Linux Advisory Watch - April 9, 2004

This week, advisories were released
for the Linux kernel, interchange, fte, sysstat, oftpd, squid, heimdal, tcpdump,
portage, kde, tcpdump, sysstat, ClamAV, Automake, and mplayer. The distributors
include Debian, Gentoo, Mandrake, and Turbolinux.

Recently, I stumbled across a relatively
new tool called AFICK. It stands for Another File Integrity CHecker. It is similar
to both Tripwire and AIDE. AFICK is GPLed and completely written in PERL. It
is extremely flexible has been tested on a wide range of Linux, Windows, and
Unix system. According to the AFICK project website, it has a decent performance
advantage over AIDE. However, I have not independently verified this. If you’re
looking for a new toy to play with, I recommend giving it a try.

Installing and using AFICK is a
piece of cake. The core piece of code is command line based. A perl-based GUI
and webmin module is also available for easy administration. AFICK is available
as an independent tar.gz, zip, RPM, and Debian package. It is good idea to take
a look at the afick.conf file before attempting to execute the script.

AFICK can be used with only a few
simple commands. To use AFICK, an OS configuration file must be specified and
then your system initialized. This can be done with the following command:

# afick.pl -c linux.conf
-i

During the initialization process
it builds a database of checksums for all files on your system. Next, to compare
the checksums of your files and the values stored in the database, run the following
command:

# afick.pl -c linux.conf
-k

After making changes to a system,
it is necessary to update the checksum database. Updating is also easy:

# afick.pl -c linux.conf
-u

As with all integrity checking software,
it is advisable to create a cron-job that will compare the files checksums with
a database at a regular interval. Also, the integrity of the database is very
important. If this is compromised, further changes to the system may go undetected.
Write protected media can be used to help this problem.

While the commands above may seem
simple, its functionality is not limited to those alone. A full listing of command
line option are available on the AFICK website:

http://afick.sourceforge.net/man.html

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Next
Generation Internet Defense & Detection System
– Guardian Digital has announced the first fully open source system designed
to provide both intrusion detection and prevention functions. Guardian Digital
Internet Defense & Detection System (IDDS) leverages best-in-class open
source applications to protect networks and hosts using a unique multi-layered
approach coupled with the security expertise and ongoing security vigilance
provided by Guardian Digital.

Interview
with Siem Korteweg: System Configuration Collector
– In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open source,
and information on future developments.

Security:
MySQL and PHP
– This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]


Distribution:			Debian
	4/5/2004	kernel
		2.4 mips/pa-risc Privilege escalation vulnerabilities Herein is combined the Debian advisories for the same kernel bugs on both the mips and pa-risc platforms. Debian advisory 4190

	4/5/2004	interchange
		Missing input sanitation This vulnerability can be exploited by an attacker to expose the content of arbitrary variables. Debian advisory 4191

	4/5/2004	fte
		Multiple buffer overflow vulnerabilities This patch removes setuid root from vfte, which has a number of known buffer overflows. Debian advisory 4192

	4/5/2004	sysstat
		Insecure temporary file vulnerability As usual for temporary file vulnerabilities, this allows local users to read/overwrite arbitrary files with the permissions of the running user. Debian advisory 4193

	4/5/2004	oftpd
		Denial of service vulnerability A remote attacker could cause the oftpd process to crash by specifying a large value in a PORT command. Debian advisory 4194

	4/5/2004	squid
		ACL bypass vulnerability A URL can be crafted to be ignored (and automatically pass) by Squid’s ACL system. Debian advisory 4195

	4/6/2004	heimdal
		Cross-realm impersonation vulnerability Patch fixes an error which allows someone with control over a realm to impersonate anyone in the cross-realm trust path. Debian advisory 4197

	4/6/2004	xine-ui Insecure temporary file vulnerability
		Cross-realm impersonation vulnerability Bug allows attacker to read/write arbitrary files with the permissions of the program user. Debian advisory 4198

	4/7/2004	tcpdump
		Denial of service vulnerability Crafted invalid ISAKMP packets can remotely crash tcpdump. Debian advisory 4203


Distribution:			Gentoo
	4/6/2004	Portage
		Insecure temporary file vulnerability Exploitation of this bug could allow an attacker to wipe out the contents of an arbitrary file. Gentoo advisory 4199

	4/6/2004	kde
		Buffer overflow vulnerability KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system. Gentoo advisory 4200

	4/6/2004	tcpdump
		Multiple buffer overflows Attacker could exploit this to execute arbitrary code with the permissions of the ‘pcap’ user. Gentoo advisory 4201

	4/7/2004	sysstat
		Multiple vulnerabilities Multiple vulnerabilities may allow an attacker to execute arbitrary code or overwrite arbitrary files. Gentoo advisory 4204

	4/7/2004	ipsec-tools Key non-verification vulnerability
		Multiple vulnerabilities racoon (a utility in the ipsec-tools package) does not verify digital signatures on Phase1 packets. Gentoo advisory 4207

	4/7/2004	util-linux Information leak vulnerability
		Multiple vulnerabilities Due to a pointer error, the ‘login’ program might leak sensitive information. Gentoo advisory 4208

	4/7/2004	ClamAV
		Denial of service vulnerability ClamAV is vulnerable to a denial of service attack when processing certain RAR archives. Gentoo advisory 4209

	4/8/2004	Automake
		Symbolic link vulnerability Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges. Gentoo advisory 4210


Distribution:			Mandrake
	4/6/2004	mplayer
		Buffer overflow vulnerability Exploitation could result in the execution of arbitrary code with the permissions of the user. Mandrake advisory 4202

	4/7/2004	fileutils/coreutils Denial of service vulnerability
		Buffer overflow vulnerability ‘ls’ can be made to segfault upon listing directories with large numbers of files on an amd64 platform. Mandrake advisory 4205


Distribution:			Turbolinux
	4/7/2004	apache/httpd/libxml2/mod_python Multiple vulnerabilities
		Buffer overflow vulnerability Many fixes for buffer overflows and DOS attacks. Turbolinux advisory 4206

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR