+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| February 4th, 2005 Volume 6, Number 5a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for squirrelmail, prozilla, cpio,
openswan, enscript, zlib, gaim, cvs, openssl, curl, ruby, rhgh, file,
net-tools, gimp, squid, dump, mc, dbus, kdepim, xpdf, kernel, ngIRCd,
tikiwiki, f2c, ncfs, clamav, imap, chbg, vim, perl-dbi, and
ethereal. The distributors include Debian, Fedora, Gentoo,
Mandrake, and Red Hat.
---
>> Enterprise Security for the Small Business <<
Never before has a small business productivity solution been designed
with such robust security features. Engineered with security as a main
focus, the Guardian Digital Internet Productivity Suite is the
cost-effective solution small businesses have been waiting for.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07
---
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security'
series. The topic explored is Linux file permissions. It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod. This guide is intended for users new to Linux
security, therefore very simple. If the feedback is good, I'll
consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Hello, my name is Benjamin Thomas and I am with Guardian Digital,
the primary sponsor of LinuxSecurity.com Welcome to the first of the
"Getting to know Linux Security" series tutorials that will be
featured on our site. Today's topic is file permissions. This
lesson is primarily intended for those users who are just getting
started, and other wishing to brush up old skills. The examples I
show you today are from a typical Linux command line. Today, I'll
be using EnGarde Secure Linux. More information about this
distribution can be found at Guardian Digital.com and it can be
downloaded at EnGardeLinux.org.
...
Lets Begin. To see a listing of files in a directory, execute the
command 'ls'. As you'll see, there are no files in the temporary
directory that I'm using. Let's first create several files.
touch file1 file2 file3
The command 'ls' then shows the files we have created. A more
informative way to show the files is ls -la. The 'l' switch lists
files in long format and the 'a' switch lists all files,
including hidden ones.
Click to view video demo:
http://www.linuxsecurity.com/content/view/118181/49/
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
----------------------
The Tao of Network Security Monitoring: Beyond Intrusion Detection
To be honest, this was one of the best books that I've read on network
security. Others books often dive so deeply into technical discussions,
they fail to provide any relevance to network engineers/administrators
working in a corporate environment. Budgets, deadlines, and flexibility
are issues that we must all address. The Tao of Network Security
Monitoring is presented in such a way that all of these are still
relevant. One of the greatest virtues of this book is that is offers
real-life technical examples, while backing them up with relevant case
studies. Network security engineers, system administrations, and
security management will find value in this book. It is a must-read
for anyone interested in getting into the field, but would still
be useful as a reference for the experienced expert.
http://www.linuxsecurity.com/content/view/118106/49/
---
Encrypting Shell Scripts
Do you have scripts that contain sensitive information like
passwords and you pretty much depend on file permissions to keep
it secure? If so, then that type of security is good provided
you keep your system secure and some user doesn't have a "ps -ef"
loop running in an attempt to capture that sensitive info (though
some applications mask passwords in "ps" output).
http://www.linuxsecurity.com/content/view/117920/49/
---
A 2005 Linux Security Resolution
Year 2000, the coming of the new millennium, brought us great joy
and celebration, but also brought great fear. Some believed it would
result in full-scale computer meltdown, leaving Earth as a nuclear
wasteland. Others predicted minor glitches leading only to
inconvenience. The following years (2001-2004) have been tainted
with the threat of terrorism worldwide.
http://www.linuxsecurity.com/content/view/117721/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New squirrelmail package fixes several vulnerabilities
1st, February, 2005
Upstream developers noticed that an unsanitised variable could
lead to cross site scripting.
http://www.linuxsecurity.com/content/view/118141
* Debian: New prozilla packages fix arbitrary code execution
1st, February, 2005
Several buffer overflows have been discovered in prozilla, a
multi-threaded download accelerator which could be exploited by a
remote attacker to execute arbitrary code on the victim's machine.
