Thomas
This week, advisories were released for maelstrom, apache, tomcat,
kernel, wget, file, lprng, cups, ghostscript, kon2, gnupg, squirrelmail, xinetd,lprng,
lv, and httpd. The distributors include Gentoo, Immunix, Mandrake, OpenPKG,
Red Hat, Turbolinux, and Yellow Dog. This week there were several new advisories.
Red Hat and others released several patches to their 2.4 kernel. For those of
you using PPC architecture and running Yellow Dog Linux, this is your week.
Eight new advisories were released, but most of these were fixes to known problems.
Many would argue that late is better than never.
Last week, I wrote about several choices a system administrator can
make to achieve a secure system. However, I did not discuss why someone
would want to pay particular attention to security. Perhaps it is because
your boss demands it, or because you are responsible and take special pride
in maintaining a secure system. Several industries are madated by the US
federal government to ensure privacy and security. If you are familiar
the health care industry, you have probably heard about HIPAA (The Health
Insurance Portability and Accountability Act of 1996), or if you you work
closely with the the financial industry, you’ve heard of the Graham-Leach-Bliley
Act.
If you have been to the doctor’s office, dentist, or pharmacist in the
last few months, you should have been asked to sign several forms that
inform you of your privacy rights. This is a requirement of the HIPAA privacy
rule. Now, companies are working achieve compliance with the second part
of HIPAA, the security rule. Compliance must be met by April 21st 2005.
You may be asking yourself, “I’m not part of the heath care industry, why
should I care?” The HIPAA security rule (164.308-164.312) provides a high
level outline of what it takes to achieve security in an organization.
It outlines administrative, physical, and technical safeguards to ensure
the confidentiality, integrity, and maximum availability of data.
The Department of Health and Human Services has made a strong effort
to ensure that all mandatory and addressable rules follow industry standards.
The security requirements have been scrutinized and modified at the request
of health care industry leaders. Addressing each of the rules prescribed
by HIPAA should not be viewed as a hindrance, but as good business practice.
Although every organization has an established method for maintaining security,
a lot can be learned from HIPAA. No matter what industry you’re in, you
should take a moment to review the requirements and apply the principles
to everyday operation. The final published security rule can be found in
the Federal Register, Volume 68, No. 34. Some of the major parts of the
security standards include the security management process, incident procedures,
contingency planning, workstation security, audit controls, integrity,
authentication, etc. In short, the point I am trying to make is that the
standards proposed by HIPAA can be applied to almost any organization.
Although I believe they are far from perfect, they can be quite helpful.
If you have any questions on how the HIPAA standards can be applied
to your organizations, please feel free to write.
Until next time,
ben@linuxsecurity.com
LinuxSecurity Feature Extras:
Real-Time
Alerting with Snort – Real-time alerting is a feature of an IDS
or any other monitoring application that notifies a person of an event
in an acceptably short amount of time. The amount of time that is acceptable
is different for every person.Intrusion
Detection Systems: An Introduction
Intrusion Detection is the process and methodology of inspecting data
for malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will encounter:
Host and Network based.[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability.
[ Subscribe
]
Distribution: | Gentoo | |||
5/30/2003 | maelstrom | |||
buffer overflow vulnerability
A local buffer overflow exists in maelstrom. |
||||
6/2/2003 | uw-imapd buffer overflow vulnerability | |||
buffer overflow vulnerability
UW-imapd can also act as IMAP client, allowing user to connect to specified |
||||
6/2/2003 | apache | |||
2.x denial of service vulnerability
Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash in |
||||
6/2/2003 | tomcat | |||
file access vulnerability
Versions prior to tomcat-4.1.24 created /opt/tomcat with a directory |
||||
Distribution: | Immunix | |||
5/30/2003 | kernel | |||
raceguard rules
Added patch to add raceguard cache clearing across sessions but not |
||||
6/4/2003 | wget | |||
input vulnerability
Steven M. Christey has discovered wget did not perform sufficient input |
||||
6/4/2003 | file | |||
root vulnerability
An anonymous reporter has reported to iDEFENSE a vulnerability in file |
||||
6/5/2003 | lprng | |||
insecure tmp file vulnerability
A vulnerability has been found in psbanner, which creates a temporary |
||||
Distribution: | Mandrake | |||
5/30/2003 | cups | |||
denial of service vulnerability
A Denial of Service (DoS) vulnerability was discovered in the CUPS printing |
||||
6/2/2003 | apache | |||
2.x multiple vulnerabilities
Two vulnerabilities were discovered in the Apache web server that affect |
||||
Distributor | Apache | |||
5/30/2003 | 2.0 multiple vulnerabilities | |||
2.x multiple vulnerabilities
Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash in |
||||
Distributor: | OpenPKG | |||
6/3/2003 | ghostscript | |||
arbitrary command execution
According to a Red Hat security advisory, a flaw in versions of Ghostscript |
||||
Distribution: | Red Hat |
|||
6/2/2003 | ghostscript | |||
arbitrary command execution vulnerability
A flaw in unpatched versions of Ghostscript before 7.07 allows malicious |
||||
6/3/2003 | 2.4 kernel multiple vulnerabilities | |||
arbitrary command execution vulnerability
These packages fix a ptrace-related vulnerability that can lead to elevated |
||||
6/3/2003 | 2.4 kernel vulnerabilities and driver issues |
|||
arbitrary command execution vulnerability
Several security issues have been found that affect the Linux kernel. |
||||
6/3/2003 | kon2 | |||
buffer overflow vulnerability
A buffer overflow in kon2 allows local users to obtain root privileges. |
||||
Distribution: | Turbolinux | |||
5/30/2003 | gnupg | |||
key validity bug
This bug causes keys with more than one user ID to give all user IDs |
||||
Distribution: | Yellow Dog |
|||
6/4/2003 | squirrelmail | |||
multiple vulnerabilities
Cross-site scripting vulnerabilities in SquirrelMail version 1.2.10 |
||||
6/4/2003 | xinetd | |||
denial of service vulnerability
Because of a programming error, memory was allocated and never freed |
||||
6/4/2003 | cups | |||
denial of service vulnerability
Phil D’Amore of Red Hat discovered a vulnerability in the CUPS IPP implementation. |
||||
6/4/2003 | gnupg | |||
key validation vulnerability
When evaluating trust values for different UIDs assigned to a given |
||||
6/4/2003 | lprng | |||
insecure tmp file vulnerability
A vulnerability has been found in psbanner, which creates a temporary |
||||
6/4/2003 | lv | |||
arbitrary code execution vulnerability
A bug has been found in versions of lv that read a .lv file in the current |
||||
6/4/2003 | compat-gcc missing module | |||
arbitrary code execution vulnerability
The version of compat-gcc that comes with Yellow Dog Linux 3.0 is missing |
||||
6/4/2003 | httpd | |||
multiple vulnerabilities
A build system problem in Apache 2.0 through 2.0.45 allows remote attackers |
||||
Category:
- Security