Author: Preston St. Pierre
fetch, Ruby, BNC, Squirrelmail, gd, sudo, totem, drakxtools, httpd, freeradius,
libxml2, and iptables. The distributors include Conectiva, Debian, Fedora, FreeBSD,
Gentoo, Mandrake, Red Hat, Suse, and Trustix.
Root Security
The most sought-after account on your machine is the superuser account.
This account has authority over the entire machine, which may also
include authority over other machines on the network. Remember that you
should only use the root account for very short specific tasks and
should mostly run as a normal user. Running as root all the time is
a very very very bad idea.
Several tricks to avoid messing up your own box as root:
- When doing some complex command, try running it first in a non destructive
way…especially commands that use globbing: e.g., you are going to do a rm
foo*.bak, instead, first do: ls foo*.bak and make sure you are going to delete
the files you think you are. Using echo in place of destructive commands also
sometimes works. - Provide your users with a default alias to the /bin/rm command to ask for
confirmation for deletion of files. - Only become root to do single specific tasks. If you find yourself trying
to figure out how to do something, go back to a normal user shell until you
are sure what needs to be done by root. - The command path for the root user is very important. The command path,
or the PATH environment variable, defines the location the shell searches
for programs. Try and limit the command path for the root user as much as
possible, and never use ‘.’, meaning ‘the current directory’, in your PATH
statement. Additionally, never have writable directories in your search path,
as this can allow attackers to modify or place new binaries in your search
path, allowing them to run as root the next time you run that command. - Never use the rlogin/rsh/rexec (called the “r-utilities”) suite of tools
as root. They are subject to many sorts of attacks, and are downright dangerous
run as root. Never create a .rhosts file for root. - The /etc/securetty file contains a list of terminals that root can login
from. By default (on Red Hat Linux) this is set to only the local virtual
consoles (vtys). Be very careful of adding anything else to this file. You
should be able to login remotely as your regular user account and then use
su if you need to (hopefully over ssh or other encrypted channel), so there
is no need to be able to login directly as root. - Always be slow and deliberate running as root. Your actions could affect
a lot of things. Think before you type!
If you absolutely positively need to allow someone (hopefully very
trusted) to have superuser access to your machine, there are a few tools
that can help. sudo allows users to use their password to access a limited
set of commands as root. sudo keeps a log of all successful and unsuccessful
sudo attempts, allowing you to track down who used what command to do what.
For this reason sudo works well even in places where a number of people have
root access, but use sudo so you can keep track of changes made.
Although sudo can be used to give specific users specific privileges for
specific tasks, it does have several shortcomings. It should be used only
for a limited set of tasks, like restarting a server, or adding new users.
Any program that offers a shell escape will give the user root access.
This includes most editors, for example. Also, a program as innocuous as
/bin/cat can be used to overwrite files, which could allow root to be
exploited. Consider sudo as a means for accountability, and don’t expect
it to replace the root user yet be secure.
| Distribution: | Conectiva | ||
| 11/18/2004 | libxml2 | ||
|
buffer overflow vulnerabilities fix
This update fixes a buffer overflow vulnerability[2,3] in the URI parsing code found by “infamous41md” at the nanoftp and nanohttp modules of libxml2. An attacker may exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. |
|||
| 11/18/2004 | MySQL | ||
|
vulnerabilities fix
Oleksandr Byelkin noticed[2] that ALTER TABLE … RENAME checks CREATE/INSERT rights of the old table instead of the new one. Lukasz Wojtow noticed[3] a buffer overrun in the mysql_real_connect() function. |
|||
| Distribution: | Debian | ||
| 11/12/2004 | ez-ipupdate format string vulnerability fix | ||
|
vulnerabilities fix
Ulf H?rnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. This problem can only be exploited if ez-ipupdate is running in daemon mode (most likely) with many but not all service types. |
|||
| 11/16/2004 | imagemagick | ||
|
arbitrary code execution fix
A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic images could lead to the execution of arbitrary code. |
|||
| 11/17/2004 | Apache | ||
|
arbitrary code execution fix
“Crazy Einstein” has discovered a vulnerability in the “mod_include” module, which can cause a buffer to be overflown and could lead to the execution of arbitrary code. |
|||
| Distribution: | Fedora | ||
| 11/12/2004 | httpd-2.0.51-2.9 update | ||
|
arbitrary code execution fix
This update includes the fixes for an issue in mod_ssl which could lead to a bypass of an SSLCipherSuite setting in directory or location context (CVE CAN-2004-0885), and a memory consumption denial of service issue in the handling of request header lines (CVE CAN-2004-0942). |
