+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 6, 2004 Volume 5, Number 31a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@private ben@private This week, advisories were released for Xsco, OpenSSL, uudecode, samba, sox, phpMyAdmin and wv. The distributors include SCO Group, Conectiva, Gentoo, Mandrake, Red Hat. ----- >> Internet Productivity Suite: Open Source Security << Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=3Dgdn10 ----- Using Pam Pluggable Authentication Modules is a method for authenticating users. Using PAM, programmers can provide a more easy and versatile means of performing authentication functions. The ability to change from basic password authentication to the use of smart cards or even biometrics can be changed without having to recompile programs or require serious modifications. Additionally, PAM can be used to modify the terms of access by users as well as system resources. Just a few of the things you can do with PAM: - Use a different encryption method for passwords such as MD5, making them harder to brute force decode; - Set resource limits on all your users so they can't perform denial of service attacks (number of processes, amount of memory, etc) - Enable shadow passwords on the fly - Allow specific users to login only at specific times from specific places Within a few hours of installing and configuring your system, you can prevent many attacks before they even occur. For example, use PAM to disable the system-wide usage of .rhosts files in user's home directories by adding these lines to /etc/pam.d/login: # # Disable rsh/rlogin/rexec for users # login auth required pam_rhosts_auth.so no_rhosts Set filesystem limits instead of allowing unlimited as is the default. You can control the per-user limits using the resource- limits PAM module and /etc/pam.d/limits.conf. For example, limits for group 'users' might look like this: @users hard core 0 @users hard nproc 50 @users hard rss 5000 This says to limit the creation of core files to zero bytes, restrict the number of processes to 50, and restrict memory usage per user to 5 Meg. The Linux-PAM System Administrators' Guide is a "draft" document that describes the usage of the default PAM modules. http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html Keep in mind that there is the potential to create a situation whereby even root doesn't have access to the system, creating all kinds of configuration headaches. Use caution. Security Tip Written by Dave Wreski (dave@private) Additional tips are available at the following URL: http://www.linuxsecurity.com/tips/ ---- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html --------------------------------------------------------------------- Security Expert Dave Wreski Discusses Open Source Security LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian Digital, Inc. and respected author of various hardened security and Linux publications, to talk about how Guardian Digital is changing the face of IT security today. Guardian Digital is perhaps best known for their hardened Linux solution EnGarde Secure Linux, touted as the premier secure, open-source platform for its comprehensive array of general purpose services, such as web, FTP, email, DNS, IDS, routing, VPN, firewalling, and much more. http://www.linuxsecurity.com/feature_stories/feature_story-170.html ------ --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: SCO Group | ----------------------------// +---------------------------------+ 7/30/2004 - Xsco Buffer overflow vulnerability UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges. http://www.linuxsecurity.com/advisories/caldera_advisory-4622.html 7/30/2004 - Xsco Buffer overflow vulnerability OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges. http://www.linuxsecurity.com/advisories/caldera_advisory-4623.html 7/30/2004 - OpenSSL Multiple vulnerabilities This patch addresses a large number of outstanding OpenSSL vulnerabilities http://www.linuxsecurity.com/advisories/caldera_advisory-4624.html 7/30/2004 - uudecode Insecure tempfile vulnerability If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. http://www.linuxsecurity.com/advisories/caldera_advisory-4625.html +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 7/30/2004 - samba Buffer overflow vulnerabilities Exploitation of these vulnerabilites could lead to execution of arbitrary code. http://www.linuxsecurity.com/advisories/conectiva_advisory-4620.html 7/30/2004 - sox Buffer overflow vulnerabilities Ulf H=E4rnhammar found two buffer overflow vulnerabilities[2] in SoX. They occurred when the sox or play commands handled malicious .WAV files. http://www.linuxsecurity.com/advisories/conectiva_advisory-4621.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 7/30/2004 - samba Buffer overflow vulnerabilities Two buffer overflows vulnerabilities were found in Samba, potentially allowing the remote execution of arbitrary code. (Note: this announcement takes the ERRATA released by Gentoo into account). http://www.linuxsecurity.com/advisories/gentoo_advisory-4617.html 7/30/2004 - phpMyAdmin Multiple vulnerabilities Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a valid user account to alter configuration variables and execute arbitrary PHP code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4618.html 7/30/2004 - SoX Buffer overflow vulnerabilities By enticing a user to play or convert a specially crafted WAV file an attacker could execute arbitrary code with the permissions of the user running SoX. http://www.linuxsecurity.com/advisories/gentoo_advisory-4619.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 7/30/2004 - wv Buffer overflow vulnerabilty iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the runner's privileges. http://www.linuxsecurity.com/advisories/mandrake_advisory-4615.html 7/30/2004 - OpenOffice.org Multiple vulnerabilities Buffer overflow vulnerabilty These updated packages contain fixes to libneon to correct the several format string vulnerabilities in it, as well as a heap-based buffer overflow vulnerability. http://www.linuxsecurity.com/advisories/mandrake_advisory-4616.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 7/30/2004 - sox Buffer overflow vulnerabilities A malicious WAV file could cause arbitrary code to be executed when the file was played or converted. http://www.linuxsecurity.com/advisories/redhat_advisory-4613.html 7/30/2004 - ipsec-tools Key verification vulnerability Buffer overflow vulnerabilities When configured to use X.509 certificates to authenticate remote hosts, psec-tools versions 0.3.3 and earlier will attempt to verify that host certificate, but will not abort the key exchange if verification fails. http://www.linuxsecurity.com/advisories/redhat_advisory-4614.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Mon Aug 09 2004 - 07:43:39 PDT