[ISN] Linux Advisory Watch - May 19th 2006

From: InfoSec News (isn@private)
Date: Mon May 22 2006 - 01:40:05 PDT

|  LinuxSecurity.com                         Weekly Newsletter        |
|  May 19th, 2006                             Volume 7, Number 21n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@private    |
|                   Benjamin D. Thomas      ben@private     |

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were releaed for Mozilla Firefox, webcalendar,
phpLDAPadmin, and awstats.


EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.



Packet Sniffers

One of the most common ways intruders gain access to more systems
on your network is by employing a packet sniffer on a already
compromised host. This "sniffer" just listens on the Ethernet
port for things like passwd and login and su in the packet
stream and then logs the traffic after that. This way, attackers
gain passwords for systems they are not even attempting to break
into. Clear-text passwords are very vulnerable to this attack.

Example: Host A has been compromised. Attacker installs a sniffer.
Sniffer picks up admin logging into Host B from Host C. It gets
the admins personal password as they login to B. Then, the admin
does a su to fix a problem. They now have the root password for
Host B. Later the admin lets someone telnet from his account to
Host Z on another site. Now the attacker has a password/login on
Host Z.

In this day and age, the attacker doesn't even need to compromise
a system to do this: they could also bring a laptop or pc into a
building and tap into your net.

Using ssh or other encrypted password methods thwarts this attack.
Things like APOP for POP accounts also prevents this attack.
(Normal POP logins are very vulnerable to this, as is anything
that sends clear-text passwords over the network.)

>From the Linux Security HowTo by Dave Wreski:


EnGarde Secure Linux v3.0.6 Now Available

Guardian Digital is happy to announce the release of EnGarde Secure
Community 3.0.6 (Version 3.0, Release 6). This release includes
several bug fixes and feature enhancements to the Guardian Digital
WebTool and the SELinux policy, several updated packages, and a couple
of new packages available for installation. The following reported
bugs from bugs.engardelinux.org are fixed in this release:

Read Article:


Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Debian           | ----------------------------//

* Debian: New Mozilla Firefox packages fix arbitrary code execution
  11th, May, 2006

Updated package.


* Debian: New webcalendar packages fix information leak
  15th, May, 2006

Updated package.


* Debian: New phpLDAPadmin packages fix cross-site scripting
  15th, May, 2006

Several cross-site scripting vulnerabilities have been discovered in
phpLDAPadmin, a web based interface for administering LDAP servers,
that allows remote attackers to inject arbitrary web script or HTML.


* Debian: New awstats packages fix arbitrary command execution
  18th, May, 2006

Updated package.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Mon May 22 2006 - 01:48:42 PDT