Author: Benjamin D. Thomas
This week,
advisories were released for apache, dhcp, kernel, mailman, gzip,
Pavuk, Esearch and libpng. The distributors include Debian, Fedora,
FreeBSD, Gentoo, Mandrake, Suse and Trustix.
Easy Administration
Each
time management mandates a new project, it must immediately be followed
up with hours of research to determine the best course of action.
Important projects can often be pushed aside or delayed because those
tasked with implementation find themselves in a position of not fully
understanding the technology. A fundamental lack of understanding leads
to configuration errors and security vulnerabilities. When
EnGarde Secure Linux is used, management can have assurance that
systems are setup in the most efficient and secure manner. Staff can
then concentrate on core competencies that accelerate business, rather
than specialized skills such as server configuration.
The
free community version of EnGarde Secure Linux is available at
http://www.engardelinux.org. After downloading the ISO, it
must be burned to a CD then installed on a dedicated machine. The
installation process is remarkably simple and can be accomplished in
about 15 minutes. For corporate users, I recommend using EnGarde Secure
Professional. Users receive source and binary CD-Roms, an annual
subscription to the Guardian Digital Secure Network, installation and
configuration support, 60 days of phone/email support, a printed
configuration manual, and a quick start reference guide.
After
EnGarde is installed, simple administration tasks such as setting up
users, system access controls, and a backup schedule should be set.
EnGarde servers are managed remotely using a browser through a SSL
connection. Access to the Web interface can be restricted to specific
IP addresses if necessary. In addition to Web, DNS, and Mail
configuration, the Guardian Digital WebTool provides screens to assist
with FTP, SSH, User management, IP access controls, Tripwire, Auditing
reports, and many other typical server features.
For a
detailed example on configuring a server, please see
the
following URL:
http://www.linuxsecurity.com/feature_stories/feature_story-161.html
Until
next time, cheers!
Benjamin D. Thomas
—–
LinuxSecurity
Feature Extras:
Open
Source Leaving Microsoft Sitting on the Fence? – The open source
model, with special regard to Linux, has no doubt become a formidable
competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings
and marketing campaigns refuting the claims of the new found
competition are inevitable. However, in the case of
Microsoft, it seems they have not taken a solid or plausible position
on the use of open source applications as an alternative to Windows.Interview with Brian
Wotring, Lead Developer for the Osiris Project – Brian Wotring is
currently the lead developer for the Osiris project and president of
Host Integrity, Inc. He is also the founder of knowngoods.org, an
online database of known good file signatures. Brian is the co-author
of Mac OS X Security and a long-standing member of the Shmoo Group, an
organization of security and cryptography professionals.Guardian
Digital Launches Next Generation Secure Mail Suite –
Guardian Digital, the premier open source security company, announced
the availability of the next generation Secure Mail Suite, the
industry’s most secure open source corporate email system. This latest
edition has been optimized to support the changing needs of enterprise
and small business customers while continually providing protection
from the latest in email security threats.[ Linux
Advisory Watch ] – [ Linux Security Week
] – [ PacketStorm
Archive ] – [ Linux
Security Documentation ]
Linux Advisory
Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability. [ Subscribe
]
Distribution: | Debian | ||
6/25/2004 | apache | ||
Buffer overflow vulnerability
A remote user could potentially cause arbitrary code to be executed |
|||
Distribution: | Fedora |
||
6/25/2004 | dhcp | ||
Buffer overflow vulnerability
This release fixes a buffer overflow vulnerability in the Fedora Core 2 |
|||
6/25/2004 | kernel | ||
Multiple vulnerabilities
This patch fixes a large number of bugs, including the famous evil.c |
|||
6/30/2004 | ipsec-tools Non-authentication vulnerability |
||
Multiple vulnerabilities
When configured to use X.509 certificates to authenticate remote hosts, |
|||
7/2/2004 | kernel | ||
Privilege change vulnerability
During an audit of the Linux kernel, SUSE discovered a flaw in the |
|||
7/2/2004 | mailman | ||
Password leak vulnerability
Mailman subscriber passwords could be retrieved by a remote attacker. |
|||
7/2/2004 | rsync | ||
Path escape vulnerability
A writing, non-chrooted rsync daemon could write outside of a module’s |
|||
Distribution: | FreeBSD | ||
7/2/2004 | kernel | ||
Improper memory access vulnerability
It may be possible for a local attacker to read and/or overwrite |
|||
Distribution: | Gentoo | ||
6/25/2004 | Apache | ||
1.3 Buffer overflow vulnerability
A bug in mod_proxy may allow a remote attacker to execute arbitrary |
|||
6/25/2004 | IPsec-Tools Non-authentication vulnerability |
||
1.3 Buffer overflow vulnerability
racoon provided as part of IPsec-Tools fails do proper authentication. |
|||
6/25/2004 | gzip | ||
Insecure temporary file vulnerability
gzip contain a bug potentially allowing an attacker to execute |
|||
6/25/2004 | giFT-FastTrack Denial of service vulnerability |
||
Insecure temporary file vulnerability
There is a vulnerability where a carefully crafted signal sent to the |
|||
6/25/2004 | FreeS/WAN,Openswan,strongSwan Non-authentication vulnerabilities |
||
Insecure temporary file vulnerability
FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs |
|||
6/30/2004 | mit-krb5 Buffer overflow vulnerabilities |
||
Insecure temporary file vulnerability
These flaws could potentially lead to a complete remote system |
|||
6/30/2004 | Pavuk | ||
Buffer overflow vulnerability
Pavuk contains a bug potentially allowing an attacker to run arbitrary |
|||
7/2/2004 | Esearch | ||
Insecure temp file vulnerability
Non-check for symlinks makes it possible for any user to create |
|||
Distribution: | Mandrake | ||
6/25/2004 | dhcp | ||
Buffer overflow vulnerabilities
Exploiting these bugs can lead to denial of service or execution of |
|||
6/25/2004 | kernel | ||
Multiple vulnerabilities
This patch fixes the famous kernel-crash bug and includes some |
|||
6/30/2004 | libpng | ||
Buffer overflow vulnerability
This buffer overflow can lead to Denial of Service or even remote |
|||
6/30/2004 | apache2 | ||
Denial of service vulnerability
Exploiting this can lead to httpd consuming an arbitrary amount of |
|||
6/30/2004 | apache | ||
Buffer overflow vulnerability
If mod_proxy is in use, this can be exploited by a remote user to |
|||
Distribution: | Suse | ||
6/25/2004 | dhcp/dhcp-server Buffer overflow vulnerability |
||
Buffer overflow vulnerability
The CERT informed us about a buffer overflow in the logging code of the |
|||
Distribution: | Trustix | ||
6/25/2004 | libpng,mod_php4,openssl,rsync,slocate,swup Multiple vulnerabilities |
||
Buffer overflow vulnerability
Lots of bugs, lots of packages. Enjoy! |
|||
6/30/2004 | apache,libpng,python Denial of service vulnerability |
||
Buffer overflow vulnerability
The apache fix is for a bug that leaves Apache open to a DoS attack, |
|||
Category:
- Linux