Linux Advisory Watch – October 7, 2005

37

Author: Benjamin D. Thomas

This week, advisories were released for gtkdiskfree, util-linux, ClamAV, loop-aes,
helix-player, backupninja, squid, mysql, ntlmaps, mysql-dfsg, gopher, prozilla,
cfengine, mozilla-firefox, apachetop, drupal, mailutils, egroupware, arc, mod-auth-shadow,
mason, slocate, vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb.
The distributors include Debian, Gentoo, and Red Hat.

Denial of Service Attacks
Dave Wreski

A “Denial of Service” (DoS) attack is one where the attacker tries to make
some resource too busy to answer legitimate requests, or to deny legitimate
users access to your machine.

Denial of service attacks have increased greatly in recent years. Some of the
more popular and recent ones are listed below. Note that new ones show up all
the time, so this is just a few examples. Read the Linux security lists and
the bugtraq list and archives for more current information.

  • SYN Flooding – SYN flooding is a network denial of service attack. It takes
    advantage of a “loophole” in the way TCP connections are created. The newer
    Linux kernels (2.0.30 and up) have several configurable options to prevent
    SYN flood attacks from denying people access to your machine or services.
    See Section 7 for proper kernel protection options.

  • Ping Flooding – Ping flooding is a simple brute-force denial of service
    attack. The attacker sends a “flood” of ICMP packets to your machine. If they
    are doing this from a host with better bandwidth than yours, your machine
    will be unable to send anything on the network. A variation on this attack,
    called “smurfing”, sends ICMP packets to a host with your machine’s return
    IP, allowing them to flood you less detectably.

  • Ping o’ Death – The Ping o’ Death attack sends ICMP ECHO REQUEST packets
    that are too large to fit in the kernel data structures intended to store
    them. Because sending a single, large (65,510 bytes) “ping” packet to many
    systems will cause them to hang or even crash, this problem was quickly dubbed
    the “Ping o’ Death.” This one has long been fixed, and is no longer anything
    to worry about.

  • Teardrop / New Tear – One of the most recent exploits involves a bug present
    in the IP fragmentation code on Linux and Windows platforms. It is fixed in
    kernel version 2.0.33, and does not require selecting any kernel compile-time
    options to utilize the fix. Linux is apparently not vulnerable to the “newtear”
    exploit.

Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/


   Debian
  Debian: New gtkdiskfree packages fix
insecure temporary file
  29th, September, 2005

Updated package.

 
  Debian: New util-linux packages fix privilege
escalation
  29th, September, 2005

Updated package.

 
  Debian: New ClamAV packages fix denial
of service
  29th, September, 2005

Updated package.

 
  Debian: New loop-aes-utils packages fix
privilege escalation
  29th, September, 2005

Updated package.

 
  Debian: New helix-player packages fix
multiple vulnerabilities
  29th, September, 2005

Updated package.

 
  Debian: New backupninja packages fix
insecure temporary file
  29th, September, 2005

Updated package.

 
  Debian: New squid packages fix denial
of service
  30th, September, 2005

Updated package.

 
  Debian: New squid packages fix denial
of service
  30th, September, 2005

Updated package.

 
  Debian: New mysql packages fix arbitrary
code execution
  30th, September, 2005

Updated package.

 
  Debian: New ntlmaps packages fix information
leak
  30th, September, 2005

Updated package.

 
  Debian: New mysql-dfsg packages fix arbitrary
code execution
  30th, September, 2005

Update package.

 
  Debian: New gopher packages fix several
buffer overflows
  30th, September, 2005

Updated package.

 
  Debian: New mysql-dfsg-4.1 packages fix
arbitrary code execution
  1st, October, 2005

Updated package.

 
  Debian: New prozilla packages fix arbitrary
code execution
  1st, October, 2005

Updated package.

 
  Debian: New cfengine packages fix arbitrary
file overwriting
  1st, October, 2005

Updated package.

 
  Debian: New cfengine2 packages fix arbitrary
file overwriting
  1st, October, 2005

Updated package.

 
  Debian: New Mozilla Firefox packages
fix denial of service
  2nd, October, 2005

Updated package.

