+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 9th, 2005 Volume 6, Number 37a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for proftpd, sqwebmail, polygen,
affix, zsync, phpgroupware, webcalendar, pcre3, ntp, cvs, kdelibs,
evince, openmotif, cman, gnbd-kernel, dlm-kernel, lockdev, perl,
termcap, ckermit, kdegraphics, squid, pam, setup, tar, openssh,
tzdata, httpd, mplayer, and phpldapadmin. The distributors include
Debian, Fedora, Gentoo, and Red Hat.
---
## Master of Science in Information Security ##
Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a
solid education in the management of information assurance, and the
unique case study method melds theory into practice. Using today's
e-Learning technology, you can earn this esteemed degree, without
disrupting your career or home life.
LEARN MORE:
http://www.msia.norwich.edu/linux_en
---
Introduction: IP Spoofing, Part III
ICMP Smurfing
By: Suhas A Desai
"Smurf" is the name of an automated program that attacks a network
by exploiting IP broadcast addressing. Smurf and similar programs
can cause the attacked part of a network to become "inoperable."
Network nodes and their administrators to exchange information about
the state of the network use ICMP.
A smurf program builds a network packet with a spoofed victim
source address. The packet contains an ICMP ping message addressed
to an IP broadcast address, meaning all IP addresses in a given
network. If the routing device delivering traffic to those
broadcast addresses performs the IP broadcast to layer 2 broadcast
function, most hosts on that IP network will reply to it with an
ICMP echo reply each. The echo responses to the ping message are
sent back to the victim address. Enough pings and resultant echoes
can flood the network making it unusable for real traffic.
A related attack is called "fraggle", simple re-write of smurf; uses
UDP echo packets in the same fashion as the ICMP echo packets. The
intermediary (broadcast) devices, and the spoofed victim are both hurt
by this attack. The attackers rely on the ability to source spoofed
packets to the "amplifiers" in order to generate the traffic which
causes the denial of service.
In order to stop this, all networks should perform filtering either
at the edge of the network where customers connect (access layer) or
at the edge of the network with connections to the upstream providers,
in order to defeat the possibility of source address spoofed packets
from entering from downstream networks, or leaving for upstream
networks.
One way to defeat smurfing is to disable IP broadcast addressing at
each network router since it is seldom used.
READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/120225/49/
----------------------
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
---
Buffer Overflow Basics
A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.
http://www.linuxsecurity.com/content/view/119087/49/
---
Review: The Book of Postfix: State-of-the-Art Message Transport
I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.
http://www.linuxsecurity.com/content/view/119027/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New proftpd packages fix format string vulnerability
1st, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120281
* Debian: New sqwebmail packages fix cross-site scripting
1st, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120273
* Debian: New Mozilla Firefox packages fix several vulnerabilities
1st, September, 2005
Update Package.
http://www.linuxsecurity.com/content/view/120278
* Debian: New polygen packages fix denial of service
1st, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120280
* Debian: New affix packages fix remote command execution
1st, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120282
* Debian: New zsync packages fix DOS
1st, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120283
* Debian: New phproupware packages fix several vulnerabilities
2nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120285
* Debian: New webcalendar packages fix remote code execution
2nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120287
* Debian: New pcre3 packages fix arbitrary code execution
2nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120288
* Debian: Updated i386 proftpd packages fix format string
vulnerability
2nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120294
* Debian: New ntp packages fix group id confusion
5th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120298
* Debian: New cvs packages fix insecure temporary files
7th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120319
* Debian: New Apache packages fix HTTP request smuggling
8th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120330
* Debian: New kdelibs packages fix backup file information leak
8th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120332
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 4 Update: evince-0.4.0-1.2
1st, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120279
* Fedora Core 4 Update: openmotif-2.2.3-10.FC4.1
2nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120289
* Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.12
2nd, September, 2005
Rebuild for latest kernel, 2.6.12-1.1447_FC4.
http://www.linuxsecurity.com/content/view/120290
* Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.45
2nd, September, 2005
Rebuild for latest kernel, 2.6.12-1.1447_FC4.
http://www.linuxsecurity.com/content/view/120291
* Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.12
2nd, September, 2005
Rebuild for latest kernel, 2.6.12-1.1447_FC4.
http://www.linuxsecurity.com/content/view/120292
* Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.14
2nd, September, 2005
Rebuild for latest kernel, 2.6.12-1.1447_FC4.