|||
| 11/12/2004 | httpd-2.0.52-3.1 update | ||
|
arbitrary code execution fix
This update includes the fix for a memory consumption denial of service issue in the handling of request header lines (CVE CAN-2004-0942). |
|||
| 11/12/2004 | subversion-1.0.9-1 update | ||
|
arbitrary code execution fix
This update includes the latest release of Subversion 1.0, including the fix for a regression in the performance of repository browsing since version 1.0.8. |
|||
| 11/12/2004 | subversion-1.1.1-1.1 update | ||
|
arbitrary code execution fix
This update includes the latest release of Subversion 1.1, including the fix for a regression in the performance of repository browsing since version 1.1.0 and a variety of other bug fixes. |
|||
| 11/12/2004 | gdb-6.1post-1.20040607.43 update | ||
|
arbitrary code execution fix
#136455 workaround to prevent gdb from failing and getting stuck when hitting certain DWARF-2 symbols. |
|||
| 11/16/2004 | abiword-2.0.12-4.fc3 update | ||
|
arbitrary code execution fix
Backport fix to stop #rh139201# crash on CTRL-A and making font changes |
|||
| 11/16/2004 | authd-1.4.3-1 update | ||
|
arbitrary code execution fix
fix double-free prob detected on x86_64 glibc (#136392) |
|||
| 11/16/2004 | gaim-1.0.3-0.FC3 update | ||
|
arbitrary code execution fix
1.0.3 another bugfix release |
|||
| 11/17/2004 | xorg-x11-6.7.0-10 update | ||
|
arbitrary code execution fix
Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. |
|||
| 11/17/2004 | xorg-x11-6.8.1-12.FC3.1 update | ||
|
arbitrary code execution fix
Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. |
|||
| Distribution: | FreeBSD | ||
| 11/18/2004 | fetch | ||
|
Overflow error
An integer overflow condition in the processing of HTTP headers can result in a buffer overflow. |
|||
| Distribution: | Gentoo | ||
| 11/16/2004 | Ruby | ||
|
Denial of Service issue
The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition. |
|||
| 11/16/2004 | BNC | ||
|
Buffer overflow vulnerability
BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code. |
|||
| 11/17/2004 | Squirrelmail | ||
|
Encoded text XSS vulnerability
Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts. |
|||
| 11/17/2004 | GIMPS, SETI@home, ChessBrain Insecure installation | ||
|
Encoded text XSS vulnerability
Improper file ownership allows user-owned files to be run with root privileges by init scripts. |
|||
| Distribution: | Mandrake | ||
| 11/17/2004 | gd | ||
|
integer overflows fix
Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. |
|||
| 11/17/2004 | sudo | ||
|
vulnerability fix
Liam Helmer discovered a flow in sudo’s environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. |
|||
| 11/17/2004 | Apache | ||
|
buffer overflow fix
A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. |
|||
| 11/17/2004 | Apache2 | ||
|
request DoS fix
A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. |
|||
| 11/18/2004 | bootloader-utils kheader issue fix | ||
|
request DoS fix
A problem with generating kernel headers exists when using the newer kernel-i686-up-64GB package. The updated bootloader-utils package corrects the issue. |
|||
| 11/18/2004 | totem | ||
|
problem with blue screen fix
There is a problem in the totem package where in some cases when running totem a blue screen would appear. Resizing the screen seems to fix the problem temporarily, however upon minimizing or maximizing the screen it would once again become blue. |
|||
| 11/18/2004 | drakxtools | ||
|
various issues fix
A number of fixes are available in the updated drakxtools package. |
|||
| Distribution: | Red Hat | ||
| 11/12/2004 | httpd | ||
|
security issue and bugs fix
Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. |
|||
| 11/12/2004 | freeradius | ||
|
security flaws fix
Updated freeradius packages that fix a number of denial of service vulnerabilities as well as minor bugs are now available for Red Hat Enterprise Linux 3. |
|||
| 11/12/2004 | libxml2 | ||
|
security vulnerabilities fix
An updated libxml2 package that fixes multiple buffer overflows is now available. |
|||
| 11/16/2004 | samba | ||
|
security vulnerabilities fix
Updated samba packages that fix various security vulnerabilities are now available. |
|||
| Distribution: | Suse | ||
| 11/15/2004 | samba | ||
|
remote buffer overflow
There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames. |
|||
| 11/17/2004 | xshared, XFree86-libs, xorg-x11-libs remote system compromises | ||
|
remote buffer overflow
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. |
|||
| Distribution: | Trustix | ||
| 11/16/2004 | gd | ||
|
samba sqlgrey sudo Various security fixes
gd is a graphics library. It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. |
|||
| 11/16/2004 | apache | ||
|
automake bind console-tools Package bugfix
Apache is a full featured web server that is freely available, and also happens to be the most widely used. |
|||
| 11/16/2004 | iptables | ||
|
Loading too many modules
Olaf Rempel pointed out that the list of modules we autoload is too large. This has now been fixed. |
|||
| 11/16/2004 | gd | ||
|
samba sqlgrey sudo several overflows
There has been found serveral overflows in gd. This can be used to execute arbitary code in programs using the gd library. |
|||
