Security
Brief items
Advisories and relative security
A recent CNN article asks why the Linux community hasn't used the Blaster and SoBig worms for marketing purposes. The author concludes:
This seems like a good time to go and look at what these advisories really covered. CERT's 2002 advisories were:
Interestingly, we count 37 advisories for last year, not 29. There is no contesting the fact that the Linux-related column is significantly longer than the others. One could quibble a bit: the mod_ssl worm advisory covers the same vulnerability as the OpenSSL advisory, and the three trojan advisories are individual site compromises rather than widespread vulnerabilities. But that sort of quibbling wouldn't really change the situation.
On the other hand, it is a legimate question to ask why the mod_ssl worm (which affected very few systems) merits a CERT advisory, when worms like Klez, Bugbear, Badtrans, Nimda, and Sircam do not. The costs imposed by any one of those worms is likely to exceed that of all the Linux vulnerabilities put together.
The real point is that anybody who tries to make a security point by counting advisories is building a weak argument. A more honest look at the situation would ask how many vulnerabilities have been actively exploited, and how quickly they have been fixed.
That said, we couldn't resist putting together a 2003 table while we were at it:
This table suggests that the record for Linux-related software is nothing to be all that proud of, but certain other operating systems are currently in the lead in the "advisory count" race. On the other hand, in the fast-changing free software world, it is somehow comforting to see that sendmail continues to give advisory writers something to do - as long as you're running a different MTA...
New vulnerabilities
gkrellm: buffer overflow
| Package(s): | gkrellm | CVE #(s): | |||||
| Created: | August 29, 2003 | Updated: | September 3, 2003 | ||||
| Description: | A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server. | ||||||
| Alerts: |
| ||||||
horde: session hijacking
| Package(s): | horde | CVE #(s): | |||||||||
| Created: | September 1, 2003 | Updated: | September 3, 2003 | ||||||||
| Description: | According to this advisory an attacker could send an email to a victim who used HORDE MTA, to get the victim to visit a website, which then logs all available information about the victim's system. | ||||||||||
| Alerts: |
| ||||||||||
mindi: insecure file creations
| Package(s): | mindi | CVE #(s): | CAN-2003-0617 | ||||||||
| Created: | September 2, 2003 | Updated: | October 1, 2003 | ||||||||
| Description: | Mindi versions prior to 0.86 creates files in /tmp which could allow local user to overwrite arbitrary files. | ||||||||||
| Alerts: |
| ||||||||||
node: buffer overflow, format string
| Package(s): | node | CVE #(s): | |||||
| Created: | September 1, 2003 | Updated: | September 3, 2003 | ||||
| Description: | Morgan alias SM6TKY discovered and fixed several security related problems in LinuxNode, an Amateur Packet Radio Node program. The buffer overflow he discovered can be used to gain unauthorised root access and can be remotely triggered. | ||||||
| Alerts: |
| ||||||
pam_ldap: non-functioning host restrictions
| Package(s): | pam_ldap | CVE #(s): | |||||
| Created: | September 3, 2003 | Updated: | September 3, 2003 | ||||
| Description: | pam_ldap 161 contains a bug in the pam_filter module which prevents host-based restrictions from working as advertised; version 1.62 fixes the problem. | ||||||
| Alerts: |
| ||||||
phpwebsite: SQL Injection, DoS and XSS Vulnerabilities
| Package(s): | phpwebsite | CVE #(s): | |||||
| Created: | September 2, 2003 | Updated: | September 3, 2003 | ||||
| Description: | phpwebsite contains an sql injection vulnerability in the calendar module which allows the attacker to execute sql queries. In addition phpwebsite is also vulnerable to XSS. More information can be found in the full advisory. | ||||||
| Alerts: |
| ||||||
Resources
Open Source Security Testing Methodology Manual version 2.1 released
The Open Source Security Testing Methodology Manual (OSSTMM) is an open standard method for performing security tests, focusing on the items that need to be tested, what to do during a security test, and when different types of security tests should be performed.
Page editor: Jonathan Corbet
Next page:
Kernel development>>