Sections:
Main page
Security
Kernel
Distributions
On the Desktop
Development
Commerce
Linux in the news
Announcements
Linux History
Letters
All in one big page

Security

News and Editorials

With the recent terrorist attacks in New York City and Washington D.C., security advisors are recommending that now is a good time to be on the lookout for cyber attacks, which have reportedly increased by an order of magnitude. The usual monitoring of log files is recommended, and the latest patches should be applied to all vulnerable software.

Security workers: Copyright law stifles. C|Net is running an article on the effects of the DMCA law on writers of security code. Security software developers are wary of lawsuits and are removing projects from distribution.

First open virus scanner released. The OpenAntivirus Project has been announced, and has produced an open source anti virus scanner. Currently the scanner can detect 5 different viruses with 11 variants. (Thanks to Lenz Grimmer)

Introducing ssh-agent and keychain (IBM developerWorks). IBM's developerWorks introduces readers to the ssh-agent and keychain utilities. "ssh-agent, included with the OpenSSH distribution, is a special program designed to make dealing with RSA and DSA keys both pleasant and secure...[and] for the sole purpose of caching your decrypted private keys."

New Unix worm could be next Code Red (ZDNet). A new worm known as X.C apparently exploits a hole in the telnet daemon according to this ZDNet article. Telnet is, of course, already vulnerable to clear text password sniffing and sites concerned with security usually replace it with ssh.

Linux Trojan spotted in the wild (Register). The Register reports on another Linux-based Trojan known as Remote Shell, which should not be confused with the ancient rsh utility. "Qualys suggests Remote Shell can be disseminated by inconspicuous emails and replicates itself on the infected Linux-based system. The Trojan installs a backdoor that listens for incoming connections on UDP port 5503 or higher, enabling remote attackers to connect and take control of the system."

Security Reports

Red Hat advisory for bugzilla. Red Hat has posted their advisory for bugzilla. See: Red Hat (September 10, 2001) . This advisory addresses several security problems with bugzilla in which valid users can obtain confidential data without authorization, also addresses a problem where parameters were not being checked properly.

Conectiva security update to mailman. Conectiva has issued a security update to mailman which fixes a number of vulnerabilities, some fairly old. See: Conectiva (September 5, 2001) .

Uucp local user exploits. There is a vulnerability in the command-line argument handling of uucp which can be exploited by a local user to obtain uid/gid uucp. The following updates address the problem:

Updates

Apache-contrib command injection vulnerability. The Apache module mod_auth_mysql 1.4 was found vulnerable to possible bypass authentication by MySQL command injection. See last week's LWN security page for a discussion of the SQL injection problems with a number of Apache modules.

Previous updates:

Buffer overrun vulnerabilities in fetchmail. (Found by Salvatore Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used fetchmail program. Given a hostile server, arbitrary code can be run on the system running fetchmail. The solution is to upgrade to fetchmail 5.8.17. See the August 16 Security page for the initial report.

Previous updates:

Format string vulnerability in groff. A format string problem exists in groff; apparently it could be remotely exploited when it is configured to be used with the lpd printing system. (First LWN report: August 16, 2001).

The stable release of Debian is not vulnerable.

New updates:

Debian (January 30, 2002) (Japanese version)

Previous updates:

Vulnerabilities in Horde IMP Horde IMP has several vulnerabilities which are fixed in version 2.2.6; see Bugtraq ID's 3066, 3079, 3082, and 3083 for more details.

Previous updates:

Linux Kernel 2.4 Netfilter/IPTables vulnerability. Check the April 19 LWN Security Summary for the original report. The NetFilter team has provided a patch for Linux 2.4.3.

Previous updates:

Mandrake (August 28, 2001)
Progeny (May 17)
Red Hat (June 21), 7.1, default configuration not vulnerable

Denial of service vulnerability in OpenLDAP This problem was first identified in a CERT advisory issued in July, 2001. It was covered in the July 19, 2001 LWN security page.

Previous updates:

OpenSSL Pseudo-random number generator weakness A weakness has been discovered in the OpenSSL Pseudo random number generator that can allow an attacker to discover the PNRG's state and predict future values. (First reported July 12).

Previous updates:

Procmail race conditions. See the July 26 Security page for the initial report.

This week's updates:

Mandrake (November 20, 2001)

Previous updates:

Input validation problem with sendmail. An input validation error exists in versions of sendmail prior to 8.11.6 (or 8.12.0Beta19) which may be exploited by local users to obtain root access. See the August 23 Security Page for the initial report.

This week's updates:

Red Hat (October 22, 2001) (no explanation of changes from previous update).

