Linux Advisory Watch - August 29th 2003

– by Benjamin D. Thomas –
This week, advisories were
released for docview, unzip, sendmail, iptables, pam_smb, gdm, php, and perl.
The distributors include Debian, FreeBSD, Gentoo, Mandrake, Red Hat, Slackware,
SuSE, and TurboLinux.

Last Saturday, ISECOM released
version 2.1 of the Open-Source Security Testing Methodology Manual. For those
of you who are not familiar with it, the OSSTMM is an established standard for
testing security. It includes information on ethics, legalities, rules of engagement,
and many templates that will prove to be useful to those conducting penetration
tests. The document is intended to be used by security testing professionals
as well as developers, systems analysts, and architects.

The OSSTMM provides a very
structured method for pen-testing. The manual includes sections on information
security, process security, internet technology security, communications security,
wireless security, and physical security. Each section module has several detailed
parts. For example, information security testing includes posture assessment,
information integrity review, human resources review, competitive intelligence
scouting, and many others. The beauty of the OSSTMM is that it provides a peer-reviewed
and comprehensive listing of tests that should be conducted. Many consulting
firms have an established testing methodology. However, the average security
professional has a few tricks, but it is by no means comprehensive. The OSSTMM
gives everyone an open standard that can be trusted and is not unnecessarily
complex.

As mentioned previously,
the OSSTMM provides pen-testing templates. The examples provided can easily
be re-produced in any spreadsheet application to be used multiple times. It
is also just as acceptable to re-print or edit the PDF. Templates include one
for firewall analysis, ids testing, social engineering, privacy, password cracking,
denial of service, and others. If you are involved in security at any level,
you should definitely use the OSSTMM. It is extremely valuable.

The OSSTMM document and
the Institute for Security and Open Methodologies Web site is at the following
URL: http://www.isecom.org

Until next time,
Benjamin D. Thomas

LinuxSecurity Feature
Extras:

A
Practical Approach of Stealthy Remote Administration
– This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

Expert
vs. Expertise: Computer Forensics and the Alternative OS – No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]



Distribution:			Debian
	8/26/2003	unzip
		directory traversal vulnerability A directory traversal vulnerability in UnZip 5.50 allows attackers tobypass a check for relative pathnames (“../”) by placing certain invalidcharacters between the two “.” characters. http://www.linuxsecurity.com/advisories/debian_advisory-3570.html

	8/26/2003	libpam-smb buffer overflow vulnerability
		directory traversal vulnerability If a long password is supplied, this cancause a buffer overflow which could be exploited to execute arbitrarycode with the privileges of the process which invokes PAM services. http://www.linuxsecurity.com/advisories/debian_advisory-3571.html


Distribution:			FreeBSD
	8/26/2003	sendmail
		DNS map vulnerability Some versions of sendmail (8.12.0 through 8.12.8) contain aprogramming error in the code that implements DNS maps. A malformedDNS reply packet may cause sendmail to call `free()’ on anuninitialized pointer. http://www.linuxsecurity.com/advisories/freebsd_advisory-3572.html


Distribution:			Gentoo
	8/25/2003	vmware-server env variable vulnerability
		DNS map vulnerability By manipulating the VMware GSX Server and VMware Workstationenvironment variables, a program such as a shell session withroot privileges could be started when a virtual machine islaunched. http://www.linuxsecurity.com/advisories/gentoo_advisory-3573.html


Distribution:			Mandrake
	8/27/2003	sendmail
		dns map vulnerability Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. http://www.linuxsecurity.com/advisories/mandrake_advisory-3574.html


Distribution:			Red Hat
	8/26/2003	iptables
		upgrade fix Recent updates to the kernel in Red Hat Linux versions 7.1, 7.2, 7.3 and8.0 did not also update the iptables utility, causing functions such asowner match to stop working. http://www.linuxsecurity.com/advisories/redhat_advisory-3575.html

	8/27/2003	pam_smb
		remote buffer overflow vulnerability On systems that use pam_smb and are configured to authenticate aremotely accessible service, an attacker can exploit this bug andremotely execute arbitrary code. http://www.linuxsecurity.com/advisories/redhat_advisory-3576.html


Distribution:			Slackware
	8/25/2003	GDM
		file permission vulnerability This fixes a bug where a local user may read any system file by making a symlink to it from $HOME/.xsession-errors and using GDM’s error browser to read the file. http://www.linuxsecurity.com/advisories/slackware_advisory-3577.html

	8/26/2003	unzip
		directory traversal vulnerability These fix a security issue where a specially crafted archive mayoverwrite files (including system files anywhere on the filesystem)upon extraction by a user with sufficient permissions. http://www.linuxsecurity.com/advisories/slackware_advisory-3578.html


Distribution:			SuSE
	8/26/2003	sendmail
		dns map vulnerability When sendmail receives an invalid DNS response it tries to call free on random data which results in a process crash. http://www.linuxsecurity.com/advisories/suse_advisory-3579.html


Distribution:			TurboLinux
	8/27/2003	php
		XSS vulnerability The cross-site scripting vulnerability is in the transparent SID support capability for PHP. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3580.html

	8/27/2003	gdm
		file permission vulnerability GDM contains a bug where GDM will run as root when examining the ~/.xsession-errors file when using the “examine session errors” feature, allowing local users the ability to read any text file on the system by creating a symlink. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3581.html

	8/27/2003	perl
		CGI.pm XSS vulnerability A cross-site scripting vulnerability exists in the start_form() function from CGI.pm http://www.linuxsecurity.com/advisories/turbolinux_advisory-3582.html

LinuxSecurity Feature Extras:

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

LinuxSecurity Feature
Extras:

RELATED ARTICLES MORE FROM AUTHOR