November 7, 2003

Linux Advisory Watch - November 7th 2003

Author: Benjamin D. Thomas

This week, advisories were
released for bugzilla, apache, fileutils, postgresql, CUPS, and thttpd. The
distributors include Conectiva, Guardian Digital's EnGarde Linux, Gentoo, Immunix,
Mandrake, RedHat, Slackware, and SuSE.

Although the update has
been out for several weeks, the SANS Top20 list still remains important. For
administrators and management, it is a good way to get an idea of some of the
most vulnerable services. Although best practice should dictate that these services
have already been eliminated or secured, this is often not the case. The SANS
Top20 can should be an eye-opener to those who do not regularly patch and update

Both the problem and beauty of the
Top20 list is its length. For those of us with only Unix and/or Linux based
servers, the list is cut down to 10. Some of the vulnerabilities listed are
related to BIND, RPC, Apache, passwords, and clear text services. The list is
very useful because of its length giving people a quick idea of some of the
biggest problems. My concern is that diligence will stop after number 10. After
each of the 10 Unix system vulnerabilities are addressed, administrators may
have a false sense of security. It is important to equally ensure that all other
services have been patched. One of the most common-sense ways to reduce this
workload is simply to not start services, or have software installed that may
be a potential problem in the future. Living with only the minimum necessary
requirements is often difficult. For example, when installing a particular flavor
of Linux, it takes much more time to individually choose the packages you require,
rather than simply installing a pre-configured server configuration.

The Top20 list should only be a
starting point for those wishing to maintain a secure network. After each item
on the list has been addressed, security staff should then strive to achieve
compliance with standards such as BS-7799/ISO-17799, NIST security standards,
the ISF's Standard of Good Practice, and others. Once again, the common re-occurring
theme in information security process and standardization. The absolute best
way to achieve a secure operating environment is the continual re-evaluation
of policies, procedures, and practices.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity Feature

GDSN Subscription Price Reduction

- Guardian Digital, the world's premier open source security company, announced
today that they will be reducing the annual subscription cost of the Guardian
Digital Secure Network for EnGarde Community users from $229 to $60 for a
limited time.

The Hacker

- Dan Verton, the author of The Hacker Diaries: Confessions of
Teenage Hackers is a former intelligence officer in the U.S. Marine Corps
who currently writes for Computerworld and, covering national cyber-security
issues and critical infrastructure

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe


Distribution: Conectiva
11/6/2003 bugzilla

Several vulnerabilities have been announced and are being fixed in this

  11/6/2003 apache

New versions of the Apache web server have been made available with the
following security fixes.

Distribution: EnGarde
  11/4/2003 'openssl'
ASN.1 parsing DoS

This vulnerability (triggered by certain ASN.1 sequences which cause a large
recursion) is only believed to be exploitable as a denial of service on
the Windows platform at this time.

  11/5/2003 'apache'
mod_alias and mod_rewrite buffer overflow

A buffer overflow in mod_alias and mod_rewrite was discovered in the Apache
web server. This vulnerability may be exploited when a regular expression
with more then nine captures is defined in either the httpd.conf or an .htaccess

Distribution: Gentoo
  10/31/2003 net-www/apache
Buffer overflow vulnerability

A buffer overflow could occur in mod_alias and mod_rewrite when a regular
expression with more than 9 captures is configured.

Distribution: Immunix
  10/31/2003 fileutils
exhaustion vulnerability

An off-by-one attack that may lead to a memory exhaustion vulnerability
has been fixed.

Distribution: Mandrake
  11/3/2003 postgresql
overflow vulnerability

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions
7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII
conversion functions.

  11/3/2003 apache
overflow vulnerability

A buffer overflow in mod_alias and mod_rewrite was discovered in Apache
versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier.

  11/6/2003 CUPS
of service vulnerability

A bug in versions of CUPS prior to 1.1.19 was reported in the Internet Printing
Protocol (IPP) implementation would result in CUPS going into a busy loop,
which could result in a Denial of Service (DoS) condition.

Distribution: Red
  11/3/2003 CUPS
of Service vulnerability

Updated CUPS packages that fix a problem where CUPS can hang are now available.

  11/6/2003 fileutils
of service vulnerability

Georgi Guninski discovered a memory starvation denial of service vulnerability
in the ls program.

  11/6/2003 CUPS
of service vulnerability

Paul Mitcheson reported a situation where the CUPS Internet Printing Protocol
(IPP) implementation in CUPS versions prior to 1.1.19 would get into a busy

Distribution: Slackware
  11/4/2003 apache

These updates fix local vulnerabilities that could allow users who can create
or edit Apache config files to gain additional privileges.

Distribution: SuSE
  11/1/2003 thttpd
privilege escalation vulnerability

A Buffer overflow and privilege escalation vulnerabilty have been fixed.



  • Security
Click Here!