June 29, 2004

Linux Advisory Watch - June 25, 2004

Author: Benjamin D. Thomas

This week, advisories
were released for sup, super,
rlpr, Multiple, kernel, libpng and Usermin. The distributors include
Debian,
EnGarde, Fedora, Gentoo, Openwall, Red
Hat, Trustix, and Turbolinux.


Tripwire
Monitoring

Tripwire is a
program that monitors file integrity by maintainig a
database of cryptographic signature for programs and configuration
files installed on the system, and reports changes in any of these
files.

A database of
checksums and other characteristics for the files listed
in the configuration file is created. Each subsequent run compares any
differences to the reference database, and the administrator is
notified.

The greatest
level of assurance that can be provided occurs if Tripwire
is run immediately after Linux has been installed and security updates
applied, and before it is connected to a network.

A text
configuration file, called a policy file, is used to define the
characteristics for each file that are tracked. Your level of paranoid
determines the frequency in which the intergrity of the files are
checked. Administration requries constant a ttention to the system
changes, and can be time-consuming if used for manysystems. Tripwire is
available in unsupported commercial binary for Red Hat and similar
distributions.

Here are several
examples:

# Create policy
file from text file
/usr/TSS/bin/twadmin
-m P policy.txt

# Initialize
database according to policy file
/usr/TSS/bin/tripwire
--init

# Print database
/usr/TSS/bin/twprint
-m d

# Generate daily
report file
/usr/TSS/bin/tripwire
-m c -t 1 -M

# Update
database according to policy file and report file
/usr/TSS/bin/tripwire
--update --polfile policy/tw.pol
--twrfile
report/-.twr


Security Tip
Written by Ryan Maple (ryan@guardiandigital.com)
Additional tips
are available at the following URL:
http://www.linuxsecurity.com/tips/tip-25.html

Until next time,
cheers!
Benjamin D.
Thomas
ben@linuxsecurity.com

LinuxSecurity
Feature Extras:      


Open
Source Leaving Microsoft Sitting on the Fence?
- The open source
model, with special regard to Linux, has no doubt become a formidable
competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings
and marketing campaigns refuting the claims of the new found
competition are inevitable. However, in the case of
Microsoft, it seems they have not taken a solid or plausible position
on the use of open source applications as an alternative to Windows.
Interview with Brian
Wotring, Lead Developer for the Osiris Project
- Brian Wotring is
currently the lead developer for the Osiris project and president of
Host Integrity, Inc. He is also the founder of  
knowngoods.org, an
online database of known good file signatures. Brian is the co-author
of Mac OS X Security and a long-standing member of the Shmoo Group, an
organization of security and cryptography professionals.
Guardian
Digital Launches Next Generation Secure Mail Suite
-
Guardian Digital, the premier open source security company, announced
the availability of the next generation Secure Mail Suite, the
industry's most secure open source corporate email system. This latest
edition has been optimized to support the changing needs of enterprise
and small business customers while continually providing protection
from the latest in email security threats.

[ Linux
Advisory Watch
] - [ Linux Security Week
] - [ PacketStorm
Archive
] - [ Linux
Security Documentation
]

 Linux Advisory Watch is a comprehensive newsletter that
outlines the security vulnerabilities that have been announced
throughout the week. It includes pointers to updated packages and
descriptions of each vulnerability.

[ Subscribe
]

Distribution: Debian
  6/19/2004 sup
    Format string vulnerability

By explointing this, a remote attacker could potentially cause
arbitrary code to be executed with the privileges of the supfilesrv
process

Debian 4494

 
  6/19/2004 super
    Format string vulnerability

This vulnerability could potentially be exploited by a local user to
execute arbitrary code with root privileges.

Debian 4500

 
  6/19/2004 www-sql Buffer overflow
vulnerability
    Format string vulnerability

Exploiting this vulnerability, a local user could cause the execution
of arbitrary code by creating a web page and processing it with
www-sql.

Debian 4501

 
  6/21/2004 rlpr
    Format string vulnerabilities

By exploiting one of these vulnerabilities, a local or remote user
could potentially cause arbitrary code to be executed with the
privileges of 1) the rlprd process (remote), or 2) root (local).

Debian 4508

 
 
Distribution: EnGarde
  6/21/2004 Multiple
    'kernel' vulnerabilities

This update fixes several security vulnerabilities in the Linux Kernel
shipped with EnGarde Secure Linux.

Engarde 4509

 
  6/21/2004 kernel
    2.4 Multiple vulnerabilities

This update fixes several security vulnerabilities, including the
famous "fsave/frstor" vulnerability and an information leak in the
e1000 driver.

Engarde 4510

 
 
Distribution: Fedora
  6/21/2004 libpng
    1.2 Denial of service vulnerability

An attacker could carefully craft a PNG file in such a way that it
would cause an application linked to libpng to crash or potentially
execute arbitrary code.

Fedora 4506

 
  6/21/2004 libpng
    1.0 Denial of service vulnerability

An attacker could carefully craft a PNG file in such a way that it
would cause an application linked to libpng to crash or potentially
execute arbitrary code when opened by a victim.

Fedora 4507

 
 
Distribution: Gentoo
  6/18/2004 Usermin
    Multiple vulnerabilities

Usermin contains two security vulnerabilities which could lead to a
Denial of Service attack and information disclosure.

Gentoo 4485

 
 
Distribution: Openwall
  6/21/2004 kernel
    Multiple vulnerabilities

This update fixes multiple security-related bugs in the Linux kernel as
well as two non-security bugs in the patch itself. This includes the
now-famous DoS bug.

Openwall 4504

 
 
Distribution: Red Hat
  6/18/2004 libpng
    Buffer overflow vulnerability

Updated libpng packages that fix a possible buffer overflow are now
available.

Red Hat 4486

 
  6/21/2004 kernel
    Multiple vulnerabilities

This contains two similar advisories, once set fixing RHEE 3, and the
other RHEE 2.1. Patch addresses two DoS attacks and several vulnerable
drivers.

Red Hat 4503

 
 
Distribution: Trustix
  6/21/2004 kernel
    Multiple vulnerabilities

During checks of the Linux 2.6 source using an automated tool called
sparse, several issues were discovered. Some of these were discovered
to also apply to the 2.4 series of the Linux kernel.

Trustix 4502

 
 
Distribution: Turbolinux
  6/19/2004 kernel
    Denial of service vulnerability

The vulnerability allows an attacker to make the cause of the denial of
service of the kernel.

Turbolinux 4493

 
Click Here!