July 16, 2004

Linux Advisory Watch - July 16, 2004

Author: Benjamin D. Thomas

week, advisories were released for kernel, ethereal, MoinMoin and
rsync. The distributors include
EnGarde, Fedora, Gentoo and Mandrake.

Does Kerberos Actually Work?

uses secret-key cryptography to distribute tickets used for
authentication of users to network services.  The ticket is
generated using a password that the user supplies, unequivocally
linking it to the user.  The services available for use with
Kerberos also have tickets, but are not generated using a
password.  The user presents his ticket given to him by the
Kerberos authentication server.  The ticket is stored on the
authentication server, which is configured to permit the user to access
a particular service on a particular server on the network.  The
server uses this to verify the user's identity, and grants or denies
access to a particular network service.

Once the user has requested of the AS the use of a particular service,
a session key (a random string of bits) is generated which is used to
encrypt future communications between the client and AS. This key and
the service name requested are encrypted together using the user's

Another copy of the random session key generated by the AS and the
username are encrypted together using the service's key.

Both keys are then returned to the user.  The user decrypts the
first message using his ticket and reveals the server name from which
he was requesting service and the session key generated by the AS.

The second message passed to the user cannot be decrypted because it
was encrypted using the service key, which the user does not have.

The user then uses that session key to encrypt a message containing the
current time.  This message, and the second message still
encrypted, are both passed to the service for which the user requests

The service opens the first message (the one the client could not open)
using its own key, extracting the session key and the user name
requesting the use of the service.

The service then opens the second message using the session key from
the previous message to extract the message with the timestamp on
it.  This then serves to authenticate the user. This message may
also contain an encryption key that is used to provide privacy in
future communications between the user and the service.

Security Tip Written by Dave Wreski (dave@guardiandigital.com)
Additional tips are available at the following URL:

next time, cheers!
Benjamin D. Thomas


Feature Extras:

Catching up with Wietse Venema, creator of Postfix and TCP
- Duane Dunston speaks at
length with Wietse Venema on his current  research projects at the
Thomas J. Watson Research Center, including  his forensics efforts
with The Coroner's Toolkit. Wietse Venema is best  known for the
software TCP Wrapper, which is still widely used today  and is
included with almost all unix systems.  Wietse is also the 
author of the Postfix mail system and the co-author of the very cool
suite of utilities called The Coroner's Toolkit or "TCT".

Source Leaving Microsoft Sitting on the Fence?
- The open
source model, with special regard to Linux, has no doubt become a
formidable competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings
and marketing campaigns refuting the claims of the new found
competition are inevitable. However, in the case of Microsoft, it seems
they have not taken a solid or plausible position on the use of open
source applications as an alternative to Windows.

[ Linux
Advisory Watch
] - [ Linux Security Week
] - [ PacketStorm
] - [ Linux
Security Documentation

Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each

Distribution: EnGarde
  7/13/2004 kernel

This update fixes several security vulnerabilities in the Linux Kernel
shipped with EnGarde Secure Linux, most notably the "fsave/frstor"
vulnerability and an information leak in the e1000 driver.

EnGarde 4555

Distribution: Fedora
  7/9/2004 im-sdk Insecure temporary
file vulnerability

The im-switch that is included in the Fedora Core iiimf-x package has
been fixed to take appropriate precautions when generating temporary

Fedora 4551

Distribution: Gentoo
  7/9/2004 Ethereal

Multiple vulnerabilities including one buffer overflow exist in
Ethereal, which may allow an attacker to run arbitrary code or crash
the program.

Gentoo 4550

  7/12/2004 MoinMoin
bypass vulnerability

MoinMoin contains a bug allowing a user to bypass group ACLs (Access
Control Lists).

Gentoo 4553

  7/12/2004 rsync
traversal vulnerability

Under specific conditions, the rsync daemon is vulnerable to a
directory traversal allowing to write files outside a sync module.

Gentoo 4554

Distribution: Mandrake
  7/9/2004 ethereal

It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet into the wire or by
convincing someone to read a malformed packet trace file.

Mandrake 4552


  • Linux
Click Here!