[LWN Logo]

 Main page
 Linux in the news
 Back page
All in one big page

See also: last week's Security page.


News and editorials

Widespread, scary web security problem. The folks at Digital Creations have turned up a problem in how the web handles authentication that has widespread implications. Hostile web pages can be crafted which can cause your browser to take actions under your name on web sites where you have authenticated yourself. Various types of authentication-oriented services - such as web mail, web administration, brokerages, etc. - can be vulnerable to this problem. Obvious fixes are not in sight. Please see this LWN feature for an overview of the problem and how it works.

The Nexus Project initial release. The Nexus Project, being a "maximum security" distribution which grew out of the Kha0s project, has announced its first public release. Nexus seems to be taking a very server-oriented approach; the distribution does not emphasize desktops or ease of use. They intend to produce a capability-based system, perhaps they will be one of the first Linux distributions to really use capabilities. They also apparently plan to distribute software primarily in source format, rather than use a binary package system.

How apache.org was cracked. Here is a description of how apache.org was cracked this last week. The summary, for those who have not already seen it: the site was cracked though some poor configuration choices for its FTP server. The apache server itself was not compromised. (Found on Kuro5hin).

Security Reports

pam_console. Michal Zalewski and Benjamin Smee pointed out problems with the pam_console PAM module which can allow a user to sniff passwords, execute commands as the user on the console and more. This will impact any PAM-based distribution and has been confirmed on Red Hat 6.0-6.2. No fix for the problem has been reported as of yet.

glibc resolver weakness?. One thread this week on BugTraq started with a report of a weakness in the glibc resolver code. Salvatore Sanfilippo reported that the resolver routines in glibc versions 2.0 through 2.1.3 generate a random ID which is used to match requests with queries. This random ID turns out to be fairly predictable In addition, the resolver routines silently discard non-matching IDs. This leaves the server open to, potentially, a variety of DNS-based attacks, though those attacks are currently theoretical.

DBMan. The shareware, cgi-based DBMan script from Gossamer-threads.com provides a full featured database manager built on a flat-file ASCII database with a web interface for adding, removing, modifying or viewing records. A design error in the script allows it to be used to improperly display environment and setup variables. Check the relevant Security Focus vulnerability database entry for more details.

BSD reports

NetBSD unaligned IP panic.NHC Research posted an advisory to BugTraq reporting that NetBSD 1.4.2 and prior versions could be remotely crashed by the receipt of a packet with an unaligned IP Timestamp option, making them vulnerable to a remote denial-of-service attack. NetBSD has responded with a confirmation of the problem and kernel patches for NetBSD 1.4.1 and 1.4.2. Note that this problem only impacts the Sparc and Alpha platforms; other platforms such as i386 and m68k are not affected.

FreeBSD reports. Three FreeBSD advisories were released this week, involving the following "ports". Workarounds or fixes are provided/recommend for each.

Commercial vulnerabilities

Listserv mailing list manager. An exploitable buffer overrun has been reported in the Listserv web archive software. Listserv is a popular commercial mailing list manager that runs on a variety of platforms, including Linux. An exploit has been published and an update to Listserv is reported to be available from L-Soft. Send email to support@listserv.com for more information.

Vulnerabilities have been reported with the following hardware:.


openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.

This week's reports:

Previous reports:

gpm improper permissions handling. Improper permissions handling in gpm was discussed in the March 30th LWN Security Summary.

This week's updates:

Previous updates:

piranha. Issues with the piranha packages were covered in the main editorial of the April 27th LWN Security Summary.

This week's updates:

Previous updates:

lisa. LISA, Caldera's non-graphical systems administration tool, contained several tmpfile handling problems in versions prior to 4.1. An upgrade is recommended. Note that this advisory was posted on April 26th, but not previously reported in an LWN security summary.

ircii buffer overflow. On March 10th, a remotely exploitable buffer overflow was reported in ircii, an irc client, with all versions prior to 4.4M. Check the April 6th LWN Security Summary for our first report of this problem or BugTraq ID 1046 for more details.

This week's updates:

Previous updates:

imapd buffer overflow. New imap-4.5 packages containing a backport of the buffer overflow fixes in imap-4.7 were uploaded into the Debian stable tree.


SecureBSD 1.0 Preview Release. The initial announcement for the SecureBSD 1.0 Preview Release calls it "Kernel-based security enhancements for FreeBSD". Check this description for more details.

siphon. A beta release of siphon, a passive network mapping tool, has been announced.


FIRST conference reminder. May 12th is the registration deadline for the 12th Annual FIRST conference, if you want the early registration discounts. FIRST is being held June 25th through the 30th in Chicago, Illinois, USA.

May/June security events.

May 14-18, 2000. EuroCrypt 2000, Bruges (Brugge), Belgium.

May 14-17, 2000. 2000 IEEE Symposium on Security and Privacy, Oakland, California, USA.

May 22-25, 5000. SANE 2000, Maastricht, The Netherlands.

June 12-14, 2000. NetSec 2000, San Francisco, California, USA.

June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA.

June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA.

Section Editor: Liz Coolbaugh

May 11, 2000

Secure Linux Projects
Bastille Linux
Khaos Linux
Secure Linux
Secure Linux (Flask)

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Yellow Dog Errata

Security Software Archives
ZedZ.net (formerly replay.com)

Miscellaneous Resources
Comp Sec News Daily
Linux Security Audit Project
Security Focus

Next: Kernel

Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds