[ISN] Linux Advisory Watch - April 30th 2004

From: InfoSec News (isn@private)
Date: Mon May 03 2004 - 00:21:06 PDT

  • Next message: InfoSec News: "[ISN] MI5 security advice goes online"

    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  April 30th, 2004                         Volume 5, Number 18a |
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    This week, advisories were released for eterm, mc, the Linux kernel,
    ssmtp, LCDproc, xine, samba, and sysklogd. The distributors include
    Debian, Guardian Digital's EnGarde Linux, Fedora, Gentoo, Mandrake, Red
    Hat, and Slackware.
    >> FREE GUIDE-128-bit encryption <<
    Thawte is one of the few companies that offers 128 bit supercerts. A
    Supercert will allow you to extend the highest allowed 128 bit encryption
    to all your clients even if they use browsers that are limited to 40 bit
    Download a guide to learn more:
    Wireless Security
    Over the years security and network administrators have been reluctant to
    adopt wireless networking technologies in corporate environments.  Will it
    provide an easy path of entry into the LAN?  Will internal servers be
    accessible from the outside? Sometimes is necessary to implement wireless
    networks in an office building because of special circumstances, or
    pressures from management to adopt the latest technology. Installing a
    wireless network may be inevitable, if so how should it be approached?
    As with all security projects, a wireless security policy should be
    created.  This should define the purpose and scope of the wireless
    network, who is going to be using it, how it should be used, etc.  Also,
    an analysis of newly introduced threats should be formalized.  This will
    enable the network to be designed in a matter that minimizes risk.
    The wireless network should be treated as an untrusted network.
    Precautions such as placing a firewall between the wireless network and
    internal LAN, requiring strong authentication, and conducting regular
    vulnerability assessments.  When connecting to the trusted LAN over a
    wireless network, a VPN should be used.  If not, it is advisable to only
    stick to secure protocols such as SSH & SSL.
    Wireless access points should be regularly audited and configured in the
    most secure manner.  Passwords and WEP keys should be as defined in the
    Wireless Security Policy.  Also, it is important to periodically check for
    rogue wireless access points by warwalking. Access points are ideally
    placed in the center of buildings.  This reduces the available signal
    strength to outsiders.
    Because the wireless workstations are on an untrusted network, it is
    imperative that they are kept secure.  This can be done by using
    host-based firewalls, IDS, keeping patches up-to-date, and configuration
    scanning.  Hosts should be regularly scanned and monitored. By taking
    these precautions it is possible to implement wireless networking without
    significantly increasing risks to an organization's information security.
    Until next time, cheers!
    Benjamin D. Thomas
    Guardian Digital Launches Next Generation Internet
    Defense & Detection System
    Guardian Digital has announced the first fully open source system designed
    to provide both intrusion detection and prevention functions. Guardian
    Digital Internet Defense & Detection System (IDDS) leverages best-in-class
    open source applications to protect networks and hosts using a unique
    multi-layered approach coupled with the security expertise and ongoing
    security vigilance provided by Guardian Digital.
    Interview with Siem Korteweg: System Configuration Collector
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    >> Internet Productivity Suite:  Open Source Security <<
    Trust Internet Productivity Suite's open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    |  Distribution: Debian           | ----------------------------//
     4/28/2004 - kernel
       2.4.16 Multiple vulnerabilities
       Several serious problems have been discovered in the Linux kernel.
       This update takes care of Linux 2.4.16 for the ARM (and a few
       other) architectures.
     4/29/2004 - eterm
       Missing Input Sanitising
       H.D. Moore discovered several terminal emulator security issues
     4/29/2004 - mc
       Several Vulnerabilities
       Jacub Jelinek discovered several vulnerabilities in the Midnight
       Commander, a powerful file manager for GNU/Linux systems.
    |  Distribution: EnGarde          | ----------------------------//
     4/28/2004 - 'kernel' Several security and bug fixes
       Several Vulnerabilities
       This update fixes numerous vulnerabilities in the Linux Kernel.
     4/28/2004 - kernel
       Multiple vulnerabilities
       This patch resolves a number of kernel vulnerabilities, uncluding
       ones involving the various journaling filesystems.
    |  Distribution: Fedora           | ----------------------------//
     4/23/2004 - kernel
       Multiple vulnerabilities
       This patch fixes a large variety of vulnerabilities in the 2.4.22
       kernel, including some related to journaling filesystems.
    |  Distribution: Gentoo           | ----------------------------//
     4/28/2004 - ipsec-tools and iputils Denial of service vulnerability
       Multiple vulnerabilities
       Attackers may be able to craft an ISAKMP header of sufficient
       length to consume all available system resources, causing a Denial
       of Service.  Further discussion of advisory at bottom.
     4/28/2004 - ssmtp
       Multiple vulnerabilities
       Multiple format string vulnerabilities may allow an attacker to
       run arbitrary code with ssmtp's privileges.
     4/28/2004 - LCDproc
       Multiple vulnerabilities
       Multiple remote vulnerabilities have been found in the LCDd
       server, allowing execution of arbitrary code with the rights of
       the LCDd user.
     4/28/2004 - xine
       Multiple vulnerabilities
       Several vulnerabilities have been found in xine-ui and xine-lib,
       potentially allowing an attacker to overwrite files with the
       rights of the user.
     4/29/2004 - samba
       Multiple Vulnerabilities
       There is a bug in smbfs which may allow local users to gain root
       via a setuid file on a mounted Samba share. Also, there is a
       tmpfile symlink vulnerability in the smbprint script distributed
       with Samba.
    |  Distribution: Mandrake         | ----------------------------//
     4/28/2004 - kernel
       Multiple vulnerabilities
       This patch resolves a large number of kernel vulnerabilities at
       various levels of seriousness.
     4/29/2004 - sysklogd
       Steve Grubb discovered a bug in sysklogd where it allocates an
       insufficient amount of memory which causes sysklogd to write to
       unallocated memory.
    |  Distribution: Openwall         | ----------------------------//
     4/23/2004 - kernel
       Privilege escalation vulnerability
       Upgrade to 2.4.26 to fix a local root vulnerability.
    |  Distribution: Red Hat          | ----------------------------//
     4/23/2004 - kernel
       Privilege escalation vulnerabilities
       Updated kernel packages that fix two privilege escalation
       vulnerabilities are now available.
    |  Distribution: Slackware        | ----------------------------//
     4/28/2004 - kernel
       Security Issues
       New kernel packages are available for Slackware 9.1 and -current
       to fix security issues
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Mon May 03 2004 - 04:36:48 PDT