Linux Advisory Watch – March 5, 2004

48

Author: Benjamin D. Thomas

This week, advisories were released
for the Linux kernel, xboing, pwlib, tcpdump, and libxml2. The distributors
include Debian, Fedora, FreeBSD, and Mandrake.


Knock Knock, Who’s There?

One of the more recent rumblings
in the open source community is the concept of port knocking. This technique
involves a daemon listening for a particular knock sequence. A knock is established
by a client trying to make a connection to a closed port. If the client provides
the correct sequence, the server modifies its firewall rules to allow access
to a specific port for that user. For example, the system may be configured
to open up port 22 if the correct information is sent across a series of connection
attempts.

Port knocking is not a security
silver bullet. Like most controls, is merely another layer. It can work well
in conjunction with IP based access controls and standard forms of user authentication.
Because it can be considered a sophisticated form of security by obscurity,
one should not rely on port knocking alone. Rather, it can be used to provide
an additional level of protection.

For those of you interested in port
knocking there is a wonderful resource available at
Portknocking.org
. The site includes a firewall primer, sample port knocking software written in
PERL, C, Java, and Python, enough documentation to get started, and a FAQ.

The PERL implementation includes
a knockclient and knockdaemon. They both include enough documentation to install
it. Port knocking providesa great way to hide services that are rarely used.
However, it does not take the place of strong passwords/keys, other forms of
authentication, and server patching. Usage of port knocking does not mean that
it is alright to run a severely outdated version of OpenSSH. It may prevent
some compromises, but does not eliminate the possibility.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Innovative
Open Source Approach to Combating Email Threats

– Guardian Digital, the world’s premier open source security company, has
introduced Content and Policy Enforcement (CAPE) technology, an innovative
open source software system for securing enterprise email operations.

Interview
with Vincenzo Ciaglia, Founder of Netwosix

– In this article, a brief introduction of Netwosix is given and the project
founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux distribution
for system administrators and advanced users.

Introduction
to Netwox and Interview with Creator Laurent Constantin

– In this article Duane Dunston gives a brief introduction to Netwox, a combination
of over 130 network auditing tools. Also, Duane interviews Laurent Constantin,
the creator of Netwox.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Debian
  2/27/2004 kernel
    MIPs platform
update

Several local root exploits have been discovered recently in the Linux 2.4.x
kernel.

Advisory

 
  2/27/2004 xboing
    Buffer
overflow vulnerabilities

can be exploited by a local attacker to gain gid “games”.

Advisory

 
  3/1/2004 libapache-mod-python
Denial of service vulnerability
    Buffer
overflow vulnerabilities

Fixes a bug which allows a malformed query string to crash the corresponding
Apache child process.

Advisory

 
  3/2/2004 kernel
    2.2.x
Privilege escalation vulnerability

It turned out that a second (sort of) vulnerability is indeed exploitable
in 2.2.x, but not in 2.4.x, with a different exploit.

Advisory

 
  3/3/2004 kernel
    2.2.x
(alpha) Privilege escalation vulnerability

This is the alpha-chip version of the kernel 2.2.x patch Debian released
yesterday.

Advisory

 
  3/4/2004 libxml/libxml2
Buffer overflow vulnerability
    2.2.x
(alpha) Privilege escalation vulnerability

When fetching a remote resource via FTP or HTTP, the library uses special
parsing routines which can overflow a buffer if passed a very long URL.


Advisory

 
 
Distribution: Fedora
  3/2/2004 pwlib
    Denial
of service vulnerability

Using carefully crafted messages, an attacker can bring about denial of
service.

Advisory

 
  3/3/2004 tcpdump
    Multiple
vulnerabilities

Carefully crafted packets can cause denial of service in tcpdump, or execute
code as ‘pcap’ user.

Advisory

 
  3/3/2004 kernel
    2.4.x
Privilege escalation vulnerability

Rollup rpms fix recently reported kernel vulnerabilities in Red Hat 7.2-8.


Advisory

 
  3/4/2004 tcpdump
    Multiple
vulnerabilities

Crafted packets could result in a denial of service, or possibly execute
arbitrary code as the ‘pcap’ user.

Advisory

 
 
Distribution: FreeBSD
  2/27/2004 kernel
    Improper
access vulnerability

Jailed processes can attach to other jails.

Advisory

 
  3/3/2004 kernel
    Denial
of service vulnerability

Out-of-sequence tcp packets can be used to execute a low-bandwidth DoS attack.


Advisory

 
 
Distribution: Mandrake
  3/4/2004 pwlib
    Denial
of service vulnerability

Severity would vary based on the application, but likely would result in
a Denial of Service (DoS).

Advisory

 
  3/4/2004 libxml2
    Buffer
overflow vulnerability

Under certain circumstances, this bug could be remotely exploited to execute
arbitrary code.

Advisory