Linux Advisory Watch – August 8th 2003

20
– by Benjamin D.
Thomas

This week, advisories were
released for wget, postfix, kernel, atari800, xfstt, kdelibs, mindi, phpgroupware,
eroaster, libc, kdelibs, php, core, stunnel, man-db, Konqueror, and wuftpd. The
distributors include Conectiva, Debian, Guardian Digital’s EnGarde Secure Linux,
FreeBSD, Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux.

One of the most common
causes of software vulnerabilities is poor programming practices. Often,
developers sacrifice security to add additional features. Although most
coders wish to write securely, many do not. At most universities security
is not addressed in programming classes. The only training a student may
receive is learning how to check input variables. I now understand that
more universities are beginning to take software development security
more seriously.

For those of us who
code at work, or just as a hobby, how can we ensure that we’re coding
with best security practices? I recently had the pleasure of reading the
recent O’Reilly book Secure
Coding: Principles & Practices
by Mark G. Graff and Kenneth R. van
Wyk. Like all O’Reilly books, it is moderately technical and will not
bore you with irrelevant narratives. The book weighs in at just over 200
pages and retails for $29.95 USD. I would normally consider this a bit
pricy for a small book. However, in this case the information provided
is well worth the money. Every serious developer should have a copy. This
book is intended for moderately skilled programmers all the way up to
expert level.

The best part of
the book is that it is written primarily as informational text and theory.
It contains very little source code. The authors chose to focus on the
practice of secure coding, rather than specific techniques. The information
found in this book can provide a strong foundation to the knowledge necessary
to begin the secure development process. The beginning of the book provides
an introduction to all types of attacks that affect software. Next, a
chapter is devoted to secure design including coding steps, issues, and
practices to be avoided. The book ends with techniques on how to successfully
test software before release. Another valuable part of the book is the
case studies provided. Each section contains several real world examples
that can help you better understand each concept.

As previously stated,
Secure
Coding: Principles & Practices
is highly recommended. If you have
been waiting for the perfect book on secure coding, this may be it!

Until Next time,
Benjamin D. Thomas

 

LinuxSecurity
Feature Extras:

Expert
vs. Expertise: Computer Forensics and the Alternative OS
– No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

REVIEW:
Linux Security Cookbook
– There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]


 
Distribution: Conectiva
8/2/2003 wu-ftpd
off-by-one vulnerability

There is an off-by-one buffer overflow vulnerability in the fb_realpath()
function, which handles filename paths in wu-ftpd.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3518.html

8/4/2003 wget
buffer
overflow vulnerability

An attacker can create a long (more than 256 characters), specially crafted
URL that when parsed by wget can cause the execution of arbitrary code or
program misbehavior.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3519.html

8/5/2003 postfix
remote
denial of service vulnerability

There are multiple vulnerabilities in postfix.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3530.html

.
Distribution: Debian
8/1/2003 wu-ftpd
buffer overflow vulnerability
remote
denial of service vulnerability

iSEC Security Research reports that wu-ftpd contains an off-by-one bugin
the fb_realpath function which could be exploited by a logged-in user(local
or anonymous) to gain root privileges.

http://www.linuxsecurity.com/advisories/debian_advisory-3507.html

8/1/2003 kernel
mulitple
vulnerabilities

A number of vulnerabilities have been discovered in the Linux kernel.

http://www.linuxsecurity.com/advisories/debian_advisory-3508.html

8/1/2003 atari800
multiple
vulnerabilities

Steve Kemp discovered multiple buffer overflows in atari800, an Atariemulator.

http://www.linuxsecurity.com/advisories/debian_advisory-3509.html

8/1/2003 xfstt
multiple
vulnerabilities

There are multiple vulnerabilities in xfstt.

http://www.linuxsecurity.com/advisories/debian_advisory-3510.html

8/1/2003 kdelibs
Multiple
remote vulnerabilities

Potential unauthorized access and man-in-the-middle attacks have been fixed.

http://www.linuxsecurity.com/advisories/debian_advisory-3515.html

8/2/2003 mindi
insecure
tmp file vulnerability

mindi, a program for creating boot/root disks, does not takeappropriate
security precautions when creating temporary files.

http://www.linuxsecurity.com/advisories/debian_advisory-3520.html

8/3/2003 postfix
multiple
vulnerabilities

There are multiple vulnerabiilities in postfix.

http://www.linuxsecurity.com/advisories/debian_advisory-3521.html

8/5/2003 man-db
multiple vulnerabilities
multiple
vulnerabilities

There are multiple vulnerabilities in suid install of man-db.

http://www.linuxsecurity.com/advisories/debian_advisory-3531.html

8/5/2003 kernel
vulnerability

This advisory provides a correction to the previous kernel updates,which
contained an error introduced in kernel-source-2.4.18 version2.4.18-7. This
error could result in a kernel “oops” under certaincircumstances.

