On the Desktop
Linux in the news
All in one big page
See also: last week's Security page.
News and Editorials
Good Worm, Bad Worm. The Cheese Worm is the latest Linux-based worm to make noise on the Internet. This is a worm with a difference, though. It looks for symptoms of systems that have been previously compromised, enters the system, closes the hole and then uses the host to search for other compromised hosts.
Many security experts were quick to point out that this does not make the worm a "good idea". After all, the worm is still illegally entering, altering and using resources on systems that don't belong to the worm writer. Besides, any "expert" that advocated the use of such worms would soon find themselves in hot water.
Meanwhile, though, the computer security community is still struggling with the issue of how to deal with the mass of unpatched, vulnerable computer systems on the Internet. In general, security issues are seen as the business of the owner of the computer; if they care about security, they'll be pro-active about security, if they don't care, they'll get cracked, end of story.
However, Internet worms and distributed denial-of-service attacks both clearly demonstrate that one person's cracked system is a piece of a larger problem that affects all of us. That system could be used to launch an attack on our own systems. Alternately, the worm that cracks that system can generate tremendous traffic, impairing the performance of the network for many or all of us.
Although the actions of the new Cheese Worm are equally illegal, it is interesting to note that this is the first effective measure being taken to counteract this problem. Essentially the hackers involved are acting as vigilantes, imposing their own "justice" on systems that pose a threat to the community as a whole. It is fortunate that this justice is in the form of repairs to the system, rather than lynchings.
Vigilantes are a common development in new communities with rapid growth, where the rule of law and official law enforcement has not developed quickly enough to match the growing need. They, in turn, quickly become their own problem because they are generally anonymous and outside the law themselves, making it difficult to impossible to make them accountable for their actions (much like crackers).
Nonetheless, their existence is a symptom of a void that needs to be filled. Given this, the technique they have used, that of a pro-active worm that repairs insecure systems, may end up under heavy scrutiny, in order to brain-storm a way in which it could be ethically and morally turned to good use.
CRYPTO-GRAM Newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for May is out. It examines the use of active defenses and counterattacks for computer security, security standards, safe personal computing; there is also a strong essay on the futility of digital copy prevention. "Digital files cannot be made uncopyable, any more than water can be made not wet. The entertainment industry's two-pronged offensive will have far-reaching effects -- its enlistment of the legal system erodes fair use and necessitates increased surveillance, and its attempt to turn computers into an Internet Entertainment Platform destroys the very thing that makes computers so useful -- but will fail in its intent"
Cylant 'victim' hack update. LinuxSecurity.com did an interview recently with Cylant (see May 3rd for our coverage), which contains an update on their "Hack This Box and Own It" contest. The box was successfully hacked. "Victim was hacked by some of my old co-workers at EarthLink/Mindspring. They succeeded in part because of a bug we found today in CylantSecure. We have fixed the bug and issued round two of the challenge".
Openwall GNU/Linux.Openwall GNU/Linux, also known as "Owl", has announced their first pre-release. Owl is a security-enhanced Linux distribution, with its primary focus being pro-active source code review, plus some security-hardening kernel patches (presumably including the Openwall patch, for example).
The system is designed to be rebuilt easily entirely from source code and supports both the Intel and Sparc platforms. It uses the RPM package manager and tries to be compatible with multiple other Linux distributions, particularly Red Hat.
Common Unix Printing System 1.1.7 (CUPS).The latest version of the Common Unix Printing Systems (CUPS), version 1.1.7, includes some new directives to prevent denial-of-service attacks and IP spoofing. As a result, an upgrade to the latest version would be recommended for security-conscious sites.
man -S heap overflow.A heap overflow is reportedly triggerable via the man command on some Linux distributions. The problem was originally reported on Red Hat Linux 7.0; Caldera has unofficially reported that it is not vulnerable. Red Hat Linux 7.0 and 6.2 and Debian are confirmed to be vulnerable; no official advisories have been sent out so far.
The exploitability of the vulnerability has been questioned and is definitely dependent on whether or not the man command is installed setgid group man.
sendfile vulnerabilities. Exploits for two sendfile vulnerabilities were published this week. One exploits the SAFT/sendfile broken privileges vulnerability originally reported the week of April 26th and the other addresses a "serialization error combined with a lack of error checking". Both problems can be fixed by downloading the current source from the author's website and compiling it manually or, for Debian users, by applying the patch for sendfile_2.1-25 in debian-unstable.
web scripts.The following web scripts were reported to contain vulnerabilities:
Proprietary products.The following proprietary products were reported to contain vulnerabilities:
Ramen and Adore. The Ramen and Adore worms both exploit multiple vulnerabilities. They are most widely known for attacking Red Hat machines, but they can also possibly affect other distributions that have a Red Hat base. TurboLinux is one such distribution. They have released two advisories to provide information on securing Turbolinux systems against these worms.
Note that any leading Linux distribution to which all relevant patches have been applied should not be vulnerable to either of these worms.
Minicom XModem Format String Vulnerabilities.Check the May 10th LWN Security Summary for the original report or BugTraq ID 2681.
This week's updates:
vixie-cron crontab permissions lowering failure.Check the May 10th LWN Security Summary for the original report. Paul Vixie Vixie Cron 3.0pl1 fixes this latest problem.
This week's updates:
Zope Zclass security update.Check the May 3rd LWN Security Summary for the original report. Sites running Zope should upgrade as soon as possible.
This week's updates:
Samba local disk corruption vulnerability.Check the April 19th LWN Security Summary for the original report. This problem has been fixed in Samba 2.0.8 and an upgrade is recommended. Note that all versions of Samba from (and including) 1.9.17alpha4 are vulnerable (except 2.0.8, of course). BugTraq ID 2617.
Note that last week, Andrew Tridgell has released Samba 2.0.9, stating that the fix in 2.0.8 did not really resolve the problem. So expect another wave of distribution updates dated May 10th or later for this problem as the fix from 2.0.9 gets distributed. Samba 2.2.0 users are not affected by this problem.
This week's updates:
Linux Kernel 2.4 Netfilter/IPTables vulnerability.Check the April 19th LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3. Note that the patch may be subject to future revision; a URL is provided where the latest version can be found.
This week's updates:
pico symbolic link vulnerability.Check the December 14th, 2000 LWN Security Summary for the initial report of this problem. Note that this has also been reported as a pine vulnerability, but the vulnerable component is still pico, not pine. Check BugTraq ID 2097 for more details.
This week's update:
Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to firstname.lastname@example.org.
Section Editor: Liz Coolbaugh
May 17, 2001
Security alerts archive
Engarde Secure Linux
NSA Security Enhanced
Linux Security Audit Project
Linux Security Module
Security List Archives
Firewall Wizards Archive
LinuxPPC Security Updates
Red Hat Errata
Yellow Dog Errata
Security mailing lists Caldera
Linux From Scratch
Security Software Archives
ZedZ.net (formerly replay.com)
Comp Sec News Daily