[ISN] Linux Advisory Watch - October 31st 2003

From: InfoSec News (isn@private)
Date: Mon Nov 03 2003 - 00:20:19 PST

  • Next message: InfoSec News: "[ISN] New rules cut hackers less slack"

    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  October 31st, 2003                       Volume 4, Number 43a |
       Editors:     Dave Wreski                Benjamin Thomas
                    dave@private     ben@private
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    This week, advisories were released for libnids, thttpd, apache2, gdm, and
    fetchmail.  The distributors include Conectiva, Debian, Mandrake, and
     >> FREE Apache SSL Guide from Thawte  <<
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
      Click Command:
    One of my favorite Linux network tools has always been ntop.  For those of
    you who haven't used it, ntop is a command line tool used to gather
    information about network traffic.  It is similar to 'top,' another
    command line tool that is used to report CPU and other resource usage.
    Ntop can be used for traffic measurement, monitoring, network usage
    analysis, and as a security violation detection tool.  Ntop can be
    downloaded on http://www.ntop.org, and it is available for a wide range of
    operating systems.
    Ntop has relatively active community around it.  If you need support there
    are several mailing lists that are available.  Also, the Web site provides
    several usage guides so using the tool to its fullest extent should not be
    a problem.  The documentation provides all of the information that is
    necessary.  Ntop provides an easy way for administrators to easily
    identify bandwidth utilization problems, identifying hosts in promiscuous
    mode, and the use of duplicate IP addresses.
    One of the more interesting features is that ntop can be started in Web
    mode.  For example, 'prompt$ ntop -w 3000' will allow a remote user to be
    able to access ntop information remotely. (http://server.domain.com:3000)
    One of the drawbacks is that ntop is not as robust as some of the
    enterprise traffic monitoring systems.  The small-time system
    administrator should see that as a virtue though.  If you only have
    several machines to keep track of, it has all the power that you would
    ever need.  Normally, this is a tool that I use when trying to diagnose
    problems.  Often, other network reporting tools are too verbose.  Ntop
    provides just enough information quickly, in order to make decisions that
    may affect configuration changes.
    By now, hopefully most of you have used, or consistently use ntop.  If
    not, I urge you to take a look.  Ntop can be a great solution to
    satisfying your curiosity when you would like to know what is happening on
    your network at any given moment.
    Until next time, cheers!
    Benjamin D. Thomas
    EnGarde GDSN Subscription Price Reduction -
    Guardian Digital, the world's premier open source security company,
    announced today that they will be reducing the annual subscription cost of
    the Guardian Digital Secure Network for EnGarde Community users from $229
    to $60 for a limited time.
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    |  Distribution: Conectiva        | ----------------------------//
      10/29/2003 - libnids
        Remote buffer overflow vulnerability
        A remote attacker may potentially exploit this vulnerability to
        execute arbitrary code in the context of the application using this
        functionality of libnids.
    |  Distribution: Debian           | ----------------------------//
      10/29/2003 - thttpd
        Multiple vulnerabilities
        An information leak and an arbitrary code execution vulnerability have
        been fixed.
    |  Distribution: Mandrake         | ----------------------------//
      10/26/2003 - apache2
        DoS Vulnerability
        A problem was discovered in Apache2 where CGI scripts that output more
        than 4k of output to STDERR will hang the script's execution which can
        cause a Denial of Service on the httpd process
    |  Distribution: Slackware        | ----------------------------//
      10/28/2003 - gdm
        multiple vulnerabilities
        These updates fix two vulnerabilities which could allow a local user
        to crash or freeze gdm, preventing access to the machine until a
      10/28/2003 - fetchmail
        denial of service vulnerability
        These fix a vulnerability where a specially crafted email could crash
        fetchmail, preventing the user from downloading or forwarding their
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Nov 03 2003 - 03:32:08 PST