.html
9/29/2004 - system-config-display update fixes reconfig mode
update fixes a denial of service problem
This release fixes reconfig mode for system-config-display for
Fedora Core 2.
http://www.linuxsecurity.com/advisories/fedora_advisory-4874.html
9/30/2004 - cadaver
security vulnerabilities
Updated cadaver packages that fix multiple security vulnerability
are now available.
http://www.linuxsecurity.com/advisories/fedora_advisory-4878.html
9/30/2004 - tcpdump
multiple security vulnerabilities
Updated tcpdump packages that fix multiple security
vulnerabilities are now available.
http://www.linuxsecurity.com/advisories/fedora_advisory-4879.html
9/30/2004 - freenet6
wrong file permissions
Simon Josefsson noticed that the tspc.conf configuration file in
freenet6, a client to configure an IPv6 tunnel to freenet6.net, is
set world readable.
http://www.linuxsecurity.com/advisories/fedora_advisory-4881.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
9/24/2004 - apache
Exposure of protected directories
A bug in the way Apache handles the Satisfy directive can lead to
the exposure of protected directories to unauthorized users.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4861.html
9/27/2004 - X.org, XFree86 Integer and stack overflows in libXpm
Exposure of protected directories
libXpm, the X Pixmap library that is a part of the X Window
System, contains multiple stack and integer overflows that may
allow a carefully-crafted XPM file to crash applications linked
against libXpm, potentially allowing the execution of arbitrary
code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4862.html
9/29/2004 - subversion
Metadata information leak
An information leak in mod_authz_svn could allow sensitive
metadata of protected areas to be leaked to unauthorized users.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4877.html
10/1/2004 - sharutils
Buffer overflows
sharutils contains two buffer overflow vulnerabilities that could
lead to arbitrary code execution.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4883.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
9/27/2004 - webmin
vulnerability
A vulnerability in webmin was discovered by Ludwig Nussel. A
temporary directory was used in webmin, however it did not check
for the previous owner of the directory.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4851.html
9/28/2004 - NetPBM
update fixes a number of temporary file bugs
A number of temporary file bugs have been found in versions of
NetPBM. These could allow a local user the ability to overwrite or
create files as a different user who happens to run one of the the
vulnerable utilities.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4869.html
9/28/2004 - Openoffice.org update fixes temporary file vulnerabilities
update fixes a number of temporary file bugs
A vulnerability in OpenOffice.org was reported by pmladek where a
local user may be able to obtain and read documents that belong to
another user.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4870.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
9/30/2004 - gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm,
mysql, netatalk, openssl, perl, postgresql Insecure tempfile
handling update fixes a number of temporary file bugs
Trustix Security Engineers identified that all these packages had
one or more script(s) that handled temporary files in an insecure
manner. While it is not believed that any of these holes could
lead to privilege escalation, it would be possible to trick the
scripts to overwrite data writable by the user that invokes the
script.
http://www.linuxsecurity.com/advisories/trustix_advisory-4882.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
