+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 18th, 2005 Volume 6, Number 47a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for awstats, kdelibs, acidlab, AbiWord, uim, ftpd-ssl, phpsysinfo, phpgroupware, lynx, rar, sylpheed, gtk, egroupware, cpio, lm_sensors, and gdk-pixpuf. The distributors include Debian, Gentoo, Mandriva, and Red Hat. ---- Earn an NSA recognized IA Masters Online The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/linsec ---- SELinux Administration, Part II By: Pax Dickinson Policy booleans are sections of policy that can be switched on or off, providing a basic level of policy configurability at runtime without requiring the recompilation of the entire security policy. For example, you might be running a webmail application on your server that requires the webserver process to be able to connect to your mail server ports and read mail files out of user's home directories. Rather than adding those permissions to the security policy where they would reduce security for those not running webmail, a policy developer would create a boolean that the local administrator could enable only if it is required. This helps maintain a high level of security and follows the principle of least privilege. To view a list of the policy booleans in your running policy and their current states, use the sestatus command. This command will list your current enforcing mode and the enforcing mode from the /etc/selinux/config file among other information, and a list of all policy booleans and whether they are active or inactive. You can view the current status of a single boolean by using the command getsebool and passing it the name of the boolean you want to view the state of. Booleans are set using the setsebool command, and passing it the name of the boolean you want to set followed by a 1 or 0 to set the boolean active or inactive respectively. Some sample booleans from the EnGarde Secure Linux SELinux policy are httpd_webmail and user_ping. The httpd_webmail boolean is used for the exact situation used as an example above, while the user_ping boolean determines whether or not regular users are able to send ping packets over the network. Booleans can be as simple as a single allow statement, or can enable or disable large swathes of the policy depending on their purpose. Our SELinux journey is almost done. Next time, we'll discuss policy development basics and see how we can troubleshoot policy denials and write new SELinux policy or modify existing policy to allow our SELinux system to get its jobs done while maintaining a high level of security. Until then, farewell and remember to stay secure. Read Entire Article: http://www.linuxsecurity.com/content/view/120700/49/ ---------------------- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ --- Review: The Book of Postfix: State-of-the-Art Message Transport I was very impressed with "The Book of Postfix" by authors Ralf Hildebrandt and Pattrick Koetter and feel that it is an incredible Postfix reference. It gives a great overall view of the operation and management of Postfix in an extremely systematic and practical format. It flows in a logical manner, is easy to follow and the authors did a great job of explaining topics with attention paid to real world applications and how to avoid many of the associated pitfalls. I am happy to have this reference in my collection. http://www.linuxsecurity.com/content/view/119027/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New awstats packages fix arbitrary command execution 10th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120778 * Debian: New kdelibs packages fix backup file information leak 10th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120779 * Debian: New acidlab packages fix SQL injection 14th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120802 * Debian: New AbiWord packages fix arbitrary code execution 14th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120807 * Debian: New uim packages fix privilege escalation 14th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120808 * Debian: New ftpd-ssl packages fix arbitrary code execution 15th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120809 * Debian: New phpsysinfo packages fix several vulnerabilities 15th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120810 * Debian: New phpgroupware packages fix several vulnerabilities 17th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120833 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: PHP Multiple vulnerabilities 13th, November, 2005 PHP suffers from multiple issues, resulting in security functions bypass, local Denial of service, cross-site scripting or PHP variables overwrite. http://www.linuxsecurity.com/content/view/120797 * Gentoo: Lynx Arbitrary command execution 13th, November, 2005 Lynx is vulnerable to an issue which allows the remote execution of arbitrary commands. http://www.linuxsecurity.com/content/view/120798 * Gentoo: RAR Format string and buffer overflow vulnerabilities 13th, November, 2005 RAR contains a format string error and a buffer overflow vulnerability that may be used to execute arbitrary code. http://www.linuxsecurity.com/content/view/120799 * Gentoo: linux-ftpd-ssl Remote buffer overflow 13th, November, 2005 A buffer overflow vulnerability has been found, allowing a remote attacker to execute arbitrary code with escalated privileges on the local system. http://www.linuxsecurity.com/content/view/120800 * Gentoo: Scorched 3D Multiple vulnerabilities 15th, November, 2005 Multiple vulnerabilities in Scorched 3D allow a remote attacker to deny service or execute arbitrary code on game servers. http://www.linuxsecurity.com/content/view/120814 * Gentoo: Sylpheed, Sylpheed-Claws Buffer overflow in LDIF 15th, November, 2005 Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability which may lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/120815 * Gentoo: GTK+ 2, GdkPixbuf Multiple XPM decoding vulnerabilities 16th, November, 2005 The GdkPixbuf library, that is also included in GTK+ 2, contains vulnerabilities that could lead to a Denial of Service or the execution of arbitrary code. http://www.linuxsecurity.com/content/view/120827 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated lynx packages fix critical vulnerability 12th, November, 2005 An arbitrary command execution vulnerability was discovered in the lynx "lynxcgi:" URI handler. An attacker could create a web page that redirects to a malicious URL which could then execute arbitrary code as the user running lynx. The updated packages have been patched to address this issue. http://www.linuxsecurity.com/content/view/120796 * Mandriva: Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities 16th, November, 2005 The updated packages have new versions of these subsystems to correct these issues. http://www.linuxsecurity.com/content/view/120829 * Mandriva: Updated php packages fix multiple vulnerabilities 17th, November, 2005 Updated package. http://www.linuxsecurity.com/content/view/120832 * Mandriva: Updated autofs packages fix problem with LDAP 16th, November, 2005 A problem with how autofs was linked with the LDAP libraries would cause autofs to segfault on startup. The updated package has been fixed to correct this problem. http://www.linuxsecurity.com/content/view/120830 * Mandriva: Updated acpid package fixes various bugs 16th, November, 2005 A number of bugs have been fixed in this new acpid package: Correct an error in the initscript, to look for lm_battery.sh rather than battery.sh. http://www.linuxsecurity.com/content/view/120831 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Critical: lynx security update 11th, November, 2005 An updated lynx package that corrects a security flaw is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120795 * RedHat: Low: cpio security update 10th, November, 2005 An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120785 * RedHat: Low: lm_sensors security update 10th, November, 2005 Updated lm_sensors packages that fix an insecure file issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120786 * RedHat: Moderate: php security update 10th, November, 2005 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120787 * RedHat: Moderate: php security update 10th, November, 2005 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120788 * RedHat: Important: gdk-pixbuf security update 15th, November, 2005 Updated gdk-pixbuf packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120817 * RedHat: Important: gtk2 security update 15th, November, 2005 Updated gtk2 packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120818 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------