An exploit for prozilla is already in the wild.
http://www.linuxsecurity.com/content/view/118148
* Debian: New cpio packages fix insecure file permissions
2nd, February, 2005
http://www.linuxsecurity.com/content/view/118163
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 3 Update: enscript-1.6.1-28.0.4
31st, January, 2005
This update fixes another regression introduced by a recent update.
http://www.linuxsecurity.com/content/view/118131
* Fedora Core 3 Update: openswan-2.1.5-2.FC3.1
28th, January, 2005
This erratum fixes the remote exploitation of a stack based buffer
overflow vulnerability in Xelerance Corp.'s Openswan, which could
allow attackers to execute arbitrary code.
http://www.linuxsecurity.com/content/view/118104
* Fedora Core 2 Update: elinks-0.9.1-1.1
28th, January, 2005
http://www.linuxsecurity.com/content/view/118108
* Fedora Core 3 Update: elinks-0.9.2-2.1
28th, January, 2005
Links is a text-based Web browser. Links does not display any images,
but it does support frames, tables and most other HTML tags. Links'
advantage over graphical browsers is its speed--Links starts and
exits quickly and swiftly displays Web pages.
http://www.linuxsecurity.com/content/view/118109
* Fedora Core 2 Update: enscript-1.6.1-25.3
28th, January, 2005
This update fixes a regression introduced by the last update.
http://www.linuxsecurity.com/content/view/118111
* Fedora Core 3 Update: enscript-1.6.1-28.0.3
28th, January, 2005
This update fixes a regression introduced by the last update.
http://www.linuxsecurity.com/content/view/118112
* Fedora Core 2 Update: zlib-1.2.1.2-0.fc2
28th, January, 2005
Fixes 2 DoS issues
http://www.linuxsecurity.com/content/view/118113
* CORRECTION: Fedora Core 2 Update: gaim-1.1.2-0.FC2
28th, January, 2005
Fixes a great many bugs. Refer to the official changelog for
details.
http://www.linuxsecurity.com/content/view/118114
* CORRECTION: Fedora Core 3 Update: gaim-1.1.2-0.FC3
28th, January, 2005
Fixes a great many bugs. Refer to the official changelog for
details.
http://www.linuxsecurity.com/content/view/118115
* Fedora Core 3 Update: NetworkManager-0.3.3-1.cvs20050119.2.fc3
31st, January, 2005
http://www.linuxsecurity.com/content/view/118122
* Fedora Core 3 Update: openssl096b-0.9.6b-21
31st, January, 2005
This update adds missing fix for CAN-2004-0081.
http://www.linuxsecurity.com/content/view/118126
* Fedora Core 2 Update: openssl096b-0.9.6b-20
31st, January, 2005
This update adds missing fix for CAN-2004-0081.
http://www.linuxsecurity.com/content/view/118127
* Fedora Core 3 Update: curl-7.12.3-2
31st, January, 2005
libidn-devel is now required so that systems using the devel subpkg
will build correctly. The latest version of curl uses the poll()
syscall to get around a previous file descriptor limit.
http://www.linuxsecurity.com/content/view/118128
* Fedora Core 3 Update: system-config-printer-0.6.116.1-1
31st, January, 2005
Bug-fix release.
http://www.linuxsecurity.com/content/view/118132
* Fedora Core 3 Update: ruby-1.8.2-1.FC3.1
31st, January, 2005
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
http://www.linuxsecurity.com/content/view/118133
* Fedora Core 3 Update: rhgb-0.16.2-1.FC3
31st, January, 2005
This update fixes various errors of the form
"init: open(/dev/pts/0): No such file or directory".
http://www.linuxsecurity.com/content/view/118134
* Fedora Core 3 Update: file-4.12-1.FC3.1
1st, February, 2005
The file command is used to identify a particular file according to
the type of data contained by the file. File can identify many different
file types, including ELF binaries, system libraries, RPM packages,
and different graphics formats.
http://www.linuxsecurity.com/content/view/118143
* Fedora Core 3 Update: net-tools-1.60-37.FC3.1
1st, February, 2005
The net-tools package contains basic networking tools, including
ifconfig, netstat, route, and others.
http://www.linuxsecurity.com/content/view/118144
* Fedora Core 3 Update: gimp-2.2.3-0.fc3.2
1st, February, 2005
The GIMP includes a scripting facility, but many of the included
scripts rely on fonts that we cannot distribute. The GIMP FTP site
has a package of fonts that you can install by yourself, which
includes all the fonts needed to run the included scripts. Some of
the fonts have unusual licensing requirements; all the licenses are
documented in the package.
