January 30, 2004

Linux Advisory Watch - January 30, 2004

Author: Benjamin D. Thomas

This week, advisories were
released for gnupg, trr19, slocate, screen, mod_python, gaim, jabber, mc, and
tcpdump. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat,
Slackware, and SuSE.

Today, information is power.
Those who have the most information, have the most power. Companies are constantly
plagued with former employees giving sensitive information to competition. Call
centers are attacked with social engineering techniques, and servers connected
to the Internet are being scanned at an increasing rate. Information security
is no longer a 'nice thing to have,' it is a necessity. Millions of dollars
are now being spent worldwide on corporate information security programs.

In many cases, it is difficult for
those less technically inclined to see the need in having a large budget for
information security. It is usually seen as an IT issue, and something that
can be addressed by one device or a piece of software. Information security
is a much broader issue that is infinitely complex.

Rather than thinking about security
from a 'patch and pray' standpoint, it is better think about it from a wider
perspective. A great book to read is "Information Warfare and Security," by
Dorothy Denning. The book is written for the technical layman, so it is appropriate
for those at all levels. It is a book that should be read by anyone is responsible
for any amount of sensitive information.

Being over 400 pages, it is quite
long. However, it is very easy to read because of its structure. The book is
broken up into three parts: An Introduction, Offensive, and Defensive Information
Warfare. Each part is composed of several chapters and each chapter includes
a story or several stories and then a further analysis. The chapters can be
read in sequence or independently. The great part about this book is that one
does not have to read it in its entirety to get something out of it. No matter
what current information security situation you face, you'll find inspiration
in this book.

Some of my favorite chapters include
"Psyops and Perception Management," "Secret Codes and Hideaways," and "In a
Risky World." Rather than the typical dry technical book that most of us are
used to, you'll find this book addictive and informative. I found that this
book provided a good social sciences perspective to information security, one
that I normally overlook.

"Information Warfare and
Security" was published in 1999 and is available in most bookstores.

Until next time, cheers!
Benjamin D. Thomas

 

LinuxSecurity
Feature Extras:

Introduction
to Netwox and Interview with Creator Laurent Constantin

- In this article Duane Dunston gives a brief introduction to Netwox, a combination
of over 130 network auditing tools. Also, Duane interviews Laurent Constantin,
the creator of Netwox.

Managing
Linux Security Effectively in 2004

- This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.

FEATURE:
OSVDB - An Independent and Open Source Vulnerability Database

- This article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major
contributor.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Debian
  1/26/2004 gnupg
    Signing
key vulnerability

This vulnerability can be used to trivially recover the private key.

http://www.linuxsecurity.com/advisories/debian_advisory-3976.html

 
  1/28/2004 trr19
    Missing
privilege release

The binaries don't drop privileges before executing a command, allowing
an attacker to gain access to the local group games.

http://www.linuxsecurity.com/advisories/debian_advisory-3983.html

 
 
Distribution: Fedora
  1/26/2004 slocate
    Heap overflow
vulnerability

A local user could exploit this vulnerability to gain "slocate" group privileges
and then read the entire slocate database.

http://www.linuxsecurity.com/advisories/fedora_advisory-3974.html

 
  1/27/2004 screen
    Privilege
escalation vulnerability

Updated screen packages are now available that fix a security vulnerability
which may allow privilege escalation for local users.

http://www.linuxsecurity.com/advisories/fedora_advisory-3982.html

 
 
Distribution: Gentoo
  1/27/2004 mod_python
    Denial
of service vulnerability

The Apache Foundation has reported that mod_python may be prone to Denial
of Service attacks when handling a malformed query.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3980.html

 
  1/27/2004 gaim
    Multiple
vulnerabilities

Multiple buffer overflows exist in gaim 0.75 and earlier.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3981.html

 
 
Distribution: Mandrake
  1/23/2004 slocate
    Heap overflow

This could be exploited by a local user to gain privileges of the 'slocate'
group. The updated packages contain a patch from Kevin Lindsay that causes
slocate to drop privileges before reading a user-supplied database.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3971.html

 
  1/23/2004 jabber
    Denial
of service vulnerability

A vulnerability was found in the jabber program where a bug in the handling
of SSL connections could cause the server process to crash, resulting in
a DoS (Denial of Service).

http://www.linuxsecurity.com/advisories/mandrake_advisory-3972.html

 
  1/27/2004 gaim
    Multiple
vulnerabilities

Multiple buffer overflows exist in gaim 0.75 and earlier.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3977.html

 
  1/27/2004 mc
    Buffer
overflow vulnerability

This vulnerability could allow remote attackers to execute arbitrary code
during symlink conversion.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3978.html

 
  1/27/2004 tcpdump
    Non-sanitized
input vulernability

If fed a maliciously crafted packet, could be exploited to crash tcpdump
or potentially execute arbitrary code.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3979.html

 
 
Distribution: Red
Hat
  1/26/2004 gaim
    Multiple
vulnerabilities

Multiple buffer overflows that affect versions of Gaim 0.75 and earlier.


http://www.linuxsecurity.com/advisories/redhat_advisory-3973.html

 
 
Distribution: Slackware
  1/26/2004 gaim
    Multiple
vulnerabilities

12 vulnerabilities were found in the instant messenger GAIM that allow remote
compromise.

http://www.linuxsecurity.com/advisories/slackware_advisory-3975.html

 
 
Distribution: SuSE
  1/29/2004 gaim
    Multiple
vulnerabilities

12 vulnerabilities in gaim can lead to a remote system compromise with the
privileges of the user running GAIM.

http://www.linuxsecurity.com/advisories/suse_advisory-3984.html

 

Category:

  • Linux
Click Here!