[ISN] Linux Advisory Watch - July 16, 2004

From: InfoSec News (isn@private)
Date: Sun Jul 18 2004 - 23:42:31 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  July 16, 2004                           Volume 5, Number 28a       |
+---------------------------------------------------------------------+

  Editors:	Dave Wreski			Benjamin Thomas
		dave@private		ben@private


Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for kernel, Ethereal, MoinMoin and
rsync.  The distributors include EnGarde, Fedora, Gentoo and Mandrake.

-----

>> Need to Secure Multiple Domain or Host Names? <<

Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital
certificates. Click here to download our Free guide:

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte07

-----

How Does Kerberos Actually Work?

Kerberos uses secret-key cryptography to distribute tickets used for
authentication of users to network services.  The ticket is generated
using a password that the user supplies, unequivocally linking it to the
user.  The services available for use with Kerberos also have tickets, but
are not generated using a password.  The user presents his ticket given to
him by the Kerberos authentication server.  The ticket is stored on the
authentication server, which is configured to permit the user to access a
particular service on a particular server on the network.  The server uses
this to verify the user's identity, and grants or denies access to a
particular network service.

Once the user has requested of the AS the use of a particular service, a
session key (a random string of bits) is generated which is used to
encrypt future communications between the client and AS. This key and the
service name requested are encrypted together using the user's ticket.

Another copy of the random session key generated by the AS and the
username are encrypted together using the service's key.

Both keys are then returned to the user.  The user decrypts the first
message using his ticket and reveals the server name from which he was
requesting service and the session key generated by the AS.

The second message passed to the user cannot be decrypted because it was
encrypted using the service key, which the user does not have.

The user then uses that session key to encrypt a message containing the
current time.  This message, and the second message still encrypted, are
both passed to the service for which the user requests access.

The service opens the first message (the one the client could not open)
using its own key, extracting the session key and the user name requesting
the use of the service.

The service then opens the second message using the session key from the
previous message to extract the message with the timestamp on it.  This
then serves to authenticate the user. This message may also contain an
encryption key that is used to provide privacy in future communications
between the user and the service.

Security Tip Written by Dave Wreski (dave@private)
Additional tips are available at the following URL:

http://www.linuxsecurity.com/tips/

-----

Catching up with Wietse Venema, creator of Postfix and TCP Wrapper

Duane Dunston speaks at length with Wietse Venema on his current research
projects at the Thomas J. Watson Research Center, including his forensics
efforts with The Coroner's Toolkit. Wietse Venema is best known for the
software TCP Wrapper, which is still widely used today and is included
with almost all unix systems.  Wietse is also the author of the Postfix
mail system and the co-author of the very cool suite of utilities called
The Coroner's Toolkit or "TCT".

http://www.linuxsecurity.com/feature_stories/feature_story-169.html

-------------------------------------------------------------------

Open Source Leaving Microsoft Sitting on the Fence?

The open source model, with special regard to Linux, has no doubt become a
formidable competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings and
marketing campaigns refuting the claims of the new found competition are
inevitable. However, in the case of Microsoft, it seems they have not
taken a solid or plausible position on the use of open source applications
as an alternative to Windows.

http://www.linuxsecurity.com/feature_stories/feature_story-168.html

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: EnGarde          | ----------------------------//
+---------------------------------+

 7/13/2004 - kernel
   Multiple vulnerabilities

   This update fixes several security vulnerabilities in the Linux
   Kernel shipped with EnGarde Secure Linux, most notably the
   "fsave/frstor" vulnerability and an information leak in the e1000
   driver.
   http://www.linuxsecurity.com/advisories/engarde_advisory-4555.html


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 7/9/2004 - im-sdk Insecure temporary file vulnerability
   Multiple vulnerabilities

   The im-switch that is included in the Fedora Core iiimf-x package
   has been fixed to take appropriate precautions when generating
   temporary files.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4551.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 7/9/2004 - Ethereal
   Multiple vulnerabilities

   Multiple vulnerabilities including one buffer overflow exist in
   Ethereal, which may allow an attacker to run arbitrary code or
   crash the program.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4550.html

 7/12/2004 - MoinMoin
   ACL bypass vulnerability

   MoinMoin contains a bug allowing a user to bypass group ACLs
   (Access Control Lists).
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4553.html

 7/12/2004 - rsync
   Directory traversal vulnerability

   Under specific conditions, the rsync daemon is vulnerable to a
   directory traversal allowing to write files outside a sync module.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4554.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 7/9/2004 - ethereal
   Multiple vulnerabilities

   It may be possible to make Ethereal crash or run arbitrary code by
   injecting a purposefully malformed packet into the wire or by
   convincing someone to read a malformed packet trace file.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4552.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html



This archive was generated by hypermail 2.1.3 : Mon Jul 19 2004 - 03:42:34 PDT