http://www.linuxsecurity.com/content/view/118145
* Fedora Core 3 Update: system-config-services-0.8.18-0.fc3.1
1st, February, 2005
system-config-services is a utility which allows you to configure
which services should be enabled on your machine.
http://www.linuxsecurity.com/content/view/118146
* Fedora Core 2 Update: squid-2.5.STABLE7-1.FC2.1
1st, February, 2005
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
http://www.linuxsecurity.com/content/view/118153
* Fedora Core 3 Update: squid-2.5.STABLE7-1.FC3.1
1st, February, 2005
Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
http://www.linuxsecurity.com/content/view/118154
* Fedora Core 2 Update: dump-0.4b39-1.FC2
2nd, February, 2005
Updated dump packages contain fixes related to possible data
corruption, unintentional writes to target partition and many other
bugfixes. The updated dump also contains support for Extended
Attributes/Access Control Lists.
http://www.linuxsecurity.com/content/view/118164
* Fedora Core 3 Update: dump-0.4b39-1.FC3
2nd, February, 2005
Updated dump packages contain fixes for unintentional writes to
target partition and other bugfixes. The updated dump also contains
support for Extended Attributes/Access Control Lists.
http://www.linuxsecurity.com/content/view/118165
* Fedora Core 3 Update: mc-4.6.1-0.12.FC3
2nd, February, 2005
The updated mc package contains the latest release candidate,
mc-4.6.1-pre3 and many bugfixes.
http://www.linuxsecurity.com/content/view/118166
* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.75
2nd, February, 2005
This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.
http://www.linuxsecurity.com/content/view/118167
* Fedora Core 3 Update: policycoreutils-1.18.1-2.6
2nd, February, 2005
Security-enhanced Linux is a patch of the Linux kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.
http://www.linuxsecurity.com/content/view/118168
* Fedora Core 3 Update: dbus-0.22-10.FC3.2
2nd, February, 2005
Security fix for Bug#146765 (CAN-2005-0201)
http://www.linuxsecurity.com/content/view/118170
* Fedora Core 3 Update: kdepim-3.3.1-1.FC3.1
3rd, February, 2005
A PIM (Personal Information Manager) for KDE.
http://www.linuxsecurity.com/content/view/118175
* Fedora Core 3 Update: xpdf-3.00-10.3
3rd, February, 2005
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.
http://www.linuxsecurity.com/content/view/118176
* Fedora Core 2 Update: kernel-2.6.10-1.12_FC2
3rd, February, 2005
The kernel package contains the Linux kernel (vmlinuz), the core of
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation,
device
input and output, etc.
http://www.linuxsecurity.com/content/view/118177
* Fedora Core 3 Update: kernel-2.6.10-1.760_FC3
3rd, February, 2005
The kernel package contains the Linux kernel (vmlinuz), the core of
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation,
device input and output, etc.
http://www.linuxsecurity.com/content/view/118178
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: SquirrelMail Multiple vulnerabilities
28th, January, 2005
SquirrelMail fails to properly sanitize user input, which could lead
to arbitrary code execution and compromise webmail accounts.
http://www.linuxsecurity.com/content/view/118103
* Gentoo: ngIRCd Buffer overflow
28th, January, 2005
ngIRCd is vulnerable to a buffer overflow that can be used to crash
the daemon and possibly execute arbitrary code.
http://www.linuxsecurity.com/content/view/118110
* Gentoo: TikiWiki Arbitrary command execution
30th, January, 2005
A bug in TikiWiki allows certain users to upload and execute
malicious PHP scripts.
http://www.linuxsecurity.com/content/view/118117
* Gentoo: VDR Arbitrary file overwriting issue
30th, January, 2005
VDR insecurely accesses files with elevated privileges, which may
result in the overwriting of arbitrary files.
http://www.linuxsecurity.com/content/view/118118
* Gentoo: f2c Insecure temporary file creation
30th, January, 2005
f2c is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/118119
* Gentoo: ncpfs Multiple vulnerabilities
30th, January, 2005
The ncpfs utilities contain multiple flaws, potentially resulting in
the remote execution of arbitrary code or local file access with
elevated privileges.
