+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 7th, 2005 Volume 6, Number 41a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for gtkdiskfree, util-linux, ClamAV, loop-aes, helix-player, backupninja, squid, mysql, ntlmaps, mysql-dfsg, gopher, prozilla, cfengine, mozilla-firefox, apachetop, drupal, mailutils, egroupware, arc, mod-auth-shadow, mason, slocate, vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb. The distributors include Debian, Gentoo, and Red Hat. --- Denial of Service Attacks By: Dave Wreski A "Denial of Service" (DoS) attack is one where the attacker tries to make some resource too busy to answer legitimate requests, or to deny legitimate users access to your machine. Denial of service attacks have increased greatly in recent years. Some of the more popular and recent ones are listed below. Note that new ones show up all the time, so this is just a few examples. Read the Linux security lists and the bugtraq list and archives for more current information. * SYN Flooding - SYN flooding is a network denial of service attack. It takes advantage of a "loophole" in the way TCP connections are created. The newer Linux kernels (2.0.30 and up) have several configurable options to prevent SYN flood attacks from denying people access to your machine or services. See Section 7 for proper kernel protection options. * Ping Flooding - Ping flooding is a simple brute-force denial of service attack. The attacker sends a "flood" of ICMP packets to your machine. If they are doing this from a host with better bandwidth than yours, your machine will be unable to send anything on the network. A variation on this attack, called "smurfing", sends ICMP packets to a host with your machine's return IP, allowing them to flood you less detectably. * Ping o' Death - The Ping o' Death attack sends ICMP ECHO REQUEST packets that are too large to fit in the kernel data structures intended to store them. Because sending a single, large (65,510 bytes) "ping" packet to many systems will cause them to hang or even crash, this problem was quickly dubbed the "Ping o' Death." This one has long been fixed, and is no longer anything to worry about. * Teardrop / New Tear - One of the most recent exploits involves a bug present in the IP fragmentation code on Linux and Windows platforms. It is fixed in kernel version 2.0.33, and does not require selecting any kernel compile-time options to utilize the fix. Linux is apparently not vulnerable to the "newtear" exploit. Read more from the Linux Security Howto: http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/ ---------------------- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ --- Review: The Book of Postfix: State-of-the-Art Message Transport I was very impressed with "The Book of Postfix" by authors Ralf Hildebrandt and Pattrick Koetter and feel that it is an incredible Postfix reference. It gives a great overall view of the operation and management of Postfix in an extremely systematic and practical format. It flows in a logical manner, is easy to follow and the authors did a great job of explaining topics with attention paid to real world applications and how to avoid many of the associated pitfalls. I am happy to have this reference in my collection. http://www.linuxsecurity.com/content/view/119027/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New gtkdiskfree packages fix insecure temporary file 29th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120472 * Debian: New util-linux packages fix privilege escalation 29th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120473 * Debian: New ClamAV packages fix denial of service 29th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120477 * Debian: New loop-aes-utils packages fix privilege escalation 29th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120478 * Debian: New helix-player packages fix multiple vulnerabilities 29th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120479 * Debian: New backupninja packages fix insecure temporary file 29th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120480 * Debian: New squid packages fix denial of service 30th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120482 * Debian: New squid packages fix denial of service 30th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120483 * Debian: New mysql packages fix arbitrary code execution 30th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120484 * Debian: New ntlmaps packages fix information leak 30th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120485 * Debian: New mysql-dfsg packages fix arbitrary code execution 30th, September, 2005 Update package. http://www.linuxsecurity.com/content/view/120490 * Debian: New gopher packages fix several buffer overflows 30th, September, 2005 Updated package. http://www.linuxsecurity.com/content/view/120492 * Debian: New mysql-dfsg-4.1 packages fix arbitrary code execution 1st, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120494 * Debian: New prozilla packages fix arbitrary code execution 1st, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120495 * Debian: New cfengine packages fix arbitrary file overwriting 1st, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120496 * Debian: New cfengine2 packages fix arbitrary file overwriting 1st, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120497 * Debian: New Mozilla Firefox packages fix denial of service 2nd, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120498 * Debian: New mozilla-firefox packages fox multiple vulnerabilities 2nd, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120500 * Debian: New apachetop packages fix insecure temporary file 4th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120507 * Debian: New drupal packages fix remote command execution 4th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120508 * Debian: New mailutils packages fix arbitrary code execution 4th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120514 * Debian: New egroupware packages fix arbitrary code execution 4th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120515 * Debian: New mysql-dfsg-4.1 package fixes arbitrary code execution 4th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120518 * Debian: New arc packages fix insecure temporary files 5th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120520 * Debian: New mod-auth-shadow packages fix authentication bypass 5th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120521 * Debian: New mason packages fix missing init script 6th, October, 2005 Updated package. http://www.linuxsecurity.com/content/view/120537 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: AbiWord RTF import stack-based buffer overflow 30th, September, 2005 AbiWord is vulnerable to a stack-based buffer overflow during RTF import, making it vulnerable to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/120486 * Gentoo: Hylafax Insecure temporary file creation in xferfaxstats 30th, September, 2005 Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/120491 * Gentoo: Mozilla Suite, Mozilla Firefox Multiple 30th, September, 2005 This advisory was originally released to fix the heap overflow in IDN headers. However, the official fixed release included several other security fixes as well. http://www.linuxsecurity.com/content/view/120493 * Gentoo: gtkdiskfree Insecure temporary file creation 3rd, October, 2005 gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/120505 * Gentoo: Berkeley MPEG Tools Multiple insecure temporary 3rd, October, 2005 The Berkeley MPEG Tools use temporary files in various insecure ways, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/120506 * Gentoo: Uim Privilege escalation vulnerability 4th, October, 2005 Under certain conditions, applications linked against Uim suffer from a privilege escalation vulnerability. http://www.linuxsecurity.com/content/view/120517 * Gentoo: Texinfo Insecure temporary file creation 5th, October, 2005 Texinfo is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/120524 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Low: slocate security update 5th, October, 2005 An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120528 * RedHat: Low: vixie-cron security update 5th, October, 2005 An updated vixie-cron package that fixes various bugs and a security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120529 * RedHat: Low: net-snmp security update 5th, October, 2005 Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120530 * RedHat: Updated kernel packages available for Red Hat 5th, October, 2005 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version. http://www.linuxsecurity.com/content/view/120531 * RedHat: Moderate: openssh security update 5th, October, 2005 Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4. http://www.linuxsecurity.com/content/view/120532 * RedHat: Low: binutils security update 5th, October, 2005 An updated binutils package that fixes several bugs and minor security issues is now available. http://www.linuxsecurity.com/content/view/120533 * RedHat: Low: perl security update 5th, October, 2005 Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux. http://www.linuxsecurity.com/content/view/120534 * RedHat: Low: mysql security update 5th, October, 2005 Updated mysql packages that fix a temporary file flaw and a number of bugs are now available http://www.linuxsecurity.com/content/view/120535 * RedHat: Low: gdb security update 5th, October, 2005 An updated gdb package that fixes several bugs and minor security issues is now available. http://www.linuxsecurity.com/content/view/120536 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Oct 09 2005 - 22:05:20 PDT