[ISN] Linux Advisory Watch - May 30th 2003

From: InfoSec News (isnat_private)
Date: Mon Jun 02 2003 - 01:08:46 PDT

  • Next message: InfoSec News: "Re: [ISN] Lamo Hacks Cingular Claims Site"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  May 30th, 2003                           Volume 4, Number 21a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for squid, BitchX, netpbm, gPS,
    heimdal, nessus, lprng, gnupg, up2date, ptrace, apache, cups, and glibc.
    The distributors include Conectiva, Debian, Gentoo, Mandrake, Red Hat,
    Slackware, and SuSe. Several of the advisories released are updates to
    vulnerabilities found last week. There is nothing particularly serious
    this week, but it is always a advisable to have everything patched before
    the weekend.
    
    Knowing that your servers are up-to-date is a good way to help ensure that
    you will have an uninterrupted weekend. What else can assure you that
    operations will run smoothly during time off? There are many pieces to the
    equation that are important. One of the most significant aspects is using
    servers that are properly configured and hardened. In addition, proper
    server administration procedures must be followed. While many intrusions
    are a result of vulnerable packages, a large number of them can also be
    attributed to improper software configuration and administration. This
    burden falls on the administrator. What can be done to reduce the risk of
    improper software configuration?
    
    The easiest way is to look for a pre configured or specialized security
    distribution. Because I am a long time contributor to EnGarde Secure
    Linux, I am biased in this recommendation. However, I personally feel that
    using a distribution such as EnGarde will dramatically improve your
    organization's security stance with very little time, effort, and money
    invested. You'll find that with EnGarde, administration becomes easy. I
    have used it for years and now I find myself becoming lazy when it comes
    to using other systems. I find myself not wanting to configure anything
    manually and instead have the WebTool do it for me. Administration has
    become easy and now it is possible to concentrate on more intellectually
    stimulating projects. A specialized distribution is ideal for
    administrators with multiple systems to maintain in a critical
    environment.
    
     More information can be found here:
     http://www.engardelinux.org
    
    If you've only installed Linux and Apache to host your grandmother's
    knitting Web site, or you are just looking to learn the inter workings of
    security and administration. I recommend finding a good Linux security
    book. An interesting book that I recently had the pleasure of reading is
    titled Linux Security Toolkit, by David Bandel. It covers host security,
    network security, firewalls & specialized security software, and Linux
    security auditing. It is easy to read and suitable for administrators
    wishing to concentrate on security. Like most books published today, it is
    not suitable for the seasoned administrator. Although the book is well
    written, it is not full of cutting edge knowledge. If you're looking to
    learn more about security, I recommend taking a look. It is available used
    through Amazon.com at a very reasonable price.
    
     The book can be purchased here:
     http://www.amazon.com/exec/obidos/tg/stores/offering/
     list/-/0764546902/all/ref=dp_bb_a/002-3699577-0487253
    
    Until next time,
    Benjamin D. Thomas
    
    
    
    ## FREE GUIDE-128-bit encryption ##
    Thawte is one of the few companies that offers 128 bit supercerts. A
    supercerts will allow you to extend the highest allowed 128 bit encryption
    to all your clients even if they use browsers that are limited to 40 bit
    encryption.
    
     Download a guide to learn more.
     http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte19
    
    
    LINSECURITY.COM FEATURE:
    Intrusion Detection Systems: An Introduction
    By: Alberto Gonzalez
    
    Intrusion Detection is the process and methodology of inspecting data for
    malicious, inaccurate or anomalous activity. At the most basic levels
    there are two forms of Intrusion Detection Systems that you will
    encounter: Host and Network based.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-143.html
    
    --------------------------------------------------------------------
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     5/26/2003 - BitchX
       Multiple remote vulnerabilities
    
       A buffer overflow and a denial of service attack have been fixed
       in the latest versions of BitchX.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3292.html
    
     5/28/2003 - netpbm
       buffer overflow vulnerabilities
    
       Alan Cox and Al Viro discovered[1] several "math overflow"
       vulnerabilities in netpbm versions <= 9.20.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3296.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     5/29/2003 - gPS
       multiple vulnerabilities
    
       Alan Cox and Al Viro discovered[1] several "math overflow"
       vulnerabilities in netpbm versions <= 9.20.
       http://www.linuxsecurity.com/advisories/debian_advisory-3299.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     5/27/2003 - heimdal
       krb4 cryptographic weakness
    
       heimdal suffers from the same vulnerability as mit-krb5 does,
       hence the identical advisory.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3293.html
    
     5/27/2003 - nessus
       multiple vulnerabilities
    
       There exists some vulnerabilities in NASL scripting engine.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3294.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     5/23/2003 - lprng
       insecure tmp file vulnerability
    
       psbanner creates a temporary file for debugging purposes when it
       is configured as a filter, and does not check whether or not this
       file already exists or is a symlink.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3289.html
    
     5/23/2003 - gnupg
       key validation vulnerability
    
       A bug was discovered in GnuPG versions 1.2.1 and earlier.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3290.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     5/28/2003 - CUPS
       denial of service vulnerability
    
       Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP
       implementation.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3297.html
    
     5/29/2003 - up2date
       multiple vulnerabilities
    
       This release also includes an updated RHNS-CA-CERT file, which
       contains an additional CA certificate.  This is needed so that
       up2date can continue to communicate with Red Hat Network once the
       current CA certificate reaches its August 2003 expiration date.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3300.html
    
     5/29/2003 - ptrace
       kernel vulnerabilitiy
    
       A ptrace-related vulnerability has been discovered that could
       allow a local user to gain elevated (root) privileges without
       authorization.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3301.html
    
     5/29/2003 - apache
       2.0 denial of service vulnerability
    
       A bug in Apache 2.0 through 2.0.45 allows remote attackers to
       cause a denial of service, and may allow execution of arbitrary
       code.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3302.html
    
    
    +---------------------------------+
    |  Distribution: Slackware        | ----------------------------//
    +---------------------------------+
    
     5/29/2003 - cups
       denial of service vulnerability
    
       Upgraded CUPS packages are available for Slackware 8.1, 9.0, and
       -current to fix a denial of service attack vulnerability.
       http://www.linuxsecurity.com/advisories/slackware_advisory-3303.html
    
    
     5/23/2003 - quotacheck
       2.0 denial of service vulnerability
    
       An upgraded sysvinit package is available which fixes a problem
       with the use of quotacheck in /etc/rc.d/rc.M.
       http://www.linuxsecurity.com/advisories/slackware_advisory-3291.html
    
    
    +---------------------------------+
    |  Distribution: SuSe             | ----------------------------//
    +---------------------------------+
    
     5/28/2003 - glibc
       buffer overflow vulnerability
    
       Another integer overflow was found in glibc' XDR code.
       http://www.linuxsecurity.com/advisories/suse_advisory-3298.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 03:28:38 PDT