+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 7th, 2005 Volume 6, Number 41a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for gtkdiskfree, util-linux,
ClamAV, loop-aes, helix-player, backupninja, squid, mysql, ntlmaps,
mysql-dfsg, gopher, prozilla, cfengine, mozilla-firefox, apachetop,
drupal, mailutils, egroupware, arc, mod-auth-shadow, mason, slocate,
vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb. The
distributors include Debian, Gentoo, and Red Hat.
---
Denial of Service Attacks
By: Dave Wreski
A "Denial of Service" (DoS) attack is one where the attacker tries
to make some resource too busy to answer legitimate requests, or to
deny legitimate users access to your machine.
Denial of service attacks have increased greatly in recent years. Some
of the more popular and recent ones are listed below. Note that new
ones show up all the time, so this is just a few examples. Read the
Linux security lists and the bugtraq list and archives for more
current information.
* SYN Flooding - SYN flooding is a network denial of service attack.
It takes advantage of a "loophole" in the way TCP connections are
created. The newer Linux kernels (2.0.30 and up) have several
configurable options to prevent SYN flood attacks from denying
people access to your machine or services. See Section 7 for
proper kernel protection options.
* Ping Flooding - Ping flooding is a simple brute-force denial of
service attack. The attacker sends a "flood" of ICMP packets to
your machine. If they are doing this from a host with better
bandwidth than yours, your machine will be unable to send anything
on the network. A variation on this attack, called "smurfing",
sends ICMP packets to a host with your machine's return IP,
allowing them to flood you less detectably.
* Ping o' Death - The Ping o' Death attack sends ICMP ECHO REQUEST
packets that are too large to fit in the kernel data structures
intended to store them. Because sending a single, large (65,510
bytes) "ping" packet to many systems will cause them to hang or
even crash, this problem was quickly dubbed the "Ping o' Death."
This one has long been fixed, and is no longer anything to worry
about.
* Teardrop / New Tear - One of the most recent exploits involves a
bug present in the IP fragmentation code on Linux and Windows
platforms. It is fixed in kernel version 2.0.33, and does not
require selecting any kernel compile-time options to utilize the
fix. Linux is apparently not vulnerable to the "newtear" exploit.
Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
----------------------
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
---
Buffer Overflow Basics
A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.
http://www.linuxsecurity.com/content/view/119087/49/
---
Review: The Book of Postfix: State-of-the-Art Message Transport
I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.
http://www.linuxsecurity.com/content/view/119027/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New gtkdiskfree packages fix insecure temporary file
29th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120472
* Debian: New util-linux packages fix privilege escalation
29th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120473
* Debian: New ClamAV packages fix denial of service
29th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120477
* Debian: New loop-aes-utils packages fix privilege escalation
29th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120478
* Debian: New helix-player packages fix multiple vulnerabilities
29th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120479
* Debian: New backupninja packages fix insecure temporary file
29th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120480
* Debian: New squid packages fix denial of service
30th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120482
* Debian: New squid packages fix denial of service
30th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120483
* Debian: New mysql packages fix arbitrary code execution
30th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120484
* Debian: New ntlmaps packages fix information leak
30th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120485
* Debian: New mysql-dfsg packages fix arbitrary code execution
30th, September, 2005
Update package.
http://www.linuxsecurity.com/content/view/120490
* Debian: New gopher packages fix several buffer overflows
30th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120492
* Debian: New mysql-dfsg-4.1 packages fix arbitrary code execution
1st, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120494
* Debian: New prozilla packages fix arbitrary code execution
1st, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120495
* Debian: New cfengine packages fix arbitrary file overwriting
1st, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120496
* Debian: New cfengine2 packages fix arbitrary file overwriting
1st, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120497
* Debian: New Mozilla Firefox packages fix denial of service
2nd, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120498
* Debian: New mozilla-firefox packages fox multiple vulnerabilities
2nd, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120500
* Debian: New apachetop packages fix insecure temporary file
4th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120507
* Debian: New drupal packages fix remote command execution
4th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120508
* Debian: New mailutils packages fix arbitrary code execution
4th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120514
* Debian: New egroupware packages fix arbitrary code execution
4th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120515
* Debian: New mysql-dfsg-4.1 package fixes arbitrary code execution
4th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120518
* Debian: New arc packages fix insecure temporary files
5th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120520
* Debian: New mod-auth-shadow packages fix authentication bypass
5th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120521
* Debian: New mason packages fix missing init script
6th, October, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120537
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: AbiWord RTF import stack-based buffer overflow
30th, September, 2005
AbiWord is vulnerable to a stack-based buffer overflow during RTF
import, making it vulnerable to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/120486
* Gentoo: Hylafax Insecure temporary file creation in xferfaxstats
30th, September, 2005
Hylafax is vulnerable to linking attacks, potentially allowing a
local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/120491
* Gentoo: Mozilla Suite, Mozilla Firefox Multiple
30th, September, 2005
This advisory was originally released to fix the heap overflow in IDN
headers. However, the official fixed release included several other
security fixes as well.
http://www.linuxsecurity.com/content/view/120493
* Gentoo: gtkdiskfree Insecure temporary file creation
3rd, October, 2005
gtkdiskfree is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/120505
* Gentoo: Berkeley MPEG Tools Multiple insecure temporary
3rd, October, 2005
The Berkeley MPEG Tools use temporary files in various insecure ways,
potentially allowing a local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/120506
* Gentoo: Uim Privilege escalation vulnerability
4th, October, 2005
Under certain conditions, applications linked against Uim suffer from
a privilege escalation vulnerability.
http://www.linuxsecurity.com/content/view/120517
* Gentoo: Texinfo Insecure temporary file creation
5th, October, 2005
Texinfo is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/120524
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Low: slocate security update
5th, October, 2005
An updated slocate package that fixes a denial of service and various
bugs is available. This update has been rated as having low security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120528
* RedHat: Low: vixie-cron security update
5th, October, 2005
An updated vixie-cron package that fixes various bugs and a security
issue is now available. This update has been rated as having low
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120529
* RedHat: Low: net-snmp security update
5th, October, 2005
Updated net-snmp packages that fix two security issues and various
bugs are now available. This update has been rated as having low
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120530
* RedHat: Updated kernel packages available for Red Hat
5th, October, 2005
Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version.
http://www.linuxsecurity.com/content/view/120531
* RedHat: Moderate: openssh security update
5th, October, 2005
Updated openssh packages that fix a security issue, bugs, and add
support for recording login user IDs for audit are now available for
Red Hat Enterprise Linux 4.
http://www.linuxsecurity.com/content/view/120532
* RedHat: Low: binutils security update
5th, October, 2005
An updated binutils package that fixes several bugs and minor
security issues is now available.
http://www.linuxsecurity.com/content/view/120533
* RedHat: Low: perl security update
5th, October, 2005
Updated Perl packages that fix security issues and contain several
bug fixes are now available for Red Hat Enterprise Linux.
http://www.linuxsecurity.com/content/view/120534
* RedHat: Low: mysql security update
5th, October, 2005
Updated mysql packages that fix a temporary file flaw and a number of
bugs are now available
http://www.linuxsecurity.com/content/view/120535
* RedHat: Low: gdb security update
5th, October, 2005
An updated gdb package that fixes several bugs and minor security
issues is now available.
http://www.linuxsecurity.com/content/view/120536
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
