August 6, 2004

Linux Advisory Watch - August 6, 2004

Author: Benjamin D. Thomas

week, advisories were released for Xsco, OpenSSL, uudecode, samba, sox,
phpMyAdmin and wv. The distributors include SCO Group, Conectiva,
Gentoo, Mandrake, Red Hat.
Using Pam
Pluggable Authentication Modules is a method for authenticating
users.  Using PAM, programmers can provide a more easy and
versatile means of performing authentication functions.  The
ability to change from basic password authentication to the use of
smart cards or even biometrics can be changed without having to
recompile programs or require serious modifications.

Additionally, PAM can be used to modify the terms of access by users as
well as system resources.

Just a few of the things you can do with PAM

  •  Use
    a different encryption method for passwords such as MD5, making them
    harder to brute force decode;
  •  Set
    resource limits on all your users so they can't perform denial of
    service attacks (number of processes, amount of memory, etc)
  •  Enable
    shadow passwords on the fly
  •  Allow
    specific users to login only at specific times from specific places

a few hours of installing and configuring your system, you can
prevent many attacks before they even occur. For example, use PAM to
disable the system-wide usage of .rhosts files in user's home
directories by adding these lines to /etc/pam.d/login:

         # Disable
rsh/rlogin/rexec for users
         login auth required no_rhosts

Set filesystem limits instead of allowing unlimited as is the
default.  You can control the per-user limits using the resource-
limits PAM module and /etc/pam.d/limits.conf. For example, limits for
group 'users' might look like this:

@users     hard  core    0
@users     hard  nproc   50
@users     hard  rss    

This says to limit the creation of core files to zero bytes, restrict
the number of processes to 50, and restrict memory usage per user to 5

The Linux-PAM System Administrators' Guide is a "draft" document that
describes the usage of the default PAM modules.

Keep in mind that there is the potential to create a situation whereby
even root doesn't have access to the system, creating all kinds of
configuration headaches.  Use caution.

Tip Written by Dave Wreski (
tips are available at the following URL:

Feature Extras:

Interview with Gary McGraw, Co-author of Exploiting Software: How to
Break Code
- Gary McGraw is perhaps best known for his groundbreaking
work on securing software, having co-authored the classic Building
Secure Software (Addison-Wesley, 2002). More recently, he has
co-written with Greg Hoglund a companion volume, Exploiting Software,
which details software security from the vantage point of the other
side, the attacker. He has graciously agreed to share some of his
insights with all of us at

Expert Dave Wreski Discusses Open Source Security
- Dave Wreski, CEO of
Guardian Digital, Inc. and respected author of various hardened
security and Linux publications, talks about how Guardian Digital is
changing the face of IT security today. Guardian Digital is perhaps
best known for their hardened Linux solution EnGarde Secure Linux,
touted as the premier secure, open-source platform for its
comprehensive array of general purpose services, such as web, FTP,
email, DNS, IDS, routing, VPN, firewalling, and much more.

[ Linux
Advisory Watch
] - [ Linux Security Week
] - [ PacketStorm
] - [ Linux
Security Documentation

Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each

Distribution: SCO Group
  7/30/2004 Xsco
    Buffer overflow

UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that
could be exploited to gain root privileges.

  7/30/2004 Xsco
    Buffer overflow

OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow
that could be exploited to gain root privileges.

  7/30/2004 OpenSSL
    Multiple vulnerabilities

This patch addresses a large number of outstanding OpenSSL

  7/30/2004 uudecode
    Insecure tempfile

If a user uses uudecode to extract data into open shared directories,
such as /tmp, this vulnerability could be used by a local attacker to
overwrite files or lead to privilege escalation.

Distribution: Conectiva
  7/30/2004 samba
    Buffer overflow

Exploitation of these vulnerabilities could lead to execution of
arbitrary code.

  7/30/2004 sox
    Buffer overflow

Ulf Härnhammar found two buffer overflow vulnerabilities[2] in
They occurred when the sox or play commands handled malicious .WAV

Distribution: Gentoo
  7/30/2004 samba
    Buffer overflow

Two buffer overflows vulnerabilities were found in Samba, potentially
allowing the remote execution of arbitrary code. (Note: this
announcement takes the ERRATA released by Gentoo into account).

  7/30/2004 phpMyAdmin
    Multiple vulnerabilities

Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with
a valid user account to alter configuration variables and execute
arbitrary PHP code.

  7/30/2004 SoX
    Buffer overflow

By enticing a user to play or convert a specially crafted WAV file an
attacker could execute arbitrary code with the permissions of the user
running SoX.

Distribution: Mandrake
  7/30/2004 wv
    Buffer overflow

iDefense discovered a buffer overflow vulnerability in the wv package
which could allow an attacker to execute arbitrary code with the
runner's privileges.

Multiple vulnerabilities
    Buffer overflow

These updated packages contain fixes to libneon to correct the several
format string vulnerabilities in it, as well as a heap-based buffer
overflow vulnerability.

Distribution: Red Hat
  7/30/2004 sox
    Buffer overflow

A malicious WAV file could cause arbitrary code to be executed when the
file was played or converted.

  7/30/2004 ipsec-tools
Key verification vulnerability
    Buffer overflow

When configured to use X.509 certificates to authenticate remote hosts,
psec-tools versions 0.3.3 and earlier will attempt to verify that host
certificate, but will not abort the key exchange if verification fails.



  • Security
Click Here!