Previous updates:

SQL injection vulnerabilities in Apache authentication modules. Several Apache authentication modules have vulnerabilities that could allow an attacker to feed arbitrary SQL code to the underlying database, resulting in a compromise of database integrity and unauthorized access to the server. See the September 6 security page for more information.

New updates:

Previous updates:

Red Hat (October 23, 2001) (mod_auth_pgsql)
Conectiva (September 28, 2001) (mod_auth_pgsql)
Conectiva (September 6, 2001) (mod_auth_mysql)

Squid httpd acceleration ACL vulnerability. This vulnerability could result in unauthorized access to the squid server. See the July 26 Security page for details.

This week's updates:

SuSE (October 30, 2001)

Previous updates:

Red Hat (October 16, 2001) (adds an updated package for 7.2).
Yellow Dog (July 25, 2001)
Caldera (August 9)
Linux-Mandrake (August 2)
Immunix (July 26)
Trustix (July 26)
Red Hat (July 26)

Multiple vendor telnetd vulnerability. This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.

This week's updates:

HP (February 12, 2002)

Previous updates:

Caldera (August 10, 2001)
Conectiva (August 24, 2001)
Debian (August 14, 2001) (SSL version)
Debian (August 14, 2001) (Update for Sparc version)
Mandrake (August 13, 2001)
Mandrake (December 17, 2001) (kerberos version)
Progeny (August 14, 2001)
Red Hat (February 7, 2002) (Update, for Red Hat 5.2, 6.2, 7.0, and 7.1, to the original advisory, issued August 9, 2001.)
Red Hat (August 9, 2001)
Red Hat (August 9, 2001) (kerberos version)
Slackware (August 9, 2001)
SuSE (September 3, 2001)
Yellow Dog (August 10, 2001)
Yellow Dog (August 10, 2001) (kerberos version)

Buffer overruns in Window Maker A buffer overrun exists in Window Maker which could, conceivably, be exploited remotely if the user runs a hostile application. This problem initially appeared in the August 16, 2001 LWN security page.

New updates:

SuSE (September 20, 2001)

Previous updates:

Security audit of xinetd and resulting fixes. Solar Designer has performed an extensive audit of xinetd, looking for certain types of security vulnerabilities. So many problems were found in the code that the resulting patch weighed in at over 100KB. This patch was only fully merged as of xinetd 2.3.3. See the September 6, 2001 LWN security page for the initial report.

This week's updates:

Turbolinux (January 24, 2002)

Previous updates:

Buffer overflows in xloadimage This problem was first covered in the July 12 Security page.

Previous updates:

Resources

Events

Upcoming Security Events.

Date Event Location

September 13, 2001 New Security Paradigms Workshop 2001(NSPW) Cloudcroft, New Mexico, USA

September 28 - 30, 2001 Canadian Association for Security and Intelligence Studies(CASIS 2001) (Dalhousie University)Halifax, Nova Scotia, Canada.

October 10 - 12, 2001 Fourth International Symposium on Recent Advances in Intrusion Detection(RAID 2001) Davis, CA

November 5 - 8, 2001 8th ACM Conference on Computer and Communication Security(CCS-8) Philadelphia, PA, USA

November 13 - 15, 2001 International Conference on Information and Communications Security(ICICS 2001) Xian, China

For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.

Section Editor: Forrest Cook

September 13, 2001

LWN Resources

Secured Distributions:
Astaro Security
Castle
Engarde Secure Linux
Immunix
Kaladix Linux
NSA Security Enhanced
Openwall GNU/Linux
Trustix

Security Projects
Bastille
Linux Security Audit Project
Linux Security Module
OpenSSH

Security List Archives
Bugtraq Archive
Firewall Wizards Archive
ISN Archive

Distribution-specific links
Caldera Advisories
Conectiva Updates
Debian Alerts
Kondara Advisories
Esware Alerts
LinuxPPC Security Updates
Mandrake Updates
Red Hat Errata
SuSE Announcements
Turbolinux
Yellow Dog Errata

BSD-specific links
BSDi
FreeBSD
NetBSD
OpenBSD

Security mailing lists
Caldera
Cobalt
Conectiva
Debian
Esware
FreeBSD
Kondara
LASER5
Linux From Scratch
Linux-Mandrake
NetBSD
OpenBSD
Red Hat
Slackware
Stampede
SuSE
Trustix
turboLinux
Yellow Dog

Security Software Archives
munitions
ZedZ.net (formerly replay.com)

Miscellaneous Resources
CERT
CIAC
Comp Sec News Daily
Crypto-GRAM
LinuxLock.org
LinuxSecurity.com
Security Focus
SecurityPortal

Next: Kernel