+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 15th, 2005 Volume 6, Number 15a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week packages were released for axel, gftp, wireless-tools, glibc,
selinux-policy-targeted, kernel, autofs, GnomeVFS, phpMyAdmin,
shorewall, gtk, shareutils, gdk-buf, kdegraphics, dhcp, and gaim. The
distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, and
SuSE.
---
FREE ANTI-SPAM EVALUATION: Roaring Penguin Software
At last! An anti-spam solution that lets you stop spam on YOUR terms
by giving you full control over its setup and administration. CanIt-PRO
provides you with as much (or as little!) administrative and end-user
control as you want. Try a free 20-day evaluation and test it out
yourself.
Download your copy today:
http://www.roaringpenguin.com/promo/freecaniteval.php?id=linuxsecuritywneval0305
---
Introduction: Buffer Overflow Vulnerabilities
By: Erica R. Thomas
Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.
Buffer overflow vulnerabilities are one of the most common
vulnerabilities. These kinds of vulnerabilities are perfect for
remote access attacks because they give the attacker a great
opportunity to launch and execute their attack code on the target
computer. Broadly speaking, a buffer overflow attack occurs when
the attacker intentionally enters more data than a program was
written to handle. The data runs over and overflows the section
of memory that was set aside to accept it. The extra data
overwrites on top on another portion of memory that was meant
to hold something else, like part of the program's instructions.
This allows an attacker to overwrite data that controls the
program and can takeover control of the program to execute the
attacker's code instead of the program. Peikari and Chuvakin
point out that, "buffer overflows result from an inherent
weakness in the C++ programming language." (Peikari and
Chuvakin, 2004) The problem is that C++ and other programming
languages (those derived from C++), do not automatically
perform bounds-checking when passing data. When variables
are passed, extra characters could be written past the
variable's end. The overflow consequence could result in
the program crashing or allowing the attacker to execute
their own code on the target system.
In order to make sense of how a buffer is overflowed, one must
understand what a buffer is. A program contains code that
accesses variables stored in various locations in memory. When
a program is executed, a specific amount of memory is assigned
for each variable. The amount of memory is determined by the
type of data the variable is anticipated to hold. The memory
set aside is used to store information that the program needs
for its execution. According to Peikari and Chuvakin , "The
program stores the value of a variable in this memory space,
then pulls the value back out of memory when it's needed."
(Peikari and Chuvakin, 2004) A buffer is this virtual space.
Read Full Article:
http://www.linuxsecurity.com/content/view/118881/49/
----------------------
Measuring Security IT Success
In a time where budgets are constrained and Internet threats are
on the rise, it is important for organizations to invest in network
security applications that will not only provide them with powerful
functionality but also a rapid return on investment.
In most organizations IT success is generally calculated through
effectiveness, resource usage and, most importantly, how quickly the
investment can be returned. To correctly quantify the ROI of
information technology, organizations usually measure cost savings
and increased profits since the initial implementation. Additionally,
ROI can also be affected based on the overall impact the investment
has on employee productivity and overall work environment of the company.
http://www.linuxsecurity.com/content/view/118817/49/
---
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security'
series. The topic explored is Linux file permissions. It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod. This guide is intended for users new to Linux
security, therefore very simple. If the feedback is good, I'll
consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Click to view video demo:
http://www.linuxsecurity.com/content/view/118181/49/
---
The Tao of Network Security Monitoring: Beyond Intrusion Detection
To be honest, this was one of the best books that I've read on network
security. Others books often dive so deeply into technical discussions,
they fail to provide any relevance to network engineers/administrators
working in a corporate environment. Budgets, deadlines, and flexibility
are issues that we must all address. The Tao of Network Security
Monitoring is presented in such a way that all of these are still
relevant. One of the greatest virtues of this book is that is offers
real-life technical examples, while backing them up with relevant case
studies.
http://www.linuxsecurity.com/content/view/118106/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New axel packages fix arbitrary code execution
13th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118866
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 3 Update: gftp-2.0.18-0.FC3
7th, April, 2005
Updated package
http://www.linuxsecurity.com/content/view/118824
* Fedora Core 2 Update: gftp-2.0.18-0.FC2
7th, April, 2005
Updated package
http://www.linuxsecurity.com/content/view/118825
* Fedora Core 3 Update: wireless-tools-27-1.2.0.fc3
7th, April, 2005
Please see below for changes.
http://www.linuxsecurity.com/content/view/118827
* Fedora Core 3 Update: glibc-2.3.5-0.fc3.1
7th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118836
* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.94
8th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118839
* Fedora Core 3 Update: kernel-2.6.11-1.14_FC3
11th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118851
* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.96
11th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118852
* Fedora Core 3 Update: autofs-4.1.3-114
12th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118862
* Fedora Core 3 Update: gcc-3.4.3-22.fc3
12th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118864
* Fedora Core 3 Update: gcc4-4.0.0-0.41.fc3
12th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118865
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: GnomeVFS, libcdaudio CDDB response overflow
8th, April, 2005
The GnomeVFS and libcdaudio libraries contain a buffer overflow that
can be triggered by a large CDDB response, potentially allowing the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118837
* Gentoo: Smarty Template vulnerability
10th, April, 2005
New ways of bypassing Smarty's "Template security" were found and
fixed in Smarty. Users making use of that feature are encouraged
to upgrade to version 2.6.9.
The updated sections appear below.
http://www.linuxsecurity.com/content/view/118843
* Gentoo: phpMyAdmin Cross-site scripting vulnerability
11th, April, 2005
phpMyAdmin is vulnerable to a cross-site scripting attack.
http://www.linuxsecurity.com/content/view/118850
* Gentoo: Axel Vulnerability in HTTP redirection handling
12th, April, 2005
A buffer overflow vulnerability has been found in Axel which could
lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118863
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
* Mandrake: Updated shorewall packages
7th, April, 2005
The shorewall package is being updated to provide appropriate bogons
information and other minor fixes.
http://www.linuxsecurity.com/content/view/118823
* Mandrake: Updated gtk+2.0 packages fix
7th, April, 2005
A bug was discovered in the way that gtk+2.0 processes BMP images
which could allow for a specially crafted BMP to cause a Denial of
Service attack on applications linked against gtk+2.0. The updated
packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/118832
* Mandrake: Updated sharutils packages
7th, April, 2005
Shaun Colley discovered a buffer overflow in shar that was triggered
by output files (using -o) with names longer than 49 characters which
could be exploited to run arbitrary attacker-specified code.
http://www.linuxsecurity.com/content/view/118833
* Mandrake: Updated gdk-pixbuf packages
7th, April, 2005
A bug was discovered in the way that gdk-pixbuf processes BMP
images which could allow for a specially crafted BMP to cause a
Denial of Service attack on applications linked against gdk-pixbuf.
The updated packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/118834
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: kdegraphics security update
12th, April, 2005
Updated kdegraphics packages that resolve multiple security issues in
kfax are now available. This update has been rated as having moderate
security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118856
* RedHat: Moderate: dhcp security update
12th, April, 2005
An updated dhcp package that fixes a string format issue is now
available for Red Hat Enterprise Linux 2.1. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/118857
* RedHat: Important: gaim security update
12th, April, 2005
An updated gaim package that fixes multiple denial of service
issues is now available. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118858
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: various KDE security problems
11th, April, 2005
Several vulnerabilities have been identified and fixed in the
KDE desktop environment.
http://www.linuxsecurity.com/content/view/118849
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
