Security
Brief items
Squid Security Update Advisory 2002:3
The Squid proxy server project has released Squid-2.4.STABLE7, which contains several security fixes. Some of the vulnerabilities are thought to be remotely exploitable. If you are running Squid, you should be looking to upgrade. Vendor alerts are listed in the vulnerability report as we get them.
Security reports
Local artsd real time shell vulnerability
Olaf Kirch looks at a posted artsd exploit (implemented using artswrapper). A local attacker may use such an exploit to get a shell with realtime scheduling priority but no other privledge escalation.
New vulnerabilities
bind buffer overflow vulnerability in DNS resolver libraries
| Package(s): | bind glibc | CVE #(s): | CAN-2002-0651 CAN-2002-0684 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | July 8, 2002 | Updated: | October 1, 2003 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1)
include fixes for a libc related vulnerability which does not
affect Linux. Updates from
the Internet Software Consortium (ISC)
are available from here.
No release or branch of Openwall GNU/*/Linux (Owl) is known to be
affected, due to Olaf Kirch's fixes for this problem getting into the
GNU C library more than two years ago.
Unfortunatly that does not mean that Linux systems are not vulnerable. Similar code, without Olaf Firch's fixes, is in the glibc getnetbyXXX functions. These functions are described in the SuSE alert as " used by very few applications only, such as ifconfig and ifuser, which makes exploits less likely." CERT Advisory: CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nn remote code execution vulnerability
| Package(s): | nn | CVE #(s): | |
| Created: | July 9, 2002 | Updated: | July 10, 2002 |
| Description: | A NNTP server may be used, maliciously, to
remotely execute code through the nn client.
Nn is a popular Unix newsreader. Versions prior to
6.6.3 are vulnerable.
The problem is fixed in nn 6.6.4 which is available here. For more information, see the security advisory. | ||
| Alerts: | (No alerts in the database for this vulnerability) | ||
Multiple vulnerabilities fixed in Squid-2.4.STABLE7
| Package(s): | squid | CVE #(s): | |||||||||||||||||||||||||
| Created: | July 8, 2002 | Updated: | November 15, 2002 | ||||||||||||||||||||||||
| Description: | Here is the security advisory for the Squid proxy server reporting several vulnerabilities in versions up to and including 2.4.STABLE7.
Several of the bugs are believed to allow remote code execution.
The security advisory lists the following changes:
| ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Kernel vulnerabilities in CIPE, ICMP and netfilter.
| Package(s): | kernel 2.2 and 2.4 | CVE #(s): | |||||
| Created: | July 9, 2002 | Updated: | July 9, 2002 | ||||
| Description: | The three vulnerabilities are:
Apparently these three vulnerabilities only impact users who use CIPE (VPN tunnel), kernels prior to 2.4.0-test6 or 2.2.18 or a firewall based on netfilter that uses IRC tracking. Since the kernel tends to be customized by each Linux Distributor, your distribution may or may not be vulnerable. | ||||||
| Alerts: |
| ||||||
Acrobat reader temporary files
| Package(s): | acroread | CVE #(s): | |||||
| Created: | July 8, 2002 | Updated: | July 10, 2002 | ||||
| Description: | There is a symlink attack vulnerability in Acrobat Reader 5.05.
Acroread uses a file it creates with wide open permissions (mode 666) in /tmp; it also follows symlinks.
See the report of the bug in Acrobat Reader 5.05 for the details. The problem has also been reported in version 4.05. | ||||||
| Alerts: |
| ||||||
Resources
BOON, a buffer overrun detection tool
David Wagner has released BOON, a tool for scanning C source code for buffer overrun vulnerabilities.
Be warned that this code is primarily a research prototype and has some
serious problems. Nonetheless, I hope it will be useful to you in your
security auditing work.
Linux Security Week
The July 8th Linux Security Week newsletter from LinuxSecurity.com is available.Using MonMotha's firewall script to build safe Internet sharing with Debian GNU/Linux (LinuxOrbit)
LinuxOrbit has this tutorial on building firewalls on a Debian system. "This tutorial will give you the necessary steps to turn one of your old PCs into a firewall with IP Masquerading, using a popular Linux distribution. I will leave it to you to get and install Debian onto your machine and work out connectivity to your ISP, then I will guide you through a kernel compile and install - which is necessary to enable features in the 2.4.x series kernels which allow your Linux machine to act as a firewall."
Events
USENIX Security Symposium
The USENIX Security Symposium will be here in less than a month. The list of accepted papers has been published; there are some interesting ones.RAID 2002 Call for Participation
The Fifth International Symposium on Recent Advances in Intrusion Detection (RAID 2002) issued a call for participation. The symposium will be held October 16-18, 2002 in Zurich, Switzerland.Upcoming Security Events
| Date | Event | Location |
|---|---|---|
| July 12 - 14, 2002 | H2K2 "Hacker" conference | New York City |
| July 31 - August 1, 2002 | Black Hat Briefings 2002 | (Caesars Palace Hotel and Resort)Las Vegas, NV, USA |
| August 2 - 4, 2002 | Defcon | (Alexis Park Hotel and Resort)Las Vegas, Nevada |
| August 5 - 9, 2002 | 11th USENIX Security Symposium | San Francisco, CA, USA |
| August 6 - 9, 2002 | CERT Conference 2002 | Omaha, Nebraska, USA |
| August 19 - 21, 2002 | Canadian Security & Intelligence Conference(CSICON) | (Hyatt Regency)Calgary, Alberta Canada |
| August 28 - 30, 2002 | Workshop on Information Security Applications(WISA 2002) | Jeju Island, Korea |
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Next page:
Kernel development>>