![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsNAI Labs Announces DARPA-Funded FreeBSD Security Initiative. NAI Labs has received a $1.2 Million contract from the DARPA to develop security extension to FreeBSD. The military, it seems, has decided that it is dependent enough on free software to put some effort into improving its security. This particular effort, which is expected to take 18 months, should bring a number of improvements to FreeBSD. Linux security developers may want to have a look at what is going on as well. The Community-Based Open Source Security project is the recipient of this grant. It's made up of a number of high-profile names, including Robert Watson, Kirk McKusick, and Eivind Eklund. The aim of the project is to target some of the "low-hanging fruit" in the security area, including:
Some of the work is simply trying to catch up with capabilities Linux has had for years (i.e. PAM, TCP SYN cookies), but some of it is interesting and new. The results bear watching. Linux advocates should also, perhaps, be paying more attention to the possibility of government funding for some development work. The money is out there, and, often, it's looking for something interesting to do. Given the difficulty of finding venture capital these days, sharp people with good ideas might just want to consider taking the grant approach instead. Snort 1.8 is released. Version 1.8 of the Snort intrusion detection system is out. New features include a "stateful inspection and TCP stream reassembly module," host tagging, detection of ARP spoofing, defeats for a number of evasion techniques, and much more. This may be the last big release for a little bit, since the author, Martin Roesch, is about to become a father. Security Reportsdip 3.3.7p overflow. An overflow condition has been discovered in dip on SuSE 7.0 X86 and Slackware. This is an old bug that has resurfaced. lmail local root exploit. Lmail is susceptible to a local root exploit that can allow attackers to overwrite and create files. OpenSSL Pseudo-random number generator weakness. A weakness has been discovered in the OpenSSL Pseudo random number generator that can allow an attacker to discover the PNRG's state and predict future values. This week's updates: Caldera security update to OpenSSH. Caldera International has released a security update to OpenSSH fixing an interesting problem: an attacker can remove any file on the system, as long as it's called "cookies"... Immunix update for tetex. Immunix has posted a security update for tetex to address temporary file handling problems that can lead to privilege elevation. Tripwire temporary files. A temporary file insecurity problem has been discovered in Tripwire which make it possible for a local user to overwrite files with root permissions. Xdm cookies advisory. If xdm is compiled with the wrong options the cookie file can be guessed and a denial of service attack can be performed using the X server. Red Hat advisory for xloadimage. Red Hat has issued an advisory for the xloadimage package to address buffer overflow issues. The problem is mostly limited to remote exploits if xloadimage is called by Netscape (by 'plugger', for example). Proprietary products. The following proprietary products were reported to contain vulnerabilities:
Updatesfetchmail buffer overflow. Check the June 21st LWN Security Summary for the original report. This is remotely exploitable and could lead to root access if fetchmail is run by root. An upgrade to fetchmail 5.8.6 will resolve the problem.This week's updates: Previous updates:
Webmin environment variable inheritance vulnerability. Check the May 31st LWN Security Summary for the original report. This week's updates:
xinetd buffer overflow. Check the June 14th LWN Security Summary for the initial report. The buffer overflow is in the ident logging portion of xinetd, so one workaround to the problem is to disable ident logging. Since then, more extensive problems have been found in string handling in xinetd, and the current round of updates addresses them.This week's updates: Previous updates:
ResourcesSecurity BOF report updated. Emily Ratliff's report from the USENIX security module BOF has seen some minor updates from the author; an updated version is now available.
Security Alerts: PHP Weaknesses? (O'Reilly). Noel Davis looks at some security vulnerabilities in PHP and discusses other current security issues in an O'Reilly article. A rogue's gallery of denial of service attacks (ZDNet). ZDNet looks at a few tools that can be used to thwart denial of service (DOS) attacks. Small TCP packets == very large overhead. Darren Reed discusses how small TCP packets can be used maliciously to bog down a server. The minimum size for the maximum segment size field is too small for many operating systems and the value is defined by the caller. LinuxSecurity.com newsletter. The weekly LinuxSecurity.com newsletter has been published. Advisories for Samba, xinetd, Zope, Scotty, and webmin are presented. EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Forrest Cook |
July 12, 2001
LWN Resources | ||||||||||||||||||||||||
Copyright © 2001
Eklektix, Inc., all rights reserved
Next: Kernel