Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsChecking for root kits. After his security tutorial at Linux World, LWN asked Michael H. Warfield, of Internet Security Systems, if there was one current security issue our readers should watch. It is "root kits installed by intruders after they cracked your site to hide their activities and protect their backdoors." Michael also mentioned, in his talks, that "common worms have new exploits plus root kits wrapped up with some crude scripting glue to propagate from system to system and install backdoors with the rootkits hiding them."Michael recommends regularly checking exposed systems by running chkrootkit. This nifty tool locally checks for signs of a rootkit. Running it regularly and using diff to compare the results to past runs is one way to look for compromised systems. The Sardonix security auditing portal. Crispin Cowan has announced a new security portal designed to encourage auditing of code. "The whole project is intended to leverage community skepticism of claims of security, and the community's joyful habit of criticizing the work of others, and so we call it Sardonix." There will be features to track the auditing of various packages; it will also be able to audit the auditors by tracking how many bugs are found after somebody has declared it clean. The project is in an early stage, and contributors are being sought. This work is supported by a DARPA grant. Out of the box, Linux is 'dreadfully insecure' (Register). The Register reminds us that default installations for most Linux distibutions are insecure. "Jay Beale, the lead developer of Bastille Linux and an independent security consultant, says it's not the Unix-based systems with interesting stuff on them that get hacked, it's the vulnerable ones. And if you're not prepared to tighten up what you get from the vendor, it's just a matter of time." Security ReportsMandrake Linux Security Update - gzip. Mandrake has issued a security advisory for gzip. This fixes two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server. Net::FTPServer security fix. The Net::FTPServer project released this security fix to close a potential vulnerability "allowing users to list directories to which they should not have access. If your configuration file uses 'list rule', then you need to upgrade to version 1.034."
PHP Safe Mode Filesystem Circumvention Problem. According to this
post to Bugtraq: "If an attacker has
access to a MySQL server [...], he can use it as a proxy by which to
download files residing on the [PHP] safe_mode-enabled web server".
web scripts.
Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesRemotely exploitable vulnerability in pine. Pine has an unpleasant vulnerability in URL handling vulnerability which can lead to command execution by remote attackers. (First LWN report: January 17th).This vulnerability is remotely exploitable; updating is a good idea. Note: If an update isn't yet available for your distribution, setting enable-msg-view-urls to "off" in pine's setup will avoid the vulnerability. (Thanks to Greg Herlein). This week's updates: Previous updates:
This week's updates:
EventsUpcoming Security Events. The schedule for CodeCon 2002 has been announced. "CodeCon is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community." CodeCon 2002 will be held at DNA lounge in San Francisco, February 15th to 17th.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Dennis Tenney |
February 7, 2002
LWN Resources | ||||||||||||||||||