+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 31, 2000 Volume 1, Number 14 | | | | Editorial Team: Benjamin Thomas ben@linuxsecurity.com | | Chris Parker cparker@linuxsecurity.com | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines and system advisories. This week, advisories for gpm, man, dhcp-client, Zope, openldap, BitchX, pam, and nfs-utils were released. DHCP-client and nfs-utils vulnerabilities can both theoretically be used to gain remote root access. * LinuxSecurity.com just released the LinuxSecurity Quick Reference Card. The reference is intended to provide a starting point for improving system security. It includes references to security resources, tips for securing Linux, and other general security information. http://www.linuxsecurity.com/articles/documentation_article-1208.html Our feature this week is an interview with Carr Biggerstaff & Thomas Haigh of Secure Computing, by Dave Wreski. The interview discusses the state of Linux and security, its place in secure business data centers, and their work with the National Security Agency to create a Type-Enforced version of Linux. http://www.linuxsecurity.com/feature_stories/secure-1.html Our sponsor this week is WebTrends. Their Security Analyzer has the most vulnerability tests available for Red Hat & VA Linux. It uses advanced agent-based technology, enabling you to scan your Linux servers from your Windows NT/2000 console and protect them against potential threats. Now with over 1,000 tests available. http://www.webtrends.com/redirect/linuxsecurity1.htm HTML Version Available: http://www.linuxsecurity.com/newsletter.html --------------------- Advisories This Week: --------------------- * Mandrake: gpm vulnerability July 28th, 2000 Many security flaws existed in the gpm package, which is used to control the mouse in a terminal outside of X Windows. As well, a denial of service attack via /dev/gpmctl is possible. All security issues with the gpm package have been addressed with this update. http://www.linuxsecurity.com/advisories/mandrake_advisory-586.html * Mandrake: openldap NOT vulnerable July 28th, 2000 OpenLDAP installs the ud binary with mode 755 and the default group, taken from the installing user's primary gid or the gid of the directory itself. Depending on the gid used, this can cause the file to be group-writable for an extended group. It has been determined that Linux-Mandrake is not vulnerable to the recent openldap permission problem. http://www.linuxsecurity.com/advisories/caldera_advisory-584.html * Mandrake: Zope vulnerability July 28th, 2000 7.1 and previous versions of Zope have a serious security flaw in one of the base classes in the DocumentTemplate package that is inadequately protected. This flaw allows the contents of DHTML Documents or DHTML Methods to be changed remotely or through DHTML code without forcing proper user authorization. http://www.linuxsecurity.com/advisories/mandrake_advisory-588.html * Debian: dhcp-client vulnerability July 28th, 2000 The versions of the ISC DHCP client in Debian 2.1 (slink) and Debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a dhcp server. This means that a malicious dhcp server can execute commands on the client with root privileges. http://www.linuxsecurity.com/advisories/Debian_advisory-585.html * Conectiva: BitchX vulnerability July 28th, 2000 The irc client BitchX can be taken down remotely by inviting the user to a channel with format strings in its name. By receiving the invitation, BitchX will crash immediately. http://www.linuxsecurity.com/advisories/other_advisory-583.html * TurboLinux: dhcp vulnerability July 28th, 2000 Current and previous version of the DHCP client is vulnerable to malicious DHCP servers. The client can execute arbitrary commands given to it in responses from a DHCP server. A maliciously placed DHCP can answer to any local DHCP client, thus providing an avenue to remotely exploit root privileges on the client. http://www.linuxsecurity.com/advisories/turbolinux_advisory-587.html * Conectiva: nfs-utils vulnerability July 27th, 2000 A vulnerability was found in the Conectiva nfs-utils which allows remote root access. It is the same vulnerability that Redhat's nfs-utils had. http://www.linuxsecurity.com/advisories/other_advisory-579.html * Conectiva: pam vulnerability July 27th, 2000 This module incorrectly identifies remote X logins for displays other than :0 (:1, :2, etc.) as local ones, thus giving the console to this user. Having the console, the remote user could issue commands like