http://www.linuxsecurity.com/content/view/118120
* Gentoo: Gallery Cross-site scripting vulnerability
30th, January, 2005
Gallery is vulnerable to cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/118121
* Gentoo: ClamAV Multiple issues
31st, January, 2005
ClamAV contains two vulnerabilities that could lead to Denial of
Service and evasion of virus scanning.
http://www.linuxsecurity.com/content/view/118130
* Gentoo: FireHOL Insecure temporary file creation
1st, February, 2005
FireHOL is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/118150
* Gentoo: FireHOL Insecure temporary file creation
1st, February, 2005
FireHOL is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/118151
* Gentoo: UW IMAP CRAM-MD5 authentication bypass
2nd, February, 2005
UW IMAP contains a vulnerability in the code handling CRAM-MD5
authentication allowing authentication bypass.
http://www.linuxsecurity.com/content/view/118157
* Gentoo: enscript Multiple vulnerabilities
2nd, February, 2005
enscript suffers from vulnerabilities and design flaws, potentially
resulting in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118159
* Gentoo: Squid Multiple vulnerabilities
2nd, February, 2005
Squid contains vulnerabilities in the code handling WCCP, HTTP and
LDAP which could lead to Denial of Service, access control bypass, web
cache and log poisoning.
http://www.linuxsecurity.com/content/view/118169
* Gentoo: Newspost Buffer overflow vulnerability
2nd, February, 2005
A buffer overflow can be exploited to crash Newspost remotely and
potentially execute arbitrary code.
http://www.linuxsecurity.com/content/view/118171
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
* Mandrake: Updated clamav package
29th, January, 2005
A problem in the initscript prevented clamd from starting properly.
These new packages fix that problem.
http://www.linuxsecurity.com/content/view/118116
* Mandrake: Updated clamav packages fix
31st, January, 2005
Two problems were discovered in versions of clamav prior to 0.81.
An attacker could evade virus scanning by sending a base64-encoded
imaege file in a URL. Also, by sending a specially-crafted ZIP..
http://www.linuxsecurity.com/content/view/118136
* Mandrake: Updated KDE packages
31st, January, 2005
A problem with the previous update prevented users from updating
kdebase due to a missing file and incomplete rpm header information.
The updated kdebase packages fix this problem.
http://www.linuxsecurity.com/content/view/118137
* Mandrake: Updated imap packages fix
2nd, February, 2005
A vulnerability was discovered in the CRAM-MD5 authentication in
UW-IMAP where, on the fourth failed authentication attempt, a user
would be able to access the IMAP server regardless. This problem
exists only if you are using CRAM-MD5 authentication and have an
/etc/cram-md5.pwd file. This is not the default setup.
The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118155
* Mandrake: Updated chbg packages fix
2nd, February, 2005
A vulnerability in chbg was discovered by Danny Lungstrom. A
maliciously-crafted configuration/scenario file could overflow a
buffer leading to the potential execution of arbitrary code.
The updated packages are patched to prevent the problem.
http://www.linuxsecurity.com/content/view/118156
* Mandrake: Updated vim packages fix
2nd, February, 2005
Javier Fernandez-Sanguino Pena discovered two vulnerabilities in
scripts included with the vim editor.
http://www.linuxsecurity.com/content/view/118172
* RedHat: Updated enscript package fixes security issues
1st, February, 2005
An updated enscript package that fixes several security issues is now
available.
http://www.linuxsecurity.com/content/view/118138
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Updated CUPS packages fix security issue
1st, February, 2005
Updated CUPS packages that fixes a security issue are now available.
http://www.linuxsecurity.com/content/view/118139
* RedHat: Updated perl-DBI package fixes security issue
1st, February, 2005
An updated perl-DBI package that fixes a temporary file flaw in
DBI::ProxyServer is now available.
http://www.linuxsecurity.com/content/view/118140
* RedHat: Updated Ethereal packages fix security issues
2nd, February, 2005
Updated Ethereal packages that fix various security vulnerabilities
are now available.
http://www.linuxsecurity.com/content/view/118158
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
