[ISN] Linux Advisory Watch - October 3rd 2003

From: InfoSec News (isn@private)
Date: Sun Oct 05 2003 - 23:20:29 PDT

  • Next message: InfoSec News: "[ISN] Confessions of a hacker"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  October 3rd, 2003                        Volume 4, Number 39a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for proftpd, openssl, marbles,
    freesweep, webfs, OpenSSL, mpg123, teapop, and proftpd.  The distributors
    include Conectiva, Debian, Guardian Digital's EnGarde Linux, Gentoo,
    Immunix, Red Hat, Trustix, and Turbolinux.
    
    >> FREE Apache SSL Guide from Thawte  <<
    
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     Click Command:
     http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
    
    ---
    
    Last week, I wrote about some of the problems that are associated with
    using passwords as a method of authentication.  There are several
    techniques that can be utilized to improve password security, however,
    users often have such a large number of different passwords they can
    become difficult to manage.  Users are forced to remember multiple
    passwords to different systems on different networks.  This causes users
    to write down or continuously need their passwords reset.
    
    Single sign-on is a technology that can be implemented to relieve some of
    the strain that passwords put on users and administrators. With SSO,
    multiple passwords become invisible to the user because they are only
    required to login initially then the credentials are sent to each
    application by the way of the single sign-on system.
    
    Initially, migrating from a traditional password structure can be a
    daunting task.  The problem is particularly apparent when trying to
    connect legacy applications.  However, the headaches will quickly go away
    if the system includes the ability for users to reset their own password
    using other credentials that were given at their initial connection to the
    system.  This functionality could be extremely beneficial to enterprise
    size organizations that must reset hundreds of passwords a day.
    
    A single sign-on system is not the holy grail.  Like any feature on a
    network, it provides its own set of risks.  Having a SSO system provides a
    single point of failure.  If the system is down, every application on the
    network is potentially down. There are always tradeoffs between security
    and convenience, but many large organizations have felt that this is a
    risk worth taking.  Although SSO provides the possibility of having a
    single point of failure, it is also possible to configure the system so
    that it is redundant, providing service if one system goes down.
    Implementing a system correctly requires a great deal of planning, time,
    and money.
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    --> FEATURE: R00ting The Hacker
    Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
    Hackers is a former intelligence officer in the U.S. Marine Corps who
    currently writes for Computerworld and CNN.com, covering national
    cyber-security issues and critical infrastructure protection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-150.html
    
    --> EnGarde GDSN Subscription Price Reduction
    Guardian Digital, the world's premier open source security company,
    announced today that they will be reducing the annual subscription cost of
    the Guardian Digital Secure Network for EnGarde Community users from $229
    to $60 for a limited time.
    http://www.linuxsecurity.com/feature_stories/feature_story-151.html
    
    --> FEATURE: A Practical Approach of Stealthy Remote Administration
    This paper is written for those paranoid administrators who are
    looking for a stealthy technique of managing sensitive servers
    (like your enterprise firewall console or IDS).
    
    http://www.linuxsecurity.com/feature_stories/feature_story-149.html
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     9/29/2003 - proftpd
       Arbitrary code execution vulnerability
    
       An attacker who is able to upload and download the same file can
       exploit this vulnerability to execute arbitrary code with root
       privileges.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3689.html
    
     9/30/2003 - openssl
       ASN.1 parsing vulnerabilities
    
       An SSL/TLS testing suite developed by the NISCC (UK National
       Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
       vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
       result in a denial of service.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3694.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     9/26/2003 - marbles
       Buffer overflow vulnerability
    
       Steve Kemp discovered a buffer overflow in marbles, when processing the
       HOME environment variable.  This vulnerability could be exploited by a
       local user to gain gid 'games'.
       http://www.linuxsecurity.com/advisories/debian_advisory-3686.html
    
     9/28/2003 - freesweep
       Buffer overflow vulnerability
    
       Steve Kemp discovered a buffer overflow in freesweep, when processing
       several environment variables.  This vulnerability could be exploited
       by a local user to gain gid 'games'.
       http://www.linuxsecurity.com/advisories/debian_advisory-3687.html
    
     9/29/2003 - webfs
       Multiple vulnerabilities
    
       Multiple vulnerabilities including unauthorized access and buffer
       overflow have been fixed.
       http://www.linuxsecurity.com/advisories/debian_advisory-3690.html
    
    
    +---------------------------------+
    |  Distribution: EnGarde          | ----------------------------//
    +---------------------------------+
    
     9/30/2003 - OpenSSL
       ASN.1 parsing vulnerabilities
    
       An SSL/TLS testing suite developed by the NISCC (UK National
       Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
       vulnerabilities in OpenSSL.  Exploitation of these vulnerabilities may
       result in a denial of service.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     9/29/2003 - media-video/mplayer Buffer overflow vulnerability
       ASN.1 parsing vulnerabilities
    
       A remotely exploitable buffer overflow vulnerability was found in
       MPlayer. A malicious host can craft a harmful ASX header, and trick
       MPlayer into executing arbitrary code upon parsing that header.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3691.html
    
     9/29/2003 - net-ftp/proftpd Remote file compromise vulnerability
       ASN.1 parsing vulnerabilities
    
       ISS X-Force discovered a vulnerability that could be triggered when a
       specially crafted file is uploaded to a proftpd server.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3692.html
    
     9/30/2003 - mpg123
       Buffer overflow vulnerability
    
       mpg123 contains a heap based buffer overflow that would allow an remote
       attacker to execute arbitrary code on the victims machine.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3695.html
    
     9/30/2003 - teapop
       SQL Injection vulnerability
    
       teapop suffers from a sql injection in the postgresql and mysql
       authentication module.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3696.html
    
    
    +---------------------------------+
    |  Distribution: Immunix          | ----------------------------//
    +---------------------------------+
    
     9/30/2003 - ASN.1 Parsing vulnerabilities
       SQL Injection vulnerability
    
       An SSL/TLS testing suite developed by the NISCC (UK National
       Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
       vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
       result in a denial of service.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3697.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     9/30/2003 - OpenSSL
       ASN.1 Parsing vulnerabilities
    
       An SSL/TLS testing suite developed by the NISCC (UK National
       Infrastructure Security Co-Ordination Centre) uncovered ASN.1 parsing
       vulnerabilities in OpenSSL. Exploitation of these vulnerabilities may
       result in a denial of service.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3698.html
    
    
    +---------------------------------+
    |  Distribution: Trustix          | ----------------------------//
    +---------------------------------+
    
     9/29/2003 - 'proftpd' remote exploit
       ASN.1 Parsing vulnerabilities
    
       An error exists in the ASCII upload handling of Proftpd version 1.2.7
       and later that can be used to trigger an buffer overflow and thus
       execute arbitrary code.  This has now been fixed.
       http://www.linuxsecurity.com/advisories/trustix_advisory-3688.html
    
    
    +---------------------------------+
    |  Distribution: Turbolinux       | ----------------------------//
    +---------------------------------+
    
     9/30/2003 - proftpd
       ASCII File Remote Compromise Vulnerability
    
       A vulnerability exists in the ProFTPD server that can be triggered by
       remote attackers when transferring files from the FTP server in ASCII
       mode.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3699.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 06 2003 - 02:14:44 PDT