+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 22nd, 2005 Volume 6, Number 16a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for MySQL, PHP, libexif, gtkhtml,
info2www, geneweb, f2c, XFCE, vixie-cron, at, nasm, aspell, urw-fonts,
htdig, alsa-lib, curl, HelixPlayer, cvs, foomatic, monkeyd, mplayer,
xloadimage, logwatch, kernel, OpenOffice, and PostgreSQL. The
distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat,
and SuSE.
---
FREE ANTI-SPAM EVALUATION: Roaring Penguin Software
At last! An anti-spam solution that lets you stop spam on YOUR terms
by giving you full control over its setup and administration. CanIt-PRO
provides you with as much (or as little!) administrative and end-user
control as you want. Try a free 20-day evaluation and test it out
yourself.
Download your copy today:
http://www.roaringpenguin.com/promo/freecaniteval.php?id=linuxsecuritywneval0305
---
Introduction: Buffer Overflow Vulnerabilities, Part II
By: Erica R. Thomas
In exploiting the buffer overflow vulnerability, the main objective
is to overwrite some control information in order to change the flow
of control in the program. The usual way of taking advantage of this
is to modify the control information to give authority to code
provided by the attacker to take control. According to Shaneck, "The
most widespread type of exploit is called 'Smashing the Stack' and
involves overwriting the return address stored on the stack to transfer
control to code placed either in the buffer, or past the end of the
buffer." (Shaneck, 2003) The stack is a section of memory used for
temporary storage of information. In a stack-based buffer overflow
attack, the attacker adds more data than expected to the stack,
overwriting data. Farrow explains this in an example, "Let's say that
a program is executing and reaches the stage where it expects to use
a postal code or zip code, which it gets from a Web-based form that
customers filled out." (Farrow, 2002) The longest postal code is
fewer than twelve characters, but on the web form, the attacker
typed in the letter "A" 256 times, followed by some other commands.
The data overflows the buffer allotted for the zip code and the
attacker's commands fall into the stack. After a function is called,
the address of the instruction following the function call is pushed
onto the stack to be saved so that the function knows where to return
control when it is finished. A buffer overflow allows the attacker
to change the return address of a function to a point in memory where
they have already inserted executable code. Then control can be
transferred to the malicious attack code contained with the buffer,
called the payload (Peikari and Chuvakin, 2004). The payload is
normally a command to allow remote access or some other command that
would get the attacker closer to having control of the system. As
Holden explains, "a computer is flooded with more information than
it can handle, and some of it may contain instructions that could
damage files on the computer or disclose information that is
normally protected- or give the hacker root access to the system."
(Holden, 2004)
The best defense against any of these attacks is to have perfect
programs. In ideal circumstances, every input in every program would
do bounds checks to allow only a given number of characters.
Therefore, the best way to deal with buffer overflow problems is
to not allow them to occur in the first place. Unfortunately, not
all programs are perfect and some have bugs that permit the attacks
discussed in this paper. As described by Farrow, "because programs
are not perfect, programmers have come up with schemes to defend
against buffer overflow attacks." (Farrow, 2002) One technique
entails enforcing the computer to use the stack and the heap for
data only and to never to execute any instructions found there.
This approach can work for UNIX systems, but it can't be used on
Windows systems. Farrow describes another scheme using a canary to
protect against buffer overflows, but only the kind that overwrite
the stack. (Farrow, 2002) The stack canary protects the stack by
being put in sensitive locations in memory like the return address
(that tells the computer where to find the next commands to execute
after it completes its current function). As described by Farrow,
"before return addresses get used, the program checks to see if the
canary is okay." (Farrow, 2002) If the canary has been hit, the
program then quits because it knows that something has gone wrong.
As a user of the programs, the best countermeasure is to make sure
your systems are fully patched in order to protect yourself from
exploits targeting vulnerabilities.
Read Full Article:
http://www.linuxsecurity.com/content/view/118881/49/
----------------------
Measuring Security IT Success
In a time where budgets are constrained and Internet threats are
on the rise, it is important for organizations to invest in network
security applications that will not only provide them with powerful
functionality but also a rapid return on investment.
