+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| March 4th, 2005 Volume 6, Number 9a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for mod_python, bsmtpd, gaim,
bind, gnucash, dhcp, at vixie-cron, lam, pvm, radvd, selinux-targeted-
policy, tcsh, openoffice, gamin, cmd5checkpw, uim, UnAce, MediaWiki,
phpBB, phpWebSite, xli, xloadimage, firefox, squid, kdenetwork,
nvidia, curl, uw-imap, and cyrus-sasl. The distributors include
Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.
---
>> Enterprise Security for the Small Business <<
Never before has a small business productivity solution been designed
with such robust security features. Engineered with security as a main
focus, the Guardian Digital Internet Productivity Suite is the
cost-effective solution small businesses have been waiting for.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn07
---
VULNERABILITIES IN WEB APPLICATIONS
By Raymond Ankobia
COMMON VULNERABILITIES IN WEB APPLICATIONS
This is by no means an exhaustive list but an indication of some
serious flaws exploited by hackers. Hacking Exposed: Web Applications
(ISBN 007222438X) as a good source for the subject area.
Buffer Overflow Attack: Usually perpetrated in a form of stack, heap
or format string attack [3]. Without doubt, one of the oldest problems
exposed by poor programming; yet attacks continue to be perpetrated on
large scale, simply due to lack of rigorous security routines in web
applications. To get the system to run their own code, attackers
construct an input string sometimes with other malicious code that is
long enough to overrun memory space assigned to it [7]. By doing so,
this spills over and overwrites the stack below, overwriting what was
initially in that address space. If the code contains malicious
payload, it may subvert the system and escalate any privileges it
may have garnered.
SQL Injection Attack: Most e-commerce web sites use dynamic content
to attract and appeal to potential customers by displaying their
wares using dynamic SQL queries and front-end scripts. An attacker
could inject special characters and commands into a SQL database
and modify the intended query. Chaining additional commands with
intent of causing unexpected behavior could alter the meaning to
a query. Not only could the attacker be able to read the entire
database, but also in some circumstances, alter prices of these
commodities.
Cross Site Scripting Attacks: (XSS Attacks) This attack is
executed by embedding malicious message in an HTML form [4] [3]
and posting it as a message to say a newsgroup or bulletin board.
By viewing the message, the user unintentionally gets the code
interpreted and executed by the web browser triggering its associated
payload.
Input Validation Attack: Typically used by most active attackers to
check for client side validation of fields and if successful then try
to escalate privileges gained [3]. Poorly validated client-side
(typically a web browser) allows an attacker to tamper with parameters
sent to the server. Server-side may also compromised if trust is
implicit and validation poorly executed from the client-side.
Phishing Attack: This attack is mainly executed due to vulnerability
in some versions of web browsers. Attackers are able to create bogus
websites and masquerade as legitimate commercial ones. They normally
operate by sending spoofed emails to unsuspecting customers, advising
them to visit their bank's website to reactivate or update their
accounts. The embedded addresses in these emails tend to have some
hidden characters cleverly constructed to make the page appear to be
a legitimate one. On clicking the embedded website address, the
unsuspecting user is redirected to a fake website where the
credentials and details of bank accounts are taken and later used
to empty the accounts.
[4] This anomaly is due to obfuscation techniques used by the URL to
parse information. URL may be parsed in different ways using decimal,
hexadecimal and dWord format. A particular vulnerability in Internet
explorer allowed an attacker to construct and hide information by
simply using the @ symbol in ways that makes it possible to redirect
traffic to bogus sites.
