+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | August 8th, 2003 Volume 4, Number 31a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for wget, postfix, kernel, atari800, xfstt, kdelibs, mindi, phpgroupware, eroaster, libc, kdelibs, php, core, stunnel, man-db, Konqueror, and wuftpd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, FreeBSD, Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux. >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache One of the most common causes of software vulnerabilities is poor programming practices. Often, developers sacrifice security to add additional features. Although most coders wish to write securely, many do not. At most universities security is not addressed in programming classes. The only training a student may receive is learning how to check input variables. I now understand that more universities are beginning to take software development security more seriously. For those of us who code at work, or just as a hobby, how can we ensure that we.re coding with best security practices? I recently had the pleasure of reading the recent O.Reilly book Secure Coding: Principles & Practices by Mark G. Graff and Kenneth R. van Wyk. Like all O.Reilly books, it is moderately technical and will not bore you with irrelevant narratives. The book weighs in at just over 200 pages and retails for $29.95 USD. I would normally consider this a bit pricy for a small book. However, in this case the information provided is well worth the money. Every serious developer should have a copy. This book is intended for moderately skilled programmers all the way up to expert level. The best part of the book is that it is written primarily as informational text and theory. It contains very little source code. The authors chose to focus on the practice of secure coding, rather than specific techniques. The information found in this book can provide a strong foundation to the knowledge necessary to begin the secure development process. The beginning of the book provides an introduction to all types of attacks that affect software. Next, a chapter is devoted to secure design including coding steps, issues, and practices to be avoided. The book ends with techniques on how to successfully test software before release. Another valuable part of the book is the case studies provided. Each section contains several real world examples that can help you better understand each concept. As previously stated, Secure Coding: Principles & Practices is highly recommended. If you have been waiting for the perfect book on secure coding, this may be it! http://www.bestwebbuys.com/books/compare/isbn/0596002424/isrc/b-home-search Until Next time, Benjamin D. Thomas benat_private Expert vs. Expertise: Computer Forensics and the Alternative OS No longer a dark and mysterious process, computer forensics have been significantly on the scene for more than five years now. Despite this, they have only recently gained the notoriety they deserve. http://www.linuxsecurity.com/feature_stories/feature_story-147.html REVIEW: Linux Security Cookbook There are rarely straightforward solutions to real world issues, especially in the field of security. The Linux Security Cookbook is an essential tool to help solve those real world problems. By covering situations that apply to everyone from the seasoned Systems Administrator to the security curious home user, the Linux Security Cookbook distinguishes itself as an indispensible reference for security oriented individuals. http://www.linuxsecurity.com/feature_stories/feature_story-145.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 8/2/2003 - wu-ftpd off-by-one vulnerability There is an off-by-one buffer overflow vulnerability in the fb_realpath() function, which handles filename paths in wu-ftpd. http://www.linuxsecurity.com/advisories/connectiva_advisory-3518.html 8/4/2003 - wget buffer overflow vulnerability An attacker can create a long (more than 256 characters), specially crafted URL that when parsed by wget can cause the execution of arbitrary code or program misbehavior. http://www.linuxsecurity.com/advisories/connectiva_advisory-3519.html 8/5/2003 - postfix remote denial of service vulnerability There are multiple vulnerabilities in postfix. http://www.linuxsecurity.com/advisories/connectiva_advisory-3530.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 8/1/2003 - wu-ftpd buffer overflow vulnerability remote denial of service vulnerability iSEC Security Research reports that wu-ftpd contains an off-by-one bugin the fb_realpath function which could be exploited by a logged-in user(local or anonymous) to gain root privileges. http://www.linuxsecurity.com/advisories/debian_advisory-3507.html 8/1/2003 - kernel mulitple vulnerabilities A number of vulnerabilities have been discovered in the Linux kernel. http://www.linuxsecurity.com/advisories/debian_advisory-3508.html 8/1/2003 - atari800 multiple vulnerabilities Steve Kemp discovered multiple buffer overflows in atari800, an Atariemulator. http://www.linuxsecurity.com/advisories/debian_advisory-3509.html 8/1/2003 - xfstt multiple vulnerabilities There are multiple vulnerabilities in xfstt. http://www.linuxsecurity.com/advisories/debian_advisory-3510.html 8/1/2003 - kdelibs Multiple remote vulnerabilities Potential unauthorized access and man-in-the-middle attacks have been fixed. http://www.linuxsecurity.com/advisories/debian_advisory-3515.html 8/2/2003 - mindi insecure tmp file vulnerability mindi, a program for creating boot/root disks, does not takeappropriate security precautions when creating temporary files. http://www.linuxsecurity.com/advisories/debian_advisory-3520.html 8/3/2003 - postfix