User: Password:
|
|
Subscribe / Log in / New account

Security

Fedora 13 to debut a security "spin"

By Jake Edge
March 3, 2010

Fedora already has a number of variations—called "spins"—to support different use cases: alternative desktops (KDE, LXDE, XFCE), gaming, hardware design, education, etc. Starting with Fedora 13, those will be joined by the Fedora Security Lab (FSL), which is meant to be a "safe test-environment for working on security-auditing, forensics and penetration-testing, coupled with all the Fedora-Security features and tools". The target audience is much the same as that of the BackTrack security distribution—security professionals along with those who want to learn about various security techniques.

FSL is based on the LXDE desktop environment because of its small resource footprint, which will leave more memory available for running various security and forensic tools. The LXDE menu has been customized to present a categorized list of tools and applications available to a user. The distribution comes with a fairly extensive list of packages, as well as a wish list of additional packages that would be added to FSL once they are packaged for Fedora.

The release itself will be an ISO image that can be used as a Live CD, which can then be installed on the hard disk. A more likely scenario is creating a bootable system on a USB stick using Fedora's liveusb-creator. That will allow the user to reserve some extra space on the USB stick for persistent storage. That storage can be used for installing additional packages or storing the output or configuration of various utilities so that they are available after each boot.

Fedora's Joerg Simon is leading the FSL effort, which got final approval from the Fedora advisory board in mid-February. FSL provides a number of advantages for Fedora and its users—many of which are listed on the FSL page—but there is one item in particular that Simon seems to be excited about: using it as a platform to teach about security.

Simon has slides [PDF] from a presentation he gave that proposed FSL as the basis for teaching classes based on the Open Source Security Testing Methodology Manual (OSSTMM). Simon is involved in both projects and sees benefits to both from a collaboration. FSL would provide a stable platform that teachers and students could rely upon and Fedora would benefit from the wider exposure those classes would bring.

In addition to the various utilities and tools that are packaged with the spin, FSL also showcases the security features that are part of all Fedora spins. Things like SELinux, default firewall rules, PolicyKit, and various protections like stack smashing protection, buffer overflow protection, and so forth, are all available for students and others to examine and play with.

Having a larger parent organization like Fedora—and to some extent Red Hat—may help FSL achieve a higher-profile than BackTrack or other security distributions have in the past. One can imagine that FSL will be the tool of choice for recovery of broken systems in the Fedora and RHEL worlds, as users will already be familiar with the underlying distribution. Working with other organizations that are targeting security education is another thing that may very well help foster FSL as a tool of choice for security professionals.

While FSL is somewhat late to this particular party, and still has a number of important tools (Metasploit, OpenVAS, SiLK, etc.) on its wish list, it does have the infrastructure and user community of Fedora behind it. There is ample room for collaboration with BackTrack and other security-focused distributions—one hopes that can come about. By sharing information, configuration, tools, and techniques, in much the same way that free software development is done, better security distributions will result. That can only help bring about increased security for all free software.

Comments (8 posted)

Brief items

Microsoft's other takedown action

This ars technica article describes how Microsoft took down the control structure for the Waledac botnet. "By obtaining the restraining order, this command-and-control system was disrupted; with the domain names offline, the machines in the botnet were no longer able to locate their control servers, rendering them mostly harmless. The court action had to be taken in secret to avoid warning the botnet's operators; with sufficient warning, they might have been able to set up new domain names and new control systems, thereby circumventing Microsoft's efforts. The names have now been offline for three days, presumably sufficient to cause permanent disruption, and the injunction is now public."

Comments (none posted)

New vulnerabilities

apache: unknown vulnerability

Package(s):apache httpd CVE #(s):CVE-2010-0408
Created:March 3, 2010 Updated:September 14, 2010
Description: The mod_proxy_ajp module packaged with Apache 2.2.x suffers from an unknown vulnerability when faced with a protocol error.
Alerts:
Gentoo 201206-25 apache 2012-06-24
rPath rPSA-2010-0056-1 httpd 2010-09-13
Fedora FEDORA-2010-6055 httpd 2010-04-09
Fedora FEDORA-2010-6131 httpd 2010-04-09
SuSE SUSE-SR:2010:010 krb5, clamav, systemtap, apache2, glib2, mediawiki, apache 2010-04-27
Debian DSA-2035-1 apache2 2010-04-17
Pardus 2010-45 apache-2.2.15-36-11 apache-2.2.15-34-12 2010-03-29
CentOS CESA-2010:0168 httpd 2010-03-28
Red Hat RHSA-2010:0168-01 httpd 2010-03-25
Ubuntu USN-908-1 apache2 2010-03-10
Slackware SSA:2010-067-01 httpd 2010-03-09
Mandriva MDVSA-2010:053 apache 2010-03-02

Comments (1 posted)

apache-mod_security: denial of service

Package(s):apache-mod_security CVE #(s):
Created:February 26, 2010 Updated:March 3, 2010
Description: From the Openwall report:

multiple security flaws, which might lead to bypass of intended security restrictions and denial of service, have been reported and corrected in latest v2.5.12 version of ModSecurity.

Alerts:
Mandriva MDVSA-2010:050 apache-mod_security 2010-02-26

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):
Created:February 25, 2010 Updated:March 3, 2010
Description: From the Pardus alert:

A vulnerability has been fixed in Kernel, which can be exploited by malicious people to crash kernel due to divide by zero in azx_position_ok. Using mp3blaster-3.2.5 (latest version) to play MP3 audio, the reporter was able to crash the kernel by stopping and restarting playback using the "5" key repeatedly. This happens as a normal user, not only as root.

