typespeed, noweb, jnethack, ethereal, lprng, gzip, man, kon2, ghostscript, cups,
gzip, BitchX, Xpdf, kernel, and mgetty. The distributors include Conectiva,
Debian, Gentoo, Mandrake, RedHat, Slackware, SuSe, and TurboLinux. Like last
week, many of the advisories are fixes to older issues and minor problems. The
Gentoo and Debian security teams were most active.
Recently, there has been a lot of noise in the community about Gartner’s latest
report (Information Security Hype Cycle) suggesting that IDS technology fails
to provide value relative to its costs and “will be obsolete by 2005.” The report
indicates that IDS’ do not add an extra of security and they are a product of
vendor puffery. Gartner’s recommendation is to direct any budgeted IDS funds
into better firewalls.
“Functionality is moving into firewalls, which will perform deep packet inspection
for content and malicious traffic blocking, as well as antivirus activities.”
According to the research, IDS technology fails because the typical IT department
does not have the resources to sift through all of the false positives and false
negatives generated by normal traffic. If you’ve ever administered an IDS, I’m
sure that you would agree with that. One conclusion that I have made over the
past few years is that an IDS is not for the faint of heart. To reap benefit,
a very skilled administrator is required and one that has the ability to write
custom signatures and configure in such a way that false positives/negatives
can be minimized.
Although this may be considered my
compelled to mention it.
detection/prevention systems, firewalls, scanners, and applications are installed
to improve security, systems will ultimately remain insecure until sysadmins
start regularly patching vulnerabilities in a timely matter. I find it appalling
that scriptkiddies are able to find an insecure application fingerprint, search
on Google to find vulnerable hosts, then exploit it. Negligence is the greatest
cause of problems today.
it is the “don’t care” mindset that frustrates me.
The ironic part about all of this is that if you’re reading this, you probably
agree with me and your systems are up-to-date. Education and awareness are very
important. One must realize that there is no magic bullet.
Until next time,
Benjamin D. Thomas
ben@linuxsecurity.com
FREE Apache SSL
Guide from Thawte – Are you worried about your web server security?
Click here to get a FREE Thawte Apache SSL Guide and find the answers to all
your Apache SSL security needs.
LinuxSecurity Feature Extras:
Real-Time
Alerting with Snort – Real-time alerting is a feature of an IDS or any
other monitoring application that notifies a person of an event in an acceptably
short amount of time. The amount of time that is acceptable is different for
every person.Intrusion
Detection Systems: An Introduction
Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels there
are two forms of Intrusion Detection Systems that you will encounter: Host
and Network based.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It includes
pointers to updated packages and descriptions of each vulnerability.
[ Subscribe
]
Distribution: | Conectiva | ||
6/17/2003 | apache2 | ||
arbitrary command execution vulnerability
The APR library contains a vulnerability in the apr_psprintf() function |
|||
Distribution: | Debian | ||
6/16/2003 | lyskom-server denial of service vulnerability | ||
arbitrary command execution vulnerability
Calle Dybedahl discovered a bug in lyskom-server which could result in a |
|||
6/16/2003 | webmin | ||
session ID spoofing vulnerability
miniserv.pl in the webmin package does not properly handle metacharacters, |
|||
6/16/2003 | mikmod | ||
buffer overflow vulnerability
Ingo Saitz discovered a bug in mikmod whereby a long filename inside an |
|||
6/16/2003 | radiusd-cistron buffer overflow vulnerability | ||
buffer overflow vulnerability
radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port |
|||
6/17/2003 | typespeed | ||
buffer overflow vulnerability
radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port |
|||
6/17/2003 | noweb | ||
insecure tmp file vulnerability
Jakob Lell discovered a bug in the ‘noroff’ script included in noweb whereby |
|||
6/18/2003 | jnethack | ||
Multiple vulnerabilities
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
6/18/2003 | ethereal | ||
Multiple remote vulnerabilities
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
Distribution: | Gentoo | ||
6/14/2003 | lprng | ||
Symlink attack
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
6/14/2003 | gzip | ||
Insecure temp files
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
6/14/2003 | man | ||
Format string vulnerability
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
6/14/2003 | kon2 | ||
Buffer overflow vulnerability
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
6/14/2003 | ghostscript | ||
Insecure temp file
Multiple vulnerabilities including a buffer overflow and potential malicious |
|||
6/16/2003 | cups | ||
denial of service vulnerability
CUPS allows remote attackers to cause a denial of service via a partial |
|||
Distribution: | Mandrake | ||
6/17/2003 | ethereal | ||
multiple vulnerabilities
Several vulnerabilities in ethereal were discovered by Timo Sirainen. |
|||
6/17/2003 | gzip | ||
insecure tmp file vulnerability
A vulnerability exists in znew, a script included with gzip, that would |
|||
6/17/2003 | BitchX | ||
Denial of Service Vulnerability
A vulnerability exists in znew, a script included with gzip, that would |
|||
Distribution: | RedHat | ||
6/18/2003 | Xpdf | ||
Arbitrary code execution vulnerability
A vulnerability exists in znew, a script included with gzip, that would |
|||
Distribution: | Slackware | ||
6/18/2003 | kernel | ||
Multiple vulnerabilities
A vulnerability exists in znew, a script included with gzip, that would |
|||
Distribution: | SuSe | ||
6/16/2003 | radiusd-cistron denial of service vulnerability | ||
Multiple vulnerabilities
radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port |
|||
Distribution: | TurboLinux | ||
6/17/2003 | mgetty | ||
multiple vulnerabilities
These vulnerabilities allow remote attackers to cause a denial of service |
|||
6/17/2003 | gzip | ||
insecure tmp file vulnerability
A vulnerability znew in the gzip package that could allow local users to |
|||
Category:
- Security