Read Entire Article and see Complete List:
http://www.linuxsecurity.com/content/view/118427/49/
----------------------
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security'
series. The topic explored is Linux file permissions. It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod. This guide is intended for users new to Linux
security, therefore very simple. If the feedback is good, I'll
consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Click to view video demo:
http://www.linuxsecurity.com/content/view/118181/49/
---
The Tao of Network Security Monitoring: Beyond Intrusion Detection
To be honest, this was one of the best books that I've read on network
security. Others books often dive so deeply into technical discussions,
they fail to provide any relevance to network engineers/administrators
working in a corporate environment. Budgets, deadlines, and flexibility
are issues that we must all address. The Tao of Network Security
Monitoring is presented in such a way that all of these are still
relevant. One of the greatest virtues of this book is that is offers
real-life technical examples, while backing them up with relevant case
studies.
http://www.linuxsecurity.com/content/view/118106/49/
---
Encrypting Shell Scripts
Do you have scripts that contain sensitive information like
passwords and you pretty much depend on file permissions to keep
it secure? If so, then that type of security is good provided
you keep your system secure and some user doesn't have a "ps -ef"
loop running in an attempt to capture that sensitive info (though
some applications mask passwords in "ps" output).
http://www.linuxsecurity.com/content/view/117920/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
* Conectiva: mod_python Fix for mod_python vulnerability
2nd, March, 2005
The package mod_python[1] provides an Apache module that embeds the
Python interpreter within the server. This annoucement fixes an
information leak vulnerability[2] in mod_python which could allow a
remote attacker to obtain access to restricted objects via a specially
crafted URL.
http://www.linuxsecurity.com/content/view/118467
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New bsmtpd packages fix arbitrary command execution
25th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118432
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 2 Update: gaim-1.1.4-0.FC2
25th, February, 2005
This update resolves another DoS issue in parsing malformed HTML,
and a MSN related crash that folks were hitting often.
http://www.linuxsecurity.com/content/view/118433
* Fedora Core 3 Update: gaim-1.1.4-0.FC3
25th, February, 2005
This update resolves another DoS issue in parsing malformed HTML,
and a MSN related crash that folks were hitting often.
http://www.linuxsecurity.com/content/view/118434
* Fedora Core 3 Update: bind-9.2.5rc1-1
25th, February, 2005
Upgraded to ISC BIND version 9.2.5rc1 . Added support for LDAP,
PostgreSQL and filesystem Simplified Database Backends (SDB)
with the bind-sdb package, and for development with libbind, the
BIND 8 compatible resolver library, with the bind-libbind-devel
package. Fixed various bugs (see ChangeLog below).
http://www.linuxsecurity.com/content/view/118435
* Fedora Core 3 Update: gnucash-1.8.11-0.fc3
25th, February, 2005
This update updates gnucash to the latest upstream release, 1.8.11.
http://www.linuxsecurity.com/content/view/118436
* Fedora Core 3 Update: dhcp-3.0.1-40_FC3
25th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118437
* Fedora Core 3 Update: at-3.1.8-64_FC3
25th, February, 2005
at(1) now supports access control with PAM (limits.conf,
access.conf).
http://www.linuxsecurity.com/content/view/118438
* Fedora Core 3 Update: vixie-cron-4.1-24_FC3
25th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118439
* Fedora Core 3 Update: lam-7.1.1-1_FC3
25th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118440
* Fedora Core 3 Update: pvm-3.4.5-2_FC3
25th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118441
* Fedora Core 3 Update: radvd-0.7.3-1_FC3
25th, February, 2005
Upgrade to new upstream version 0.7.3.
http://www.linuxsecurity.com/content/view/118442
* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.83
28th, February, 2005
Updated packages.
http://www.linuxsecurity.com/content/view/118448
* Subject: Fedora Core 3 Update: firefox-1.0.1-1.3.1
28th, February, 2005
This update fixes several security vulnerabilities in Firefox 1.0.
It is recommended that all users update to Firefox 1.0.1.
