Author: Benjamin D. Thomas
for vim, gaim, mailman, cgiemail, PHP, XFree86, monkeyd, gallery, mutt, netpbm,
kernel, IPv6, and NetPBM. The distributors include Conectiva, Debian, Gentoo,
Mandrake, OpenBSD, and Red Hat.
On February 9th, Guardian
Digital launched the latest version of EnGarde Secure Linux for the community.
It is the result of many hours of hard work and dedication. The purpose of the
ESL project is to bring the most secure and easy to use server operating system
to the community. Many of you are probably already familiar with EnGarde Secure
Professional. It is the enterprise-level cousin to the EnGarde Secure Linux
project, just like the relationship between Red Hat Enterprise and Fedora.
The latest version of EnGarde Secure
Linux is freely available and contains many desirable features. First, users
can take advantage of ESL’s easy-to-use and secure Web-based management system.
Core services such as Web, DNS and mail can be setup in a matter of minutes.
Rather than depending on intuition, one can have assurance that the system is
configured in the most secure way.
In addition, ESL includes a complete
backup and recovery system, rock-solid access control mechanisms, cryptography
tools, a hardened kernel, firewalling capabilities, and tools for extended system
monitoring.
EnGarde Secure Linux is perfect
for those wishing to setup a Web server on a DSL connection. An EnGarde system
can act as a firewall, gateway, intrusion detection system, and requires very
little system resources. ESL is intended for those wishing to gain a better
understanding of system security, while maintaining complete control. Also,
ESL is the perfect stepping stone for those wishing to use EnGarde Secure Professional
in an enterprise environment.
With EnGarde Secure Linux, it is
possible to subscribe to the Guardian Digital Secure Network. This service is
beneficial if you not not have time install security updates by hand.
ESL’s improved alerting and reporting
capabilities will make any administrator sleep better at night. Having assurance
that the system is properly defending itself and reporting any such attempts
is valuable.
If you haven’t given EnGarde Secure
Linux a try, now is the time! It is available at the project’s Website:
Until next time, cheers!
Benjamin D. Thomas
LinuxSecurity
Feature Extras:
Introduction
to Netwox and Interview with Creator Laurent Constantin
– In this article Duane Dunston gives a brief introduction to Netwox, a combination
of over 130 network auditing tools. Also, Duane interviews Laurent Constantin,
the creator of Netwox.Managing
Linux Security Effectively in 2004
– This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.FEATURE:
OSVDB – An Independent and Open Source Vulnerability Database
– This article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major
contributor.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]
| Distribution: | Conectiva | ||||
| 2/11/2004 | vim | ||||
| Improper execution vulnerability vim can be exploited to execute arbitrary commands when the user opens a |
|||||
| 2/11/2004 | gaim | ||||
| Multiple vulnerabilities A remote attacker can use specially crafted network packets to execute arbitrary |
|||||
| Distribution: | Debian: gaim Debian |
||||
| 2/6/2004 | ‘gaim’ vulnerabilities |
||||
| Multiple vulnerabilities Stefan Esser discovered several security related problems in Gaim, a multi-protocol |
|||||
| Distribution: | Debian: mpg123 Debian |
||||
| 2/6/2004 | ‘mpg123’ heap overflow |
||||
| Multiple vulnerabilities A vulnerability was discovered in mpg123, a command-line mp3 player, whereby |
|||||
| Distribution: | Debian | ||||
| 2/9/2004 | mailman | ||||
| Multiple vulnerabilities The cross-site scripting vulnerabilities could allow an attacker to perform |
|||||
| 2/12/2004 | cgiemail | ||||
| Open mail relay Previous versions could be used to send email to arbitrary addresses, which |
|||||
| Distribution: | Gentoo | ||||
| 2/9/2004 | PHP | ||||
| Leaking globals vulnerability Depending on the server and site, an attacker may be able to exploit global |
|||||
| 2/11/2004 | XFree86 | ||||
| Buffer overflow vulnerability Exploitation allows local attackers to gain root privileges. |
|||||
| 2/11/2004 | monkeyd | ||||
| Denial of service vulnerability A bug allows for a Denial of Service attack to be launched against the webserver. |
|||||
| 2/11/2004 | gallery | ||||
| PHP injection vulnerability A crafted URL can overwrite $HTTP_POST_VARS. |
|||||
| Distribution: | Mandrake | ||||
| 2/12/2004 | mutt | ||||
| Denial of service vulnerability A carefully crafted mail message can cause mutt to segfault and possibly |
|||||
| 2/12/2004 | netpbm | ||||
| Temporary file vulnerabilities These could allow a local user the ability to overwrite or create files |
|||||
| Distribution: | OpenBSD | ||||
| 2/9/2004 | kernel | ||||
| Protected memory violation A reference counting bug in the shmat(2) system call could be used to write |
|||||
| 2/9/2004 | IPv6 | ||||
| Denial of service vulnerability This bug can be exploited to lock up the network stack if reachable via |
|||||
| Distribution: | Red Hat: netpbm Red Hat |
||||
| 2/6/2004 | ‘netpbm’ temporary file vulnerabilities |
||||
| Denial of service vulnerability A number of temporary file bugs have been found in versions of NetPBM. These |
|||||
| Distribution: | Red Hat |
||||
| 2/9/2004 | NetPBM | ||||
| Temporary file vulnerabilities These could allow a local user the ability to overwrite or create files |
|||||
| 2/9/2004 | gaim | ||||
| Multiple vulnerabilities If Gaim uses an HTTP proxy for connecting to a server, it could run arbitrary |
|||||
| 2/11/2004 | mutt | ||||
| 2/11/2004 | mutt | ||||
| Denial of service vulnerability New mutt packages that fix a remotely-triggerable crash in the menu drawing |
|||||