 
  Debian: New mozilla-firefox packages
fox multiple vulnerabilities
  2nd, October, 2005

Updated package.

 
  Debian: New apachetop packages fix insecure
temporary file
  4th, October, 2005

Updated package.

 
  Debian: New drupal packages fix remote
command execution
  4th, October, 2005

Updated package.

 
  Debian: New mailutils packages fix arbitrary
code execution
  4th, October, 2005

Updated package.

 
  Debian: New egroupware packages fix arbitrary
code execution
  4th, October, 2005

Updated package.

 
  Debian: New mysql-dfsg-4.1 package fixes
arbitrary code execution
  4th, October, 2005

Updated package.

 
  Debian: New arc packages fix insecure
temporary files
  5th, October, 2005

Updated package.

 
  Debian: New mod-auth-shadow packages
fix authentication bypass
  5th, October, 2005

Updated package.

 
  Debian: New mason packages fix missing
init script
  6th, October, 2005

Updated package.

 
   Gentoo
  Gentoo: AbiWord RTF import stack-based
buffer overflow
  30th, September, 2005

AbiWord is vulnerable to a stack-based buffer overflow during
RTF import, making it vulnerable to the execution of arbitrary code.

 
  Gentoo: Hylafax Insecure temporary file
creation in xferfaxstats
  30th, September, 2005

Hylafax is vulnerable to linking attacks, potentially allowing
a local user to overwrite arbitrary files.

 
  Gentoo: Mozilla Suite, Mozilla Firefox
Multiple
  30th, September, 2005

This advisory was originally released to fix the heap overflow
in IDN headers. However, the official fixed release included several other
security fixes as well.

 
  Gentoo: gtkdiskfree Insecure temporary
file creation
  3rd, October, 2005

gtkdiskfree is vulnerable to symlink attacks, potentially allowing
a local user to overwrite arbitrary files.

 
  Gentoo: Berkeley MPEG Tools Multiple
insecure temporary
  3rd, October, 2005

The Berkeley MPEG Tools use temporary files in various insecure
ways, potentially allowing a local user to overwrite arbitrary files.

 
  Gentoo: Uim Privilege escalation vulnerability
  4th, October, 2005

Under certain conditions, applications linked against Uim suffer
from a privilege escalation vulnerability.

 
  Gentoo: Texinfo Insecure temporary file
creation
  5th, October, 2005

Texinfo is vulnerable to symlink attacks, potentially allowing
a local user to overwrite arbitrary files.

 
   Red
Hat
  RedHat: Low: slocate security update
  5th, October, 2005

An updated slocate package that fixes a denial of service and
various bugs is available. This update has been rated as having low security
impact by the Red Hat Security Response Team.

 
  RedHat: Low: vixie-cron security update
  5th, October, 2005

An updated vixie-cron package that fixes various bugs and a
security issue is now available. This update has been rated as having
low security impact by the Red Hat Security Response Team.

 
  RedHat: Low: net-snmp security update
  5th, October, 2005

Updated net-snmp packages that fix two security issues and various
bugs are now available. This update has been rated as having low security
impact by the Red Hat Security Response Team.

 
  RedHat: Updated kernel packages available
for Red Hat
  5th, October, 2005

Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version.

 
  RedHat: Moderate: openssh security update
  5th, October, 2005

Updated openssh packages that fix a security issue, bugs, and
add support for recording login user IDs for audit are now available for
Red Hat Enterprise Linux 4.

 
  RedHat: Low: binutils security update
  5th, October, 2005

An updated binutils package that fixes several bugs and minor
security issues is now available.

 
  RedHat: Low: perl security update
  5th, October, 2005

Updated Perl packages that fix security issues and contain several
bug fixes are now available for Red Hat Enterprise Linux.

 
  RedHat: Low: mysql security update
  5th, October, 2005

Updated mysql packages that fix a temporary file flaw and a
number of bugs are now available

 
  RedHat: Low: gdb security update
  5th, October, 2005

An updated gdb package that fixes several bugs and minor security
issues is now available.