On the Desktop
Linux in the news
All in one big page
See also: last week's Security page.
News and EditorialsSerious vulnerability in PHPNuke. PHPNuke 5.2 has an embarrassing vulnerability in its file manager function that can allow the creation and overwriting of arbitrary files on the server system. The advisory contains a quick source-level fix; a simpler fix was also posted. Note that PostNuke 0.63 appears not to be vulnerable.
More SQL code injection problems. This RUS-CERT advisory describes a new range of SQL code injection vulnerabilities. This time the problem is with the PAM and NSS libraries shipped with most Linux (and Unix) systems. Through the use of properly-crafted usernames and passwords, an attacker can cause arbitrary SQL code to be executed. This, in turn, can lead to database corruption and unauthorized access.
No vendor updates for the affected modules are yet available.
CRYPTO-GRAM for September. For those who haven't yet seen it: Bruce Schneier's CRYPTO-GRAM Newsletter for September covers the September 11 attacks and several other topics.
Security ReportsOpenSSH restricted command vulnerability. OpenSSH 2.9 and 2.9p2 are subject to unauthorized access problems in certain scenarios. If you are using authorized key pairs to provide remote access, and have restricted the commands that may be executed via that key pair, and have the sftp capability enabled, the command restrictions can be evaded. The result can be access to a shell on the server system even though that access had been explicitly denied. The fix, for now, exists only in the OpenSSH cvs archive; concerned administrators should update to the cvs version, or simply disable sftp.
slrn executes shell code. The Debian Project has released a security update to slrn fixing an interesting problem: evidently slrn will execute any shell code it finds within an article, on the theory that the article is a self-extracting archive. This may have been desirable behavior in 1982, but it presents certain difficulties in modern times. Users of slrn should apply the update; none have yet been seen from other distributors.
Updates seen so far:
Format string problems in HylaFax. The HylaFax package has some format string vulnerabilities. On some systems (i.e. FreeBSD), the affected binaries are installed setuid uucp, and could thus provide unauthorized access to the system. Most Linux systems seem to not install HylaFax with added privileges, however.
Filename vulnerability in Red Hat's serial init script. Red Hat has
issued an alert warning of a
potential vulnerability with the setserial package. This one is obscure:
you must have installed setserial, copied the init script from the
documentation directory over to /etc/rc.d/init.d, and built your
own kernel with serial support installed as a module. If you've done all
those things, there is a potential problem with predictable temporary file
names. Most users, it is expected, need not worry about this one.
Proprietary products.The following proprietary products were reported to contain vulnerabilities:
Source page buffer overflow in man zen-parse reported a buffer overflow in man that, when manual pages begin with a '.so' statement, may be exploited to execute arbitrary code under the 'man' group id. For more details, check BugTraq ID 2872. (First reported in the June 21 LWN security page).
New updates:Uucp local user exploits. There is a vulnerability in the command-line argument handling of uucp which can be exploited by a local user to obtain uid/gid uucp. See the September 13, 2001 LWN security page for the initial report.
Buffer overruns in Window Maker A buffer overrun exists in Window Maker which could, conceivably, be exploited remotely if the user runs a hostile application. This problem initially appeared in the August 16, 2001 LWN security page.
ResourcesPort list available. Kurt Seifried has released a comprehensive list of TCP and UDP ports, including 363 known trojan ports.
By the numbers: Comparing Windows security to Linux (TechRepublic). TechRepublic uses BugTraq reports to determine just how secure Linux is versus Microsoft, and the numbers are not tilted the way you might think. "As these numbers illustrate, Windows NT 4.0 was the leader in bugs identified during 2000. But Linux was not far behind. And in 2001, Windows 2000 has stabilized a bit and is actually running in the middle of the pack." A free registration is required to access this article. (Thanks to Sean Walton)
Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to firstname.lastname@example.org.
Section Editor: Jonathan Corbet
September 27, 2001
Security alerts archive
Engarde Secure Linux
NSA Security Enhanced
Linux Security Audit Project
Linux Security Module
Security List Archives
Firewall Wizards Archive
LinuxPPC Security Updates
Red Hat Errata
Yellow Dog Errata
Security mailing lists Caldera
Linux From Scratch
Security Software Archives
ZedZ.net (formerly replay.com)
Comp Sec News Daily