[ISN] Linux Advisory Watch - September 23rd 2005

InfoSec News isn at c4i.org
Mon Sep 26 00:04:11 EDT 2005


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  September 23rd, 2005                       Volume 6, Number 39a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for turqstat, centericq, lm-sensors,
kdebase, python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam,
mod_ssl, Zebedee, umount, squid, and mod_ssl. The distributors include
Debian, Fedora, Gentoo, and Red Hat.

---

## Master of Science in Information Security ##

Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a
solid education in the management of information assurance, and the
unique case study method melds theory into practice.  Using today's
e-Learning technology, you can earn this esteemed degree, without
disrupting your career or home life.

LEARN MORE:
http://www.msia.norwich.edu/linux_en

---

Security Basics

In the ever-changing world of global data communications, inexpensive
Internet connections, and fast-paced software development, security is
becoming more and more of an issue. Security is now a basic requirement
because global computing is inherently insecure. As your data goes from
point A to point B on the Internet, for example, it may pass through
several other points along the way, giving other users the opportunity
to intercept, and even alter, your data. Even other users on your system
may maliciously transform your data into something you did not intend.
Unauthorized access to your system may be obtained by intruders, also
known as ``crackers'', who then use advanced knowledge to impersonate
you, steal information from you, or even deny you access to your own
resources. If you're still wondering what the difference is between a
``Hacker'' and a ``Cracker'', see Eric Raymond's document, ``How to
Become A Hacker'', available at:

http://www.catb.org/~esr/faqs/hacker-howto.html

How Vulnerable Are We?

While it is difficult to determine just how vulnerable a particular
system is, there are several indications we can use:

    * The Computer Emergency Response Team consistently reports an
      increase in computer vulnerabilities and exploits.

    * TCP and UDP, the protocols that comprise the Internet, were
      not written with security as their first priority when it was
      created more than 30 years ago.

    * A version of software on one host has the same vulnerabilities
      as the same version of software on another host. Using this
      information, an intruder can exploit multiple systems using
      the same attack method.

    * Many administrators don't even take simple security measures
      necessary to protect their site, or don't understand the
      ramifications of implementing some services. Many administrators
      are not given the additional time necessary to integrate the
      necessary security measures.

Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave at guardiandigital.com)

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/


--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New turqstat packages fix buffer overflow
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120389


* Debian: New centericq packages fix several vulnerabilities
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120392


* Debian: New lm-sensors packages fix insecure temporary file
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120395


* Debian: New kdebase packages fix local root vulnerability
  16th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120399


* Debian: New python2.2 packages fix arbitrary code execution
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120425


* Debian: New XFree86 packages fix arbitrary code execution
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120426



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: dia-0.94-12.fc4
  16th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120400


* Fedora Core 4 Update: qt-3.3.4-15.4
  16th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120401



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Py2Play Remote execution of arbitrary Python
  17th, September, 2005

A design error in Py2Play allows attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120402


* Gentoo: Mailutils Format string vulnerability in imap4d
  17th, September, 2005

The imap4d server contains a vulnerability allowing an authenticated
user to execute arbitrary code with the privileges of the imap4d
process.

http://www.linuxsecurity.com/content/view/120403


* Gentoo: Shorewall Security policy bypass
  17th, September, 2005

A vulnerability in Shorewall allows clients authenticated by MAC
address filtering to bypass all other security rules.

http://www.linuxsecurity.com/content/view/120404


* Gentoo: Mozilla Suite, Mozilla Firefox Buffer overflow
  18th, September, 2005

Mozilla Suite and Firefox are vulnerable to a buffer overflow that
might be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120405


* Gentoo: Apache, mod_ssl Multiple vulnerabilities
  19th, September, 2005

mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.

http://www.linuxsecurity.com/content/view/120408


* Gentoo: Clam AntiVirus Multiple vulnerabilities
  19th, September, 2005

Clam AntiVirus is subject to vulnerabilities ranging from Denial of
Service to execution of arbitrary code when handling compressed
executables.

http://www.linuxsecurity.com/content/view/120409


* Gentoo: Apache, mod_ssl Multiple vulnerabilities
  19th, September, 2005

mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.

http://www.linuxsecurity.com/content/view/120411


* Gentoo: Shorewall Security policy bypass
  19th, September, 2005

A vulnerability in Shorewall allows clients authenticated by MAC
address filtering to bypass all other security rules.

http://www.linuxsecurity.com/content/view/120412


* Gentoo: Zebedee Denial of Service vulnerability
  20th, September, 2005

A bug in Zebedee allows a remote attacker to perform a Denial of
Service attack.

http://www.linuxsecurity.com/content/view/120417


* Gentoo: util-linux umount command validation error
  20th, September, 2005

A command validation error in umount can lead to an escalation of
privileges.

http://www.linuxsecurity.com/content/view/120418



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Important: XFree86 security update
  15th, September, 2005

This update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120390


* RedHat: Important: squid security update
  15th, September, 2005

An updated Squid package that fixes security issues is now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120391


* RedHat: Important: mod_ssl security update
  15th, September, 2005

An updated mod_ssl package for Apache that corrects a security issue
is now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120396


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list