Linux in the news
All in one big page
See also: last week's Security page.
Peter W wrote in to point out that he posted a wrapper script to the Bugtraq list that assigns the $TMPDIR environment value to a subdirectory of the user's home directory (and creates it, if necessary) in order to run Word Perfect 8 in a safer manner.
Sendmail 8.9.2 has been announced. This new version fixes a potential Denial-of-Service attack for Linux systems as well as including several other minor fixes. Expect to see new sendmail packages from your favorite Linux distributor soon.
Pete Gonzalez posted a note asking questions about SRP, the Secure Remote Password Protocol protocol developed at Stanford. He got a lot of responses and followed up with a summary. More information on SRP can be found in the SRP documentation. References to additional articles on SRP and other encryption techniques can be found at this site, which summarizes SRP as "a variation of password-authenticated Diffie-Hellman."
Michal Zalewski reported a security flaw in pam_unix_passwd.so in the pam-0.64-2 release. For more details, see his posting. He provides a command to quickly test whether or not you are vulnerable. If you installed pam by hand, following the instructions, you are likely to be. Andrey V. Savochkin followed the report up quickly with a patch. Note that the patch, as posted, had not yet been widely tested, though no reports of problems with the patch have cropped up. Red Hat has put out updated RPMs to fix this problem.
On the browser front, Oliver Lineham has created a web site with a working demonstration and analysis of a security flaw in the implementation of cookies which affects most browsers.
In addition, the grandson of the Cuartango Hole, impacting Microsoft WebBrowser Active X objects. The note from Juan Carlos Cuartango indicates that Microsoft has issued a "Frame Spoof Fix" to correct this.
HD Moore announced the availability of nlog 1.1b, a set of Perl scripts that can be used to analyze nmap 2.0+ log files. This version fixes a couple of security holes that were pointed out after the release of 1.1. Speaking of nmap, version 2.02 has been released.
Jason Ackley reported a potential problem with Oracle8 on Linux and NT. No confirmation or denial of the problem has been seen so far.
Sami Lehtinen reported an ssh2 security problem to comp.security.ssh (pointer is to the same article forwarded to Bugtraq). The bug in ssh2 allows a user to request remote forwarding from privileged ports without being root. Credit for finding the problem goes to Niko Tyni. The patch to fix the problem is available here.
A bug report and a fix for random.c was posted to Bugtraq by Andrea Arcangeli. The patch is against Linux 2.1.132.
Aleph One posted a Happy New Year from Bugtraq message to the Bugtraq mailing list. In it, he mentions that the Bugtraq list has grown to more than 26,000 and credits the Brown University Netspace Project for supporting this important list. For those of you unfamiliar with Bugtraq, it is a moderated list addressing security issues, with a long list of highly talented people who read and post to it. Archives of Bugtraq are available; our favorite is on geek-girl.com.
The latest issue of the Phrack magazine is available. This note lists a variety of locations where the magazine can be "harvested". Soon after the publication of Phrack54, Silvio Cesare provided a URL to a page containing a couple of articles on UNIX ELF Parasites and Virus and Runtime Kernel KMEM Patching, which he stated were excluded from Phrack54. Be forewarned; a large chunk of unrelated material is prepended to each article, the reason for the exclusion of the articles from Phrack. If you don't mind wading through that, the articles may be of interest to you.
January 7, 1999