In most organizations IT success is generally calculated through
effectiveness, resource usage and, most importantly, how quickly the
investment can be returned. To correctly quantify the ROI of
information technology, organizations usually measure cost savings
and increased profits since the initial implementation. Additionally,
ROI can also be affected based on the overall impact the investment
has on employee productivity and overall work environment of the company.
http://www.linuxsecurity.com/content/view/118817/49/
---
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security'
series. The topic explored is Linux file permissions. It offers an
easy to follow explanation of how to read permissions, and how to set
them using chmod. This guide is intended for users new to Linux
security, therefore very simple. If the feedback is good, I'll
consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
Click to view video demo:
http://www.linuxsecurity.com/content/view/118181/49/
---
The Tao of Network Security Monitoring: Beyond Intrusion Detection
To be honest, this was one of the best books that I've read on network
security. Others books often dive so deeply into technical discussions,
they fail to provide any relevance to network engineers/administrators
working in a corporate environment. Budgets, deadlines, and flexibility
are issues that we must all address. The Tao of Network Security
Monitoring is presented in such a way that all of these are still
relevant. One of the greatest virtues of this book is that is offers
real-life technical examples, while backing them up with relevant case
studies.
http://www.linuxsecurity.com/content/view/118106/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
* Conectiva: MySQL Fixes for two mysql vulnerabilities
20th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118933
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New PHP3 packages fix denial of service
15th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118884
* Debian: New libexif packages fix arbitrary code execution
15th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118889
* Debian: New gtkhtml packages fix denial of service
18th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118901
* Debian: New info2www packages fix cross-site scripting
vulnerability
19th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118907
* Debian: New geneweb packages fix insecure file operations
19th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118915
* Debian: New f2c packages fix insecure temporary files
20th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118927
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 3 Update: XFCE 4.2.1.1 (15 packages)
15th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118890
* Fedora Core 3 Update: vixie-cron-4.1-33_FC3
15th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118891
* Fedora Core 3 Update: at-3.1.8-70_FC3
15th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118892
* Fedora Core 3 Update: nasm-0.98.38-3.FC3
18th, April, 2005
The new NASM packages contain fixes for CAN-2004-1287 and one
additional vsprintf buffer overflow.
http://www.linuxsecurity.com/content/view/118899
* Fedora Core 3 Update: php-4.3.11-2.4
18th, April, 2005
This update includes the latest stable release of PHP 4.3, including
a number of security fixes to the exif extension (CVE CAN-2005-1042
and CAN-2005-1043) and the getimagesize() function (CVE CAN-2005-0524),
along with many bug fixes.
http://www.linuxsecurity.com/content/view/118900
* Fedora Core 3 Update: aspell-bg-0.50-8.fc3
19th, April, 2005
aspell-bg-0.50-7 contains many false words. aspell-bg-0.50-8.fc3 fix
this problem.
http://www.linuxsecurity.com/content/view/118914
* Fedora Core 3 Update: urw-fonts-2.3-0.FC3.1
19th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118916
* Fedora Core 3 Update: htdig-3.2.0b6-3.FC3.1
19th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118917
* Fedora Core 3 Update: alsa-lib-1.0.6-8.FC3
20th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118931
* Fedora Core 3 Update: curl-7.12.3-3.fc3
20th, April, 2005
New curl version fixes CAN-2005-0490 problem (Multiple stack
based overflows).
http://www.linuxsecurity.com/content/view/118932
* Fedora Core 3 Update: HelixPlayer-1.0.4-1.0.fc3.1
20th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118934
* Fedora Core 3 Update: cvs-1.11.17-6.FC3
20th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118935
* Fedora Core 3 Update: foomatic-3.0.2-13.4
20th, April, 2005
This is a minor bug-fix update.
