+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| July 9, 2004 Volume 5, Number 27a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for webmin, pavuk, kernel, mailman,
rsync, Esearch, Apache, XFree86, libpng, Shorewall, tripwire and httpd.
The distributors include Debian, Fedora, FreeBSD, Gentoo, Mandrake, Red
Hat and Suse.
-----
>> Need to Secure Multiple Domain or Host Names? <<
Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital
certificates. Click here to download our Free guide:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte07
-----
Kerberos, Part I
Introduction
Kerberos is an authentication system developed by the Athena Project at
MIT. When a user logs in, Kerberos authenticates that user (using a
password), and provides the user with a way to prove her identity to other
servers and hosts scattered around the network.
This authentication is then used by programs such as rlogin to allow the
user to login to other hosts without a password (in place of the .rhosts
file). This authentication method can also used by the mail system in
order to guarantee that mail is delivered to the correct person, as well
as to guarantee that the sender is who he claims to be.
The overall effect of installing Kerberos and the numerous other programs
that go with it is to virtually eliminate the ability of users to "spoof"
the system into believing they are someone else. Unfortunately, installing
Kerberos is very intrusive, requiring the modification or replacement of
numerous standard programs.
Implementation
Implementing Kerberos on the client isn't too difficult, however, it's a
different story implementing a server. The document The Moron's Guide to
Kerberos does a good job of explaining Kerberos in more detail, as well as
guiding users and administrators through the process of creating and using
the server. It is available at the following URL:
http://www.isi.edu/gost/brian/security/kerberos.html
Most distributions include support for Kerberos. Distributions that use
PAM are much easier to configure. Applications normally require
recompiling to support using Kerberos as the authentication mechanism, but
PAM resolves those issues by allowing you to 'plug-in' a Kerberos
authentication module.
Kerberos isn't for everyone. Install the client support for your
distribution if you require it to connect to a Kerberos server on your
network. Install the Kerberos server if you have to support a large
number of distributed clients and require the extra authentication.
Generally, using the Secure Shell is a fine alternative for authenticating
users before logging into remote machines or transferring files.
Next week, we will explore how Kerberos actually works.
Security Tip Written by Dave Wreski (ben@private) Additional
tips are available at the following URL:
http://www.linuxsecurity.com/tips/
-----
Open Source Leaving Microsoft Sitting on the Fence?
The open source model, with special regard to Linux, has no doubt become a
formidable competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings and
marketing campaigns refuting the claims of the new found competition are
inevitable. However, in the case of Microsoft, it seems they have not
taken a solid or plausible position on the use of open source applications
as an alternative to Windows.
http://www.linuxsecurity.com/feature_stories/feature_story-168.html
--------------------------------------------------------------------
Guardian Digital Launches Next Generation Secure Mail Suite
Guardian Digital, the premier open source security company, announced the
availability of the next generation Secure Mail Suite, the industry's most
secure open source corporate email system. This latest edition has been
optimized to support the changing needs of enterprise and small business
customers while continually providing protection from the latest in email
security threats.
http://www.linuxsecurity.com/feature_stories/feature_story-166.html
--------------------------------------------------------------------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
7/8/2004 - webmin
Multiple vulnerabilities
This patch addresses an ACL bypass and the ability to use brute
force to get IDs and passwords.
http://www.linuxsecurity.com/advisories/debian_advisory-4548.html
7/8/2004 - pavuk
Buffer overflow vulnerability
An oversized HTTP 305 response sent by a malicious server could
cause arbitrary code to be executed with the privileges of the
pavuk process.
http://www.linuxsecurity.com/advisories/debian_advisory-4549.html
+---------------------------------+
| Distribution: Fedora: | ----------------------------//
+---------------------------------+
7/2/2004 - kernel
Privilege change vulnerability
During an audit of the Linux kernel, SUSE discovered a flaw in the
Linux kernel that inappropriately allows an unprivileged user to
change the group ID of a file to his/her own group ID.
http://www.linuxsecurity.com/advisories/fedora_advisory-4532.html
7/2/2004 - mailman
Password leak vulnerability
Mailman subscriber passwords could be retrieved by a remote
attacker.
http://www.linuxsecurity.com/advisories/fedora_advisory-4533.html
7/2/2004 - rsync
Path escape vulnerability
A writing, non-chrooted rsync daemon could write outside of a
module's path.
http://www.linuxsecurity.com/advisories/fedora_advisory-4534.html
7/8/2004 - kernel
Corrected md5 sums
This posting gives the correct md5 sums for the previous kernel
update.
http://www.linuxsecurity.com/advisories/fedora_advisory-4547.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
7/2/2004 - kernel
Improper memory access vulnerability
It may be possible for a local attacker to read and/or overwrite
portions of kernel memory, resulting in disclosure of sensitive
information or potential privilege escalation.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4531.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
7/2/2004 - Esearch
Insecure temp file vulnerability
Non-check for symlinks makes it possible for any user to create
arbitrary files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4530.html
7/8/2004 - kernel
Multiple vulnerabilities
This patch addresses a large number of kernel vulnerabilities.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4541.html
7/8/2004 - Apache
2 Denial of service vulnerability
A remote attacker to perform a Denial of Service attack and
possible heap based buffer overflow.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4542.html
7/8/2004 - Pure-FTPd Denial of service vulnerability
2 Denial of service vulnerability
Pure-FTPd contains a bug potentially allowing a Denial of Service
attack when the maximum number of connections is reached.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4543.html
7/8/2004 - XFree86
Improper access vulnerability
This bug may allow authorized users to access a machine remotely
via X, even if the administrator has configured XDM to refuse such
connections.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4544.html
7/8/2004 - libpng
Buffer overflow vulnerability
Vulnerability allows attacker to perform a Denial of Service
attack or even execute arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4545.html
7/8/2004 - Shorewall
Insecure temp file vulnerability
This can allow a non-root user to overwrite arbitrary system
files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4546.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
7/8/2004 - tripwire
Format string vulnerability
A format string vulnerability in tripwire could allow a local user
to execute arbitrary code with the rights of the user running
tripwire (typically root).
http://www.linuxsecurity.com/advisories/mandrake_advisory-4539.html
7/8/2004 - kernel
Multiple vulnerabilities
This patch addresses a large number of vulnerabilities, uncluding
the ability for a user to set the gid of arbitrary files.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4540.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
7/8/2004 - kernel
(e-3) File metadata change vulnerability
Using NFS, a user could make unauthrized changes to files' GID.
http://www.linuxsecurity.com/advisories/redhat_advisory-4536.html
7/8/2004 - kernel
(e-2.1) File metadata change vulnerability
Using NFS, a user could make unauthrized changes to files' GID.
http://www.linuxsecurity.com/advisories/redhat_advisory-4537.html
7/8/2004 - httpd
Multiple vulnerabilities
Updated httpd packages that fix a buffer overflow in mod_ssl and a
remotely triggerable memory leak are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4538.html
+---------------------------------+
| Distribution: Suse | ----------------------------//
+---------------------------------+
7/8/2004 - kernel
Multiple vulnerabilities
Multiple security vulnerabilities are being addressed with this
security update of the Linux kernel.
http://www.linuxsecurity.com/advisories/suse_advisory-4535.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Mon Jul 12 2004 - 03:00:10 PDT