|
|
Subscribe / Log in / New account

Security

Brief items

Some goodies from OpenWall

Solar Designer has sent out an announcement of a new set of security-oriented releases from OpenWall. These components are, of course, integrated into Openwall Linux, but they are available separately for integration into other distributions as well.

Here's what's available:

  • A patch for the 2.4.21 kernel fixing problems and adding a number of security features. You can now use 2.4.21 in Openwall Linux, though, in true conservative form, they still recommend sticking with 2.2 for now.

  • msulogin, a version of the "sulogin" program (which is normally used to control access to a system in single-user mode). The twist offered by msulogin is that it can handle multiple root accounts.

  • tcb, an alternative shadow password implementation. The difference is that tcb implements separate shadow files for each user. This technique allows group permissions to be used to implement password policies, and it allows the entire password subsystem to work with no need for root privileges.

These tools and patches can be used as components in a more secure Linux system, and that can only be a good thing.

Comments (none posted)

June CRYPTO-GRAM newsletter

Bruce Schneier's CRYPTO-GRAM newsletter for June is out; it looks at cyberterrorism, teaching virus writing, attacking virtual machines with memory errors, and fun with expired domains (beyond the usual trick of pointing them at porn sites): "Step 1: Buy an expired domain. Step 2: Watch all the spam come in, and figure out what e-mail accounts were active for that domain's previous owner. Step 3: Go to an account-based site -- eBay, Amazon, etc. -- and request that the password be sent to those accounts. If the people with those accounts didn't bother to change their e-mail address when the domain expired, you can collect their passwords."

Full Story (comments: 1)

New vulnerabilities

BitchX: Denial of service vulnerability

Package(s):BitchX CVE #(s):CAN-2003-0334
Created:June 17, 2003 Updated:June 17, 2003
Description: A Denial Of Service (DoS) vulnerability was discovered in BitchX that would allow a remote attacker to crash BitchX by changing certain channel modes. Read more here and here.
Alerts:
Mandrake MDKSA-2003:069 BitchX 2003-06-17

Comments (none posted)

ethereal: buffer and integer overflows

Package(s):ethereal CVE #(s):CAN-2003-0356 CAN-2003-0357
Created:June 12, 2003 Updated:June 18, 2003
Description: Timo Sirainen discovered several vulnerabilities in ethereal, a network traffic analyzer. These include one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, and integer overflows in the Mount and PPP dissectors.
Alerts:
Debian DSA-324-1 ethereal 2003-06-18
Mandrake MDKSA-2003:067 ethereal 2003-06-16
Debian DSA-313-1 ethereal 2003-06-11

Comments (none posted)

gnocatan: buffer overflows, denial of service

Package(s):gnocatan CVE #(s):CAN-2003-0433
Created:June 12, 2003 Updated:June 28, 2003
Description: Bas Wijnen discovered that the gnocatan server is vulnerable to several buffer overflows which could be exploited to execute arbitrary code on the server system.
Alerts:
Gentoo 200306-17 gnocatan 2003-06-28
Debian DSA-315-1 gnocatan 2003-06-11

Comments (none posted)

lyskom-server: denial of service

Package(s):lyskom-server CVE #(s):CAN-2003-0366
Created:June 13, 2003 Updated:June 17, 2003
Description: Calle Dybedahl discovered a bug in lyskom-server which could result in a denial of service where an unauthenticated user could cause the server to become unresponsive as it processes a large query.
Alerts:
Debian DSA-318-1 lyskom-server 2003-06-12

Comments (none posted)

man: format string exploit

Package(s):man CVE #(s):
Created:June 16, 2003 Updated:June 17, 2003
Description: Versions of man 1.5l and below contain a format string vulnerability. The vulnerability occurs when man uses an optional catalog file, supplied by the NLSPATH/LANG environmental variables. See the full advisory for more details.
Alerts:
Gentoo 200306-06 man 2003-06-14

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Fedora FEDORA-2005-405 mikmod 2005-06-16
Red Hat RHSA-2005:506-01 mikmod 2005-06-13
Fedora FEDORA-2005-404 mikmod 2005-06-09
Gentoo 200307-01 mikmod 2003-07-02
Debian DSA-320-1 mikmod 2003-06-13

Comments (none posted)

noweb: insecure temporary files

Package(s):noweb CVE #(s):CAN-2003-0381
Created:June 17, 2003 Updated:June 28, 2003
Description: Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby a temporary file was created insecurely. During a review, several other instances of this problem were found and fixed. Any of these bugs could be exploited by a local user to overwrite arbitrary files owned by the user invoking the script.
Alerts:
Gentoo 200306-16 noweb 2003-06-28
Debian DSA-323-1 noweb 2003-06-16

Comments (none posted)

radiusd-cistron: possible remote system compromise

Package(s):radiusd-cistron CVE #(s):CAN-2003-0450
Created:June 13, 2003 Updated:July 11, 2003
Description: The package radiusd-cistron is an implementation of the RADIUS protocol. Unfortunately the RADIUS server handles large NAS numbers incorrectly. This leads to overwriting internal memory of the server process and may be abused to gain remote access to the system the RADIUS server is running on.
Alerts:
Gentoo 200307-03 cistonradius 2003-07-11
Conectiva CLA-2003:664 radiusd-cistron 2003-06-27
Debian DSA-321-1 radiusd-cistron 2003-06-13
SuSE SuSE-SA:2003:030 radiusd-cistron 2003-06-13

Comments (none posted)

webmin: session ID spoofing

Package(s):webmin CVE #(s):CAN-2003-0101
Created:June 13, 2003 Updated:November 18, 2003
Description: miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges.
Alerts:
SCO Group CSSA-2003-035.0 webmin 2003-11-17
Debian DSA-319-1 webmin 2003-06-12

Comments (none posted)

Xpdf - command execution vulnerability

Package(s):Xpdf CVE #(s):CAN-2003-0434
Created:June 18, 2003 Updated:July 24, 2003
Description: Xpdf suffers from the same sort of "execute arbitrary code embedded in a malicious document" vulnerability that is so widespread in other PostScript and PDF interpreters.
Alerts:
Mandrake MDKSA-2003:071-1 xpdf 2003-07-23
Yellow Dog YDU-20030723-1 xpdf 2003-07-23
Red Hat RHSA-2003:196-02 Xpdf 2003-07-17
Conectiva CLA-2003:674 xpdf 2003-07-04
Mandrake MDKSA-2003:071 xpdf 2003-06-27
Gentoo 200306-11 xpdf 2003-06-25
Yellow Dog YDU-20030620-1 xpdf 2003-06-20
Red Hat RHSA-2003:196-01 Xpdf 2003-06-18

Comments (none posted)

Resources

Linux Advisory Watch

The June 13 Linux Advisory Watch newsletter from LinuxSecurity.com is available.

Full Story (comments: none)

Page editor: Jonathan Corbet
Next page: Kernel development>>


Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds