Linux Advisory Watch – September 9, 2005

8

Author: Benjamin D. Thomas

This week, advisories were released for proftpd, sqwebmail, polygen, affix, zsync, phpgroupware, webcalendar, pcre3, ntp, cvs, kdelibs, evince, openmotif, cman, gnbd-kernel, dlm-kernel, lockdev, perl, termcap, ckermit, kdegraphics, squid, pam, setup, tar, openssh, tzdata, httpd, mplayer, and phpldapadmin. The distributors include Debian, Fedora, Gentoo, and Red Hat.Introduction: IP Spoofing, Part III – ICMP Smurfing
By: Suhas A Desai

“Smurf” is the name of an automated program that attacks a network
by exploiting IP broadcast addressing. Smurf and similar programs
can cause the attacked part of a network to become “inoperable.”
Network nodes and their administrators to exchange information about
the state of the network use ICMP.

A smurf program builds a network packet with a spoofed victim
source address. The packet contains an ICMP ping message addressed
to an IP broadcast address, meaning all IP addresses in a given
network. If the routing device delivering traffic to those
broadcast addresses performs the IP broadcast to layer 2 broadcast
function, most hosts on that IP network will reply to it with an
ICMP echo reply each. The echo responses to the ping message are
sent back to the victim address. Enough pings and resultant echoes
can flood the network making it unusable for real traffic.

A related attack is called “fraggle”, simple re-write of smurf; uses
UDP echo packets in the same fashion as the ICMP echo packets. The
intermediary (broadcast) devices, and the spoofed victim are both hurt
by this attack. The attackers rely on the ability to source spoofed
packets to the “amplifiers” in order to generate the traffic which
causes the denial of service.

In order to stop this, all networks should perform filtering either
at the edge of the network where customers connect (access layer) or
at the edge of the network with connections to the upstream providers,
in order to defeat the possibility of source address spoofed packets
from entering from downstream networks, or leaving for upstream
networks.

One way to defeat smurfing is to disable IP broadcast addressing at
each network router since it is seldom used.

READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/120225/49/


LinuxSecurity.com
Feature Extras:

Linux File
& Directory Permissions Mistakes
– One common mistake Linux administrators
make is having file and directory permissions that are far too liberal and
allow access beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this article,
so I’ll assume you are familiar with the usage of such tools as chmod, chown,
and chgrp. If you’d like a refresher, one is available right here on linuxsecurity.com.

Introduction:
Buffer Overflow Vulnerabilities
– Buffer overflows are a leading type
of security vulnerability. This paper explains what a buffer overflow is,
how it can be exploited, and what countermeasures can be taken to prevent
the use of buffer overflow vulnerabilities.

Getting
to Know Linux Security: File Permissions
– Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion
list!
This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.

Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline
.


   Debian
  Debian: New proftpd packages fix format
string vulnerability
  1st, September, 2005

Updated package.

 
  Debian: New sqwebmail packages fix cross-site
scripting
  1st, September, 2005

Updated package.

 
  Debian: New Mozilla Firefox packages
fix several vulnerabilities
  1st, September, 2005

Update Package.

 
  Debian: New polygen packages fix denial
of service
  1st, September, 2005

Updated package.

 
  Debian: New affix packages fix remote
command execution
  1st, September, 2005

Updated package.

 
  Debian: New zsync packages fix DOS
  1st, September, 2005

Updated package.

 
  Debian: New phproupware packages fix
several vulnerabilities
  2nd, September, 2005

Updated package.

 
  Debian: New webcalendar packages fix
remote code execution
  2nd, September, 2005

Updated package.

 
  Debian: New pcre3 packages fix arbitrary
code execution
  2nd, September, 2005

Updated package.

 
  Debian: Updated i386 proftpd packages
fix format string vulnerability
  2nd, September, 2005

Updated package.

 
  Debian: New ntp packages fix group id
confusion
  5th, September, 2005

Updated package.

 
  Debian: New cvs packages fix insecure
temporary files
  7th, September, 2005

Updated package.

 
  Debian: New Apache packages fix HTTP
request smuggling
  8th, September, 2005

Updated package.

 
  Debian: New kdelibs packages fix backup
file information leak
  8th, September, 2005

Updated package.

 
   Fedora
  Fedora Core 4 Update: evince-0.4.0-1.2
  1st, September, 2005

Updated package.

 
  Fedora Core 4 Update: openmotif-2.2.3-10.FC4.1
  2nd, September, 2005

Updated package.

 
  Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.12
  2nd, September, 2005

Rebuild for latest kernel, 2.6.12-1.1447_FC4.