reboot to remotely reboot the system (after providing his or her password). http://www.linuxsecurity.com/advisories/other_advisory-580.html * Conectiva: gpm vulnerability July 27th, 2000 There is a condition that, if exploited by an attacker, could lead to gpm removing arbitrary files in the system. http://www.linuxsecurity.com/advisories/other_advisory-582.html * Conectiva: man vulnerability July 27th, 2000 The man package has a script called makewhatis that is run weekly by the cron daemon as root. This script creates a directory in /tmp and some files under it with predictable names, thus making it possible for a local attacker to alter any file in the system via symlink attacks. http://www.linuxsecurity.com/advisories/caldera_advisory-581.html * Debian: userv vulnerability July 27th, 2000 The version of userv that was distributed with Debian GNU/Linux 2.1 / slink had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to carry out unauthorized actions or be able to take control for service user accounts. http://www.linuxsecurity.com/advisories/debian_advisory-578.html * RedHat: gpm vulnerability July 26th, 2000 1. gpm did not perform adequate checking of setgid return values in the gpm-root helper program. This resulted in an avenue of attack where local users could execute arbitrary commands with elevated group privileges. 2. /dev/gpmctl was writable by users who were not on the console. A user could perform a local denial of service attack by flooding the socket. http://www.linuxsecurity.com/advisories/redhat_advisory-577.html * Conectiva: openldap vulnerability July 26th, 2000 Our previous update introduced a logrotate script for the ldap logs. This script incorrectly signals the klogd daemon and kills it. This new update also upgrades the openldap package to version 1.2.11 which fixes some bugs in the 1.2.10 release. http://www.linuxsecurity.com/advisories/other_advisory-576.html ----------------------- Top Articles This Week: ----------------------- Host Security News: ------------------- * Grey-hat hacking July 24th, 2000 Enterprises hiring reformed crackers to expose their soft underbellies will only add to the more than $2.6 trillion lost worldwide annually because of security intrusions, warns professional services firm PricewaterhouseCoopers. The shift from business-to-consumer (B2C) to business-to-business (B2B) marketplaces could accelerate this trend at exponential rates. http://www.linuxsecurity.com/articles/hackscracks_article-1192.html * Forensics July 24th, 2000 This article describes the actions taken to investigate an actual security breach. http://www.linuxsecurity.com/articles/host_security_article-1187.html Network Security News: ---------------------- * Debate erupts over disclosure of software security holes July 28th, 2000 In a contentious keynote speech that created an uproar at the Black Hat Briefings security conference here yesterday, security researcher Marcus Ranum charged that the full disclosure of software vulnerabilities isn't improving computer security. Instead, Ranum said, it only encourages attacks by what he called "armies of script kiddies." Many security experts and corporate users believe that publicizing software flaws will improve security by forcing software vendors to improve the quality of their products and to quickly fix potentially damaging bugs - a point that was reiterated by several audience members and other speakers at the Black Hat conference. http://www.linuxsecurity.com/articles/hackscracks_article-1229.html * Study: Internet's structure vulnerable to organized attack July 28th, 2000 The Internet's reliance on a few key nodes makes it especially vulnerable to organized attacks by hackers and terrorists, according to a new study on the structure of the worldwide network. http://www.linuxsecurity.com/articles/general_article-1221.html * Denial-of-service threat gets engineering community's attention July 27th, 2000 The Internet engineering community is developing technology that promises to minimize the damage these hacker attacks cause by quickly identifying the computer systems where they originate. The Internet Engineering Task Force (IETF) last week launched a working group to develop ICMP Traceback Messages, which would let network managers discover the path that packets take through the Internet. http://www.linuxsecurity.com/articles/network_security_article-1211.h tml * Apache Guide: Apache Authentication, Part 1 July 24th, 2000 In this article, I'm going to cover the standard ...
zorazelda