+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 17th, 2005 Volume 6, Number 24a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for mikmod, tcpdump, yum, elinks, parted, system-config-securitylevel, checkpolicy, spamassassin, gaim, libextractor, Ettercap, shtool, gedit, MediaWiki, gzip, gftp, squid, rsh, sysreport, telnet, bz, and mc. The distributors include Fedora, Gentoo, and Red Hat. --- ## Internet Productivity Suite: Open Source Security ## Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more! http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml --- SPF: Ready for Prime Time? by Pete O'Hara Introduction As of the time of this writing in the fight against SPAM a policy has been drafted to target sender address forging called SPF (Sender Policy Framework). The basic premise is to verify that the sender of an email is in fact who they by claim to be. If they are not then mail can be rejected. This could potentially eliminate a big percentage of SPAM and who wouldn't want that.. But there have been problems with SPF and it isn't the big solution that everyone had imagined when it first hit the scene. There are a couple of plaguing issues that keep it from becoming a mature solution with a standard. What is SPF? The first version of SPF (also know as "Classic" SPF) was a creation of Meng Wong, founder of Pobox.com. In short the scheme is based on domains publishing what servers are allowed to send mail for themselves using DNS TXT records. A receiving MTA can then look at the domain the sender is claiming to be from and the IP address of the connecting client and check the SPF (DNS TXT) record for that domain and verify if the client is allowed to send mail for the said domain. From the results the receiving MTA can take appropriate actions. The goal is to prevent sender forgery, one of the most common characteristics of spam. SPF was a proposal considered by IETF's MARID group. Summary I, as everyone else, would love to be able to block all SPAM and I certainly applaud all of the efforts that have been and are still being made. But it seems obvious that SPF alone isn't going to be the answer. It doesn't handle the forwarding issue and SRS isn't ready as a solution. One could argue that SPF can at least be used not to reject mail but to whitelist mail from senders that pass SPF checks. In view of spammers deploying SPF themselves this would actually be counter productive as it gives them a form of credibility. Based on the material presented here there are options other than standalone SPF that on the surface seem to provide a better solution but the cost is that they are more complex in that they require reputation/accreditation services. But does the lack of agreement on the simpler SPF (which turned out to be not so simple once the forwarding issues surfaced) foreshadow the difficulties in standardizing more elaborate proposals? If the trend towards reputation/accreditation gains momentum, which by the way would still require some form of sender validation to be established (you can't build a dependable reputation of a sender when it can't be verified), harmony on the architecture of such services seems a very long way off. Sender verification is a problem that certainly needs to be addressed but SMTP wasn't originally designed with this functionality in mind. Therefore a viable solution is not going to be as simple as publishing DNS records of authorized mail servers. SPF on it's own isn't the answer. Read Entire Article: http://infocenter.guardiandigital.com/documentation/spf.html ---------------------- Measuring Security IT Success In a time where budgets are constrained and Internet threats are on the rise, it is important for organizations to invest in network security applications that will not only provide them with powerful functionality but also a rapid return on investment. http://www.linuxsecurity.com/content/view/118817/49/ --- Getting to Know Linux Security: File Permissions Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved. Click to view video demo: http://www.linuxsecurity.com/content/view/118181/49/ --- The Tao of Network Security Monitoring: Beyond Intrusion Detection To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant. One of the greatest virtues of this book is that is offers real-life technical examples, while backing them up with relevant case studies. http://www.linuxsecurity.com/content/view/118106/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 3 Update: mikmod-3.1.6-31.FC3 9th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119277 * Fedora Core 3 Update: tcpdump-3.8.2-9.FC3 9th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119278 * Fedora Core 3 Update: yum-2.2.1-0.fc3 13th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119303 * Fedora Core 4 Update: elinks-0.10.3-3.1 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119321 * Fedora Core 4 Update: mikmod-3.1.6-35.FC4 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119322 * Fedora Core 4 Update: tcpdump-3.8.2-13.FC4 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119323 * Fedora Core 4 Update: parted-1.6.22-3.FC4 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119324 * Fedora Core 4 Update: