Linux Advisory Watch - August 8th 2003

– by Benjamin D.
Thomas –

This week, advisories were
released for wget, postfix, kernel, atari800, xfstt, kdelibs, mindi, phpgroupware,
eroaster, libc, kdelibs, php, core, stunnel, man-db, Konqueror, and wuftpd. The
distributors include Conectiva, Debian, Guardian Digital’s EnGarde Secure Linux,
FreeBSD, Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux.

One of the most common
causes of software vulnerabilities is poor programming practices. Often,
developers sacrifice security to add additional features. Although most
coders wish to write securely, many do not. At most universities security
is not addressed in programming classes. The only training a student may
receive is learning how to check input variables. I now understand that
more universities are beginning to take software development security
more seriously.

For those of us who
code at work, or just as a hobby, how can we ensure that weÃ¢â‚¬â„¢re coding
with best security practices? I recently had the pleasure of reading the
recent OÃ¢â‚¬â„¢Reilly book Secure
Coding: Principles & Practices by Mark G. Graff and Kenneth R. van
Wyk. Like all OÃ¢â‚¬â„¢Reilly books, it is moderately technical and will not
bore you with irrelevant narratives. The book weighs in at just over 200
pages and retails for $29.95 USD. I would normally consider this a bit
pricy for a small book. However, in this case the information provided
is well worth the money. Every serious developer should have a copy. This
book is intended for moderately skilled programmers all the way up to
expert level.

The best part of
the book is that it is written primarily as informational text and theory.
It contains very little source code. The authors chose to focus on the
practice of secure coding, rather than specific techniques. The information
found in this book can provide a strong foundation to the knowledge necessary
to begin the secure development process. The beginning of the book provides
an introduction to all types of attacks that affect software. Next, a
chapter is devoted to secure design including coding steps, issues, and
practices to be avoided. The book ends with techniques on how to successfully
test software before release. Another valuable part of the book is the
case studies provided. Each section contains several real world examples
that can help you better understand each concept.

As previously stated,
Secure
Coding: Principles & Practices is highly recommended. If you have
been waiting for the perfect book on secure coding, this may be it!

Until Next time,
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Expert
vs. Expertise: Computer Forensics and the Alternative OS – No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

REVIEW:
Linux Security Cookbook – There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability. [ Subscribe
]


Distribution:			Conectiva
	8/2/2003	wu-ftpd off-by-one vulnerability
		There is an off-by-one buffer overflow vulnerability in the fb_realpath() function, which handles filename paths in wu-ftpd. http://www.linuxsecurity.com/advisories/connectiva_advisory-3518.html

	8/4/2003	wget
		buffer overflow vulnerability An attacker can create a long (more than 256 characters), specially crafted URL that when parsed by wget can cause the execution of arbitrary code or program misbehavior. http://www.linuxsecurity.com/advisories/connectiva_advisory-3519.html

	8/5/2003	postfix
		remote denial of service vulnerability There are multiple vulnerabilities in postfix. http://www.linuxsecurity.com/advisories/connectiva_advisory-3530.html

.

Distribution:			Debian
	8/1/2003	wu-ftpd buffer overflow vulnerability
		remote denial of service vulnerability iSEC Security Research reports that wu-ftpd contains an off-by-one bugin the fb_realpath function which could be exploited by a logged-in user(local or anonymous) to gain root privileges. http://www.linuxsecurity.com/advisories/debian_advisory-3507.html

	8/1/2003	kernel
		mulitple vulnerabilities A number of vulnerabilities have been discovered in the Linux kernel. http://www.linuxsecurity.com/advisories/debian_advisory-3508.html

	8/1/2003	atari800
		multiple vulnerabilities Steve Kemp discovered multiple buffer overflows in atari800, an Atariemulator. http://www.linuxsecurity.com/advisories/debian_advisory-3509.html

	8/1/2003	xfstt
		multiple vulnerabilities There are multiple vulnerabilities in xfstt. http://www.linuxsecurity.com/advisories/debian_advisory-3510.html

	8/1/2003	kdelibs
		Multiple remote vulnerabilities Potential unauthorized access and man-in-the-middle attacks have been fixed. http://www.linuxsecurity.com/advisories/debian_advisory-3515.html

	8/2/2003	mindi
		insecure tmp file vulnerability mindi, a program for creating boot/root disks, does not takeappropriate security precautions when creating temporary files. http://www.linuxsecurity.com/advisories/debian_advisory-3520.html

	8/3/2003	postfix
		multiple vulnerabilities There are multiple vulnerabiilities in postfix. http://www.linuxsecurity.com/advisories/debian_advisory-3521.html

	8/5/2003	man-db multiple vulnerabilities
		multiple vulnerabilities There are multiple vulnerabilities in suid install of man-db. http://www.linuxsecurity.com/advisories/debian_advisory-3531.html
	8/5/2003	kernel
		vulnerability This advisory provides a correction to the previous kernel updates,which contained an error introduced in kernel-source-2.4.18 version2.4.18-7. This error could result in a kernel “oops” under certaincircumstances. http://www.linuxsecurity.com/advisories/debian_advisory-3532.html