http://www.linuxsecurity.com/content/view/120293
* Fedora Core 4 Update: lockdev-1.0.1-7.1
2nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120295
* Fedora Core 3 Update: perl-Compress-Zlib-1.37-1.fc3
6th, September, 2005
Some bug fixes so the amavis users stop complaining. =)
http://www.linuxsecurity.com/content/view/120303
* Fedora Core 4 Update: perl-Compress-Zlib-1.37-1.fc4
6th, September, 2005
Some bug fixes so the amavis users stop complaining. =)
http://www.linuxsecurity.com/content/view/120304
* Fedora Core 3 Update: perl-DBI-1.40-6.fc3
6th, September, 2005
Old and low priority security update that we forgot to push a while
ago.
http://www.linuxsecurity.com/content/view/120305
* Fedora Core 4 Update: termcap-5.4-6
6th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120306
* Fedora Core 4 Update: ckermit-8.0.211-3.FC4
6th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120307
* Fedora Core 4 Update: kdegraphics-3.4.2-0.fc4.2
6th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120308
* Fedora Core 4 Update: squid-2.5.STABLE9-8
6th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120315
* Fedora Core 3 Update: squid-2.5.STABLE9-1.FC3.7
6th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120316
* Fedora Core 4 Update: pam-0.79-9.5
6th, September, 2005
This update should fix potential problems with auditing in pam when
used on systems with kernels without audit compiled in.
http://www.linuxsecurity.com/content/view/120317
* Fedora Core 4 Update: setup-2.5.44-1.1
6th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120318
* Fedora Core 4 Update: tar-1.15.1-10.FC4
7th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120323
* Fedora Core 3 Update: openssh-3.9p1-8.0.3
7th, September, 2005
This security update fixes CAN-2005-2798 and resolves a problem with
X forwarding binding only on IPv6 address on certain circumstances.
http://www.linuxsecurity.com/content/view/120324
* Fedora Core 4 Update: tzdata-2005m-1.fc4
7th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120325
* Fedora Core 3 Update: tzdata-2005m-1.fc3
7th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120326
* Fedora Core 4 Update: httpd-2.0.54-10.2
7th, September, 2005
This update includes two security fixes. An issue was discovered in
mod_ssl where "SSLVerifyClient require" would not be honoured in
location context if the virtual host had "SSLVerifyClient optional"
configured (CAN-2005-2700).
http://www.linuxsecurity.com/content/view/120327
* Fedora Core 3 Update: httpd-2.0.53-3.3
7th, September, 2005
This update includes two security fixes. An issue was discovered in
mod_ssl where "SSLVerifyClientrequire" would not be honoured in
location context if the virtual host had "SSLVerifyClient optional"
configured (CAN-2005-2700).
http://www.linuxsecurity.com/content/view/120328
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: MPlayer Heap overflow in ad_pcm.c
1st, September, 2005
A heap overflow in MPlayer might lead to the execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/120276
* Gentoo: Gnumeric Heap overflow in the included PCRE library
3rd, September, 2005
Gnumeric is vulnerable to a heap overflow, possibly leading to the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/120296
* Gentoo: OpenTTD Format string vulnerabilities
5th, September, 2005
OpenTTD is vulnerable to format string vulnerabilities which may
result in remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/120301
* Gentoo: phpLDAPadmin Authentication bypass
6th, September, 2005
A flaw in phpLDAPadmin may allow attackers to bypass security
restrictions and connect anonymously.
http://www.linuxsecurity.com/content/view/120311
* Gentoo: Net-SNMP Insecure RPATH
6th, September, 2005
The Gentoo Net-SNMP package may provide Perl modules containing an
insecure DT_RPATH, potentially allowing privilege escalation.
http://www.linuxsecurity.com/content/view/120312
* Gentoo: Squid Denial of Service vulnerabilities
7th, September, 2005
Squid contains several bugs when handling certain malformed requests
resulting in a Denial of Service.
http://www.linuxsecurity.com/content/view/120322
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Important: httpd security update
6th, September, 2005
Updated Apache httpd packages that correct two security issues are
now available for Red Hat Enterprise Linux 3 and 4. This update has
been rated as having important security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/120313
* RedHat: Low: cvs security update
6th, September, 2005
An updated cvs package that fixes a security bug is now available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120314
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Attend ToorCon
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
This archive was generated by hypermail 2.1.3 : Fri Sep 09 2005 - 22:31:05 PDT