+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| February 17th, 2006 Volume 7, Number 8a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for adzapper, elog, noweb,
cponly, kronolith, xpdf, pdfkit, OTRS, gpdf, nfs-users-server,
libcast, heimdal, poppler, kdegraphics, gnutls, cpuspeed, pam,
postgresql, selinux-policy-targeted, ImageMagick, BomberClone,
ghostscript, libpng, kdegraphics, and openssh. The distributors
include Debian, Fedora, Gentoo, Mandriva, and SuSE.
----
Earn an NSA recognized IA Masters Online
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.
http://www.msia.norwich.edu/linsec
----
pgp Key Signing Observations: Overlooked Social and
Technical Considerations
By: Atom Smasher
While there are several sources of technical information on using
pgp in general, and key signing in particular, this article
emphasizes social aspects of key signing that are too often ignored,
misleading or incorrect in the technical literature. There are also
technical issues pointed out where I believe other documentation
to be lacking. It is important to acknowledge and address social
aspects in a system such as pgp, because the weakest link in the
system is the human that is using it. The algorithms, protocols
and applications used as part of a pgp system are relatively
difficult to compromise or 'break', but the human user can often
be easily fooled. Since the human is the weak link in this chain,
attention must be paid to actions and decisions of that human;
users must be aware of the pitfalls and know how to avoid them.
AUDIENCE
This document is intended to be of use to those wishing to
participate in the exchange of signatures on their OpenPGP keys.
It is assumed that the reader has a basic understanding of pgp,
what it's used for and how to use it. Those more experienced
with pgp may wish to skip the sections they are familiar with,
but it is suggested that even the basic information be
reviewed.
OBSERVATIONS ON GENERATING AND MAINTAINING KEYS
When one first generates a key, it is important that it be
done on a secure machine in a secure environment. One attack
against pgp that is rarely mentioned allows Mallory to steal
or even replace a pgp key before it is distributed. Mallory
would need to compromise Bob's computer prior to Bob's creation
of a key.
Mallory could then eavesdrop on Bob as he types the pgp
passphrase for the first time, and steal the passphrase along
with the secret key. In this case Bob's key is compromised
before it even exists.
If at any time Mallory is able to break into Bob's computer,
she can steal his private key and wait for him to type in his
pgp passphrase. Mallory may use a virus or trojan to
accomplish this. A screwdriver or bootable CD can compromise
the private key. A spy camera or key-logger can compromise the
passphrase. This would allow Mallory to read any message ever
encrypted to Bob and sign any message or key with Bob's
signature.
Aside from keeping his personal computer secure, Bob should
save a copy of his private key in a secure, off-line, off-site
location. This off-line and off-site backup keeps Bob's private
key secure against loss from such things as disk crash or his
computer being stolen by either common or government thieves.
Depending on who is out to get him, he may consider it more
secure to burn his private key onto a CD and store it in a
bank safe, or print it onto paper and hide it inside a
painting. As always, the most appropriate meaning of 'secure'
is left to the needs and perceptions of the reader.
Note that it is often unnecessary to make a backup copy of a
public key for two reasons: 1) if it is publicly available
and can be retrieved from a keyserver and 2) the "gpgsplit"
command has a "secret-to-public" option that can recover a
public key from a private key. Note that gpgsplit may not
recover accurate expiration dates and preferences if they
were updated after the key was created.
One should never sign a key (or use pgp at all) on an
untrusted computer or in an untrusted environment. Gather
the information needed to sign a key and sign it when you
get home. If your home computer and environment are not
trusted, you have bigger problems to worry about.
Read Entire Article:
http://www.linuxsecurity.com/content/view/121645/49/
----------------------
EnGarde Secure Community 3.0.4 Released
Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.4 (Version 3.0, Release 4). This release
includes several bug fixes and feature enhancements to the Guardian
Digital WebTool and the SELinux policy, and several new packages
available for installation.
http://www.linuxsecurity.com/content/view/121560/65/
---
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
---
Buffer Overflow Basics
A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.
http://www.linuxsecurity.com/content/view/119087/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New adzapper packages fix denial of service
9th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121573
* Debian: New elog packages fix arbitrary code execution
10th, February, 2006
Several security problems have been found in elog, an electonic
logbook to manage notes. The Common Vulnerabilities and Exposures
Project identifies the following problems...
http://www.linuxsecurity.com/content/view/121583
* Debian: New noweb packages fix insecure temporary file creation
13th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121606
* Debian: New scponly packages fix potential root vulnerability
13th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121607
* Debian: New kronolith packages fix cross-site scripting
14th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121617
* Debian: New xpdf packages fix denial of service
14th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121618
* Debian: New pdfkit.framework packages fix denial of service
15th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121634
* Debian: New OTRS packages fix several vulnerabilities
15th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121635
* Debian: New gpdf packages fix denial of service
15th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121636
* Debian: New nfs-user-server packages fix arbitrary code execution
15th, February, 2006
Marcus Meissner discovered that attackers can trigger a buffer
overflow in the path handling code by creating or abusing existing
symlinks, which may lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/121643
* Debian: New libast packages fix arbitrary code execution
15th, February, 2006
Johnny Mast discovered a buffer overflow in libast, the library of
assorted spiffy things, that can lead to the execution of arbitary
code. This library is used by eterm which is installed setgid uid
which leads to a vulnerability to alter the utmp file.
http://www.linuxsecurity.com/content/view/121644
* Debian: New heimdal packages fix several vulnerabilities
16th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121646
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 4 Update: poppler-0.4.5-1.1
10th, February, 2006
Heap-based buffer overflow in Splash.cc in poppler, allows
attackers to cause a denial of service and possibly execute
arbitrary code via crafted splash images that produce
certain values that exceed the width or height of the
associated bitmap.
http://www.linuxsecurity.com/content/view/121591
* Fedora Core 4 Update: xpdf-3.01-0.FC4.8
10th, February, 2006
xpdf contains a heap based buffer overflow in the splash
rasterizer engine that can crash kpdf or even execute
arbitrary code.