	8/5/2003	kernel
		vulnerability This advisory provides a correction to the previous kernel updates,which contained an error introduced in kernel-source-2.4.18 version2.4.18-7. http://www.linuxsecurity.com/advisories/debian_advisory-3533.html
	8/6/2003	phpgroupware
		multiple vulnerabilities Several vulnerabilities have been discovered in phpgroupware. http://www.linuxsecurity.com/advisories/debian_advisory-3536.html

	8/6/2003	eroaster
		insecure temporary file vulnerabilitiy eroaster does nottake appropriate security precautions when creating a temporary filefor use as a lockfile. http://www.linuxsecurity.com/advisories/debian_advisory-3537.html

.
Distribution:			EnGarde
	8/4/2003	‘postfix’ remote denial-of-service
		insecure temporary file vulnerabilitiy Michal Zalewski has discovered a vulnerability in the Postfix MTA which could lead to a remote DoS attack. http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html

	8/6/2003	‘stunnel’ signal handler race DoS
		insecure temporary file vulnerabilitiy Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and SPOP3. A potential vulnerability has been found when stunnel is configured to listen to incoming connections for these services. http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html

.
Distribution:			FreeBSD
	8/4/2003	libc
		buffer overflow vulnerability An off-by-one error exists in a portion of realpath(3) that computesthe length of the resolved pathname. http://www.linuxsecurity.com/advisories/freebsd_advisory-3522.html

	8/5/2003	libc
		realpath off-by-one vulnerability An off-by-one error exists in a portion of realpath(3) that computesthe length of the resolved pathname. http://www.linuxsecurity.com/advisories/freebsd_advisory-3534.html

.
Distribution:			Mandrake
	8/1/2003	kdelibs
		authentication vulnerability A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. http://www.linuxsecurity.com/advisories/mandrake_advisory-3511.html

	8/1/2003	wu-ftpd off-by-one vulnerability
		authentication vulnerability There is an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. http://www.linuxsecurity.com/advisories/mandrake_advisory-3512.html

	8/4/2003	postfix
		multiple vulnerabilities Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski. http://www.linuxsecurity.com/advisories/mandrake_advisory-3523.html

	8/4/2003	php
		session handling vulnerability A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. http://www.linuxsecurity.com/advisories/mandrake_advisory-3524.html

.
Distribution:			NetBSD
	8/4/2003	core
		denial of service vulnerability It is possible to crash an OSI connected system remotely by sending ita carefully prepared OSI networking packet. http://www.linuxsecurity.com/advisories/netbsd_advisory-3525.html

	8/4/2003	libc
		off-by-one vulnerability In the library function realpath, there was a string manipulationmistake which could lead to 1-byte buffer overrun. http://www.linuxsecurity.com/advisories/netbsd_advisory-3526.html

.
Distribution:			Red Hat
	8/1/2003	wu-ftpd off-by-one vulnerability
		off-by-one vulnerability An off-by-one bug has been discovered in versions of wu-ftpd up to andincluding 2.6.2. http://www.linuxsecurity.com/advisories/redhat_advisory-3513.html

	8/4/2003	postfix
		multiple vulnerabilities Two security issues have been found in Postfix that affect the Postfixpackages in Red Hat Linux 7.3, 8.0, and 9. http://www.linuxsecurity.com/advisories/redhat_advisory-3527.html

.
Distribution:			Slackware
	8/1/2003	Konqueror
		Multiple vulnerabilities Note that this update addresses a security problem in Konqueror which may cause authentication credentials to be leaked to an unintended website through the HTTP-referer header when they have been entered into Konqueror as a URL http://www.linuxsecurity.com/advisories/slackware_advisory-3516.html

.
Distribution:			SuSe
	8/1/2003	wuftpd
		off-by-one vulnerability There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. http://www.linuxsecurity.com/advisories/suse_advisory-3514.html

	8/4/2003	postfix
		multiple vulnerabilities Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. http://www.linuxsecurity.com/advisories/suse_advisory-3528.html

.
Distribution:			TurboLinux
	8/4/2003	wu-ftpd off-by-one vulnerability
		multiple vulnerabilities This vulnerability may allow remote authenticated users to execute arbitrary code via commands that cause long pathnames. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3529.html
.

LinuxSecurity Feature Extras:

RELATED ARTICLESMORE FROM AUTHOR

Xen 4.19 is released

Advancing Xen on RISC-V: key updates

AI Produces Data-driven OpenFOAM Speedup (HPC Wire)

Delivering Prime Training Deals – 2 DAYS ONLY

Why You Need to Know About Event Modeling: —An Intro

LinuxSecurity
Feature Extras:

RELATED ARTICLES MORE FROM AUTHOR