Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsWith the recent terrorist attacks in New York City and Washington D.C., security advisors are recommending that now is a good time to be on the lookout for cyber attacks, which have reportedly increased by an order of magnitude. The usual monitoring of log files is recommended, and the latest patches should be applied to all vulnerable software.Security workers: Copyright law stifles. C|Net is running an article on the effects of the DMCA law on writers of security code. Security software developers are wary of lawsuits and are removing projects from distribution. First open virus scanner released. The OpenAntivirus Project has been announced, and has produced an open source anti virus scanner. Currently the scanner can detect 5 different viruses with 11 variants. (Thanks to Lenz Grimmer) Introducing ssh-agent and keychain (IBM developerWorks). IBM's developerWorks introduces readers to the ssh-agent and keychain utilities. "ssh-agent, included with the OpenSSH distribution, is a special program designed to make dealing with RSA and DSA keys both pleasant and secure...[and] for the sole purpose of caching your decrypted private keys." New Unix worm could be next Code Red (ZDNet). A new worm known as X.C apparently exploits a hole in the telnet daemon according to this ZDNet article. Telnet is, of course, already vulnerable to clear text password sniffing and sites concerned with security usually replace it with ssh. Linux Trojan spotted in the wild (Register). The Register reports on another Linux-based Trojan known as Remote Shell, which should not be confused with the ancient rsh utility. "Qualys suggests Remote Shell can be disseminated by inconspicuous emails and replicates itself on the infected Linux-based system. The Trojan installs a backdoor that listens for incoming connections on UDP port 5503 or higher, enabling remote attackers to connect and take control of the system." Security ReportsRed Hat advisory for bugzilla. Red Hat has posted their advisory for bugzilla. See: Red Hat (September 10, 2001) . This advisory addresses several security problems with bugzilla in which valid users can obtain confidential data without authorization, also addresses a problem where parameters were not being checked properly. Conectiva security update to mailman. Conectiva has issued a security update to mailman which fixes a number of vulnerabilities, some fairly old. See: Conectiva (September 5, 2001) . Uucp local user exploits. There is a vulnerability in the command-line argument handling of uucp which can be exploited by a local user to obtain uid/gid uucp. The following updates address the problem: UpdatesApache-contrib command injection vulnerability. The Apache module mod_auth_mysql 1.4 was found vulnerable to possible bypass authentication by MySQL command injection. See last week's LWN security page for a discussion of the SQL injection problems with a number of Apache modules.Previous updates: Buffer overrun vulnerabilities in fetchmail. (Found by Salvatore Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. See the August 16 Security page for the initial report. Previous updates:
Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001). The stable release of Debian is not vulnerable. New updates:
Previous updates:
Previous updates:
Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19 LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3.Previous updates:
Previous updates:
Previous updates:
This week's updates: Previous updates: Input validation problem with sendmail. An input validation error exists in versions of sendmail prior to 8.11.6 (or 8.12.0Beta19) which may be exploited by local users to obtain root access. See the August 23 Security Page for the initial report.This week's updates:
Previous updates:
New updates: Previous updates:
This week's updates: Previous updates:
Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
This week's updates: Previous updates:
Buffer overruns in Window Maker A buffer overrun exists in Window Maker which could, conceivably, be exploited remotely if the user runs a hostile application. This problem initially appeared in the August 16, 2001 LWN security page. New updates: Previous updates:
This week's updates: Previous updates:
Previous updates:
ResourcesEventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Forrest Cook |
September 13, 2001
LWN Resources | ||||||||||||||||||