July 25, 2003

Linux Advisory Watch - July 25th, 2003

- by Benjamin D.
Thomas

This week, advisories were released for apache, kernel, nfs-utils, cups, phpgroupware,
fdclone, several, gnupg, phpgroupware, mpg123, mozilla, semi, ethereal, and
xpdf. The distributors include Conectiva, Debian, Guardian Digital's EnGarde
Linux, Gentoo, Mandrake, Red Hat, Trustix, TurboLinux, and YellowDog Linux.- by Benjamin D.
Thomas

This week, advisories were released for apache, kernel, nfs-utils, cups, phpgroupware,
fdclone, several, gnupg, phpgroupware, mpg123, mozilla, semi, ethereal, and
xpdf. The distributors include Conectiva, Debian, Guardian Digital's EnGarde
Linux, Gentoo, Mandrake, Red Hat, Trustix, TurboLinux, and YellowDog Linux.

When a child wants to get a candy bar at a local market, what normally happens?
Most often, the child pleads a case to his/her parents and hopes for the best.
If he/she is well behaved, the child may get the candy bar. However, if the
child has recently been disobedient, the parent would probably refuse to buy
it. How does this relate to information security? A healthy security budget
can be considered your candy bar. It can be difficult to lock down a security
budget. In todayââ¬â¢s sluggish economy, all money spent must be fully justified
and approved. How can decision makers in an organization be persuaded to spend
adequate money on security?

Decision makers in an organization need justification for every project. Rather
than using FUD for persuasion, it can be more effective to prepare a business
case for each project. For example, if an upgrade to the current email server
farm is seriously needed to better manage Spam and Viruses, a business case
would be helpful to provide proper justification. Writing one forces the proper
amount of research and consideration of alternatives.

What is normally found in a business case? Generally, an executive summary
is the first major section included. It should be no more than a single type
written page, and summarize all information found in the remaining portion of
the document. It is advisable to write the executive summary last. Next, it
is logical to include an introduction section. This section should provide background
information, the purpose of the particular business case, and information regarding
the subject matter. It is a good idea to provide a bulleted list with key goals
& objectives, and discuss organizational environmental factors. The analysis
portion of the newsletter should follow. It should include an explanation of
the project goals & objectives, the scope, justification of business risks,
and alternative solutions. Finally, the business case should include a section
on business impact. This should include benefits, a high-level ROI analysis,
proposed time frame, and a listing of project risks.

Business cases can be written many different ways. It is most important that
the audience is considered. More information can on writing business cases can
be found on Google. Also, if you contact me, I can point you to several helpful
resources.

Until next time,
Benjamin D. Thomas

 

LinuxSecurity Feature Extras:

REVIEW:
Linux Security Cookbook
- There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.

Real-Time
Alerting with Snort
- Real-time alerting is a feature of an IDS or
any other monitoring application that notifies a person of an event in an
acceptably short amount of time. The amount of time that is acceptable is
different for every person.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

Linux Advisory Watch is a comprehensive newsletter
that outlines the security vulnerabilities that have been announced throughout
the week. It includes pointers to updated packages and descriptions of each
vulnerability.

[ Subscribe
]

 
Distribution: Conectiva
 

 7/22/2003nfs-utils buffer overflow vulnerability   denial of service vulnerability


http://www.linuxsecurity.com/advisories/connectiva_advisory-3482.html
  7/22/2003kernel   multiple vulnerabilities


http://www.linuxsecurity.com/advisories/connectiva_advisory-3483.html
  7/22/2003cups   multiple vulnerabilities


http://www.linuxsecurity.com/advisories/connectiva_advisory-3484.html
  7/24/2003phpgroupware   XSS vulnerability


http://www.linuxsecurity.com/advisories/connectiva_advisory-3486.html
  7/24/2003apache   denial of service vulnerability


http://www.linuxsecurity.com/advisories/connectiva_advisory-3487.html
  Distribution:Debian 7/24/2003fdclone   insecure tmp file vulnerability


http://www.linuxsecurity.com/advisories/debian_advisory-3488.html
  Distribution:EnGarde 7/24/2003several   local 'kernel' vulnerabilities


http://www.linuxsecurity.com/advisories/engarde_advisory-3485.html
  Distribution:Gentoo 7/19/2003gnupg   Unauthorized acess


http://www.linuxsecurity.com/advisories/gentoo_advisory-3475.html
  7/19/2003nfs-utils Denial of service   Unauthorized acess


http://www.linuxsecurity.com/advisories/gentoo_advisory-3476.html
  Distribution:Mandrake 7/24/2003phpgroupware   multiple vulnerabilities


http://www.linuxsecurity.com/advisories/mandrake_advisory-3489.html
  7/24/2003xpdf   arbitrary command execution vulnerability


http://www.linuxsecurity.com/advisories/mandrake_advisory-3490.html
  7/24/2003mpg123   denial of service vulnerability


http://www.linuxsecurity.com/advisories/mandrake_advisory-3491.html
  Distribution:RedHat 7/21/20032.4 kernel mulitple vulnerabilities   denial of service vulnerability


http://www.linuxsecurity.com/advisories/redhat_advisory-3477.html
  7/21/2003mozilla   heap overflow vulnerability


http://www.linuxsecurity.com/advisories/redhat_advisory-3478.html
  7/24/2003semi   arbitrary code execution vulnerability


http://www.linuxsecurity.com/advisories/redhat_advisory-3493.html
  Distribution:Trustix 7/18/2003'nfs-utils' Denial of Service   arbitrary code execution vulnerability


http://www.linuxsecurity.com/advisories/trustix_advisory-3472.html
  Distribution:TurboLinux 7/24/2003nfs-utils off-by-one vulnerability  

arbitrary code execution vulnerability


http://www.linuxsecurity.com/advisories/turbolinux_advisory-3492.html

  Distribution:Yellow Dog Linux 7/18/2003nfs-utils Buffer overflow vulnerability   arbitrary code execution vulnerability


http://www.linuxsecurity.com/advisories/yellowdog_advisory-3473.html
  7/18/2003ethereal   Multiple vulnerabilities


http://www.linuxsecurity.com/advisories/yellowdog_advisory-3474.html
  7/24/2003semi   arbitrary code execution vulnerability


http://www.linuxsecurity.com/advisories/yellowdog_advisory-3494.html
  7/24/2003xpdf   arbitrary command execution vulnerability


http://www.linuxsecurity.com/advisories/yellowdog_advisory-3495.html
 

Category:

  • Security
Click Here!