Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsOpenSSH 3.0 released. OpenSSH version 3.0 has been released. It includes a great many new features, including smartcard support, improved Kerberos support, dynamic forwarding, and more. CERT advisory on lpd vulnerabilities. CERT has issued an advisory regarding several vulnerabilities in the lpd print system. Most of the problems are old; the purpose of the advisory is to remind people to apply their upgrades. Security ReportsTrouble with netfilter and syncookies. Just when you had installed a new kernel and thought that the security problems were behind you, a new one turns up. It's an obscure problem, but, in many cases, worth fixing anyway. Essentially, the "syncookies" mechanism, developed to defend against SYN flood attacks, can be exploited by a clever attacker to circumvent netfilter firewall rules that block incoming connections. Since many firewall setups depend on blocking these connections, this vulnerability could seriously compromise the protection of the system or network. A short-term workaround is to turn off syncookies: echo 0 > /proc/sys/net/ipv4/tcp_syncookiesSyncookies will be reset at the next reboot; the system will also be more vulnerable to SYN flood (denial of service) attacks while syncookies are disabled. The real fix, of course, is to apply another kernel update. Here's the ones we've seen so far:
Webalizer tag vulnerability. The "webalizer" logfile analysis program has a vulnerability which can allow an attack to place arbitrary HTML tags into the reports. When the reports are viewed, these tags can be used toward unpleasant ends, including cross-site scripting attacks. A fix is available which closes the vulnerability. Updates seen so far: Red Hat updates ghostscript. Red Hat has issued a security update to ghostscript fixing an interesting problem. When ghostscript is used as part of the print spooling system (a common configuration), a clever attacker can use its PostScript file commands to read any file that is accessible to the print spooler. The update disables those commands in that context. There is also a more comprehensive printer update available from Red Hat which includes this fix, a number of others, and tosses in the IBM Omni printer drivers for good measure. Denial of service vulnerability in Tux. The Tux kernel-based web server has a denial of service vulnerability which can allow a remote attacker to crash the host system. Most systems do not run Tux; those which do should apply the Red Hat kernel update for the syncookie problem; it also fixes this vulnerability.
Caldera security update for libdb. Format string vulnerability in rwhoisd. The "rwhoisd" whois server has a format string vulnerability which can be used by a remote attacker to run arbitrary code. A patch is available which should be quickly applied by anybody running this server; no distributor updates have been seen as of this writing. UpdatesConfiguration file vulnerability in ht://Dig. The ht://Dig search engine contains a vulnerability which allows a remote user to specify an alternate configuration file. If that user is able to place a suitable file in a location where ht://Dig can read it, the system may be compromised. See the original report from the ht://Dig project for details. This vulnerability first appeared in the October 11 LWN security page.This week's updates: Previous updates:
This week's updates: Previous updates: Vulnerabilities in tetex. The tetex package has a temporary file handling vulnerability; this problem was first reported in the July 12, 2001 LWN security page. This week's updates:
Previous updates:
Several vulnerabilities in ucd-snmp. The ucd-snmp package has a number of vulnerabilities, including buffer overflows, format string problems, and temporary file races. This problem was first reported in the August 23 LWN security page. This week's updates: Previous updates: Improper credentials from login. A problem with the login program (in the util-linux package) can, in some situations, cause a user to be given the credentials of another user at login. Use of the pam_limits module, in particular, can bring about this problem. In general, distributions using the default PAM configuration are not vulnerable; an upgrade is probably a good idea anyway. This problem was first reported in October 18 LWN security page. This week's updates: Previous updates:
ResourcesLinux Security Week for November 5 from LinuxSecurity.com is now available.EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
November 8, 2001
LWN Resources | ||||||||||||||||||||||||||||||