Author: Benjamin D. Thomas
When will it end? Last week,
the biggest news was the Debian server compromise. After some analysis, it was
found that the vulnerability used to compromise those systems also affects nearly
all other Linux distributions. After you got your systems patched and thought
it was safe to let your guard down, a serious remote rsync vulnerability was made
public. What will it be next week, or next month? No one can predict when bugs
or exploits will surface, but the there is one constant in all of this. Vulnerabilities
will continue to be uncovered.
Although it is now cliche that ‘security
is a process, not a product,’ the events in the last few week further emphasize
this point. By now, it should be apparent that many of the systems that we are
using will never be bug free. Expect them, and expect them often! The most important
advice that anyone can give is, be prepared. What is preparation? Security must
be a normal business process. For example, servers should be patched at a consistent
interval, a testing environment should be used to ensure that patches do not
negatively affect production servers, and someone in the organization should
have the responsibility of monitoring news sources looking for particular harmful
vulnerabilities. For example, if your organization chooses to patch the servers
every Tuesday and Friday, but last Monday you were notified that updates were
available for the Kernel, a special consideration should have then been made.
Similarly, there should be processes
in the organization for the review of security policies, firewall rules, access
control lists, etc. All protection mechanisms should be reviewed by more than
one person on a consistent basis. The sooner that we can get out of the ‘firefighter’
mentality and approach security as a pure business process, the sooner we will
achieve an appropriate level of protection. This week, take time to review the
security processes in your organization. Is there a reason for every action
taken? When will your servers be updated again? When was the last time we reviewed
the accounts on the system?
Until next time, cheers!
Benjamin D. Thomas
Feature Extras:
Guardian
Digital Launches the First Secure Small Business Internet Productivity Solution
– Guardian Digital, the world’s premier open source Internet security company,
announced the availability of Internet Productivity Suite, a comprehensive
productivity and security management system. Focused on the increasing requirements
of small and medium organizations, this cohesive and highly-secure suite of
applications combine to protect users from Internet threats while providing
the features necessary to operate a complete Internet presence.OpenVPN:
An Introduction and Interview with Founder, James Yonan
– In this article, Duane Dunston gives a brief introduction to OpenVPN and
interviews its founder James Yonan.R00ting
The Hacker
– Dan Verton, the author of The Hacker Diaries: Confessions of
Teenage Hackers is a former intelligence officer in the U.S. Marine Corps
who currently writes for Computerworld and CNN.com, covering national cyber-security
issues and critical infrastructure
protection.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]
Distribution: | Caldera | ||
12/1/2003 | Bind | ||
cache poisoning vulnerability BIND is an implementation of the Domain Name System (DNS) protocols. Successful |
|||
Distribution: | Conectiva | ||
12/4/2003 | rsync | ||
heap buffer overflow rsync versions prior to 2.5.7 have a heap buffer overflow vulnerability[2] |
|||
Distribution: | Debian | ||
12/1/2003 | Kernel | ||
vulnerability in brk() Recently multiple servers of the Debian project were compromised using a |
|||
12/4/2003 | Rsync | ||
heap overflow vulnerability While this heap overflow vulnerability could not be used by itself to obtain |
|||
Distribution: | EnGarde | ||
12/4/2003 | ‘rsync’ heap overflow vulnerability |
||
heap overflow vulnerability A heap overflow vulnerability has been discovered in all versions of rsync |
|||
Distribution: | Fedora | ||
12/3/2003 | Kernel | ||
crash vulnerability The kernel shipped with Fedora Core 1 was vulnerable to a bug in the error |
|||
12/4/2003 | rsync | ||
heap overflow vulnerability A heap overflow bug exists in rsync versions prior to 2.5.7. On machines |
|||
12/4/2003 | Xboard | ||
predictable file-write exploit XBoard 4.2.6 and older contains a script which writes to a file in /tmp |
|||
Distribution: | FreeBSD | ||
11/29/2003 | Bind | ||
Negative-cache DOS vulnerability An attacker may arrange for malicious DNS messages to be delivered to a |
|||
Distribution: | Gentoo | ||
12/4/2003 | Rsync heap overflow vulnerability |
||
Negative-cache DOS vulnerability Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary |
|||
12/4/2003 | Kernel | ||
buffer overflow vulnerability leading to root Lack of proper bounds checking exists in the do_brk() kernel function in |
|||
Distribution: | Mandrake | ||
11/29/2003 | GnuPG | ||
Serious key vulnerability Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal |
|||
12/1/2003 | Kernel | ||
buffer overflow leading to root A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. |
|||
Distribution: | Red Hat |
||
12/1/2003 | kernel | ||
Privilege escalation vulnerability Updated kernel packages are now available that fix a security vulnerability |
|||
12/2/2003 | Net-SNMP Unauthorized access vulnerability |
||
Privilege escalation vulnerability Updated Net-SNMP packages are available to correct a security vulnerability |
|||
12/4/2003 | rsync | ||
heap overflow
A heap overflow bug exists in rsync versions prior to 2.5.7. On machines |
|||
Distribution: | Slackware | ||
12/3/2003 | Kernal | ||
buffer overflow leading to root New kernels are available for Slackware 9.1 and -current. These have been |
|||
12/4/2003 | Rsync | ||
heap overflow vulnerability A security problem which may lead to unauthorized machine access or code |
|||
12/4/2003 | Rsync | ||
heap overflow vulnerability security problem which may lead to unauthorized machine access or code execution |
|||
Distribution: | SUSE | ||
11/29/2003 | BIND | ||
Negative cache vulnerability and many others The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning |
|||
Distribution: | SuSE | ||
12/3/2003 | GnuPG | ||
multiple vulnerabilities Two independent errors have been found in gpg (GnuPG) packages as shipped |
|||
12/4/2003 | Kernel | ||
local root exploit This security update fixes a serious vulnerability in the Linux kernel. |
|||
12/4/2003 | Rsync | ||
heap overflow vulnerability Due to insufficient integer/bounds checking in the server code a heap overflow |
|||
Distribution: | Trustix | ||
11/28/2003 | bind | ||
Cache poisoning vulnerability A vulnerability has been found in BIND that “.. allows an attacker to conduct |
|||
12/1/2003 | Kernel | ||
buffer overflow leading to root This update fixes an issue related to bounds checking in the do_brk() function |
|||
12/4/2003 | rsync | ||
heap overflow vulnerability All versions of rsync prior to 2.5.7 contains a heap overflow that can be |
|||
Distribution: | Turbolinux | ||
11/28/2003 | Multiple | ||
package updates fileutils, fetchmail, postgresql, cups, and ethereal have been updated to |
|||
12/3/2003 | Kernal | ||
buffer overflow leading to root The kernel package contains the Linux kernel (vmlinuz), the core of your |
|||
Distribution: | Yellow Dog |
||
12/4/2003 | Kernal | ||
buffer overflow leading to root A flaw in bounds checking in the do_brk() function in the Linux kernel versions |
|||
Category:
- Security