[ISN] Linux Advisory Watch - Aug 6th 2004

InfoSec News isn at c4i.org
Mon Aug 9 08:45:39 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  August 6, 2004                           Volume 5, Number 31a      |

  Editors:    Dave Wreski            Benjamin Thomas
       dave at linuxsecurity.com        ben at linuxsecurity.com

This week, advisories were released for Xsco, OpenSSL, uudecode, samba,
sox, phpMyAdmin and wv. The distributors include SCO Group, Conectiva,
Gentoo, Mandrake, Red Hat.


 >> Internet Productivity Suite:  Open Source Security <<

Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available.  Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their



Using Pam

Pluggable Authentication Modules is a method for authenticating users.
Using PAM, programmers can provide a more easy and versatile means of
performing authentication functions.  The ability to change from basic
password authentication to the use of smart cards or even biometrics can
be changed without having to recompile programs or require serious

Additionally, PAM can be used to modify the terms of access by users as
well as system resources.

Just a few of the things you can do with PAM:

- Use a different encryption method for passwords such as MD5,
  making them harder to brute force decode;

- Set resource limits on all your users so they can't perform
  denial of service attacks (number of processes, amount of
  memory, etc)

- Enable shadow passwords on the fly

- Allow specific users to login only at specific times from
  specific places

Within a few hours of installing and configuring your system, you can
prevent many attacks before they even occur. For example, use PAM to
disable the system-wide usage of .rhosts files in user's home directories
by adding these lines to /etc/pam.d/login:

         # Disable rsh/rlogin/rexec for users
         login auth required pam_rhosts_auth.so no_rhosts

Set filesystem limits instead of allowing unlimited as is the default.
You can control the per-user limits using the resource- limits PAM module
and /etc/pam.d/limits.conf. For example, limits for group 'users' might
look like this:

         @users     hard  core    0
         @users     hard  nproc   50
         @users     hard  rss     5000

This says to limit the creation of core files to zero bytes, restrict the
number of processes to 50, and restrict memory usage per user to 5 Meg.

The Linux-PAM System Administrators' Guide is a "draft" document that
describes the usage of the default PAM modules.


Keep in mind that there is the potential to create a situation whereby
even root doesn't have access to the system, creating all kinds of
configuration headaches.  Use caution.

 Security Tip Written by Dave Wreski (dave at guardiandigital.com)
 Additional tips are available at the following URL:


An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



Security Expert Dave Wreski Discusses Open Source Security

LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: SCO Group        | ----------------------------//

 7/30/2004 - Xsco
   Buffer overflow vulnerability

   UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow
   that could be exploited to gain root privileges.

 7/30/2004 - Xsco
   Buffer overflow vulnerability

   OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer
   overflow that could be exploited to gain root privileges.

 7/30/2004 - OpenSSL
   Multiple vulnerabilities

   This patch addresses a large number of outstanding OpenSSL

 7/30/2004 - uudecode
   Insecure tempfile vulnerability

   If a user uses uudecode to extract data into open shared
   directories, such as /tmp, this vulnerability could be used by a
   local attacker to overwrite files or lead to privilege escalation.

|  Distribution: Conectiva        | ----------------------------//

 7/30/2004 - samba
   Buffer overflow vulnerabilities

   Exploitation of these vulnerabilites could lead to execution of
   arbitrary code.

 7/30/2004 - sox
   Buffer overflow vulnerabilities

   Ulf H=E4rnhammar found two buffer overflow vulnerabilities[2] in
   SoX. They occurred when the sox or play commands handled malicious
   .WAV files.

|  Distribution: Gentoo           | ----------------------------//

 7/30/2004 - samba
   Buffer overflow vulnerabilities

   Two buffer overflows vulnerabilities were found in Samba,
   potentially allowing the remote execution of arbitrary code.
   (Note: this announcement takes the ERRATA released by Gentoo into

 7/30/2004 - phpMyAdmin
   Multiple vulnerabilities

   Multiple vulnerabilities in phpMyAdmin may allow a remote attacker
   with a valid user account to alter configuration variables and
   execute arbitrary PHP code.

 7/30/2004 - SoX
   Buffer overflow vulnerabilities

   By enticing a user to play or convert a specially crafted WAV file
   an attacker could execute arbitrary code with the permissions of
   the user running SoX.

|  Distribution: Mandrake         | ----------------------------//

 7/30/2004 - wv
   Buffer overflow vulnerabilty

   iDefense discovered a buffer overflow vulnerability in the wv
   package which could allow an attacker to execute arbitrary code
   with the runner's privileges.

 7/30/2004 - OpenOffice.org Multiple vulnerabilities
   Buffer overflow vulnerabilty

   These updated packages contain fixes to libneon to correct the
   several format string vulnerabilities in it, as well as a
   heap-based buffer overflow vulnerability.

|  Distribution: Red Hat          | ----------------------------//

 7/30/2004 - sox
   Buffer overflow vulnerabilities

   A malicious WAV file could cause arbitrary code to be executed
   when the file was played or converted.

 7/30/2004 - ipsec-tools Key verification vulnerability
   Buffer overflow vulnerabilities

   When configured to use X.509 certificates to authenticate remote
   hosts, psec-tools versions 0.3.3 and earlier will attempt to
   verify that host certificate, but will not abort the key exchange
   if verification fails.

Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list