http://www.linuxsecurity.com/advisories/debian_advisory-3532.html

8/5/2003 kernel
vulnerability

This advisory provides a correction to the previous kernel updates,which
contained an error introduced in kernel-source-2.4.18 version2.4.18-7.

http://www.linuxsecurity.com/advisories/debian_advisory-3533.html

8/6/2003 phpgroupware
multiple
vulnerabilities

Several vulnerabilities have been discovered in phpgroupware.

http://www.linuxsecurity.com/advisories/debian_advisory-3536.html

8/6/2003 eroaster
insecure
temporary file vulnerabilitiy

eroaster does nottake appropriate security precautions when creating a temporary
filefor use as a lockfile.

http://www.linuxsecurity.com/advisories/debian_advisory-3537.html

.
Distribution: EnGarde
8/4/2003 ‘postfix’
remote denial-of-service
insecure
temporary file vulnerabilitiy

Michal Zalewski has discovered a vulnerability in the Postfix MTA which
could lead to a remote DoS attack.

http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html

8/6/2003 ‘stunnel’
signal handler race DoS
insecure
temporary file vulnerabilitiy

Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and SPOP3. A potential
vulnerability has been found when stunnel is configured to listen to incoming
connections for these services.

http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html

.
Distribution: FreeBSD
8/4/2003 libc
buffer
overflow vulnerability

An off-by-one error exists in a portion of realpath(3) that computesthe
length of the resolved pathname.

http://www.linuxsecurity.com/advisories/freebsd_advisory-3522.html

8/5/2003 libc
realpath
off-by-one vulnerability

An off-by-one error exists in a portion of realpath(3) that computesthe
length of the resolved pathname.

http://www.linuxsecurity.com/advisories/freebsd_advisory-3534.html

.
Distribution: Mandrake
8/1/2003 kdelibs
authentication
vulnerability

A vulnerability in Konqueror was discovered where it could inadvertently
send authentication credentials to websites other than the intended site
in clear text via the HTTP-referer header when authentication credentials
are passed as part of a URL in the form http://user:password@host/.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3511.html

8/1/2003 wu-ftpd
off-by-one vulnerability
authentication
vulnerability

There is an off-by- one bug in the fb_realpath() function which could be
used by a remote attacker to obtain root privileges on the server.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3512.html

8/4/2003 postfix
multiple
vulnerabilities

Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3523.html

8/4/2003 php
session
handling vulnerability

A vulnerability was discovered in the transparent session ID support in
PHP4 prior to version 4.3.2.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3524.html

.
Distribution: NetBSD
8/4/2003 core
denial
of service vulnerability

It is possible to crash an OSI connected system remotely by sending ita
carefully prepared OSI networking packet.

http://www.linuxsecurity.com/advisories/netbsd_advisory-3525.html

8/4/2003 libc
off-by-one
vulnerability

In the library function realpath, there was a string manipulationmistake
which could lead to 1-byte buffer overrun.

http://www.linuxsecurity.com/advisories/netbsd_advisory-3526.html

.
Distribution: Red
Hat
8/1/2003 wu-ftpd
off-by-one vulnerability
off-by-one
vulnerability

An off-by-one bug has been discovered in versions of wu-ftpd up to andincluding
2.6.2.

http://www.linuxsecurity.com/advisories/redhat_advisory-3513.html

8/4/2003 postfix
multiple
vulnerabilities

Two security issues have been found in Postfix that affect the Postfixpackages
in Red Hat Linux 7.3, 8.0, and 9.

http://www.linuxsecurity.com/advisories/redhat_advisory-3527.html

.
Distribution: Slackware
8/1/2003 Konqueror
Multiple
vulnerabilities

Note that this update addresses a security problem in Konqueror which may
cause authentication credentials to be leaked to an unintended website through
the HTTP-referer header when they have been entered into Konqueror as a
URL

http://www.linuxsecurity.com/advisories/slackware_advisory-3516.html

.
Distribution: SuSe
8/1/2003 wuftpd
off-by-one
vulnerability

There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a
widely used ftp server for Linux-like systems.

http://www.linuxsecurity.com/advisories/suse_advisory-3514.html

8/4/2003 postfix
multiple
vulnerabilities

Michal Zalewski has reported problems in postfix which can lead to a remote
DoS attack or allow attackers to bounce-scan private networks.

http://www.linuxsecurity.com/advisories/suse_advisory-3528.html

.
Distribution: TurboLinux
8/4/2003 wu-ftpd
off-by-one vulnerability
multiple
vulnerabilities

This vulnerability may allow remote authenticated users to execute arbitrary
code via commands that cause long pathnames.

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3529.html

.

 

 

Category:

  • Security