[ISN] Linux Advisory Watch - June 4th 2004

From: InfoSec News (isn@private)
Date: Sun Jun 06 2004 - 23:37:42 PDT

  • Next message: InfoSec News: "[ISN] Microsoft bars Windows pirates"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  June 4th, 2004                           Volume 5, Number 23a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes point
    
    This week, advisories were released for mailman, kde, MySQL, mc, Apache,
    Heimdal, utempter, and LHA.  The distributors include Conectiva, FreeBSD:
    core, Gentoo, Mandrake, Red Hat, and SuSE.
    
    -----
    
    >> Internet Productivity Suite:  Open Source Security <<
    
    Trust Internet Productivity Suite's open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    design.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
    
    -----
    
    Incident Response
    
    One of the most overlooked aspects of information security is incident
    response.  Often system administrators and management only take action
    after a compromise or critical failure. Incident response includes much
    more than sorting out problems after they occur.  It includes incident
    preparation, detection mechanisms, containment, eradication, restoration,
    and review.
    
    In preparation for a security incident, it is important to establish a
    security policy & plan of action and identify a security response team
    that is available 24 hours.  Software to be used during an incident should
    be installed, tested, and configured during the preparation phase.
    During the adrenaline rush of an incident, it is impossible to learn new
    software.
    
    Administrators should also take appropriate steps to ensure event
    detection.  This includes scanning and reviewing system log files,
    installing host and network based intrusion detection systems, and
    implementing a remote notification system to notify members of the
    security response team via pager or mobile phone.
    
    Upon detection of an incident, it is important to have containment
    procedures.  Is the threat a network user?  It is important that the staff
    has the knowledge and tools necessary to address the problem at the
    firewall level.  If there is a system compromise, is tripwire configured
    properly to report exactly what files were modified?  After containment,
    the next step is eradication.  How can the problem be eliminated?  The
    primary purpose of containment and eradication is limiting damage and
    stopping the problem from further damage.
    
    After an incident has commenced, the next step is system restoration.  It
    is important to assess the actual damage that took place and restore the
    system to its original condition. This may only include fixing a few
    files, or restoring completely from a tape-backup.  Finally, after
    restoration is important to review how well the incident was handled.
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ----
    
    Guardian Digital Security Solutions Win Out At Real World Linux
    
    Enterprise Email and Small Business Solutions Impres at Linux Exposition.
    Internet and network security was a consistent theme and Guardian Digital
    was on hand with innovative solutions to the most common security issues.
    Attending to the growing concern for cost-effective security, Guardian
    Digital's enterprise and small business applications were stand-out
    successes.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-164.html
    
    --------------------------------------------------------------------
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    --------------------------------------------------------------------
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     5/27/2004 - mailman
       Multiple vulnerabilities
    
       Fixes cross site scripting and remote password retrieval
       vulnerabilities, plus a denial of service.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-4409.html
    
     5/27/2004 - kde
       Insufficient input sanitation
    
       The telnet, rlogin, ssh and mailto URI handlers in KDE do not
       check for '-' at the beginning of the hostname passed.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-4410.html
    
    
    +---------------------------------+
    |  Distribution: FreeBSD          | ----------------------------//
    +---------------------------------+
    
     5/27/2004 - core:sys Buffer cache invalidation vulnerability
       Insufficient input sanitation
    
       In some situations, a user with read access to a file may be able
       to prevent changes to that file from being committed to disk.
       http://www.linuxsecurity.com/advisories/freebsd_advisory-4408.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     5/27/2004 - MySQL
       Symlink vulnerability
    
       Two MySQL utilities create temporary files with hardcoded paths,
       allowing an attacker to use a symlink to trick MySQL into
       overwriting important data.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4404.html
    
     5/27/2004 - mc
       Multiple vulnerabilities
    
       Multiple security issues have been discovered in Midnight
       Commander including several buffer overflows and string format
       vulnerabilities.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4405.html
    
     5/27/2004 - Apache
       1.3 Multiple vulnerabilities
    
       Several security vulnerabilites have been fixed in the latest
       release of Apache 1.3.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4406.html
    
     5/27/2004 - Heimdal
       Buffer overflow vulnerability
    
       A possible buffer overflow in the Kerberos 4 component of Heimdal
       has been discovered.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4407.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     5/27/2004 - mailman
       Password leak vulnerability
    
       Mailman versions >= 2.1 have an issue where 3rd parties can
       retrieve member passwords from the server.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4402.html
    
     5/27/2004 - kolab-server Plain text passwords
       Password leak vulnerability
    
       The affected versions store OpenLDAP passwords in plain text.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4403.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     5/27/2004 - utempter
       Symlink vulnerability
    
       An updated utempter package that fixes a potential symlink
       vulnerability is now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4399.html
    
     5/27/2004 - LHA
       Multiple vulnerabilities
    
       Ulf Harnhammar discovered two stack buffer overflows and two
       directory traversal flaws in LHA.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4400.html
    
     5/27/2004 - tcpdump,libpcap,arpwatch Denial of service vulnerability
       Multiple vulnerabilities
    
       Upon receiving specially crafted ISAKMP packets, TCPDUMP would
       crash.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4401.html
    
    
    +---------------------------------+
    |  Distribution: SuSE             | ----------------------------//
    +---------------------------------+
    
     5/27/2004 - kdelibs/kdelibs3 Insufficient input sanitation
       Multiple vulnerabilities
    
       The URI handler of the kdelibs3 and kdelibs class library contains
       a flaw which allows remote attackers to create arbitrary files as
       the user utilizing the kdelibs3/kdelibs package.
       http://www.linuxsecurity.com/advisories/suse_advisory-4398.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon Jun 07 2004 - 02:06:46 PDT