Linux Advisory Watch – February 27, 2004

26

Author: Benjamin D. Thomas

This week, advisories were released for XFree86, the Linux kernel, lbreakout2, mailman, synaesthesia, hsftp, pwlib, metamail, libxml2, mtools, OpenSSL, mod_python, and libxml2. The distributors include Conectiva, Debian, Fedora, Immunix, Mandrake, NetBSD, Red Hat, Suse, Trustix, and Turbolinux.

SELinux Making Progress

First released in December 2000,
SELinux has continued making progress in development. It was introduced containing
mandatory access controls and an example security policy demonstrating its usage.
Over the past three years, the NSA and a team of volunteers have continued making
improvements on a consistent basis.

SELinux can provide access control
for kernel objects, services, processes, files, directories, sockets, network
interfaces, and others. It provides protection mechanisms against many well-known
problems because it eliminates the dependence on setuid/setgid binaries. In
a nutshell, mandatory access control provides a finer and more in-depth level
of control for administrators. Rather than being bound to the rules established
by software, effectively an administrator can fully set the security policy.

The latest release of SELinux includes
an updated base kernel and enhanced policy language. SELinux is a patch that
can be applied to the kernel of virtually any Linux system. At the moment, many
of the major Linux distributions are developing patches that will give users
the ability to easily take advantage of SELinux. When used correctly, SELinux
can provide administrators with a greater level of assurance.

Although the technology that SELinux
takes advantage of can provide many benefits, if used incorrectly a system can
still remain vulnerable. Poor administration practices and uninformed staff
can be problematic. For example, incorrectly implementing the software could
give a false impression of security, when in reality problems still exist. When
evaluating a new tool or kernel patch it is important to take each step slowly.
The system should be setup in a test environment and fully evaluated. Also,
before moving a system into production, everyone involved should be fully trained
to deal with incidents if they arise.

If you are interested in finding
out more about SELinux, please see the following link.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Interview
with Vincenzo Ciaglia, Founder of Netwosix

– In this article, a brief introduction of Netwosix is given and the project
founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux distribution
for system administrators and advanced users.

Introduction
to Netwox and Interview with Creator Laurent Constantin

– In this article Duane Dunston gives a brief introduction to Netwox, a combination
of over 130 network auditing tools. Also, Duane interviews Laurent Constantin,
the creator of Netwox.

Managing
Linux Security Effectively in 2004

– This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Conectiva
  2/23/2004 kernel
    Privilege
escalation vulnerability

Bug can be used by local attackers to obtain root privileges.
Advisory

 
  2/23/2004 XFree86
    Multiple
vulnerabilities

Greg MacManus from iDEFENSE Labs discovered[3][5] two vulnerabilities in
the way the X server deals with font files.
Advisory

 
 
Distribution: Debian
  2/20/2004 XFree86
    Multiple
vulnerabilities

Various buffer-overflow and input-non-validation vulnerabilities are fixed
in this patch.
Advisory

 
  2/20/2004 kernel
    Privilege
escalation vulnerability

This patch is for the ia64 architecture.
Advisory

 
  2/23/2004 lbreakout2
    Environment
non-sanitation vulnerability

This bug could be exploited by a local attacker to gain the privileges of
group “games”.
Advisory

 
  2/23/2004 mailman
    Multiple
vulnerabilities

Patch for cross-site scripting and denial of service vulnerabilities.
Advisory

 
  2/23/2004 synaesthesia
    Insecure
file creation

This type of vulnerability can usually be easily exploited to execute arbitary
code with root privileges by various means.
Advisory

 
  2/23/2004 hsftp
    Format
string vulnerability

An attacker, able to create files on a remote server, could potentially
execute arbitrary code with the privileges of the user invoking hsftp.
Advisory

 
  2/23/2004 pwlib
    Multiple
vulnerabilities

This library is most notably used in several applications implementing the
H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting
and asterisk.

Advisory

 
  2/24/2004 metamail
    Multiple
vulnerabilities

An attacker could create a carefully-crafted mail message which will execute
arbitrary code as the victim when it is opened and parsed through metamail.

Advisory

 
 
Distribution: Fedora
  2/26/2004 libxml2
    Buffer
overflow vulnerability

Updated libxml2 packages are available to fix an overflow when parsing the
URI for remote resources.
Advisory

 
 
Distribution: Immunix
  2/26/2004 kernel
    Privilege
escalation vulnerability

While they found the flaw on the 2.4 series of Linux kernels, the 2.2 series
of Linux kernels is also vulnerable to the same problem.
Advisory

 
 
Distribution: Mandrake
  2/24/2004 kernel
    Privilege
escalation vulnerability

A flaw in the Linux kernel, versions 2.4.24 and previous, could allow a
local user to obtain root privileges.
Advisory

 
  2/25/2004 mtools
    Inappropriate
use of privilege

The mformat program can be used to gain root privileges when run suid root.

Advisory

 
  2/26/2004 kernel
    Privilege
escalation vulnerabilities

This patches one mremap() and several driver vulnerabilites, each capable
of allowing a local root compromise.
Advisory

 
 
Distribution: NetBSD
  2/20/2004 Multiple
    Addendums
to recent advisories

Here are three mailings from the NetBSD announce list that discuss various
gotchas with the recent advisories.
Advisory

 
  2/20/2004 OpenSSL
    Denial
of service vulnerability

OpenSSL 0.9.6k ASN.1 parser had a possible denial-of-service vulnerability.

Advisory

 
 
Distribution: Red
Hat
  2/26/2004 mod_python
    Denial
of service vulnerability

Updated mod_python packages that fix a denial of service vulnerability are
now available for Red Hat Linux.
Advisory

 
  2/26/2004 libxml2
    Buffer
overflow vulernability

Updated libxml2 packages that fix an overflow when parsing remote resources
are now available.
Advisory

 
  2/26/2004 mod_python
    Denial
of service vulnerability

Updated mod_python packages that fix a denial of service vulnerability are
now available for Red Hat Enterprise Linux.
Advisory

 
  2/26/2004 libxml2
    Improper
parse vulnerability

Updated libxml2 packages that fix an overflow when parsing remote resources
are now available.
Advisory

 
 
Distribution: Suse
  2/23/2004 XFree86
    Multiple
vulnerabilities

Successful exploitation of these bugs leads to local root access.

Advisory

 
 
Distribution: Trustix
  2/23/2004 kernel
    2.2.25
Privilege escalation vulnerability

Through this hole, it is possible for anyone with a local account on the
system to gain root privileges. This is the kernel 2.2.25 counterpart to
the security hole fixed in TSLSA-2004-0007.
Advisory

 
 
Distribution: Turbolinux
  2/23/2004 kernel
    Privilege
escalation vulnerability

A Linux memory management subsystem (mremap) issue has been discovered in
kernel 2.4.

Advisory