One type of security that
must be discussed is 'security through obscurity'. This means that by doing
something like changing the login name from 'root' to 'toor', for example, to
try and obscure someone from breaking into your system as root may be thought
of as a false sense of security, and can result in very unpleasant and unexpected
However, it can also be
used to your benefit if done properly. If you tell all the users who are authorized
to use the root account on your machines to use the root equivilent instead,
entries in the /var/log/secure for the real root user would surely indicate
an attempted break-in, giving you some advance notice. You'll have to decide
if this advantage outweighs the additional administration overhead.
In most cases, though, any
system attacker will quickly see through such empty security measures. Simply
because you may have a small site, or relatively low profile does not mean an
intruder won't be interested in what you have. We'll discuss what your protecting
in the next sections.
Excerpt from the LinuxSecurity Administrator's Guide:
Written by: Dave Wreski (firstname.lastname@example.org)
LinuxSecurity Feature Extras:
and CHKROOTKIT -Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.
Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code
- Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at LinuxSecurity.com.
Expert Dave Wreski Discusses Open Source Security - Dave Wreski,
CEO of Guardian Digital, Inc. and respected author of various hardened security
and Linux publications, talks about how Guardian Digital is changing the face
of IT security today. Guardian Digital is perhaps best known for their hardened
Linux solution EnGarde Secure Linux, touted as the premier secure, open-source
platform for its comprehensive array of general purpose services, such as web,
FTP, email, DNS, IDS, routing, VPN, firewalling, and much more.
Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[
iDefense discovered a buffer overflow vulnerability in the wv library.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4733.html 9/13/2004kde Fix for
multiple security vulnerabilities
This announcement fixes several vulnerabilities.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4734.html 9/13/2004zlib Fix for
denial of service vulnerabilities
A denial of service vulnerability was discovered in the zlib compression
library versions 1.2.x.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4735.html Distribution:Debian 9/14/2004webmin insecure
Ludwig Nussel discovered a problem in webmin, a web-based administration
toolkit. A temporary directory was used but without checking for the previous
owner. This could allow an attacker to create the directory and place dangerous
symbolic links inside.
http://www.linuxsecurity.com/advisories/debian_advisory-4736.html 9/15/2004cupsys denial
Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX
Printing System. An attacker can easily disable browsing in CUPS by sending
a specially crafted UDP datagram to port 631 where cupsd is running.
http://www.linuxsecurity.com/advisories/debian_advisory-4788.html Distribution:Fedora 9/10/2004imlib-1.9.13-15.fc
Security update (core1) denial
Several heap overflow vulnerabilities have been found in the imlib BMP image
handler. An attacker could create a carefully crafted BMP file in such a
way that it would cause an application linked with imlib to execute arbitrary
code when the file was opened by a victim.
http://www.linuxsecurity.com/advisories/fedora_advisory-4731.html 9/13/2004samba DoS (Core
Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808.
http://www.linuxsecurity.com/advisories/fedora_advisory-4786.html 9/13/2004samba DoS (Core
Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808.
vulnerabilities (Core 1) DoS (Core
http://www.linuxsecurity.com/advisories/fedora_advisory-4789.html 9/15/2004gtk2 vulnerabilities
vulnerabilities (Core 2) vulnerabilities
http://www.linuxsecurity.com/advisories/fedora_advisory-4791.html 9/15/2004gtk2 vulnerabilities
http://www.linuxsecurity.com/advisories/fedora_advisory-4792.html Distribution:Gentoo 9/15/2004gallery arbitrary
An attacker could run arbitrary code as the user running PHP.
Firefox, Thunderbird, Galeon, Epiphany vulnerabilities arbitrary
http://www.linuxsecurity.com/advisories/gentoo_advisory-4761.html 9/10/2004samba remote
After further verifications, it appears that a remote user can only deny
service to himself, so this bug does not induce any security issue at all.
usermin multiple vulnerabilities remote
There is an input validation bug in the webmail feature of Usermin. Additionally,
the Webmin and Usermin installation scripts write to /tmp/.webmin without
properly checking if it exists first.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4770.html 9/13/2004samba denial
of service vulnerabilities
There is a defect in smbd's ASN.1 parsing. Another defect was found in nmbd's
processing of mailslot packets, where a bad NetBIOS request could crash
the nmbd process.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4771.html 9/14/2004sus local
Leon Juranic found a bug in the logging functionality of SUS that can lead
to local privilege escalation. A format string vulnerability exists in the
log() function due to an incorrect call to the syslog() function.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4772.html 9/14/2004cdrtools local
Max Vozeler discovered that the cdrecord utility, when set to SUID root,
fails to drop root privileges before executing a user-supplied RSH program.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4773.html Distribution:Mandrake 9/13/2004samba multiple
Two vulnerabilities were discovered in samba 3.0.x.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4741.html 9/15/2004squid denial
A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed
NTLMSSP packets to crash squid, resulting in a DoS. The provided packages
have been patched to prevent this problem.
The foomatic-rip filter, which is part of foomatic-filters package, contains
a vulnerability that allows anyone with access to CUPS, local or remote,
to execute arbitrary commands on the server
image loading vulnerabilities denial
A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image
could send the bmp loader into an infinite loop. Chris Evans found a heap-based
overflow and a stack-based overflow in the xpm loader of gdk-pixbuf.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4795.html 9/15/2004apache2 multiple
Two Denial of Service conditions were discovered in the input filter of
mod_ssl, the module that enables apache to handle HTTPS requests.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4796.html 9/15/2004cups denial
Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print
server where an empty UDP datagram sent to port 631 would disable browsing.
Hat 9/15/2004mod_ssl security
Updated httpd packages that include a security fix for mod_ssl and various
enhancements are now available.
resolve security issue security
Secunia Research reported an issue with the handling of temporary files.
A malicious local user could use this flaw to access the contents of another
user's open documents.
security flaws security
http://www.linuxsecurity.com/advisories/redhat_advisory-4799.html 9/15/2004cups security
Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing
Protocol (IPP) implementation in versions of CUPS prior to 1.1.21.
http://www.linuxsecurity.com/advisories/redhat_advisory-4800.html 9/15/2004httpd security
Updated httpd packages that include fixes for security issues are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4801.html 9/15/2004mc security
An updated mc package that resolves several shell escape security issues
is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4802.html 9/15/2004imlib security
An updated imlib package that fixes several heap overflows is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4803.html 9/15/2004gtk2 security
flaws and bugs
Updated gtk2 packages that fix several security flaws and bugs are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4804.html Distribution:Slackware 9/13/2004samba DoS
New samba packages are available for Slackware 10.0 and -current. These
fix two denial of service vulnerabilities reported by iDEFENSE.
http://www.linuxsecurity.com/advisories/slackware_advisory-4749.html Distribution:Suse 9/15/2004cups remote
Alvaro Martinez Echevarria has found a remote Denial of Service condition
within CUPS which allows remote users to make the cups server unresponsive.
Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip
print filter which is commonly installed along with cups.
http://www.linuxsecurity.com/advisories/suse_advisory-4805.html 9/15/2004apache2 remote
The Red Hat ASF Security-Team and the Swedish IT Incident Center within
the National Post and Telecom Agency (SITIC) have found a bug in apache2
http://www.linuxsecurity.com/advisories/suse_advisory-4806.html Distribution:Trustix 9/14/2004multi Multiple