Linux Advisory Watch – March 19, 2004

13

Author: Benjamin D. Thomas

This week, advisories were
released for xitalk, calife, samba, OpenSSL, the Linux kernel, httpd, isakmpd,
and Mozilla. The distributors include Debian, EnGarde, FreeBSD, Gentoo, Mandrake,
OpenBSD, Red Hat, Slackware, and SuSE.

Programming Faults

Vulnerabilities in CGI
scripts and Web applications have been a long time problem of the Internet.
In my opinion, much of this stems from the fact that most Web programmers are
self-taught, or the University classes taken did not sufficiently focus on security.
Years ago when I was a kid first trying to teach myself programming, I was more
concerned with making the programs work rather than coding properly. Years later
when I was a student in computer science courses, I learned many formal aspects
of coding, but not security. The attitude was, and in many cases still is ‘security
is something than can be added later once the application is fully up and running.’
The reality of fact is that in many cases it is never added later. Or the security
improvements that are made are not sufficient. Budgets run out and new projects
take priority. Software will never be secure unless it is a development priority
from the beginning.

In the last few years,
the landscape has changed. Developers are realizing that input should never
be trusted and assumed to be malicious. Books and online guides are now available
to help those wanting to learn more secure techniques to code. If you are a
developer wanting to learn more, or have developers in your IT department that
should be concerned about security, a great place to start is David Wheeler’s
Security Programming for Linux and Unix HOWTO. It is available at the following
URL:

http://www.linuxsecurity.com/docs/LDP/Secure-Programs-HOWTO/

Simply understanding secure
programming techniques if often not enough. To have a full understanding of
the risks involved, exploiting poorly written code is sometimes necessary. Rather
than specifically writing code to exploit, the WebGoat project can be helpful.
It is a project designed to teach secure programming techniques and demonstrate
how the vulnerabilities can be exploited in the real world. The WebGoat project
is available at the following URL:

http://www.owasp.org/development/webgoat/

Until next time, cheers!
Benjamin D. Thomas

 

LinuxSecurity
Feature Extras:

Security:
MySQL and PHP

– This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

Configure
Web/DNS/Mail Securely in 5 Minutes with EnGarde
– Web, DNS, and
Mail are the building block services of the Internet. In this article, I show
how to setup a Web, DNS, and Mail server with a few clicks of the mouse using
EnGarde Secure Linux.

Innovative
Open Source Approach to Combating Email Threats

– Guardian Digital, the world’s premier open source security company, has
introduced Content and Policy Enforcement (CAPE) technology, an innovative
open source software system for securing enterprise email operations.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Debian
  3/12/2004 xitalk
    Missing
privilege release

A local user can exploit this problem and execute arbitrary commands under
the GID utmp.

Debian advisory 4131

 
  3/12/2004 calife
    Buffer
overflow vulnernability

Overflow allows users with any specific superuser privileges in /etc/calife.auth
to gain general superuser privileges.

Debian advisory 4132

 
  3/15/2004 samba
    Privilege
escalation vulnerability

Remote user-owned setuid programs can be accessed via “smbmnt” and used
to gain local root privileges.

Debian advisory 4133

 
  3/17/2004 gdk-pixbuf
Denial of service vulnerability
    Privilege
escalation vulnerability

A malformed BMP file can remotely crash programs using this library, such
as Evolution.

Debian advisory 4137

 
  3/17/2004 OpenSSL
    Denial
of service vulnerabilities

Resolves two vulnerabilities explained in http://www.uniras.gov.uk/vuls/2004/224012/index.htm


Debian advisory 4143

 
  3/18/2004 kernel
    2.2.x
Privilege escalation vulnerability

This patch corrects a root exploit specifically for the 2.2.x kernel on
the PowerPC platform.

Debian advisory 4147

 
 
Distribution: EnGarde:
openssl
  3/17/2004 ‘openssl’
DoS
    2.2.x
Privilege escalation vulnerability

Using a commercial TLS protocol testing suite the OpenSSL Project discovered
three vulnerabilities in the OpenSSL toolkit.

Engarde advisory 4135

 
    Denial
of service vulnerabilities

Engarde Secure Linux is vulnerable to two of three recently discovered Denial
of Service attacks against OpenSSL.

Engarde advisory 4136

 
 
Distribution: FreeBSD
  3/17/2004 OpenSSL
    Denial
of service vulnerabilities

Remote attacker can crash OpenSSL by triggering a null pointer dereference.


FreeBSD advisory 4144

 
 
Distribution: Gentoo
  3/18/2004 OpenSSL
    Denial
of service vulnerabilities

Three vulnerabilities have been found in OpenSSL via a commercial test suite
for the TLS protocol developed by Codenomicon Ltd.

Gentoo advisory 4149

 
 
Distribution: Mandrake
  3/17/2004 OpenSSL
    Denial
of service vulnerabilities

This update resolves two vulnerabilities in OpenSSL that can remotely trigger
a crash.

Mandrake advisory 4146

 
 
Distribution: OpenBSD
  3/15/2004 httpd
    Improper
rule non-match

Using IP addresses without a netmask on big endian 64-bit platforms causes
the rules to fail to match.

OpenBSD advisory 4134

 
  3/17/2004 isakmpd
    Denial
of service vulnerability

An attacker can craft malformed payloads that can cause the isakmpd(8) process
to stop processing requests.

OpenBSD advisory 4141

 
  3/17/2004 OpenSSL
    Denial
of service vulnerability

Remote attacker can trigger a null-pointer dereference, crashing OpenSSL.


OpenBSD advisory 4145

 
 
Distribution: Red
Hat
  3/17/2004 OpenSSL
    Denial
of service vulnerabilities

Updated OpenSSL packages that fix a remote denial of service vulnerability
are now available for Red Hat Enterprise Linux 2.1.

Redhat advisory 4138

 
  3/17/2004 OpenSSL
    Denial
of service vulnerabilities

Updated OpenSSL packages that fix several remote denial of service vulnerabilities
are available for Red Hat Enterprise Linux 3.

Redhat advisory 4139

 
  3/17/2004 OpenSSL
    Denial
of service vulnerabilities

Updated OpenSSL packages that fix several remote denial of service vulnerabilities
are now available.

Redhat advisory 4142

 
  3/18/2004 Mozilla
    Multiple
vulnerabilities

This patch resolves a DoS attack, a cross-site scripting vulnerability,
and a cookie path escape vulnerability.

Redhat advisory 4148

 
 
Distribution: Slackware
  3/18/2004 OpenSSL
    Denial
of service vulnerability

Fixes available for two potential denial-of-service issues in earlier versions
of OpenSSL.

Slackware advisory 4150

 
 
Distribution: Suse
  3/17/2004 OpenSSL
    Denial
of Service vulnerabilities

Resolved null pointer assignment due to handshake and crash with Kerberos
cipher-suite support.

Suse advisory 4140

 

Category:

  • Linux