 
  Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.45
  2nd, September, 2005

Rebuild for latest kernel, 2.6.12-1.1447_FC4.

 
  Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.12
  2nd, September, 2005

Rebuild for latest kernel, 2.6.12-1.1447_FC4.

 
  Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.14
  2nd, September, 2005

Rebuild for latest kernel, 2.6.12-1.1447_FC4.

 
  Fedora Core 4 Update: lockdev-1.0.1-7.1
  2nd, September, 2005

Updated package.

 
  Fedora Core 3 Update: perl-Compress-Zlib-1.37-1.fc3
  6th, September, 2005

Some bug fixes so the amavis users stop complaining. =)

 
  Fedora Core 4 Update: perl-Compress-Zlib-1.37-1.fc4
  6th, September, 2005

Some bug fixes so the amavis users stop complaining. =)

 
  Fedora Core 3 Update: perl-DBI-1.40-6.fc3
  6th, September, 2005

Old and low priority security update that we forgot to push
a while ago.

 
  Fedora Core 4 Update: termcap-5.4-6
  6th, September, 2005

Updated package.

 
  Fedora Core 4 Update: ckermit-8.0.211-3.FC4
  6th, September, 2005

Updated package.

 
  Fedora Core 4 Update: kdegraphics-3.4.2-0.fc4.2
  6th, September, 2005

Updated package.

 
  Fedora Core 4 Update: squid-2.5.STABLE9-8
  6th, September, 2005

Updated package.

 
  Fedora Core 3 Update: squid-2.5.STABLE9-1.FC3.7
  6th, September, 2005

Updated package.

 
  Fedora Core 4 Update: pam-0.79-9.5
  6th, September, 2005

This update should fix potential problems with auditing in pam
when used on systems with kernels without audit compiled in.

 
  Fedora Core 4 Update: setup-2.5.44-1.1
  6th, September, 2005

Updated package.

 
  Fedora Core 4 Update: tar-1.15.1-10.FC4
  7th, September, 2005

Updated package.

 
  Fedora Core 3 Update: openssh-3.9p1-8.0.3
  7th, September, 2005

This security update fixes CAN-2005-2798 and resolves a problem
with X forwarding binding only on IPv6 address on certain circumstances.

 
  Fedora Core 4 Update: tzdata-2005m-1.fc4
  7th, September, 2005

Updated package.

 
  Fedora Core 3 Update: tzdata-2005m-1.fc3
  7th, September, 2005

Updated package.

 
  Fedora Core 4 Update: httpd-2.0.54-10.2
  7th, September, 2005

This update includes two security fixes. An issue was discovered
in mod_ssl where “SSLVerifyClient require” would not be honoured in location
context if the virtual host had “SSLVerifyClient optional” configured
(CAN-2005-2700).

 
  Fedora Core 3 Update: httpd-2.0.53-3.3
  7th, September, 2005

This update includes two security fixes. An issue was discovered
in mod_ssl where “SSLVerifyClientrequire” would not be honoured in location
context if the virtual host had “SSLVerifyClient optional” configured
(CAN-2005-2700).

 
   Gentoo
  Gentoo: MPlayer Heap overflow in ad_pcm.c
  1st, September, 2005

A heap overflow in MPlayer might lead to the execution of arbitrary
code.

 
  Gentoo: Gnumeric Heap overflow in the
included PCRE library
  3rd, September, 2005

Gnumeric is vulnerable to a heap overflow, possibly leading
to the execution of arbitrary code.

 
  Gentoo: OpenTTD Format string vulnerabilities
  5th, September, 2005

OpenTTD is vulnerable to format string vulnerabilities which
may result in remote execution of arbitrary code.

 
  Gentoo: phpLDAPadmin Authentication bypass
  6th, September, 2005

A flaw in phpLDAPadmin may allow attackers to bypass security
restrictions and connect anonymously.

 
  Gentoo: Net-SNMP Insecure RPATH
  6th, September, 2005

The Gentoo Net-SNMP package may provide Perl modules containing
an insecure DT_RPATH, potentially allowing privilege escalation.

 
  Gentoo: Squid Denial of Service vulnerabilities
  7th, September, 2005

Squid contains several bugs when handling certain malformed
requests resulting in a Denial of Service.

 
   Red
Hat
  RedHat: Important: httpd security update
  6th, September, 2005

Updated Apache httpd packages that correct two security issues
are now available for Red Hat Enterprise Linux 3 and 4. This update has
been rated as having important security impact by the Red Hat Security
Response Team.

 
  RedHat: Low: cvs security update
  6th, September, 2005

An updated cvs package that fixes a security bug is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.

 

Category:

  • Security