August 29, 2003

Linux Advisory Watch - August 29th 2003

- by Benjamin D. Thomas -
This week, advisories were
released for docview, unzip, sendmail, iptables, pam_smb, gdm, php, and perl.
The distributors include Debian, FreeBSD, Gentoo, Mandrake, Red Hat, Slackware,
SuSE, and TurboLinux.

Last Saturday, ISECOM released
version 2.1 of the Open-Source Security Testing Methodology Manual. For those
of you who are not familiar with it, the OSSTMM is an established standard for
testing security. It includes information on ethics, legalities, rules of engagement,
and many templates that will prove to be useful to those conducting penetration
tests. The document is intended to be used by security testing professionals
as well as developers, systems analysts, and architects.

The OSSTMM provides a very
structured method for pen-testing. The manual includes sections on information
security, process security, internet technology security, communications security,
wireless security, and physical security. Each section module has several detailed
parts. For example, information security testing includes posture assessment,
information integrity review, human resources review, competitive intelligence
scouting, and many others. The beauty of the OSSTMM is that it provides a peer-reviewed
and comprehensive listing of tests that should be conducted. Many consulting
firms have an established testing methodology. However, the average security
professional has a few tricks, but it is by no means comprehensive. The OSSTMM
gives everyone an open standard that can be trusted and is not unnecessarily

As mentioned previously,
the OSSTMM provides pen-testing templates. The examples provided can easily
be re-produced in any spreadsheet application to be used multiple times. It
is also just as acceptable to re-print or edit the PDF. Templates include one
for firewall analysis, ids testing, social engineering, privacy, password cracking,
denial of service, and others. If you are involved in security at any level,
you should definitely use the OSSTMM. It is extremely valuable.

The OSSTMM document and
the Institute for Security and Open Methodologies Web site is at the following

Until next time,
Benjamin D. Thomas


LinuxSecurity Feature

Practical Approach of Stealthy Remote Administration

- This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

vs. Expertise: Computer Forensics and the Alternative OS
- No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe


Distribution: Debian

 8/26/2003unzip   directory traversal vulnerability

A directory traversal vulnerability in UnZip 5.50 allows attackers tobypass
a check for relative pathnames ("../") by placing certain invalidcharacters
between the two "." characters.
  8/26/2003libpam-smb buffer overflow vulnerability   directory traversal vulnerability

If a long password is supplied, this cancause a buffer overflow which could
be exploited to execute arbitrarycode with the privileges of the process
which invokes PAM services.
  Distribution:FreeBSD 8/26/2003sendmail   DNS map vulnerability

Some versions of sendmail (8.12.0 through 8.12.8) contain aprogramming error
in the code that implements DNS maps. A malformedDNS reply packet may cause
sendmail to call `free()' on anuninitialized pointer.
  Distribution:Gentoo 8/25/2003vmware-server env variable vulnerability   DNS map vulnerability

By manipulating the VMware GSX Server and VMware Workstationenvironment
variables, a program such as a shell session withroot privileges could be
started when a virtual machine islaunched.
  Distribution:Mandrake 8/27/2003sendmail   dns map vulnerability

Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail
receives a bad DNS reply it will call free() on random addresses which usually
causes sendmail to crash.
  Distribution:Red Hat 8/26/2003iptables   upgrade fix

Recent updates to the kernel in Red Hat Linux versions 7.1, 7.2, 7.3 and8.0
did not also update the iptables utility, causing functions such asowner
match to stop working.
  8/27/2003pam_smb   remote buffer overflow vulnerability

On systems that use pam_smb and are configured to authenticate aremotely
accessible service, an attacker can exploit this bug andremotely execute
arbitrary code.
  Distribution:Slackware 8/25/2003GDM   file permission vulnerability

This fixes a bug where a local user may read any system file by making a
symlink to it from $HOME/.xsession-errors and using GDM's error browser
to read the file.
  8/26/2003unzip   directory traversal vulnerability

These fix a security issue where a specially crafted archive mayoverwrite
files (including system files anywhere on the filesystem)upon extraction
by a user with sufficient permissions.
  Distribution:SuSE 8/26/2003sendmail   dns map vulnerability

When sendmail receives an invalid DNS response it tries to call free on
random data which results in a process crash.
  Distribution:TurboLinux 8/27/2003php   XSS vulnerability

The cross-site scripting vulnerability is in the transparent SID support
capability for PHP.
  8/27/2003gdm   file permission vulnerability

GDM contains a bug where GDM will run as root when examining the ~/.xsession-errors
file when using the "examine session errors" feature, allowing local users
the ability to read any text file on the system by creating a symlink.
  8/27/2003perl XSS vulnerability

A cross-site scripting vulnerability exists in the start_form() function




  • Security
Click Here!