Alerts:
Pardus 2010-36 module-alsa-driver module-pae-alsa-driver 2010-02-25

Comments (none posted)

kvm: privilege escalation

Package(s):kvm CVE #(s):CVE-2010-0419
Created:March 2, 2010 Updated:June 4, 2010
Description: From the Red Hat advisory:

A flaw was found in the way the x86 emulator loaded segment selectors (used for memory segmentation and protection) into segment registers. In some guest system configurations, an unprivileged guest user could leverage this flaw to crash the guest or possibly escalate their privileges within the guest.

Alerts:
Oracle ELSA-2013-1645 kernel 2013-11-26
Ubuntu USN-947-2 kernel 2010-06-04
Ubuntu USN-947-1 linux, linux-source-2.6.15 2010-06-03
Debian DSA-2010 kvm 2010-03-10
Red Hat RHSA-2010:0126-01 kvm 2010-03-01
CentOS CESA-2010:0126 kvm 2010-03-02

Comments (none posted)

puppet: insecure tempfile creation

Package(s):puppet CVE #(s):CVE-2010-0156
Created:March 2, 2010 Updated:June 14, 2010
Description: From the Red Hat bugzilla:

puppet may create several predictable files in /tmp, e.g.

/tmp/daemonout
/tmp/puppetdoc.txt
/tmp/puppetdoc.tex

Alerts:
Gentoo 201203-03 puppet 2012-03-05
SuSE SUSE-SR:2010:013 apache2-mod_php5/php5, bytefx-data-mysql/mono, flash-player, fuse, java-1_4_2-ibm, krb5, libcmpiutil/libvirt, libmozhelper-1_0-0/mozilla-xulrunner190, libopenssl-devel, libpng12-0, libpython2_6-1_0, libtheora, memcached, ncpfs, pango, puppet, python, seamonkey, te_ams, texlive 2010-06-14
Ubuntu USN-917-1 puppet 2010-03-24
Fedora FEDORA-2010-1372 puppet 2010-02-21
Fedora FEDORA-2010-1079 puppet 2010-02-21

Comments (none posted)

samba: denial of service

Package(s):samba CVE #(s):CVE-2010-0547
Created:March 1, 2010 Updated:September 23, 2011
Description: From the Debian advisory:

Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.

Alerts:
Gentoo 201206-29 mount-cifs 2012-06-25
Oracle ELSA-2012-0313 samba 2012-03-07
Mandriva MDVSA-2011:148 samba 2011-10-11
CentOS CESA-2011:1220 samba3x 2011-09-22
CentOS CESA-2011:1219 samba 2011-09-22
Scientific Linux SL-samb-20110829 samba3x 2011-08-29
Scientific Linux SL-samb-20110829 samba 2011-08-29
Scientific Linux SL-Samb-20110829 samba, cifs-utils 2011-08-29
CentOS CESA-2011:1219 samba 2011-08-29
Red Hat RHSA-2011:1221-01 samba, cifs-utils 2011-08-29
Red Hat RHSA-2011:1220-01 samba3x 2011-08-29
Red Hat RHSA-2011:1219-01 samba 2011-08-29
SUSE SUSE-SR:2010:014 OpenOffice_org, apache2-slms, aria2, bogofilter, cifs-mount/samba, clamav, exim, ghostscript-devel, gnutls, krb5, kvirc, lftp, libpython2_6-1_0, libtiff, libvorbis, lxsession, mono-addon-bytefx-data-mysql/bytefx-data-mysql, moodle, openldap2, opera, otrs, popt, postgresql, python-mako, squidGuard, vte, w3m, xmlrpc-c, XFree86/xorg-x11, yast2-webclient 2010-08-02
Mandriva MDVSA-2010:090-1 samba 2010-05-04
Mandriva MDVSA-2010:090 samba 2010-05-04
SuSE SUSE-SR:2010:008 gnome-screensaver tomcat libtheora java-1_6_0-sun samba 2010-04-07
SuSE SUSE-SR:2010:007 cifs-mount/samba, compiz-fusion-plugins-main, cron, cups, ethereal/wireshark, krb5, mysql, pulseaudio, squid/squid3, viewvc 2010-03-30
Debian DSA-2004-1 samba 2010-02-28

Comments (none posted)

sudo: unintended privilege escalation

Package(s):sudo CVE #(s):CVE-2010-0426 CVE-2010-0427
Created:February 26, 2010 Updated:October 27, 2010
Description: From the Red Hat advisory:

A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426)

The sudo utility did not properly initialize supplementary groups when the "runas_default" option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with "runas_default", they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427)

Alerts:
rPath rPSA-2010-0075-1 sudo 2010-10-27
CentOS CESA-2010:0361 sudo 2010-05-28
Pardus 2010-70 sudo 2010-06-04
Mandriva MDVSA-2010:078-1 sudo 2010-04-28
Slackware SSA:2010-110-01 sudo 2010-04-21
SuSE SUSE-SR:2010:006 2010-03-15
Pardus 2010-38 sudo 2010-03-09
Fedora FEDORA-2010-3415 sudo 2010-03-03
Fedora FEDORA-2010-3359 sudo 2010-03-03
Gentoo 201003-01 sudo 2010-03-03
Mandriva MDVSA-2010:049 sudo 2010-02-25
Debian DSA-2006-1 sudo 2010-03-02
CentOS CESA-2010:0122 sudo 2010-03-01
Mandriva MDVSA-2010:052 sudo 2010-03-01
Ubuntu USN-905-1 sudo 2010-02-26
Red Hat RHSA-2010:0122-01 sudo 2010-02-26

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds