August 8, 2003

Linux Advisory Watch - August 8th 2003

- by Benjamin D.

This week, advisories were
released for wget, postfix, kernel, atari800, xfstt, kdelibs, mindi, phpgroupware,
eroaster, libc, kdelibs, php, core, stunnel, man-db, Konqueror, and wuftpd. The
distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux,
FreeBSD, Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux.

One of the most common
causes of software vulnerabilities is poor programming practices. Often,
developers sacrifice security to add additional features. Although most
coders wish to write securely, many do not. At most universities security
is not addressed in programming classes. The only training a student may
receive is learning how to check input variables. I now understand that
more universities are beginning to take software development security
more seriously.

For those of us who
code at work, or just as a hobby, how can we ensure that weââ¬â¢re coding
with best security practices? I recently had the pleasure of reading the
recent Oââ¬â¢Reilly book Secure
Coding: Principles & Practices
by Mark G. Graff and Kenneth R. van
Wyk. Like all Oââ¬â¢Reilly books, it is moderately technical and will not
bore you with irrelevant narratives. The book weighs in at just over 200
pages and retails for $29.95 USD. I would normally consider this a bit
pricy for a small book. However, in this case the information provided
is well worth the money. Every serious developer should have a copy. This
book is intended for moderately skilled programmers all the way up to
expert level.

The best part of
the book is that it is written primarily as informational text and theory.
It contains very little source code. The authors chose to focus on the
practice of secure coding, rather than specific techniques. The information
found in this book can provide a strong foundation to the knowledge necessary
to begin the secure development process. The beginning of the book provides
an introduction to all types of attacks that affect software. Next, a
chapter is devoted to secure design including coding steps, issues, and
practices to be avoided. The book ends with techniques on how to successfully
test software before release. Another valuable part of the book is the
case studies provided. Each section contains several real world examples
that can help you better understand each concept.

As previously stated,
Coding: Principles & Practices
is highly recommended. If you have
been waiting for the perfect book on secure coding, this may be it!

Until Next time,
Benjamin D. Thomas



Feature Extras:

vs. Expertise: Computer Forensics and the Alternative OS
- No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

Linux Security Cookbook
- There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe

Distribution: Conectiva

off-by-one vulnerability

There is an off-by-one buffer overflow vulnerability in the fb_realpath()
function, which handles filename paths in wu-ftpd.
8/4/2003wget buffer
overflow vulnerability

An attacker can create a long (more than 256 characters), specially crafted
URL that when parsed by wget can cause the execution of arbitrary code or
program misbehavior.
8/5/2003postfix remote
denial of service vulnerability

There are multiple vulnerabilities in postfix.
buffer overflow vulnerability
denial of service vulnerability

iSEC Security Research reports that wu-ftpd contains an off-by-one bugin
the fb_realpath function which could be exploited by a logged-in user(local
or anonymous) to gain root privileges.
8/1/2003kernel mulitple

A number of vulnerabilities have been discovered in the Linux kernel.
8/1/2003atari800 multiple

Steve Kemp discovered multiple buffer overflows in atari800, an Atariemulator.
8/1/2003xfstt multiple

There are multiple vulnerabilities in xfstt.
8/1/2003kdelibs Multiple
remote vulnerabilities

Potential unauthorized access and man-in-the-middle attacks have been fixed.
8/2/2003mindi insecure
tmp file vulnerability

mindi, a program for creating boot/root disks, does not takeappropriate
security precautions when creating temporary files.
8/3/2003postfix multiple

There are multiple vulnerabiilities in postfix.
multiple vulnerabilities

There are multiple vulnerabilities in suid install of man-db.
8/5/2003kernel vulnerability

This advisory provides a correction to the previous kernel updates,which
contained an error introduced in kernel-source-2.4.18 version2.4.18-7. This
error could result in a kernel "oops" under certaincircumstances.
8/5/2003kernel vulnerability

This advisory provides a correction to the previous kernel updates,which
contained an error introduced in kernel-source-2.4.18 version2.4.18-7.
8/6/2003phpgroupware multiple

Several vulnerabilities have been discovered in phpgroupware.
8/6/2003eroaster insecure
temporary file vulnerabilitiy

eroaster does nottake appropriate security precautions when creating a temporary
filefor use as a lockfile.
remote denial-of-service
temporary file vulnerabilitiy

Michal Zalewski has discovered a vulnerability in the Postfix MTA which
could lead to a remote DoS attack.
signal handler race DoS
temporary file vulnerabilitiy

Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and SPOP3. A potential
vulnerability has been found when stunnel is configured to listen to incoming
connections for these services.
.Distribution:FreeBSD8/4/2003libc buffer
overflow vulnerability

An off-by-one error exists in a portion of realpath(3) that computesthe
length of the resolved pathname.
8/5/2003libc realpath
off-by-one vulnerability

An off-by-one error exists in a portion of realpath(3) that computesthe
length of the resolved pathname.
.Distribution:Mandrake8/1/2003kdelibs authentication

A vulnerability in Konqueror was discovered where it could inadvertently
send authentication credentials to websites other than the intended site
in clear text via the HTTP-referer header when authentication credentials
are passed as part of a URL in the form http://user:password@host/.
off-by-one vulnerability

There is an off-by- one bug in the fb_realpath() function which could be
used by a remote attacker to obtain root privileges on the server.
8/4/2003postfix multiple

Two vulnerabilities were discovered in the postfix MTA by Michal Zalewski.
8/4/2003php session
handling vulnerability

A vulnerability was discovered in the transparent session ID support in
PHP4 prior to version 4.3.2.
.Distribution:NetBSD8/4/2003core denial
of service vulnerability

It is possible to crash an OSI connected system remotely by sending ita
carefully prepared OSI networking packet.
8/4/2003libc off-by-one

In the library function realpath, there was a string manipulationmistake
which could lead to 1-byte buffer overrun.
off-by-one vulnerability

An off-by-one bug has been discovered in versions of wu-ftpd up to andincluding
8/4/2003postfix multiple

Two security issues have been found in Postfix that affect the Postfixpackages
in Red Hat Linux 7.3, 8.0, and 9.
.Distribution:Slackware8/1/2003Konqueror Multiple

Note that this update addresses a security problem in Konqueror which may
cause authentication credentials to be leaked to an unintended website through
the HTTP-referer header when they have been entered into Konqueror as a
.Distribution:SuSe8/1/2003wuftpd off-by-one

There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a
widely used ftp server for Linux-like systems.
8/4/2003postfix multiple

Michal Zalewski has reported problems in postfix which can lead to a remote
DoS attack or allow attackers to bounce-scan private networks.
off-by-one vulnerability

This vulnerability may allow remote authenticated users to execute arbitrary
code via commands that cause long pathnames.




  • Security
Click Here!