On the Desktop
Linux in the news
All in one big page
See also: last week's Security page.
News and EditorialsWarhol worms? Nicholas C Weaver has done a worst-case analysis on just how quickly a virulent worm could infect essentially all of the vulnerable systems on the net. The answer: 15 minutes. One could quibble with the details and assumptions of the analysis, but the answer remains the same. A carefully-written worm could propagate worldwide in a very short period of time.
This, of course, is a scary result. In 15 minutes, very little can be accomplished with things like security alerts, worm analysis, and patches. By the time anybody knows there is a problem, it's over.
Some malware writer is sure to see an analysis of this type as a challenge; the probability of a high-speed worm in the near future seems high. The net, as it stands now, is a frighteningly vulnerable place.
The August CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM newsletter for August is out. Topics discussed include Code Red and the arrest of Dmitry Sklyarov.
The truth is that we all got lucky. Code Red could have been much worse. It had full control of every machine it took over; it could have been programmed to do anything the author imagined, including dropping the entire Internet. It could have spread faster and smarter. It could have exploited several vulnerabilities, and not just one. It could have been stealthier. It could have been polymorphic.
The newsletter also points to a biography of 'Alice' and 'Bob' by John Gordon that is well worth a read.
Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she cannot hear clearly, and who is probably someone else, to fiddle her tax returns and to organize a cout d'etat, while at the same time minimizing the cost of the phone call. A coding theorist is someone who doesn't think Alice is crazy.
Security ReportsBuffer overrun vulnerabilities in fetchmail. "antirez" (Salvatore Sanfilippo) has posted an advisory regarding two buffer overrun vulnerabilities in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. Distributors have been a bit slow in coming out with updates; here's what we have so far.
Debian security update to Window Maker. The Debian Project has issued a security update to Window Maker fixing a buffer overrun problem that could, conceivably, be exploited remotely.
Debian groff update. Debian has posted a security advisory for groff to address printf format string vulnerabilities. No other distributors have yet issued updates for this problem.
Local root vulnerability in TrollFTPD. The TrollFTPD FTP server contains a buffer overflow problem which could result in root access for local users. The solution is to upgrade to version 1.27 or later. Note that the Pure-FTPd server, which is derived from TrollFTPD, is not vulnerable to this problem.
web scripts.The following web scripts were reported to contain vulnerabilities:
Proprietary products.The following proprietary products were reported to contain vulnerabilities:
UpdatesVulnerabilities in Horde IMP Horde IMP has several vulnerabilities which are fixed in version 2.2.6; see Bugtraq ID's 3066, 3079, 3082, and 3083 for more details.
Previous updates:Denial of service vulnerability in OpenLDAP This problem was first identified in a CERT advisory issued in July, 2001. It was covered in the July 19, 2001 LWN security page.
This week's updates:
Previous updates:July 26 Security page for details.
This week's updates:
Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
This week's updates:
Progeny also gets moving. Progeny Linux systems also caught up on its security updates this week. Beyond the alerts listed above, we have:
ResourcesThe Log Analysis mailing list has been announced. This list exists for people interested in setting up and using a central logging infrastructure; "most of the discussion will focus on the care and feeding of syslog"
Linux Advisory Watch. The LinuxSecurity.com Linux Advisory Watch for August 10 is out, as is the Linux Security Week Newsletter for August 13.
Linux IPsec Gateways Using FreeS/Wan. SecurityFocus has put up a beginner's article on setting up FreeS/WAN. "FreeS/WAN has one interesting feature that makes it distinct from most other IPsec implementations: DES encryption is unsupported. According to the FreeS/WAN home page, 'DES is, unfortunately, a mandatory part of the IPSEC standard. Despite that, we will not implement DES. We believe it is more important to provide security than to comply with a standard which has been subverted into allowing weak algorithms.'"
A new system fingerprinting tool. Xprobe is a new operating system identification tool by Ofir Arkin and Fyodor Yarochkin. It claims more accurate results while needing to send fewer probes to the target system; there is also a white paper describing how it all works.
Snort 1.8.1 has been released. It contains a number of fixes and new features; see the announcement for details.
Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to email@example.com.
Section Editor: Jonathan Corbet
August 16, 2001
Engarde Secure Linux
NSA Security Enhanced
Linux Security Audit Project
Linux Security Module
Security List Archives
Firewall Wizards Archive
LinuxPPC Security Updates
Red Hat Errata
Yellow Dog Errata
Security mailing lists Caldera
Linux From Scratch
Security Software Archives
ZedZ.net (formerly replay.com)
Comp Sec News Daily