September 26, 2003

Linux Advisory Watch - September 26, 2003

This week, advisories were released for vnc, krb5, php4, ipmasq, ssh,

ARP, openssh, wu-ftpd, ipmasq, sendmail, proftpd and perl. The
distributors include Conectiva, Debian, Guardian Digital's EnGarde
Secure Linux, FreeBSD, Gentoo, Red Hat, Slackware, SuSE, and TurboLinux.

Using only passwords as a method of authentication is often
insufficient for critical data because they fundamentally have weaknesses. Several
of those include: users pick easy to guess words, users often voluntarily give
them away in order to make work easier, and passwords are often easily intercepted.
Many applications/protocols that are still in use send passwords in cleartext.
A weak password is the equivalent of a faulty lock on a safe. Passwords do not
guarantee security, only increase the time required to access data or information.

System administrators can improve password security for users
in several ways. First, a limit on log-in attempts should be set. For example,
user ids should be locked after a number of failed login attempts. Next, passwords
should have strength requirements set. For example, passwords should have a
minimum length, special characters and capitalizations should be required, and
they should be checked against a dictionary file. Password security can also
be improved if there are expiration dates set and passwords are not reused consecutively.

Biometrics and other forms of authentication in addition to
passwords can dramatically increase security. Having a second line of defense
is critical. For example, ssh security can be improved by using key-authentication
and IP based access controls. Passwords are slowly becoming obsolete with improvements
in technology, but will remain in use for many years. Next week, I'll discuss
how using single sign-on mechanisms can improve password security and management
for users.

Until next time, cheers!
Benjamin D. Thomas


LinuxSecurity Feature

The Hacker

- Dan Verton, the author of The Hacker Diaries: Confessions of
Teenage Hackers is a former intelligence officer in the U.S. Marine Corps
who currently writes for Computerworld and, covering national cyber-security
issues and critical infrastructure

Practical Approach of Stealthy Remote Administration

- This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Apache SSL Guide from Thawte
- Are you worried about your web server security?
Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your
Apache SSL security needs.

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe


Distribution: OpenServer

fb_realpath() off-by-one bug

Wu-ftpd FTP server contains remotely exploitable off-by-one bug. A local
or remote attacker could exploit this vulnerability to gain root privileges
on a vulnerable system.
  Distribution:Conectiva 9/22/2003wu-ftpd
Command execution remote vulnerability

This update fixes a vulnerability in the way wu-ftpd uses the "conversion"
feature, which is used mostly to (un)compress files. The scenario where
this vulnerability can be exploited varies depending on the server configuration.
  9/23/2003vnc   Multiple

This update fixes two vulnerabilities found in VNC that affect the versions
distributed with Conectiva Linux 7.0 and 8:
  9/23/2003krb5   Multiple
kerberos vulnerabilities

This update fixes pricipal name handling, cryptographic weaknesses, faulty
length checks in xdrmem_getbytes, and multiple other vulnerabilities.
  9/24/2003php4   Multiple

This new version includes several fixes[3] and improvements, including fixes
for potential integer overflow vulnerabilities.
  Distribution:Debian 9/20/2003ipmasq   Insecure
packet filtering rules

Due to use of certain improper filtering rules, traffic arriving on the
external interface addressed for an internal host would be forwarded, regardless
of whether it was associated with an established connection.
Multiple vulnerabilities
packet filtering rules

This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer
found four more bugs in OpenSSH that may be exploitable.
  9/21/2003ssh   Multiple
additional vulnerabilities

This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories:
Solar Designer found four more bugs in OpenSSH that may be exploitable.
  Distribution:EnGarde 9/24/2003'WebTool-userpass'
passphrase disclosure vulnerability.
additional vulnerabilities

"Shawn" discovered and reported an SSH passphrase
disclosure vulnerability in the WebTool's User Password Changer via the
engarde-users mailing list.
  Distribution:FreeBSD 9/24/2003ARP   resource
starvation DoS

Under certain circumstances, it is possible for an attacker to flood a FreeBSD
system with spoofed ARP requests, causing resource starvation which eventually
results in a system panic.
  Distribution:Gentoo 9/23/2003openssh   Multiple
PAM vulnerabilities

Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities
in the new PAM code. At least one of these bugs is remotely exploitable
(under a non-standard configuration, with privsep disabled).
  Distribution:RedHat 9/22/2003apache/mod_ssl
Multiple vulnerabilities
PAM vulnerabilities

Updated Apache and mod_ssl packages that fix several minor security issues
are now available for Red Hat Linux 7.1, 7.2, and 7.3.
  9/22/2003perl   Multiple

Updated Perl packages that fix a security issue in and a cross-site
scripting (XSS) vulnerability in are now available.
  Distribution:Slackware 9/23/2003'wu-ftpd'

Upgraded WU-FTPD packages are available for Slackware 9.0 and -current.
These fix a problem where an attacker could use a specially crafted filename
in conjunction with WU-FTPD's conversion feature to execute arbitrary commands
on the server.

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and -current.
These fix a security issue where an attacker could gain a root shell by
downloading a specially crafted file.
PAM vulnerability

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and
-current. This fixes security problems with PAM authentication. It also
includes several code cleanups from Solar Designer.
  Distribution:SuSE 9/20/2003sendmail,

A remotely exploitable buffer overflow has been found in all versions of
sendmail that come with SuSE products. These versions include sendmail-8.11
and sendmail-8.12 releases.
  Distribution:TurboLinux 9/24/2003'openssh'
PAM vulnerabilities

Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities
in the new PAM code.


  • Security
Click Here!