multiple vulnerabilities There are multiple vulnerabiilities in postfix. http://www.linuxsecurity.com/advisories/debian_advisory-3521.html 8/5/2003 - man-db multiple vulnerabilities multiple vulnerabilities There are multiple vulnerabilities in suid install of man-db. http://www.linuxsecurity.com/advisories/debian_advisory-3531.html 8/5/2003 - kernel vulnerability This advisory provides a correction to the previous kernel updates,which contained an error introduced in kernel-source-2.4.18 version2.4.18-7. This error could result in a kernel "oops" under certaincircumstances. http://www.linuxsecurity.com/advisories/debian_advisory-3532.html 8/5/2003 - kernel vulnerability This advisory provides a correction to the previous kernel updates,which contained an error introduced in kernel-source-2.4.18 version2.4.18-7. http://www.linuxsecurity.com/advisories/debian_advisory-3533.html 8/6/2003 - phpgroupware multiple vulnerabilities Several vulnerabilities have been discovered in phpgroupware. http://www.linuxsecurity.com/advisories/debian_advisory-3536.html 8/6/2003 - eroaster insecure temporary file vulnerabilitiy eroaster does nottake appropriate security precautions when creating a temporary filefor use as a lockfile. http://www.linuxsecurity.com/advisories/debian_advisory-3537.html +---------------------------------+ | Distribution: EnGarde | ----------------------------// +---------------------------------+ 8/4/2003 - 'postfix' remote denial-of-service insecure temporary file vulnerabilitiy Michal Zalewski has discovered a vulnerability in the Postfix MTA which could lead to a remote DoS attack. http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html 8/6/2003 - 'stunnel' signal handler race DoS insecure temporary file vulnerabilitiy Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and SPOP3. A potential vulnerability has been found when stunnel is configured to listen to incoming connections for these services. http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html +---------------------------------+ | Distribution: FreeBSD | ----------------------------// +---------------------------------+ 8/4/2003 - libc buffer overflow vulnerability An off-by-one error exists in a portion of realpath(3) that computesthe length of the resolved pathname. http://www.linuxsecurity.com/advisories/freebsd_advisory-3522.html 8/5/2003 - libc realpath off-by-one vulnerability An off-by-one error exists in a portion of realpath(3) that computesthe length of the resolved pathname. http://www.linuxsecurity.com/advisories/freebsd_advisory-3534.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 8/1/2003 - kdelibs authentication vulnerability A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. http://www.linuxsecurity.com/advisories/mandrake_advisory-3511.html 8/1/2003 - wu-ftpd off-by-one vulnerability authentication vulnerability There is an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. http://www.linuxsecurity.com/advisories/mandrake_advisory-3512.html 8/4/2003 - postfix multiple vulnerabilities Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. http://www.linuxsecurity.com/advisories/mandrake_advisory-3523.html 8/4/2003 - php session handling vulnerability A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. http://www.linuxsecurity.com/advisories/mandrake_advisory-3524.html +---------------------------------+ | Distribution: NetBSD | ----------------------------// +---------------------------------+ 8/4/2003 - core denial of service vulnerability It is possible to crash an OSI connected system remotely by sending ita carefully prepared OSI networking packet. http://www.linuxsecurity.com/advisories/netbsd_advisory-3525.html 8/4/2003 - libc off-by-one vulnerability In the library function realpath, there was a string manipulationmistake which could lead to 1-byte buffer overrun. http://www.linuxsecurity.com/advisories/netbsd_advisory-3526.html +---------------------------------+ | Distribution: RedHat | ----------------------------// +---------------------------------+ 8/1/2003 - wu-ftpd off-by-one vulnerability off-by-one vulnerability An off-by-one bug has been discovered in versions of wu-ftpd up to andincluding 2.6.2. http://www.linuxsecurity.com/advisories/redhat_advisory-3513.html 8/4/2003 - postfix multiple vulnerabilities Two security issues have been found in Postfix that affect the Postfixpackages in Red Hat Linux 7.3, 8.0, and 9. http://www.linuxsecurity.com/advisories/redhat_advisory-3527.html +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ 8/1/2003 - Konqueror Multiple vulnerabilities Note that this update addresses a security problem in Konqueror which may cause authentication credentials to be leaked to an unintended website through the HTTP-referer header when they have been entered into Konqueror as a URL http://www.linuxsecurity.com/advisories/slackware_advisory-3516.html +---------------------------------+ | Distribution: SuSe | ----------------------------// +---------------------------------+ 8/1/2003 - wuftpd off-by-one vulnerability There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. http://www.linuxsecurity.com/advisories/suse_advisory-3514.html 8/4/2003 - postfix multiple vulnerabilities Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. http://www.linuxsecurity.com/advisories/suse_advisory-3528.html +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ 8/4/2003 - wu-ftpd off-by-one vulnerability multiple vulnerabilities This vulnerability may allow remote authenticated users to execute arbitrary code via commands that cause long pathnames. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3529.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:54:48 PDT