Additionally, this update backports several fixes from rawhide.
http://www.linuxsecurity.com/content/view/118449
* Fedora Core 3 Update: tcsh-6.13-10.FC3.1
28th, February, 2005
This update fixes incorrect message output under certain locales
in new mail notification, changing resource limits and listing
possible completions.
http://www.linuxsecurity.com/content/view/118450
* Fedora Core 3 Update: openoffice.org-1.1.3-6.5.0.fc3
28th, February, 2005
Fix individual programs not launching.
http://www.linuxsecurity.com/content/view/118451
* Fedora Core 3 Update: gamin-0.0.25-1.FC3
2nd, March, 2005
This release fixes some problems with gamin-0.0.24 especially for
temporary storage like USB keys.
http://www.linuxsecurity.com/content/view/118469
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: cmd5checkpw Local password leak vulnerability
25th, February, 2005
cmd5checkpw contains a flaw allowing local users to access other
users cmd5checkpw passwords.
http://www.linuxsecurity.com/content/view/118443
* Gentoo: uim Privilege escalation vulnerability
28th, February, 2005
Under certain conditions, applications linked against uim
suffer from a privilege escalation vulnerability.
http://www.linuxsecurity.com/content/view/118446
* Gentoo: UnAce Buffer overflow and directory traversal
vulnerabilities
28th, February, 2005
UnAce is vulnerable to several buffer overflow and directory
traversal attacks.
http://www.linuxsecurity.com/content/view/118447
* Gentoo: MediaWiki Multiple vulnerabilities
28th, February, 2005
MediaWiki is vulnerable to cross-site scripting, data manipulation
and security bypass attacks.
http://www.linuxsecurity.com/content/view/118452
* Gentoo: phpBB Multiple vulnerabilities
1st, March, 2005
Several vulnerabilities allow remote attackers to gain phpBB
administrator rights or expose and manipulate sensitive data.
http://www.linuxsecurity.com/content/view/118461
* Gentoo: Gaim Multiple Denial of Service issues
1st, March, 2005
Multiple vulnerabilities have been found in Gaim which could allow a
remote attacker to crash the application.
http://www.linuxsecurity.com/content/view/118463
* Gentoo: phpWebSite Arbitrary PHP execution and path disclosure
1st, March, 2005
Remote attackers can upload and execute arbitrary PHP scripts,
another flaw reveals the full path of scripts.
http://www.linuxsecurity.com/content/view/118464
* Gentoo: xli, xloadimage Multiple vulnerabilities
2nd, March, 2005
xli and xloadimage are vulnerable to multiple issues, potentially
leading to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118470
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Critical: firefox security update
1st, March, 2005
Updated firefox packages that fix various bugs are now available.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118462
* RedHat: Moderate: squid security update
3rd, March, 2005
Updated squid packages that fix a denial of service issue are now
available. This update has been rated as having important security
impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118476
* RedHat: Low: kdenetwork security update
3rd, March, 2005
Updated kdenetwork packages that fix a file descriptor leak are now
available. This update has been rated as having low security impact
by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118477
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: kernel / nvidia bugfix update
25th, February, 2005
The previous kernel security update for the SUSE Linux 9.1
and the SUSE Linux Enterprise Server 9 based products caused
problems with the NVidia driver for users with NVidia graphics cards.
http://www.linuxsecurity.com/content/view/118431
* SuSE: curl buffer overflow in NTLM
28th, February, 2005
infamous41md@xxxxxxxxxx reported a vulnerability in libcurl, the
HTTP/FTP retrieval library. This library is used by lots of programs,
including YaST2 and PHP4.
http://www.linuxsecurity.com/content/view/118445
* SuSE: uw-imap authentication bypass
1st, March, 2005
This update fixes a logical error in the challenge response
authentication mechanism CRAM-MD5 used by UW IMAP. Due to this
mistake a remote attacker can gain access to the IMAP server as
arbitrary user.
http://www.linuxsecurity.com/content/view/118456
* SuSE: cyrus-sasl remote code execution
3rd, March, 2005
A buffer overflow in the digestmda5 code was identified that could
lead to a remote attacker executing code in the context of the
service using sasl authentication.
http://www.linuxsecurity.com/content/view/118472
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
