Linux Advisory Watch - June 20th, 2003

This week, advisories were released for apache2, webmin, mikmod,
typespeed, noweb, jnethack, ethereal, lprng, gzip, man, kon2, ghostscript, cups,
gzip, BitchX, Xpdf, kernel, and mgetty. The distributors include Conectiva,
Debian, Gentoo, Mandrake, RedHat, Slackware, SuSe, and TurboLinux. Like last
week, many of the advisories are fixes to older issues and minor problems. The
Gentoo and Debian security teams were most active.

Recently, there has been a lot of noise in the community about Gartner’s latest
report (Information Security Hype Cycle) suggesting that IDS technology fails
to provide value relative to its costs and “will be obsolete by 2005.” The report
indicates that IDS’ do not add an extra of security and they are a product of
vendor puffery. Gartner’s recommendation is to direct any budgeted IDS funds
into better firewalls.

“Functionality is moving into firewalls, which will perform deep packet inspection
for content and malicious traffic blocking, as well as antivirus activities.”
According to the research, IDS technology fails because the typical IT department
does not have the resources to sift through all of the false positives and false
negatives generated by normal traffic. If you’ve ever administered an IDS, I’m
sure that you would agree with that. One conclusion that I have made over the
past few years is that an IDS is not for the faint of heart. To reap benefit,
a very skilled administrator is required and one that has the ability to write
custom signatures and configure in such a way that false positives/negatives
can be minimized.

Although this may be considered my <SOAPBOX> topic, I feel
compelled to mention it. <SOAPBOX> No matter how many intrusion
detection/prevention systems, firewalls, scanners, and applications are installed
to improve security, systems will ultimately remain insecure until sysadmins
start regularly patching vulnerabilities in a timely matter. I find it appalling
that scriptkiddies are able to find an insecure application fingerprint, search
on Google to find vulnerable hosts, then exploit it. Negligence is the greatest
cause of problems today. </SOAPBOX> I apologize for lecturing,
it is the “don’t care” mindset that frustrates me.

The ironic part about all of this is that if you’re reading this, you probably
agree with me and your systems are up-to-date. Education and awareness are very
important. One must realize that there is no magic bullet.

Until next time,
Benjamin D. Thomas
ben@linuxsecurity.com

FREE Apache SSL
Guide from Thawte – Are you worried about your web server security?
Click here to get a FREE Thawte Apache SSL Guide and find the answers to all
your Apache SSL security needs.

LinuxSecurity Feature Extras:

Real-Time
Alerting with Snort – Real-time alerting is a feature of an IDS or any
other monitoring application that notifies a person of an event in an acceptably
short amount of time. The amount of time that is acceptable is different for
every person.

Intrusion
Detection Systems: An Introduction
Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels there
are two forms of Intrusion Detection Systems that you will encounter: Host
and Network based.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It includes
pointers to updated packages and descriptions of each vulnerability.
[ Subscribe
]



Distribution:			Conectiva
	6/17/2003	apache2
		arbitrary command execution vulnerability The APR library contains a vulnerability in the apr_psprintf() function which could be used to make apache reference invalid memory. http://www.linuxsecurity.com/advisories/connectiva_advisory-3366.html


Distribution:			Debian
	6/16/2003	lyskom-server denial of service vulnerability
		arbitrary command execution vulnerability Calle Dybedahl discovered a bug in lyskom-server which could result in a denial of service where an unauthenticated user could cause the server to become unresponsive as it processes a large query. http://www.linuxsecurity.com/advisories/debian_advisory-3360.html

	6/16/2003	webmin
		session ID spoofing vulnerability miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. http://www.linuxsecurity.com/advisories/debian_advisory-3361.html

	6/16/2003	mikmod
		buffer overflow vulnerability Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod. http://www.linuxsecurity.com/advisories/debian_advisory-3362.html

	6/16/2003	radiusd-cistron buffer overflow vulnerability
		buffer overflow vulnerability radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received. http://www.linuxsecurity.com/advisories/debian_advisory-3363.html

	6/17/2003	typespeed
		buffer overflow vulnerability radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received. http://www.linuxsecurity.com/advisories/debian_advisory-3367.html

	6/17/2003	noweb
		insecure tmp file vulnerability Jakob Lell discovered a bug in the ‘noroff’ script included in noweb whereby a temporary file was created insecurely. http://www.linuxsecurity.com/advisories/debian_advisory-3368.html

	6/18/2003	jnethack
		Multiple vulnerabilities Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/debian_advisory-3376.html

	6/18/2003	ethereal
		Multiple remote vulnerabilities Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/debian_advisory-3377.html


Distribution:			Gentoo
	6/14/2003	lprng
		Symlink attack Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/gentoo_advisory-3355.html

	6/14/2003	gzip
		Insecure temp files Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/gentoo_advisory-3356.html

	6/14/2003	man
		Format string vulnerability Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/gentoo_advisory-3357.html

	6/14/2003	kon2
		Buffer overflow vulnerability Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/gentoo_advisory-3358.html

	6/14/2003	ghostscript
		Insecure temp file Multiple vulnerabilities including a buffer overflow and potential malicious code execution vulnerabilities have been fixed. http://www.linuxsecurity.com/advisories/gentoo_advisory-3359.html

	6/16/2003	cups
		denial of service vulnerability CUPS allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out. http://www.linuxsecurity.com/advisories/gentoo_advisory-3364.html


Distribution:			Mandrake
	6/17/2003	ethereal
		multiple vulnerabilities Several vulnerabilities in ethereal were discovered by Timo Sirainen. http://www.linuxsecurity.com/advisories/mandrake_advisory-3369.html

	6/17/2003	gzip
		insecure tmp file vulnerability A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. http://www.linuxsecurity.com/advisories/mandrake_advisory-3370.html

	6/17/2003	BitchX
		Denial of Service Vulnerability A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. http://www.linuxsecurity.com/advisories/mandrake_advisory-3373.html


Distribution:			RedHat
	6/18/2003	Xpdf
		Arbitrary code execution vulnerability A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. http://www.linuxsecurity.com/advisories/redhat_advisory-3374.html


Distribution:			Slackware
	6/18/2003	kernel
		Multiple vulnerabilities A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. http://www.linuxsecurity.com/advisories/slackware_advisory-3375.html


Distribution:			SuSe
	6/16/2003	radiusd-cistron denial of service vulnerability
		Multiple vulnerabilities radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received. http://www.linuxsecurity.com/advisories/suse_advisory-3365.html


Distribution:			TurboLinux
	6/17/2003	mgetty
		multiple vulnerabilities These vulnerabilities allow remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument as well as allow local users to modify fax transmission privilege. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3371.html

	6/17/2003	gzip
		insecure tmp file vulnerability A vulnerability znew in the gzip package that could allow local users to overwrite arbitrary files via a symlink attack on temporary files. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3372.html

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR