April 15, 2005

Linux Advisory Watch - April 15, 2005

Author: Benjamin D. Thomas

This week packages were released for axel, gftp, wireless-tools, glibc, selinux-policy-targeted,
kernel, autofs, GnomeVFS, phpMyAdmin, shorewall, gtk, shareutils, gdk-buf, kdegraphics,
dhcp, and gaim. The distributors include Debian, Fedora, Gentoo, Mandrake, Red
Hat, and SuSE.Introduction: Buffer Overflow Vulnerabilities
By: Erica R. Thomas

Buffer overflows are a leading type of security vulnerability. This
paper explains what a buffer overflow is, how it can be exploited,
and what countermeasures can be taken to prevent the use of buffer
overflow vulnerabilities.

Buffer overflow vulnerabilities are one of the most common
vulnerabilities. These kinds of vulnerabilities are perfect for
remote access attacks because they give the attacker a great
opportunity to launch and execute their attack code on the target
computer. Broadly speaking, a buffer overflow attack occurs when
the attacker intentionally enters more data than a program was
written to handle. The data runs over and overflows the section
of memory that was set aside to accept it. The extra data
overwrites on top on another portion of memory that was meant
to hold something else, like part of the program's instructions.
This allows an attacker to overwrite data that controls the
program and can takeover control of the program to execute the
attacker's code instead of the program. Peikari and Chuvakin
point out that, "buffer overflows result from an inherent
weakness in the C++ programming language." (Peikari and
Chuvakin, 2004) The problem is that C++ and other programming
languages (those derived from C++), do not automatically
perform bounds-checking when passing data. When variables
are passed, extra characters could be written past the
variable's end. The overflow consequence could result in
the program crashing or allowing the attacker to execute
their own code on the target system.

In order to make sense of how a buffer is overflowed, one must
understand what a buffer is. A program contains code that
accesses variables stored in various locations in memory. When
a program is executed, a specific amount of memory is assigned
for each variable. The amount of memory is determined by the
type of data the variable is anticipated to hold. The memory
set aside is used to store information that the program needs
for its execution. According to Peikari and Chuvakin , "The
program stores the value of a variable in this memory space,
then pulls the value back out of memory when it's needed."
(Peikari and Chuvakin, 2004) A buffer is this virtual space.

Read Full Article:


Feature Extras:

to Know Linux Security: File Permissions
- Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I'll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.

Tao of Network Security Monitoring: Beyond Intrusion Detection

- To be honest, this was one of the best books that I've read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.

Shell Scripts
- Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).


Take advantage of our Linux Security discussion
This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline

  Debian: New axel packages fix arbitrary code execution
  13th, April, 2005

Updated package.


  Fedora Core 3 Update: gftp-2.0.18-0.FC3
  7th, April, 2005

Updated package


  Fedora Core 2 Update: gftp-2.0.18-0.FC2
  7th, April, 2005

Updated package


  Fedora Core 3 Update: wireless-tools-27-1.2.0.fc3
  7th, April, 2005

Please see below for changes.


  Fedora Core 3 Update: glibc-2.3.5-0.fc3.1
  7th, April, 2005

Updated package.


  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.94
  8th, April, 2005

Updated package.


  Fedora Core 3 Update: kernel-2.6.11-1.14_FC3
  11th, April, 2005

Updated package.


  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.96
  11th, April, 2005

Updated package.


  Fedora Core 3 Update: autofs-4.1.3-114
  12th, April, 2005

Updated package.


  Fedora Core 3 Update: gcc-3.4.3-22.fc3
  12th, April, 2005

Updated package.


  Fedora Core 3 Update: gcc4-4.0.0-0.41.fc3
  12th, April, 2005

Updated package.


  Gentoo: GnomeVFS, libcdaudio CDDB response overflow
  8th, April, 2005

The GnomeVFS and libcdaudio libraries contain a buffer overflow that
can be triggered by a large CDDB response, potentially allowing the
execution of arbitrary code.


  Gentoo: Smarty Template vulnerability
  10th, April, 2005

New ways of bypassing Smarty's "Template security" were found and
fixed in Smarty. Users making use of that feature are encouraged
to upgrade to version 2.6.9.
The updated sections appear below.


  Gentoo: phpMyAdmin Cross-site scripting vulnerability
  11th, April, 2005

phpMyAdmin is vulnerable to a cross-site scripting attack.


  Gentoo: Axel Vulnerability in HTTP redirection handling
  12th, April, 2005

A buffer overflow vulnerability has been found in Axel which could lead
to the execution of arbitrary code.


  Mandrake: Updated shorewall packages
  7th, April, 2005

The shorewall package is being updated to provide appropriate bogons
information and other minor fixes.


  Mandrake: Updated gtk+2.0 packages fix
  7th, April, 2005

A bug was discovered in the way that gtk+2.0 processes BMP images
which could allow for a specially crafted BMP to cause a Denial of
Service attack on applications linked against gtk+2.0.
The updated packages have been patched to correct these issues.


  Mandrake: Updated sharutils packages
  7th, April, 2005

Shaun Colley discovered a buffer overflow in shar that was triggered
by output files (using -o) with names longer than 49 characters which
could be exploited to run arbitrary attacker-specified code.


  Mandrake: Updated gdk-pixbuf packages
  7th, April, 2005

A bug was discovered in the way that gdk-pixbuf processes BMP images
which could allow for a specially crafted BMP to cause a Denial of
Service attack on applications linked against gdk-pixbuf.
The updated packages have been patched to correct these issues.


  RedHat: Moderate: kdegraphics security update
  12th, April, 2005

Updated kdegraphics packages that resolve multiple security issues in kfax
are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team


  RedHat: Moderate: dhcp security update
  12th, April, 2005

An updated dhcp package that fixes a string format issue is now available
for Red Hat Enterprise Linux 2.1.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.


  RedHat: Important: gaim security update
  12th, April, 2005

An updated gaim package that fixes multiple denial of service issues is now
This update has been rated as having important security impact by the Red
Hat Security Response Team.


  SuSE: various KDE security problems
  11th, April, 2005

Several vulnerabilities have been identified and fixed in the KDE
desktop environment.


Click Here!