Users impacted by these issues, should update to this new
package release.
http://www.linuxsecurity.com/content/view/121592
* Fedora Core 4 Update: kdegraphics-3.5.1-0.2.fc4
10th, February, 2006
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a heap based buffer overflow in the splash rasterizer engine
that can crash kpdf or even execute arbitrary code.
Users impacted by these issues, should update to this new
package release.
http://www.linuxsecurity.com/content/view/121593
* Fedora Core 4 Update: gnutls-1.0.25-2.FC4
10th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121596
* Fedora Core 4 Update: cpuspeed-1.2.1-1.24_FC4
12th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121597
* Fedora Core 4 Update: pam_krb5-2.1.15-2
14th, February, 2006
This update fixes several bugs which have been found since FC4 was
released.
http://www.linuxsecurity.com/content/view/121627
* Fedora Core 4 Update: postgresql-8.0.7-1.FC4.1
14th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121629
* Fedora Core 4 Update: selinux-policy-targeted-1.27.1-2.22
14th, February, 2006
Zebra was still broken. Hopefully fixed by this update.
http://www.linuxsecurity.com/content/view/121630
* Fedora Core 4 Update: selinux-policy-strict-1.27.1-2.22
14th, February, 2006
Zebra was still broken. Hopefully fixed by this update.
http://www.linuxsecurity.com/content/view/121631
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: Xpdf, Poppler Heap overflow
12th, February, 2006
Xpdf and Poppler are vulnerable to a heap overflow that may be
exploited to execute arbitrary code.
http://www.linuxsecurity.com/content/view/121598
* Gentoo: KPdf Heap based overflow
12th, February, 2006
KPdf includes vulnerable Xpdf code to handle PDF files, making it
vulnerable to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/121599
* Gentoo: ImageMagick Format string vulnerability
13th, February, 2006
A vulnerability in ImageMagick allows attackers to crash the
application and potentially execute arbitrary code.
http://www.linuxsecurity.com/content/view/121614
* Gentoo: KPdf Heap based overflow
13th, February, 2006
KPdf includes vulnerable Xpdf code to handle PDF files, making it
vulnerable to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/121615
* Gentoo: Sun JDK/JRE Applet privilege escalation
14th, February, 2006
Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE)
do not adequately constrain applets from privilege escalation and
arbitrary code execution.
http://www.linuxsecurity.com/content/view/121633
* Gentoo: libtasn1, GNU TLS Security flaw in DER decoding
16th, February, 2006
A flaw in the parsing of Distinguished Encoding Rules (DER) has been
discovered in libtasn1, potentially resulting in the execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/121654
* Gentoo: BomberClone Remote execution of arbitrary code
16th, February, 2006
BomberClone is vulnerable to a buffer overflow which may lead to
remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/121655
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated ghostscript packages fix various bugs
10th, February, 2006
A number of bugs have been corrected with this latest ghostscript
package including a fix when rendering imaged when converting
PostScript to PDF with ps2pdf, a crash when generating PDF files with
the pdfwrite device, several segfaults, a fix for vertical japanese
text, and a number of other fixes.
http://www.linuxsecurity.com/content/view/121595
* Mandriva: Updated gnutls packages fix libtasn1 out-of-bounds access
vulnerabilities
14th, February, 2006
Evgeny Legerov discovered cases of possible out-of-bounds access in
the DER decoding schemes of libtasn1, when provided with invalid
input. This library is bundled with gnutls. The provided packages
have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/121616
* Mandriva: Updated postgresql packages fix various bugs
14th, February, 2006
Various bugs in the PostgreSQL 8.0.x branch have been corrected with
the latest 8.0.7 maintenance release which is being provided for
Mandriva Linux 2006 users.
http://www.linuxsecurity.com/content/view/121632
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Important: gnutls security update
10th, February, 2006
Updated gnutls packages that fix a security issue are now available
for Red Hat Enterprise Linux 4.
http://www.linuxsecurity.com/content/view/121594
* RedHat: Important: xpdf security update
13th, February, 2006
An updated xpdf package that fixes a buffer overflow security issue
is now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121608
* RedHat: Moderate: libpng security update
13th, February, 2006
Updated libpng packages that fix a security issue are now available
for Red Hat Enterprise Linux 4. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121609
* RedHat: Important: kdegraphics security update
13th, February, 2006
Updated kdegraphics packages that resolve a security issue in kpdf
are now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121610
* RedHat: Moderate: ImageMagick security update
14th, February, 2006
Updated ImageMagick packages that fix two security issues are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/121628
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: kernel remote denial of service
9th, February, 2006
The Linux kernel on SUSE Linux 10.0 has been updated to fix following
security problems...
http://www.linuxsecurity.com/content/view/121580
* SuSE: binutils, kdelibs3, kdegraphics3, koffice, dia, lyx
10th, February, 2006
A SUSE specific patch to the GNU linker 'ld' removes redundant RPATH
and RUNPATH components when linking binaries. Due to a bug in this
routine ld occasionally left empty RPATH components. When running a
binary with empty RPATH components the dynamic linker tries to load
shared libraries from the current directory.
http://www.linuxsecurity.com/content/view/121590
* SuSE: openssh (SUSE-SA:2006:008)
14th, February, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121619
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Feb 19 2006 - 23:14:36 PST