Linux in the news
All in one big page
See also: last week's Security page.
NewsA security audit of the entire Internet. The Internet Auditing Project set out almost a year ago to scan the entire Internet just to see how many systems with known vulnerabilities could be found. Their report makes for a long-winded but entertaining read as it describes how they were able to put together a scan of 36 million hosts and survive the process.
Their results? Here's a table that appears at the end:
In other words, there are hundreds of thousands of vulnerable systems out there, just looking at a small set of well-known problems.
The authors make the point that the Internet as a whole has a problem. It is sick, with lots of little wounds. Fixing up single hosts and networks is a good thing to do, but as long as the network as a whole remains so unhealthy, there are going to be problems. Lots of them.
They have an interesting suggestion: the formation of an "International Digital Defense Network." The purpose of this network would be to perform routine scans to find problem systems early, then work to get the systems fixed. They would pattern it after some of the other network-wide processing initiatives, such as Seti@home. With enough systems, each could do a certain amount of watching without impacting its other uses.
The document also includes a fair amount of "war story" material, and a scary description (under "third week") of a truly high-clue breakin of one of their systems. Many of us have seen "script kiddies" at work, but these were a different breed of folks. Among other things, the attack shows a real-world use of a loadable kernel module to perform evil acts.
Their scanning system is also available for download. Definitely worth a read.
Security ReportsSome beta versions of EFNet's IRC daemon have a serious problem that could allow root access to the server. Fortunately, very few sites should be running this software. If you have one of them, have a look at this advisory, and upgrade to a newer version.
The telnet daemon has a problem in that it tries to verify the client side's terminal type. This verification happens prior to any type of authentication. By coming up with a cleverly crafted terminal type, a remote attacker can cause the telnet daemon to open an arbitrary file on the system, which can lead to denial of service attacks. No distributions have issued updates as yet; a source patchhas been made available by Kevin Vajk.
UpdatesDebian updates. Debian has put out a couple of security advisories for the cfingerd and isdnutils packages.
Red Hat updates. Red Hat put out two alerts for possible security problems. There is a libtermcap patch which fixes a buffer overrun problem which could be nasty - especially on pre-6.0 systems. There is also an update to pump (Red Hat's DHCP client) that DHCP users should apply.
ResourcesWhat to do if you've been hacked is a brief ComputerWorld article with some advice on first steps to take when disaster strikes. It seems to be aimed more at managers than technical folks...
Section Editor: Liz Coolbaugh
August 19, 1999
Secure Linux Projects Bastille Linux
Khaos Linux Secure Linux
Security List Archives
Firewall Wizards Archive
Red Hat Errata
Comp Sec News Daily
Linux Security Audit Project