- by Benjamin D.
This week, advisories were released for kernel, mgetty, slocate,
evolution, kernel, shadow, kopte, kopte, xinetd, mysql, kde, xinetd, kernel,
tcpdump, and openssh. The distributors include SCO, Guardian
Digital, Gentoo, Mandrake, Red Hat, and TurboLinux.
Your editors would like to thank you for the wonderful feedback
that we received from the last issue. All suggestions have been noted and we
are making efforts to address each and every one. For those of you who have
not yet had a chance to respond, there is still time! What are we looking for?
We are looking for suggestions on how to make this newsletter better. Suggestions
can range from tips on presentation to the type and amount of information included
with each advisory. We are making this effort to serve you, the community, better.
Help us take a step forward, let us know what it would take to make this newsletter
perfect for you. We look forward to hearing from
you! Please send all suggestions to: firstname.lastname@example.org
This week, several interesting advisories were released. Most
notably were the recent updates to the kernel. At the time of this writing,
only EnGarde and Red Hat have released updates to the "ioperm" system
call bug. It does not restrict privileges properly, which may result in a local
user being able to access the I/O ports on a system. In addition, an attacker
sending packets with a specially chosen forged source address can cause a large
number of collisions in the kernel's networking hash tables, which results in
a denial of service.
I recently had an interesting conversation with Dave Wreski, my
co-editor. We discussed the changes
that will be made to the United States $20 bills to thwart counterfeiters.
Dave brought up the point that the US Federal Reserve is implementing some changes
that will not be made public. His thoughts were, "Would giving store clerks
and the general public more information to recognize a bogus bill help? Or would
releasing this information give too much to the counterfeiters and improve their
capabilities?" I found this discussion interesting because it has the same
underlying question as the security of open source software. Most people reading
this newsletter would probably agree that security can not be gained through
obscurity. What do you think?
Until next time, stay secure!
Benjamin D. Thomas
LinuxSecurity Feature Extras:
At the RealWorld Linux Expo in Toronto, Guardian
Digital launched the next generation of the Community edition of EnGarde Secure
Linux - the secure and easy to manage system for building a complete
Internet presence while protecting your information assets.
of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out there.
While placing a network IDS outside one's firewall might also provide a similar
flood of alerts, a honeypot provides a unique prospective on what will be
going on when a related server is compromised used by the intruders.
The kernel module loader in the Linux kernel allows local users to gain
root privileges by using ptrace to attach to a child process that is spawned
by the kernel.
http://www.linuxsecurity.com/advisories/caldera_advisory-3248.html 5/14/2003mgetty buffer overflow vulnerability
mgetty will overflow an internal buffer if the caller name reported by the
modem is too long.
http://www.linuxsecurity.com/advisories/caldera_advisory-3251.html Distribution:Conectiva 5/9/2003slocate buffer overflow vulnerability
It has been reported that slocate contains a buffer overflow vulnerability
which could be used by a local attacker to obtain the privileges of the
http://www.linuxsecurity.com/advisories/connectiva_advisory-3246.html 5/14/2003evolution multiple vulnerabilities
Core Security Technologies found several vulnerabilities in Evolution
http://www.linuxsecurity.com/advisories/connectiva_advisory-3252.html Distribution:EnGarde 5/15/2003'sudo' heap corruption vulnerability multiple vulnerabilities
There is a heap corruption vulnerability in sudo which may allow an attacker
to execute arbitrary commands.
http://www.linuxsecurity.com/advisories/engarde_advisory-3257.html 5/15/2003 'gnupg' key validation bug multiple vulnerabilities
A key validation bug was recently discovered in the GNU Privacy Guard (GPG)
which would cause keys with more then one user ID to trust all user ID's
with the amount of trust given to the most-valid user ID.
http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html 5/15/2003kernel updates
This kernel update fixes several bugs and vulnerabilities.
http://www.linuxsecurity.com/advisories/engarde_advisory-3259.html Distribution:Gentoo 5/13/2003shadow user id vulnerability
Updated shadow package that contains a workarkaround for OpenSSH user identification
http://www.linuxsecurity.com/advisories/gentoo_advisory-3249.html 5/14/2003kopte arbitrary code execution vulnerability
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command
line when executing gpg, which allows remote attackers to execute arbitrary
http://www.linuxsecurity.com/advisories/gentoo_advisory-3253.html Distribution:Mandrake 5/9/2003kopte gunpg arbitrary code execution
This vulnerabiliy is in the GnuPG plugin that allows for users to send each
other GPG-encrypted instant messages.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3247.html 5/15/2003xinetd denial of service vulnerability
A vulnerability was discovered in xinetd where memory was allocated and
never freed if a connection was refused for any reason.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3260.html 5/15/2003mysql root vulnerability
In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and
allow mysql users to gain root privileges by using the "SELECT * INTO OUTFILE"
operator to overwrite a configuration file, which could cause mysql to run
as root upon restarting the daemon.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3261.html Distribution:RedHat 5/13/2003kde multiple vulnerabilities
KDE fails in multiple places to properly quote URLs and file names before
passing them to a command shell.
http://www.linuxsecurity.com/advisories/redhat_advisory-3250.html 5/14/2003xinetd denial of service vulnerability
Updated xinetd packages that fix a security vulnerability are now avaliable.
http://www.linuxsecurity.com/advisories/redhat_advisory-3254.html 5/14/2003kernel multiple vulnerabilities
Updated kernel packages that fix a remote denial of service vulnerability
in the TCP/IP stack, and a local privilege vulnerability, are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-3255.html 5/15/2003tcpdump privilege dropping vulnerability
Updated tcpdump packages that correctly drop privileges on startup are now
http://www.linuxsecurity.com/advisories/redhat_advisory-3262.html Distribution:TurboLinux 5/14/2003openssh user id vulnerability
The opessh immediately returns an error message if the user does not exist
on openssh server. As a result, it is possible to check user's validity
by measuring response time.