+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 24th, 2004 Volume 5, Number 38a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for lukemftpd, cvs, Heimdal, mpg123,
SnipSnap, Foomatic, CUPS, and login_radius. The distributors include
Debian, FreeBSD, Gentoo, Mandrake, OpenBSD, and Suse.
-----
SSL123 - New from Thawte
Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US $159.00. Free reissues and experienced 24/5
multi-lingual support included for the life of the certificate.
Click Here to Read More:
http://ad.doubleclick.net/clk;9216013;9649389;v
-----
SSL, S-HTTP, HTTPS and S/MIME
Often times users ask about the differences between the various security
and encryption protocols, and how to use them. While this isn't an
encryption document, it is a good idea to explain briefly what each are,
and where to find more information.
SSL: SSL, or Secure Sockets Layer, is an encryption method developed by
Netscape to provide security over the Internet. It supports several
different encryption protocols, and provides client and server
authentication. SSL operates at the transport layer, creates a secure
encrypted channel of data, and thus can seamlessly encrypt data of many
types. This is most commonly seen when going to a secure site to view a
secure online document with Communicator, and serves as the basis for
secure communications with Communicator, as well as many other Netscape
Communications data encryption. More information can be found at
http://www.consensus.com/security/ssl-talk-faq.html. Information on
Netscape's other security implementations, and a good starting point for
these protocols is available at
http://home.netscape.com/info/security-doc.html.
S-HTTP: S-HTTP is another protocol that provides security services across
the Internet. It was designed to provide confidentiality, authenticity,
integrity, and non-repudiability (cannot be mistaken for someone else, and
I cannot deny my actions later) while supporting multiple key management
mechanisms and cryptographic algorithms via option negotiation between the
parties involved in each transaction. S-HTTP is limited to the specific
software that is implementing it, and encrypts each message individually.
[ From RSA Cryptography FAQ, page 138]
S/MIME: S/MIME, or Secure Multipurpose Internet Mail Extension, is an
encryption standard used to encrypt electronic mail, or other types of
messages on the Internet. More information on S/MIME can be found at
http://home.netscape.com/assist/security/smime/overview.html.
Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@private)
-----
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/feature_stories/feature_story-173.html
---------------------------------------------------------------------
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
9/21/2004 - lukemftpd
fix arbitrary code execution
Przemyslaw Frasunek discovered a vulnerability in tnftpd or
lukemftpd respectively, the enhanced ftp daemon from NetBSD. An
attacker could utilise this to execute arbitrary code on the
server.
http://www.linuxsecurity.com/advisories/debian_advisory-4837.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
9/20/2004 - cvs
number of vulnerabilities
A number of vulnerabilities were discovered in CVS by Stefan
Esser, Sebastian Krahmer, and Derek Price.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4826.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
9/19/2004 - Heimdal
ftpd root escalation
Several bugs exist in the Heimdal ftp daemon which could allow a
remote attacker to gain root privileges.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4828.html
9/21/2004 - mpg123
Buffer overflow vulnerability
mpg123 decoding routines contain a buffer overflow bug that might
lead to arbitrary code execution.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4829.html
9/17/2004 - SnipSnap
HTTP response splitting
SnipSnap is vulnerable to HTTP response splitting attacks such as
web cache poisoning, cross-user defacement, and cross-site
scripting.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4832.html
9/20/2004 - Foomatic
Arbitrary command execution
The foomatic-rip filter in foomatic-filters contains a
vulnerability which may allow arbitrary command execution on the
print server.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4833.html
9/20/2004 - CUPS
Denial of service vulnerability
A vulnerability in CUPS allows remote attackers to cause a denial
of service when sending a carefully-crafted UDP packet to the IPP
port.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4834.html
9/20/2004 - Mozilla, Firefox, Thunderbird, Epiphany New releases fix
vulnerabilities
Denial of service vulnerability
New releases of Mozilla, Epiphany, Mozilla Thunderbird, and
Mozilla Firefox fix several vulnerabilities, including the remote
execution of arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4835.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
9/17/2004 - gdk-pixbuf/gtk+2 image loading vulnerabilities
Denial of service vulnerability
A vulnerability was found in the gdk-pixbug bmp loader where a bad
BMP image could send the bmp loader into an infinite loop
(CAN-2004-0753).
http://www.linuxsecurity.com/advisories/mandrake_advisory-4824.html
9/17/2004 - gdk-pixbuf/gtk+2 image loading vulnerabilities
Denial of service vulnerability
A vulnerability was found in the gdk-pixbug bmp loader where a bad
BMP image could send the bmp loader into an infinite loop
(CAN-2004-0753).
http://www.linuxsecurity.com/advisories/mandrake_advisory-4825.html
+---------------------------------+
| Distribution: OpenBSD | ----------------------------//
+---------------------------------+
9/21/2004 - login_radius
security flaw
Eilko Bos has reported that radius authentication, as implemented
by login_radius(8), was not checking the shared secret used for
replies sent by the radius server.
http://www.linuxsecurity.com/advisories/openbsd_advisory-4838.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
9/17/2004 - gtk2, gdk-pixbuf remote code execution
security flaw
Chris Evans has discovered a heap based, a stack based and an
integer overflow in the XPM and ICO loaders of those libraries.
http://www.linuxsecurity.com/advisories/suse_advisory-4813.html
9/17/2004 - XFree86-libs, xshared remote command execution
security flaw
Chris Evans reported three vulnerabilities in libXpm which can be
exploited remotely by providing malformed XPM image files.
http://www.linuxsecurity.com/advisories/suse_advisory-4814.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Mon Sep 27 2004 - 08:07:16 PDT