[ISN] Linux Advisory Watch - October 7th 2005

From: InfoSec News (isn@private)
Date: Sun Oct 09 2005 - 21:10:24 PDT


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  October 7th, 2005                          Volume 6, Number 41a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for gtkdiskfree, util-linux,
ClamAV, loop-aes, helix-player, backupninja, squid, mysql, ntlmaps,
mysql-dfsg, gopher, prozilla, cfengine, mozilla-firefox, apachetop,
drupal, mailutils, egroupware, arc, mod-auth-shadow, mason, slocate,
vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb.  The
distributors include Debian, Gentoo, and Red Hat.

---

Denial of Service Attacks
By: Dave Wreski

A "Denial of Service" (DoS) attack is one where the attacker tries
to make some resource too busy to answer legitimate requests, or to
deny legitimate users access to your machine.

Denial of service attacks have increased greatly in recent years. Some
of the more popular and recent ones are listed below. Note that new
ones show up all the time, so this is just a few examples. Read the
Linux security lists and the bugtraq list and archives for more
current information.

* SYN Flooding - SYN flooding is a network denial of service attack.
  It takes advantage of a "loophole" in the way TCP connections are
  created. The newer Linux kernels (2.0.30 and up) have several
  configurable options to prevent SYN flood attacks from denying
  people access to your machine or services. See Section 7 for
  proper kernel protection options.

* Ping Flooding - Ping flooding is a simple brute-force denial of
  service attack. The attacker sends a "flood" of ICMP packets to
  your machine. If they are doing this from a host with better
  bandwidth than yours, your machine will be unable to send anything
  on the network. A variation on this attack, called "smurfing",
  sends ICMP packets to a host with your machine's return IP,
  allowing them to flood you less detectably.

* Ping o' Death - The Ping o' Death attack sends ICMP ECHO REQUEST
  packets that are too large to fit in the kernel data structures
  intended to store them. Because sending a single, large (65,510
  bytes) "ping" packet to many systems will cause them to hang or
  even crash, this problem was quickly dubbed the "Ping o' Death."
  This one has long been fixed, and is no longer anything to worry
  about.

* Teardrop / New Tear - One of the most recent exploits involves a
  bug present in the IP fragmentation code on Linux and Windows
  platforms. It is fixed in kernel version 2.0.33, and does not
  require selecting any kernel compile-time options to utilize the
  fix. Linux is apparently not vulnerable to the "newtear" exploit.

Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/


--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New gtkdiskfree packages fix insecure temporary file
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120472


* Debian: New util-linux packages fix privilege escalation
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120473


* Debian: New ClamAV packages fix denial of service
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120477


* Debian: New loop-aes-utils packages fix privilege escalation
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120478


* Debian: New helix-player packages fix multiple vulnerabilities
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120479


* Debian: New backupninja packages fix insecure temporary file
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120480


* Debian: New squid packages fix denial of service
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120482


* Debian: New squid packages fix denial of service
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120483


* Debian: New mysql packages fix arbitrary code execution
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120484


* Debian: New ntlmaps packages fix information leak
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120485


* Debian: New mysql-dfsg packages fix arbitrary code execution
  30th, September, 2005

Update package.

http://www.linuxsecurity.com/content/view/120490


* Debian: New gopher packages fix several buffer overflows
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120492


* Debian: New mysql-dfsg-4.1 packages fix arbitrary code execution
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120494


* Debian: New prozilla packages fix arbitrary code execution
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120495


* Debian: New cfengine packages fix arbitrary file overwriting
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120496


* Debian: New cfengine2 packages fix arbitrary file overwriting
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120497


* Debian: New Mozilla Firefox packages fix denial of service
  2nd, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120498


* Debian: New mozilla-firefox packages fox multiple vulnerabilities
  2nd, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120500


* Debian: New apachetop packages fix insecure temporary file
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120507


* Debian: New drupal packages fix remote command execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120508


* Debian: New mailutils packages fix arbitrary code execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120514


* Debian: New egroupware packages fix arbitrary code execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120515


* Debian: New mysql-dfsg-4.1 package fixes arbitrary code execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120518


* Debian: New arc packages fix insecure temporary files
  5th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120520


* Debian: New mod-auth-shadow packages fix authentication bypass
  5th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120521


* Debian: New mason packages fix missing init script
  6th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120537


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: AbiWord RTF import stack-based buffer overflow
  30th, September, 2005

AbiWord is vulnerable to a stack-based buffer overflow during RTF
import, making it vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120486


* Gentoo: Hylafax Insecure temporary file creation in xferfaxstats
  30th, September, 2005

Hylafax is vulnerable to linking attacks, potentially allowing a
local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120491


* Gentoo: Mozilla Suite, Mozilla Firefox Multiple
  30th, September, 2005

This advisory was originally released to fix the heap overflow in IDN
headers. However, the official fixed release included several other
security fixes as well.

http://www.linuxsecurity.com/content/view/120493


* Gentoo: gtkdiskfree Insecure temporary file creation
  3rd, October, 2005

gtkdiskfree is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120505


* Gentoo: Berkeley MPEG Tools Multiple insecure temporary
  3rd, October, 2005

The Berkeley MPEG Tools use temporary files in various insecure ways,
potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120506


* Gentoo: Uim Privilege escalation vulnerability
  4th, October, 2005

Under certain conditions, applications linked against Uim suffer from
a privilege escalation vulnerability.

http://www.linuxsecurity.com/content/view/120517


* Gentoo: Texinfo Insecure temporary file creation
  5th, October, 2005

Texinfo is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120524


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Low: slocate security update
  5th, October, 2005

An updated slocate package that fixes a denial of service and various
bugs is available. This update has been rated as having low security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120528


* RedHat: Low: vixie-cron security update
  5th, October, 2005

An updated vixie-cron package that fixes various bugs and a security
issue is now available. This update has been rated as having low
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120529


* RedHat: Low: net-snmp security update
  5th, October, 2005

Updated net-snmp packages that fix two security issues and various
bugs are now available. This update has been rated as having low
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120530


* RedHat: Updated kernel packages available for Red Hat
  5th, October, 2005

Updated kernel packages are now available as part of ongoing support
and maintenance of Red Hat Enterprise Linux version.

http://www.linuxsecurity.com/content/view/120531


* RedHat: Moderate: openssh security update
  5th, October, 2005

Updated openssh packages that fix a security issue,  bugs, and add
support for recording login user IDs for audit are now available for
Red Hat Enterprise Linux 4.

http://www.linuxsecurity.com/content/view/120532


* RedHat: Low: binutils security update
  5th, October, 2005

An updated binutils package that fixes several bugs and minor
security issues is now available.

http://www.linuxsecurity.com/content/view/120533


* RedHat: Low: perl security update
  5th, October, 2005

Updated Perl packages that fix security issues and contain several
bug fixes are now available for Red Hat Enterprise Linux.

http://www.linuxsecurity.com/content/view/120534


* RedHat: Low: mysql security update
  5th, October, 2005

Updated mysql packages that fix a temporary file flaw and a number of
bugs are now available

http://www.linuxsecurity.com/content/view/120535


* RedHat: Low: gdb security update
  5th, October, 2005

An updated gdb package that fixes several bugs and minor security
issues is now available.

http://www.linuxsecurity.com/content/view/120536

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Oct 09 2005 - 22:05:20 PDT