June 20, 2003

Linux Advisory Watch - June 20th, 2003

This week, advisories were released for apache2, webmin, mikmod,
typespeed, noweb, jnethack, ethereal, lprng, gzip, man, kon2, ghostscript, cups,
gzip, BitchX, Xpdf, kernel, and mgetty. The distributors include Conectiva,
Debian, Gentoo, Mandrake, RedHat, Slackware, SuSe, and TurboLinux. Like last
week, many of the advisories are fixes to older issues and minor problems. The
Gentoo and Debian security teams were most active.

Recently, there has been a lot of noise in the community about Gartner's latest
report (Information Security Hype Cycle) suggesting that IDS technology fails
to provide value relative to its costs and "will be obsolete by 2005." The report
indicates that IDS' do not add an extra of security and they are a product of
vendor puffery. Gartner's recommendation is to direct any budgeted IDS funds
into better firewalls.

"Functionality is moving into firewalls, which will perform deep packet inspection
for content and malicious traffic blocking, as well as antivirus activities."
According to the research, IDS technology fails because the typical IT department
does not have the resources to sift through all of the false positives and false
negatives generated by normal traffic. If you've ever administered an IDS, I'm
sure that you would agree with that. One conclusion that I have made over the
past few years is that an IDS is not for the faint of heart. To reap benefit,
a very skilled administrator is required and one that has the ability to write
custom signatures and configure in such a way that false positives/negatives
can be minimized.

Although this may be considered my <SOAPBOX> topic, I feel
compelled to mention it. <SOAPBOX> No matter how many intrusion
detection/prevention systems, firewalls, scanners, and applications are installed
to improve security, systems will ultimately remain insecure until sysadmins
start regularly patching vulnerabilities in a timely matter. I find it appalling
that scriptkiddies are able to find an insecure application fingerprint, search
on Google to find vulnerable hosts, then exploit it. Negligence is the greatest
cause of problems today. </SOAPBOX> I apologize for lecturing,
it is the "don't care" mindset that frustrates me.

The ironic part about all of this is that if you're reading this, you probably
agree with me and your systems are up-to-date. Education and awareness are very
important. One must realize that there is no magic bullet.

Until next time,
Benjamin D. Thomas
ben@linuxsecurity.com

FREE Apache SSL
Guide from Thawte
- Are you worried about your web server security?
Click here to get a FREE Thawte Apache SSL Guide and find the answers to all
your Apache SSL security needs.

LinuxSecurity Feature Extras:

Real-Time
Alerting with Snort
- Real-time alerting is a feature of an IDS or any
other monitoring application that notifies a person of an event in an acceptably
short amount of time. The amount of time that is acceptable is different for
every person.

Intrusion
Detection Systems: An Introduction

Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels there
are two forms of Intrusion Detection Systems that you will encounter: Host
and Network based.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

 
  Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It includes
pointers to updated packages and descriptions of each vulnerability.

[ Subscribe
]
   

 
 
Distribution: Conectiva

 6/17/2003apache2   arbitrary command execution vulnerability

The APR library contains a vulnerability in the apr_psprintf() function
which could be used to make apache reference invalid memory.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3366.html
  Distribution:Debian 6/16/2003lyskom-server denial of service vulnerability   arbitrary command execution vulnerability

Calle Dybedahl discovered a bug in lyskom-server which could result in a
denial of service where an unauthenticated user could cause the server to
become unresponsive as it processes a large query.

http://www.linuxsecurity.com/advisories/debian_advisory-3360.html
  6/16/2003webmin   session ID spoofing vulnerability

miniserv.pl in the webmin package does not properly handle metacharacters,
such as line feeds and carriage returns, in Base64-encoded strings used
in Basic authentication.

http://www.linuxsecurity.com/advisories/debian_advisory-3361.html
  6/16/2003mikmod   buffer overflow vulnerability

Ingo Saitz discovered a bug in mikmod whereby a long filename inside an
archive file can overflow a buffer when the archive is being read by mikmod.

http://www.linuxsecurity.com/advisories/debian_advisory-3362.html
  6/16/2003radiusd-cistron buffer overflow vulnerability   buffer overflow vulnerability

radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port
attribute is received.

http://www.linuxsecurity.com/advisories/debian_advisory-3363.html
  6/17/2003typespeed   buffer overflow vulnerability

radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port
attribute is received.

http://www.linuxsecurity.com/advisories/debian_advisory-3367.html
  6/17/2003noweb   insecure tmp file vulnerability

Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby
a temporary file was created insecurely.

http://www.linuxsecurity.com/advisories/debian_advisory-3368.html
  6/18/2003jnethack   Multiple vulnerabilities

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/debian_advisory-3376.html
  6/18/2003ethereal   Multiple remote vulnerabilities

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/debian_advisory-3377.html
  Distribution:Gentoo 6/14/2003lprng   Symlink attack

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3355.html
  6/14/2003gzip   Insecure temp files

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3356.html
  6/14/2003man   Format string vulnerability

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3357.html
  6/14/2003kon2   Buffer overflow vulnerability

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3358.html
  6/14/2003ghostscript   Insecure temp file

Multiple vulnerabilities including a buffer overflow and potential malicious
code execution vulnerabilities have been fixed.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3359.html
  6/16/2003cups   denial of service vulnerability

CUPS allows remote attackers to cause a denial of service via a partial
printing request to the IPP port (631), which does not time out.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3364.html
  Distribution:Mandrake 6/17/2003ethereal   multiple vulnerabilities

Several vulnerabilities in ethereal were discovered by Timo Sirainen.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3369.html
  6/17/2003gzip   insecure tmp file vulnerability

A vulnerability exists in znew, a script included with gzip, that would
create temporary files without taking precautions to avoid a symlink attack.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3370.html
  6/17/2003BitchX   Denial of Service Vulnerability

A vulnerability exists in znew, a script included with gzip, that would
create temporary files without taking precautions to avoid a symlink attack.

http://www.linuxsecurity.com/advisories/mandrake_advisory-3373.html
  Distribution:RedHat 6/18/2003Xpdf   Arbitrary code execution vulnerability

A vulnerability exists in znew, a script included with gzip, that would
create temporary files without taking precautions to avoid a symlink attack.

http://www.linuxsecurity.com/advisories/redhat_advisory-3374.html
  Distribution:Slackware 6/18/2003kernel   Multiple vulnerabilities

A vulnerability exists in znew, a script included with gzip, that would
create temporary files without taking precautions to avoid a symlink attack.

http://www.linuxsecurity.com/advisories/slackware_advisory-3375.html
  Distribution:SuSe 6/16/2003radiusd-cistron denial of service vulnerability   Multiple vulnerabilities

radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port
attribute is received.

http://www.linuxsecurity.com/advisories/suse_advisory-3365.html
  Distribution:TurboLinux 6/17/2003mgetty   multiple vulnerabilities

These vulnerabilities allow remote attackers to cause a denial of service
and possibly execute arbitrary code via a Caller ID string with a long CallerName
argument as well as allow local users to modify fax transmission privilege.

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3371.html
  6/17/2003gzip   insecure tmp file vulnerability

A vulnerability znew in the gzip package that could allow local users to
overwrite arbitrary files via a symlink attack on temporary files.

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3372.html
 

Category:

  • Security
Click Here!