+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 23rd, 2005 Volume 6, Number 51a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
Happy Holidays! This week, advisories were released for dropbear, nbd,
phpbb2, OpenLDAP, Xpdf, cURL, CenterICQ, digikam, apache2, sudo, kernel,
netpbm, udev, gpdf, kdegraphics, cups, and perl. The distributors
include Debian, Gentoo, Mandriva, and Red Hat.
----
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.
http://www.msia.norwich.edu/linsec
----
IPv6 approach for TCP SYN Flood attack over VoIP, Part I
By: Suhas Desai
In this paper, we describe and analyze a network based DoS attack for
IP based networks. It is known as SYN flooding. It works by an attacker
sending many TCP connection requests with spoofed source addresses to
a victim's machine. Each request causes the targeted host to instantiate
data structures out of a limited pool of resources to deny further
legitimate access.
The paper contributes a detailed analysis of the SYN flooding attack
and existing and proposed countermeasures. SYN flooding attacks in
application Performance Validation with VoIP gives improper results. To
overwhelm it, IPv6 approaches have been proposed here with successful
implementation it with Network Tester using Moonerv6 Phases algorithms.
Agilent Network Tester practices on the same principles to make
availability of IPv6 service in Networks or sensor networks.
1. Introduction
The attack exploits weaknesses in the TCP/IP (Transmission Control
Protocol/Internet Protocol) protocol suite. This cannot be corrected
without significant modifications to its protocols. This denial of
service attacks can be launched with little effort. Presently, it is
difficult to trace an attack back to its originator.
Several possible solutions to this attack have been proposed by
others, and some implemented. We have proposed and developed a
monitoring tool in IPv6 that classifies IP source addresses with
high probability as being falsified or genuine. Our approach finds
connection establishment protocol messages that are coming from forged
IP addresses, and takes actions to ensure that the resulting
illegitimate half-open connections are reset immediately to work
over VoIP applications.
2. Background
We will provide a brief description of the features of the TCP/IP
protocol suite that facilitate this attack.
2.1. Internet Protocol
The Internet Protocol (IP) is the standard network layer protocol
of the Internet that provides an unreliable, connection-less,
best-effort packet delivery service. IP defines the basic unit of
data transfer used throughout an IP network, called a datagram. The
service is unreliable, because the delivery of datagrams is not
guaranteed. Datagrams may be lost, duplicated, delayed, or delivered
out of order. IP is connection-less, because each packet is treated
independently of others . each may travel over different paths and
some may be lost while others are delivered. IP provides best-effort
delivery, because packets are not discarded unless resources are
exhausted or underlying networks fail. Datagrams are routed towards
their destination. A set of rules characterize how hosts and gateways
should process packets, how and when error messages should be
generated, and when packets should be discarded.
Read Entire Article:
http://www.linuxsecurity.com/content/view/121083/49/
----------------------
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
---
Buffer Overflow Basics
A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.
http://www.linuxsecurity.com/content/view/119087/49/
---
Review: The Book of Postfix: State-of-the-Art Message Transport
I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.
http://www.linuxsecurity.com/content/view/119027/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New dropbear packages fix arbitrary code execution
19th, December, 2005
Updated package.
http://www.linuxsecurity.com/content/view/121037
* Debian: New nbd packages fix potential arbitrary code execution
21st, December, 2005
Updated package.
http://www.linuxsecurity.com/content/view/121071
* Debian: New phpbb2 packages fix several vulnerabilities
22nd, December, 2005
Updated package.
http://www.linuxsecurity.com/content/view/121073
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: OpenLDAP, Gauche RUNPATH issues
15th, December, 2005
OpenLDAP and Gauche suffer from RUNPATH issues that may allow users
in the "portage" group to escalate privileges.
http://www.linuxsecurity.com/content/view/121020
* Gentoo: Xpdf, GPdf, CUPS, Poppler Multiple vulnerabilities
16th, December, 2005
Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and
Poppler potentially resulting in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/121023
* Gentoo: cURL Off-by-one errors in URL handling
16th, December, 2005
cURL is vulnerable to local arbitrary code execution via buffer
overflow due to the insecure parsing of URLs.
http://www.linuxsecurity.com/content/view/121028
* Gentoo: Opera Command-line URL shell command injection
18th, December, 2005
Lack of URL validation in Opera command-line wrapper could be abused
to execute arbitrary commands.
http://www.linuxsecurity.com/content/view/121035
* Gentoo: CenterICQ Multiple vulnerabilities
20th, December, 2005
CenterICQ is vulnerable to a Denial of Service issue, and also
potentially to the execution of arbitrary code through an included
vulnerable ktools library.
http://www.linuxsecurity.com/content/view/121044
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated digikam packages fixes printing functionality
16th, December, 2005
The printing functionality of DigiKam in Mandriva 2006 is flawed in
that when trying to print a picture, regardless of the size, it swaps
near infinitely and takes an extremely long time until the photo
comes out. As well, the photo may not come out because GhostScript
fails due to lack of memory.
http://www.linuxsecurity.com/content/view/121034
* Mandriva: Updated apache2 packages fix vulnerability in worker MPM
19th, December, 2005
A memory leak in the worker MPM in Apache 2 could allow remote
attackers to cause a Denial of Service (memory consumption) via
aborted commands in certain circumstances, which prevents the memory
for the transaction pool from being reused for other connections.<P>
http://www.linuxsecurity.com/content/view/121043
* Mandriva: Updated sudo packages fix vulnerability
20th, December, 2005
Charles Morris discovered a vulnerability in sudo versions prior to
1.6.8p12 where, when the perl taint flag is off, sudo does not clear
the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which
could allow limited local users to cause a perl script to include and
execute arbitrary library files that have the same name as library
files that included by the script.
http://www.linuxsecurity.com/content/view/121061
* Mandriva: Updated kernel packages fix numerous vulnerabilities
21st, December, 2005
Updated package.
http://www.linuxsecurity.com/content/view/121072
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Moderate: netpbm security update
20th, December, 2005
Updated netpbm packages that fix two security issues are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121050
* RedHat: Important: udev security update
20th, December, 2005
Updated udev packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121051
* RedHat: Important: gpdf security update
20th, December, 2005
An updated gpdf package that fixes several security issues is now
available
for Red Hat Enterprise Linux 4. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121052
* RedHat: Important: kdegraphics security update
20th, December, 2005
Updated kdegraphics packages that resolve several security issues in
kpdf
are now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121053
* RedHat: Moderate: curl security update
20th, December, 2005
Updated curl packages that fix a security issue are now available for
Red
Hat Enterprise Linux 4. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121054
* RedHat: Important: cups security update
20th, December, 2005
Updated CUPS packages that fix multiple security issues are now
available
for Red Hat Enterprise Linux. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121055
* RedHat: Moderate: perl security update
20th, December, 2005
Updated Perl packages that fix security issues and bugs are now
available
for Red Hat Enterprise Linux 4. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121056
* RedHat: Moderate: perl security update
20th, December, 2005
Updated Perl packages that fix security issues and bugs are now
available
for Red Hat Enterprise Linux 3. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121057
* RedHat: Important: xpdf security update
20th, December, 2005
An updated xpdf package that fixes several security issues is now
available. This update has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121059
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
