[ISN] Linux Advisory Watch - November 21st 2003

From: InfoSec News (isn@private)
Date: Sun Nov 23 2003 - 23:31:11 PST

  • Next message: InfoSec News: "[ISN] Bluejacking ain't hijacking"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  November 21st, 2003                      Volume 4, Number 46a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for zebra, hylafax, minimalist, Glibc,
    XFree86, Sane, postgresql, and apache.  The distributors include
    Conectiva, Debian, Mandrake, RedHat, SuSE, and Trustix.
    
    ---
    
    >> Free Trial SSL Certificate from Thawte <<
    
    Take your first step towards giving your online business a competitive
    advantage. Test-drive a Thawte SSL certificate our easy online guide will
    show you how.
    
    Get started now:
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte27
    
    ---
    
    One of the more powerful and cutting edge technologies in security today
    is honeypots.  Those who have a need for better network monitoring and
    increased intrusion detection capabilities should find value in their
    usage.  The concept of honeypots has been around for many years, but until
    recently they haven't had much widespread use.  More recently, research
    has been done to precisely define what honeypots are, and the development
    of honeypot type classification.  With community involvement, Lance
    Spitzner uses the following definition to define honeypots: "A honeypot is
    an information system resource whose value lies in unauthorized or illicit
    use of that resource."
    
    To the average IT person, honeypots may be somewhat confusing. How could
    any system value from 'unauthorized or illicit' use? Isn't it the
    responsibility of security professionals to ensure that there is no
    wrongful use to IT systems?  I don't think this analogy is completely
    appropriate, but a honeypot is similar to a police sting operation.  The
    name honeypot almost implies that the IT resource is 'bait' to lure
    unauthorized users.  While this could be true, I'm not sure that it is the
    best way to think about honeypots. Lance's definition contains the word
    value.  What value is there in setting up an easy target to lure
    unauthorized user? That's almost like buying a car and always leaving it
    unlocked with the keys in it, parking it by your normal car, hoping
    someone will steal your 'honeycar' rather than the car that you use
    everyday. In my opinion, that is a very expensive protection system.
    
    A better approach is to have specific goals in mind when implementing
    honeypots.  Are you going to use this as research, simply to gain
    knowledge to help you better protect against the enemy, or are you a
    corporate user who wants to use a honeypot as a supplement to your
    intrusion detection system?  Often, corporate IDS' have so many alerts, it
    is nearly impossible to sort out real events.  Honeypots provide an
    excellent method of identifying unauthorized traffic and activity, simply
    because any traffic hitting a honeypot is by default unauthorized.
    Honeypots have many uses and should not be installed just for the 'cool'
    factor.  If one is mis-configured and sitting on your network, it is
    potentially a huge security threat.
    
    To find out more, I suggest the Honeynet project:
    http://www.honeynet.org/
    
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ---
    
    OpenVPN: An Introduction and Interview with Founder, James Yonan In this
    article, Duane Dunston gives a brief introduction to OpenVPN and
    interviews its founder James Yonan.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-152.html
    
    --------------------------------------------------------------------
    
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    --------------------------------------------------------------------
    
    FEATURE: R00ting The Hacker
    
    Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
    Hackers is a former intelligence officer in the U.S. Marine Corps who
    currently writes for Computerworld and CNN.com, covering national
    cyber-security issues and critical infrastructure protection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-150.html
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     11/20/2003 - zebra
       Denial of service vulnerabilities
    
       Multiple denial of service vulnerabilities have been resolved.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3801.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     11/17/2003 - hylafax
       Multiple format string vulnerabilities
    
       The SuSE Security Team discovered several exploitable formats string
       vulnerabilities in hylafax, a flexible client/server fax system, which
       could lead to executing arbitrary code as root on the fax server.
       http://www.linuxsecurity.com/advisories/debian_advisory-3793.html
    
     11/17/2003 - minimalist
       Unsanitized input vulnerability
    
       A security-related problem has been discovered in minimalist, a mailing
       list manager, which allows a remote attacker to execute arbitrary
       commands.
       http://www.linuxsecurity.com/advisories/debian_advisory-3794.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     11/19/2003 - Glibc
       Buffer overflow vulnerability
    
       A bug was discovered in the getgrouplist function in glibc that can
       cause a buffer overflow if the size of the group list is too small to
       hold all the user's groups.  This overflow can cause segementation
       faults in various user applications, some of which may lead to
       additional security problems.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3800.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     11/20/2003 - XFree86
       Multiple integer overflows
    
       Updated XFree86 packages for Red Hat Linux 9 provide security fixes to
       font libraries and XDM.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3802.html
    
    
    +---------------------------------+
    |  Distribution: SuSE             | ----------------------------//
    +---------------------------------+
    
     11/18/2003 - Sane
       Denial of service vulnerability
    
       Several bugs in sane were fixed to avoid remote denial-of-service
       attacks. These attacks can even be executed if the remote attacker is
       not allowed to access the sane server by not listing the attackers IP
       in the file sane.conf.
       http://www.linuxsecurity.com/advisories/suse_advisory-3799.html
    
    
    +---------------------------------+
    |  Distribution: Trustix          | ----------------------------//
    +---------------------------------+
    
     11/17/2003 - glibc
       Buffer overflow vulnerability
    
       The getgrouplist function in GNU libc allows may attackers to cause a
       denial of service (segmentation fault) and execute arbitrary code when
       a user is a member of a large number of groups, which can cause a
       buffer overflow.
       http://www.linuxsecurity.com/advisories/tawie_advisory-3789.html
    
     11/17/2003 - postgresql
       Buffer overflow vulnerability
    
       Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before
       7.3.4, allows remote attackers to execute arbitrary code.
       http://www.linuxsecurity.com/advisories/tawie_advisory-3790.html
    
     11/17/2003 - apache
       Multiple vulnerabilities
    
       Multiple stack-based buffer overflows in mod_alias and mod_rewrite have
       been fixed. Improper handling of CGI redirect paths has been fixed.
       http://www.linuxsecurity.com/advisories/tawie_advisory-3791.html
    
     11/17/2003 - coreutils/fileutils/anonftp Integer overflow vulnerability
       Multiple vulnerabilities
    
       An integer overflow in ls in the fileutils or coreutils packages may
       allow local users to cause a denial of service or execute arbitrary
       code via a large -w value, which could be remotely exploited via
       applications that use ls, such as wu-ftpd.
       http://www.linuxsecurity.com/advisories/tawie_advisory-3792.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 24 2003 - 08:14:50 PST