Security
What happened to the other 8%
As reported last week, Evans Data recently announced the results of a survey which indicated (among other things) that 92% of their respondents have never suffered a virus infection on their Linux systems. The mainstream press made a big deal out of this result, but, to most Linux users, the interesting result was the 8%. Linux systems can have security problems, but virus problems, in particular, are almost unheard of. An 8% infection rate seemed too high.We dropped the folks at Evans Data a note asking for some more information. The result came back from none other than Nick Petreley, who is now the "Linux analyst" for Evans. He says:
The vast majority of Linux developers, 92%, have never experienced
a virus infection on Linux. We know of no known viruses to which
Linux is currently susceptible, so the tiny percentage of
respondents who claim to have experienced virus infections on Linux
servers may be referring to an historical incident. Although the
survey question does not account for this, it is also possible that
some respondents are referring to situations where they are using
Linux servers to filter viruses for Windows clients. In this case,
the viral infection may actually have taken place on a Windows
machine because the virus checker on the Linux server failed to
catch it
In other words, they don't really know either. The survey was performed over the web (a private page accessible by invitation only) and didn't really provide for detailed answers.
Fun with RFID tags
The various privacy implications of widespread use of radio-frequency identification tags have been widely discussed. This eWeek article, reporting on a Black Hat Briefings session, brings up a new issue. It seems that the portion of most RFID tags which holds the product code is rewritable. Anybody who can haul a suitably equipped system into a store can rewrite the tags at will, creating no end of opportunities for confusion and theft.According to the article, things go even further than that:
And there's an even worse scenario: "It is only a matter of time
before someone puts a root exploit on one of these tags and hacks
into your supply chain," Grunwald said.
That scenario seems unlikely; the capacity of an RFID tag, and the uses to which the tags are put, do not afford many opportunities for the injection of shell code into point-of-sale systems. But, then, somebody might just pull it off.
The real security risk is the number of systems which will be programmed to believe what their RFID readers are telling them. It is surprising that a device meant to be used as an identification token is rewritable in this way. It should not take too long before troublemakers with RFID writers convince the retail establishment that this was a bad decision.
Surge in Scans Seeking SSL Servers (Netcraft)
Netcraft reports that Internet scanning for servers running Secure Sockets Layer (SSL) has spiked in the past week. "Security firms are advising network administrators to install security patches for SSL servers, including a recent update for mod_ssl, which is widely used in Apache servers running OpenSSL. A security update was released July 16 to fix the vulnerability, which may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy, according to an advisory from Gentoo Linux."
New vulnerabilities
gnome-vfs: backend script vulnerabilities
| Package(s): | gnome-vfs | CVE #(s): | CAN-2004-0494 | ||||||||||||
| Created: | August 4, 2004 | Updated: | February 21, 2005 | ||||||||||||
| Description: | Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat. | ||||||||||||||
| Alerts: |
| ||||||||||||||
kernel information leak
| Package(s): | kernel | CVE #(s): | CAN-2004-0415 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 3, 2004 | Updated: | October 26, 2004 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Paul Starzetz discovered
flaws in the Linux kernel when handling file
offset pointers. These consist of invalid conversions of 64 to 32-bit file
offset pointers and possible race conditions. A local unprivileged user
could make use of these flaws to access large portions of kernel memory.
Note that this vulnerability affects all 2.4 kernels through 2.4.26 and 2.6 kernels through 2.6.7.
A fix for this problem was added to the fifth 2.4.27 release candidate. | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
libpng: multiple vulnerabilities
| Package(s): | libpng | CVE #(s): | CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | August 4, 2004 | Updated: | February 10, 2005 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | There is yet another set of holes in libpng, versions 1.2.5 and prior, which can be exploited by a malicious image file; see this advisory from Chris Evans or this CERT advisory for details. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
phpMyAdmin: remote PHP execution
| Package(s): | phpmyadmin | CVE #(s): | |||||
| Created: | July 29, 2004 | Updated: | August 4, 2004 | ||||
| Description: | phpMyAdmin has a vulnerability that allows a remote attacker to modify variables and execute PHP code. The attacker must have a valid user account. | ||||||
| Alerts: |
| ||||||
MPlayer: GUI filename handling overflow
| Package(s): | mplayer | CVE #(s): | |||||
| Created: | August 2, 2004 | Updated: | August 4, 2004 | ||||
| Description: | The MPlayer GUI code contains several buffer overflow vulnerabilities, and at least one in the TranslateFilename() function is exploitable. By enticing a user to play a file with a carefully crafted filename an attacker could execute arbitrary code with the permissions of the user running MPlayer. | ||||||
| Alerts: |
| ||||||
Resources
"Cyber Adversary Characterization: Auditing the Hacker Mind" released
Syngress Publishing has announced the release of Cyber Adversary Characterization: Auditing the Hacker Mind, by Tom Parker, Matthew Devost, Marcus Sachs, Eric Shaw, and Ed Stroz. "By providing recent case studies and profiles of various cyber-terrorists, this is the must-have guide book for understanding the world of hackers."
What Countermeasures Really Means (O'ReillyNet)
Here's an O'ReillyNet article looking at the use of active countermeasures in the face of security threats. "One dirty little secret of information security is that corporations have been using 'tiger teams' for years in order to launch highly aggressive counterstrikes against attackers. Why? Because many more corporations get attacked and extorted through computer intrusions than the popular press will ever report."
Page editor: Jonathan Corbet
Next page:
Kernel development>>