Linux Advisory Watch – December 23, 2005

67

Author: Benjamin D. Thomas

Happy Holidays! This week, advisories were released for dropbear, nbd, phpbb2,
OpenLDAP, Xpdf, cURL, CenterICQ, digikam, apache2, sudo, kernel, netpbm, udev,
gpdf, kdegraphics, cups, and perl. The distributors include Debian, Gentoo,
Mandriva, and Red Hat.IPv6 approach for TCP SYN Flood attack over VoIP, Part I
By: Suhas Desai

Abstract

In this paper, we describe and analyze a network based DoS attack for IP based networks. It is known as SYN flooding. It works by an attacker sending many TCP connection requests with spoofed source addresses to a victim’s machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources to deny further legitimate access.

The paper contributes a detailed analysis of the SYN flooding attack and existing and proposed countermeasures. SYN flooding attacks in application Performance Validation with VoIP gives improper results. To overwhelm it, IPv6 approaches have been proposed here with successful implementation it with Network Tester using Moonerv6 Phases algorithms. Agilent Network Tester practices on the same principles to make availability of IPv6 service in Networks or sensor networks.

1. Introduction

The attack exploits weaknesses in the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol suite. This cannot be corrected without significant modifications to its protocols. This denial of service attacks can be launched with little effort. Presently, it is difficult to trace an attack back to its originator.

Several possible solutions to this attack have been proposed by others, and some implemented. We have proposed and developed a monitoring tool in IPv6 that classifies IP source addresses with high probability as being falsified or genuine. Our approach finds connection establishment protocol messages that are coming from forged IP addresses, and takes actions to ensure that the resulting illegitimate half-open connections are reset immediately to work over VoIP applications.

2. Background

We will provide a brief description of the features of the TCP/IP protocol suite that facilitate this attack.

2.1. Internet Protocol

The Internet Protocol (IP) is the standard network layer protocol of the Internet
that provides an unreliable, connection-less, best-effort packet delivery service.
IP defines the basic unit of data transfer used throughout an IP network, called
a datagram. The service is unreliable, because the delivery of datagrams is
not guaranteed. Datagrams may be lost, duplicated, delayed, or delivered out
of order. IP is connection-less, because each packet is treated independently
of others — each may travel over different paths and some may be lost while
others are delivered. IP provides best-effort delivery, because packets are
not discarded unless resources are exhausted or underlying networks fail. Datagrams
are routed towards their destination. A set of rules characterize how hosts
and gateways should process packets, how and when error messages should be generated,
and when packets should be discarded.

Read Article:
http://www.linuxsecurity.com/content/view/121083/49/


   Debian
  Debian: New dropbear packages fix arbitrary
code execution
  19th, December, 2005

Updated package.

 
  Debian: New nbd packages fix potential
arbitrary code execution
  21st, December, 2005

Updated package.

 
  Debian: New phpbb2 packages fix several
vulnerabilities
  22nd, December, 2005

Updated package.

 
   Gentoo
  Gentoo: OpenLDAP, Gauche RUNPATH issues
  15th, December, 2005

OpenLDAP and Gauche suffer from RUNPATH issues that may allow
users in the “portage” group to escalate privileges.

 
  Gentoo: Xpdf, GPdf, CUPS, Poppler Multiple
vulnerabilities
  16th, December, 2005

Multiple vulnerabilities have been discovered in Xpdf, GPdf,
CUPS and Poppler potentially resulting in the execution of arbitrary code.

 
  Gentoo: cURL Off-by-one errors in URL
handling
  16th, December, 2005

cURL is vulnerable to local arbitrary code execution via buffer
overflow due to the insecure parsing of URLs.

 
  Gentoo: Opera Command-line URL shell
command injection
  18th, December, 2005

Lack of URL validation in Opera command-line wrapper could be
abused to execute arbitrary commands.

 
  Gentoo: CenterICQ Multiple vulnerabilities
  20th, December, 2005

CenterICQ is vulnerable to a Denial of Service issue, and also
potentially to the execution of arbitrary code through an included vulnerable
ktools library.

 
   Mandriva
  Mandriva: Updated digikam packages fixes
printing functionality
  16th, December, 2005

The printing functionality of DigiKam in Mandriva 2006 is flawed
in that when trying to print a picture, regardless of the size, it swaps
near infinitely and takes an extremely long time until the photo comes
out. As well, the photo may not come out because GhostScript fails due
to lack of memory.

 
  Mandriva: Updated apache2 packages fix
vulnerability in worker MPM
  19th, December, 2005

A memory leak in the worker MPM in Apache 2 could allow remote
attackers to cause a Denial of Service (memory consumption) via aborted
commands in certain circumstances, which prevents the memory for the transaction
pool from being reused for other connections.

 
  Mandriva: Updated sudo packages fix vulnerability
  20th, December, 2005

Charles Morris discovered a vulnerability in sudo versions prior
to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear
the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could
allow limited local users to cause a perl script to include and execute
arbitrary library files that have the same name as library files that
included by the script.

 
  Mandriva: Updated kernel packages fix
numerous vulnerabilities
  21st, December, 2005

Updated package.

 
   Red
Hat
  RedHat: Moderate: netpbm security update
  20th, December, 2005

Updated netpbm packages that fix two security issues are now
available. This update has been rated as having moderate security impact
by the Red Hat Security Response Team.

 
  RedHat: Important: udev security update
  20th, December, 2005

Updated udev packages that fix a security issue are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.

 
  RedHat: Important: gpdf security update
  20th, December, 2005

An updated gpdf package that fixes several security issues is
now available for Red Hat Enterprise Linux 4. This update has been rated
as having important security impact by the Red Hat Security Response Team.

 
  RedHat: Important: kdegraphics security
update
  20th, December, 2005

Updated kdegraphics packages that resolve several security issues
in kpdf are now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.

 
  RedHat: Moderate: curl security update
  20th, December, 2005

Updated curl packages that fix a security issue are now available
for Red Hat Enterprise Linux 4. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.

 
  RedHat: Important: cups security update
  20th, December, 2005

Updated CUPS packages that fix multiple security issues are
now available for Red Hat Enterprise Linux. This update has been rated
as having important security impact by the Red Hat Security Response Team.

 
  RedHat: Moderate: perl security update
  20th, December, 2005

Updated Perl packages that fix security issues and bugs are
now available for Red Hat Enterprise Linux 4. This update has been rated
as having moderate security impact by the Red Hat Security Response Team.

 
  RedHat: Moderate: perl security update
  20th, December, 2005

Updated Perl packages that fix security issues and bugs are
now available for Red Hat Enterprise Linux 3. This update has been rated
as having moderate security impact by the Red Hat Security Response Team.

 
  RedHat: Important: xpdf security update
  20th, December, 2005

An updated xpdf package that fixes several security issues is
now available. This update has been rated as having important security
impact by the Red Hat Security Response Team.