January 23, 2004

Linux Advisory Watch - January 23, 2004

Author: Benjamin D. Thomas

This week, advisories were released
for cvs, screen, kdepim, mc, tcpdump, kernel, slocate, honeyd, isakmpd, and
lftp. The distributors include Conectiva, Debian, Guardian Digital EnGarde Secure
Linux, Gentoo, OpenBSD, Red Hat, Trustix, and Turbolinux.

In all business environments
management must give a certain level of trust to staff in order for work to
get done. In security, trust is extremely important. Security managers must
trust staff to properly setup and configure systems, give appropriate access,
and fix vulnerabilities as they arise. Trusting staff to get the job done is
a fundamental part of doing business. As a manager, how can one be sure that
the security staff is properly addressing security issues? How can one be sure
that vulnerabilities are fixed and logs are monitored? Peter F. Drucker, a well
known writer on business management topics once wrote, "if you cannot measure
it, you cannot manage it."

This is directly relevant to security.
How can a manager be sure that the backups are getting done? Are the IDS and
firewall logs properly monitored? A manager can easily have trust in employees,
but assurance also must be provided. Management should require staff to log
backups, log reviews, server patching, etc. Rather than trusting staff to get
the job done, it is necessary to have assurance. All general security maintenance
tasks can be, and should be audit-able.

How will extra paper work help security?
Will staff get fed up with all of the extra documentation? The purpose of extra
documentation is not to burden staff, it is to increasingly justify security
spending. If a security department is properly doing its job, incidents will
have little affect. However, if the department isn't doing its job, something
catastrophic could happen. It is hard for people not in security to see the
value in spending more money when there are no security incidents. Having audit-able
documented evidence of thwarted security attempts, log reviews, etc. can have
a huge impact on the image of the security department. Rather than relying on
trust, giving assurance and quantifying security will help get the budget necessary
to have the appropriate level of protection.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Managing
Linux Security Effectively in 2004

- This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.

FEATURE:
OSVDB - An Independent and Open Source Vulnerability Database

- This article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major
contributor.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Conectiva
  1/20/2004 cvs
    Chroot
escape vulnerability

By requesting malformed modules[2] a remote attacker can attempt to create
files and directories on the server's root file system.

http://www.linuxsecurity.com/advisories/conectiva_advisory-3962.html

 
  1/20/2004 screen
    Buffer
overflow vulnerability

This vulnerability could be exploited by an attacker who is able to send
about 2Gb of data to the user's screen session.

http://www.linuxsecurity.com/advisories/conectiva_advisory-3963.html

 
  1/20/2004 kdepim
    Buffer
overflow vulnerability

A carefully constructed .VCF file, if opened or previewed, could cause the
execution of arbitrary code with the victim's privileges.

http://www.linuxsecurity.com/advisories/conectiva_advisory-3964.html

 
 
Distribution: Debian
  1/16/2004 mc
    Improper
execution vulnerability

A malicious archive (such as a .tar file) could cause arbitrary code to
be executed if opened by Midnight Commander.

http://www.linuxsecurity.com/advisories/debian_advisory-3955.html

 
  1/16/2004 tcpdump
    Multiple
vulnerabilities

A number of buffer overflows could be exploited to crash tcpdump, or execute
arbitrary code with the privileges of tcpdump.

http://www.linuxsecurity.com/advisories/debian_advisory-3957.html

 
  1/19/2004 netpbm-free
Insecure temporary files
    Multiple
vulnerabilities

Many of these programs were found to create temporary files in an insecure
manner.

http://www.linuxsecurity.com/advisories/debian_advisory-3960.html

 
  1/19/2004 kernel
    MIPS version
of mremap() fix

A flaw in bounds checking in mremap() in the Linux kernel may allow a local
attacker to gain root privileges.

http://www.linuxsecurity.com/advisories/debian_advisory-3961.html

 
  1/20/2004 slocate
    Heap buffer
overflow

This vulnerability could grant a local attacker "slocate" group privileges,
which can access the list of all file pathnames on the system.

http://www.linuxsecurity.com/advisories/debian_advisory-3965.html

 
 
Distribution: EnGarde
  1/19/2004 'tcpdump'
multiple vulnerabilities
    Heap buffer
overflow

By sending specially constructed packets across the wire a malicious remote
attacker could cause tcpdump to crash or potentially run arbitrary code
as the user under which tcpdump was being run.

http://www.linuxsecurity.com/advisories/engarde_advisory-3958.html

 
  1/19/2004 tcpdump
    Multiple
vulnerabilities

Several buffer overflows were recently discovered in tcpdump which could
cause tcpdump to crash or run arbitrary code.

http://www.linuxsecurity.com/advisories/engarde_advisory-3959.html

 
 
Distribution: Gentoo
  1/22/2004 honeyd
    Honeyd
remotely identifiable

Identification of Honeyd installations allows an adversary to launch attacks
specifically against Honeyd.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3969.html

 
 
Distribution: OpenBSD
  1/16/2004 isakmpd
    SA deletion
vulnerability

Several message handling flaws in isakmpd(8) have been reported by Thomas
Walpuski.

http://www.linuxsecurity.com/advisories/openbsd_advisory-3956.html

 
 
Distribution: Red
Hat
  1/21/2004 mc
    Buffer
overflow vulnerability

This vulnerability allows remote attackers to execute arbitrary code during
symlink conversion.

http://www.linuxsecurity.com/advisories/redhat_advisory-3966.html

 
  1/22/2004 slocate
    Heap overflow
vulnerability

A local user could exploit this vulnerability to gain "slocate" group privileges
and then read the entire slocate database.

http://www.linuxsecurity.com/advisories/redhat_advisory-3970.html

 
 
Distribution: Trustix
  1/21/2004 slocate
    Privilege
escalation vulnerability

Exploiting this would allow an attacker to obtain a list of all files in
the filesystem.

http://www.linuxsecurity.com/advisories/trustix_advisory-3967.html

 
 
Distribution: Turbolinux
  1/22/2004 lftp
    and tcpdump
Multiple vulnerabilities

lftp: buffer overflow tcpdump: multiple vulnerabilities

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3968.html

 

Category:

  • Security