system-config-securitylevel-1.5.8.1-1 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119325 * Fedora Core 3 Update: checkpolicy-1.17.5-1.2 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119327 * Fedora Core 3 Update: selinux-policy-targeted-1.17.30-3.9 16th, June, 2005 Updated package. http://www.linuxsecurity.com/content/view/119328 * Fedora Core 3 Update: spamassassin-3.0.4-1.fc3 16th, June, 2005 Important update for a Denial of Service vulnerability, plus more bug fixes from upstream. More details available at: http://wiki.apache.org/spamassassin/NextRelease http://www.linuxsecurity.com/content/view/119332 * Fedora Core 4 Update: spamassassin-3.0.4-1.fc4 16th, June, 2005 Important update for a Denial of Service vulnerability, plus more bug fixes from upstream. More details available at: http://wiki.apache.org/spamassassin/NextRelease http://www.linuxsecurity.com/content/view/119333 * Fedora Core 3 Update: gaim-1.3.1-0.fc3 16th, June, 2005 More bug and denial of service fixes. http://www.linuxsecurity.com/content/view/119334 * Fedora Core 4 Update: gaim-1.3.1-0.fc4 16th, June, 2005 More bug and denial of service fixes. http://www.linuxsecurity.com/content/view/119335 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: libextractor Multiple overflow vulnerabilities 9th, June, 2005 libextractor is affected by several overflow vulnerabilities in the PDF, Real and PNG extractors, making it vulnerable to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119279 * Gentoo: Ettercap Format string vulnerability 11th, June, 2005 A format string vulnerability in Ettercap could allow a remote attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/119283 * Gentoo: GNU shtool, ocaml-mysql Insecure temporary file 11th, June, 2005 GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/119284 * Gentoo: gedit Format string vulnerability 11th, June, 2005 gedit suffers from a format string vulnerability that could allow arbitrary code execution. http://www.linuxsecurity.com/content/view/119285 * Gentoo: GNU shtool, ocaml-mysql Insecure temporary file 11th, June, 2005 GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/119286 * Gentoo: LutelWall Insecure temporary file creation 11th, June, 2005 LutelWall is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/119287 * Gentoo: Ettercap Format string vulnerability 11th, June, 2005 A format string vulnerability in Ettercap could allow a remote attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/119288 * Gentoo: Gaim Denial of Service vulnerabilities 12th, June, 2005 Gaim contains two remote Denial of Service vulnerabilities. http://www.linuxsecurity.com/content/view/119290 * Gentoo: TCPDump Decoding routines Denial of Service 13th, June, 2005 While working on the tcpdump issues solved in the original version of this GLSA, Simon L. Nielsen from FreeBSD Security Team discovered a similar infinite loop DoS vulnerability in the BGP handling code (CAN-2005-1267). http://www.linuxsecurity.com/content/view/119305 * Gentoo: MediaWiki Cross-site scripting vulnerability 13th, June, 2005 MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution. http://www.linuxsecurity.com/content/view/119306 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Low: gzip security update 13th, June, 2005 An updated gzip package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119295 * RedHat: Moderate: gftp security update 13th, June, 2005 An updated gFTP package that fixes a directory traversal issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119296 * RedHat: Low: squid security update 13th, June, 2005 An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119297 * RedHat: Low: rsh security update 13th, June, 2005 Updated rsh packages that fix a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/119298 * RedHat: Moderate: gedit security update 13th, June, 2005 An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/119299 * RedHat: Moderate: sysreport security update 13th, June, 2005 An updated sysreport package that fixes an information disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team http://www.linuxsecurity.com/content/view/119300 * RedHat: Low: tcpdump security update 13th, June, 2005 Updated tcpdump packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119301 * RedHat: Low: mikmod security update 13th, June, 2005 Updated mikmod packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119302 * RedHat: Low: squid security update 14th, June, 2005 An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119312 * RedHat: Moderate: telnet security update 14th, June, 2005 Updated telnet packages that fix an information disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119313 * RedHat: Low: bzip2 security update 16th, June, 2005 Updated bzip2 packages that fix multiple issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119329 * RedHat: Moderate: mc security update 16th, June, 2005 Updated mc packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119330 * RedHat: Moderate: gaim security update 16th, June, 2005 An updated gaim package that fixes two denial of service issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119331 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Sun Jun 19 2005 - 23:51:10 PDT