http://www.linuxsecurity.com/content/view/118936
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: OpenOffice.Org DOC document Heap Overflow
15th, April, 2005
OpenOffice.Org is vulnerable to a heap overflow when processing DOC
documents, which could lead to arbitrary code execution.
http://www.linuxsecurity.com/content/view/118893
* Gentoo: monkeyd Multiple vulnerabilities
15th, April, 2005
Format string and Denial of Service vulnerabilities have been
discovered in the monkeyd HTTP server, potentially resulting in the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118894
* Gentoo: PHP Multiple vulnerabilities
18th, April, 2005
Several vulnerabilities were found and fixed in PHP image handling
functions, potentially resulting in Denial of Service conditions or
the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118897
* Gentoo: CVS Multiple vulnerabilities
18th, April, 2005
Several serious vulnerabilities have been found in CVS, which may
allow an attacker to remotely compromise a CVS server or cause a DoS.
http://www.linuxsecurity.com/content/view/118905
* Gentoo: XV Multiple vulnerabilities
19th, April, 2005
Multiple vulnerabilities have been discovered in XV, potentially
resulting in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118906
* Gentoo: Mozilla Firefox, Mozilla Suite Multiple vulnerabilities
19th, April, 2005
New Mozilla Firefox and Mozilla Suite releases fix new security
vulnerabilities, including memory disclosure and various ways of
executing JavaScript code with elevated privileges.
http://www.linuxsecurity.com/content/view/118910
* Gentoo: MPlayer Two heap overflow vulnerabilities
20th, April, 2005
Two vulnerabilities have been found in MPlayer which could lead to
the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118924
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Low: xloadimage security update
19th, April, 2005
A new xloadimage package that fixes bugs in handling malformed tiff
and pbm/pnm/ppm images, and in handling metacharacters in filenames
is now available. This update has been rated as having low security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118919
* RedHat: Moderate: logwatch security update
19th, April, 2005
An updated logwatch package that fixes a denial of service issue is
now available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118920
* RedHat: Important: kernel security update
19th, April, 2005
Updated kernel packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. This update has been
rated as having important security impact by the Red Hat Security
Response Team. The Linux kernel handles the basic functions of the
operating system.
http://www.linuxsecurity.com/content/view/118921
* RedHat: Critical: RealPlayer security update
20th, April, 2005
An updated RealPlayer package that fixes a buffer overflow issue is
now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118937
* RedHat: Critical: HelixPlayer security update
20th, April, 2005
An updated HelixPlayer package that fixes a buffer overflow issue is
now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118938
* RedHat: Critical: RealPlayer security update
20th, April, 2005
An updated RealPlayer package that fixes a buffer overflow issue is
now available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118940
* RedHat: Important: firefox security update
21st, April, 2005
Updated firefox packages that fix various security bugs are now
available.This update has been rated as having Important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118941
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: php remote denial of service
15th, April, 2005
This update fixes the following security issues in the PHP scripting
language.
http://www.linuxsecurity.com/content/view/118883
* SuSE: cvs (SUSE-SA:2005:024)
18th, April, 2005
The Concurrent Versions System (CVS) offers tools which allow
developers
to share and maintain large software projects.
The current maintainer of CVS reported various problems within CVS
such as a buffer overflow and memory access problems which have
been fixed within the available updates.
The CVE project has assigned the CAN number CAN-2005-0753.
http://www.linuxsecurity.com/content/view/118898
* SuSE: OpenOffice heap overflow problem
19th, April, 2005
This security update fixes a buffer overflow in OpenOffice_org
Microsoft Word document reader which could allow a remote attacker
sending a handcrafted .doc file to execute code as the user
opening the document in OpenOffice.
http://www.linuxsecurity.com/content/view/118911
* SuSE: RealPlayer buffer overflow in RAM
20th, April, 2005
This update fixes a security issue within the RealPlayer media
player.
http://www.linuxsecurity.com/content/view/118925
* SuSE: PostgreSQL buffer overflow problems
20th, April, 2005
Several problems were identified and fixed in the PostgreSQL
database server.
http://www.linuxsecurity.com/content/view/118926
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
