May 30, 2003

Linux Advisory Watch - May 30th, 2003

- By Benjamin D.

This week, advisories were released for squid, BitchX, netpbm,
gPS, heimdal, nessus, lprng, gnupg, up2date, ptrace, apache, cups, and glibc.
The distributors include Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware,
and SuSe. Several of the advisories released are updates to vulnerabilities
found last week. There is nothing particularly serious this week, but it is
always a advisable to have everything patched before the weekend.

Knowing that your servers are up-to-date is a good way to
help ensure that you will have an uninterrupted weekend. What else can assure
you that operations will run smoothly during time off? There are many pieces
to the equation that are important. One of the most significant aspects is using
servers that are properly configured and hardened. In addition, proper server
administration procedures must be followed. While many intrusions are a result
of vulnerable packages, a large number of them can also be attributed to improper
software configuration and administration. This burden falls on the administrator.
What can be done to reduce the risk of improper software configuration? 

The easiest way, is to look for a pre configured or specialized
security distribution. Because I am a long time contributor to EnGarde
Secure Linux
, I am biased in this recommendation. However, I personally
feel that using a distribution such as EnGarde will dramatically improve your
organization's security stance with very little time, effort, and money invested.
You'll find that with EnGarde, administration becomes easy. I have used it for
years and now I find myself becoming lazy when it comes to using other systems.
I find myself not wanting to anything manually. Administration has become easy
and now it is possible to concentrate on more intellectually stimulating projects.
A specialized distribution is ideal for administrators with multiple systems
to maintain in a critical environment.

If you've only installed Linux and Apache to host
your grandmother's knitting Web site, or you are just looking to
learn the inter workings of security and administration. I recommend finding
a good Linux security book. An interesting book that I recently had the pleasure
of reading is titled Linux
Security Toolkit
, by David Bandel. It covers host security, network security,
firewalls & specialized security software, and Linux security auditing.
It is easy to read and suitable for administrators wishing to concentrate on
security. Like most books published today, it is not suitable for the seasoned
administrator. Although the book is well written, it is not full of cutting
edge knowledge. If you're looking to learn more about security, I recommend
taking a look. It is available used through at a very reasonable

Until next time,
Benjamin D.

Feature Extras:

Detection Systems: An Introduction

Intrusion Detection is the process and methodology of inspecting data
for malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will encounter:
Host and Network based.

At the RealWorld Linux Expo in Toronto, Guardian
Digital launched the next generation of the Community edition of EnGarde
Secure Linux
- the secure and easy to manage system for building a
complete Internet presence while protecting your information assets. Download
the FREE trial today!

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security

Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability.

[ Subscribe


Distribution: Conectiva
  Multiple remote vulnerabilities

A buffer overflow and a denial of service attack have been fixed in
the latest versions of BitchX.

  buffer overflow vulnerabilities

Alan Cox and Al Viro discovered[1] several "math overflow" vulnerabilities
in netpbm versions <= 9.20.

Distribution: Debian
  multiple vulnerabilities

Alan Cox and Al Viro discovered[1] several "math overflow" vulnerabilities
in netpbm versions <= 9.20.

Distribution: Gentoo
  krb4 cryptographic weakness

heimdal suffers from the same vulnerability as mit-krb5 does, hence
the identical advisory.

  multiple vulnerabilities

There exists some vulnerabilities in NASL scripting engine.

Distribution: Mandrake
  insecure tmp file vulnerability

psbanner creates a temporary file for debugging purposes when it is
configured as a filter, and does not check whether or not this file already
exists or is a symlink.

  key validation vulnerability

A bug was discovered in GnuPG versions 1.2.1 and earlier.

Distribution: Red
  denial of service vulnerability

Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP implementation.

  multiple vulnerabilities

This release also includes an updated RHNS-CA-CERT file, which contains
an additional CA certificate. This is needed so that up2date can continue
to communicate with Red Hat Network once the current CA certificate reaches
its August 2003 expiration date.

  kernel vulnerabilitiy

A ptrace-related vulnerability has been discovered that could allow
a local user to gain elevated (root) privileges without authorization.

  2.0 denial of service vulnerability

A bug in Apache 2.0 through 2.0.45 allows remote attackers to cause
a denial of service, and may allow execution of arbitrary code.

Distribution: Slackware
  2.0 denial of service vulnerability

An upgraded sysvinit package is available which fixes a problem with
the use of quotacheck in /etc/rc.d/rc.M.

  denial of service vulnerability

Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current
to fix a denial of service attack vulnerability.

Distribution: SuSe
  buffer overflow vulnerability

Another integer overflow was found in glibc' XDR code.



  • Security
Click Here!