Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsFlaw weakens Linux security software (News.com). News.com looks at the Netfilter security problem. "Security is a nagging concern for the computer industry, which must juggle new features with the risk that they open up new problems. While the firewall problem the Netfilter programmers discovered is limited to a few versions of Linux, a more serious problem emerged earlier this month affecting numerous operating systems using standard network management software." Building a Virtual Honeynet (LinuxSecurity). This LinuxSecurity article describes the author's experiences with building a virtual honeynet on his existing Linux box. "A honeynet is only one type of honeypot which is supposed to emulate a real production network, while a honeypot is a single host designed as a lure-and-log system (i.e. a system with a packet sniffer and a keylogger to log all activity on it, and most likely programs that simulate vulnerable services)." Security Reports
Both PHP3 and PHP4 have vulnerabilities in
their file upload code which can lead to remote command execution.
This one could be ugly; sites using PHP should apply updates at the first
opportunity. If an update isn't available for your distribution, users
of PHP 4.0.3 and later are encouraged to consider disabling file upload
support by adding this directive to php.ini:
CERT has issued this advisory on the problem.
This article in
the Register also talks about the vulnerability.
Developers using the 4.2.0 branch, are not vulnerable because
because file upload support was completely rewritten for that branch.
Distributor updates seen so far:
Apache mod_ssl buffer overflow vulnerability. According to this announcement "modssl versions prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL routines in a manner which could overflow a buffer within the implementation. This situation appears difficult to exploit in a production environment[...]." Distributor updates seen so far: Two denial of service vulnerabilities in Cistron RADIUS versions 1.6.5 and prior are described in this CERT advisory for RADIUS. "They are remotely exploitable, and on most systems result in a denial of service." Updates are available for:
Security vulnerability in Zope. There is available. It seems that the calculation of user privileges is not always done as it should be, and users could, in some situations, get access to things they shouldn't be allowed to touch. Debian Security Advisory - xsane. Debian has released an update for xsane. Tim Waugh found several insecure uses of temporary files in the xsane program, which is used for scanning. This was fixed for Debian/stable by moving those files into a securely created directory within the /tmp directory. Debian security update to cfs. Here is this cfs update from Debian fixing a set of buffer overflows there. Debian Security Advisory for CVS. Updated packages are available to fix an improper variable initialization in the CVS server. This problem has been fixed in version 1.10.7-9 for the stable Debian distribution and in versions newer than 1.11.1p1debian-3 for the testing and unstable distribution of Debian.
DCP-Portal content management
system information path disclosure vulnerability.
This
Bugtraq post describes the vulnerability
which may "enable a remote user to reveal the
absolute path to the web root and also more information about
the system might be revealed."
web scripts.
UpdatesCyrus SASL format string vulnerability. A format string bug in the Cyrus SASL authentication API for mail clients and servers may be remotely exploitable. (First LWN report: November 29, 2001). This week's updates: Previous updates:
Multiple vulnerabilities in SNMP implementations. Most SNMP implementations out there have a variety of buffer overflow vulnerabilities and should be upgraded at first opportunity. See this CERT advisory for more. (First LWN report: February 14). This week's updates:
Previous updates:
This week's updates: Previous updates:
Fixes 8 available from SmoothWall. The SmoothWall Project has released fixes 8, which provides major upgrades to Apache, OpenSSL, OpenSSH and applies counter controls to theoretical exploits which could potentially affect many Linux distributions. ResourcesThe CERT Coordination Center (CERT/CC) has issued the quaterly CERT summary "to draw attention to the types of attacks reported to our incident response team, as well as other noteworthy incident and vulnerability information." The last regularly scheduled CERT summary was issued in November 2001. "Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two." by Zenomorph is available from here. The paper "deals with detecting web application/web server attacks along with figuring out what it may mean" to the "average administrator. and developer." The draft Guidelines on Securing Public Web Servers is available for public comment from the United States National Institute of Standards and Technology (NIST). NIST is seeking comments and suggestions on this draft. If you are interested, the document is available from NIST. Open Source Security Testing Methodology Manual 2.0 has been posted for peer-review. More information is available in the announcement. The manual is available for download from here. Linux security week. The and publications from LinuxSecurity.com are available. IT Security Cookbook Now Available (LinuxSecurity). LinuxSecurity talks with Sean Boran, author of "IT Security Cookbook". "LinuxSecurity.com: Why is it important for IT professionals to read your cookbook? Sean Boran: Because it starts at the top (policies) and goes all the way down to technical recommendations." EventsRAID 2002 Last Call for Papers. The Fifth International Symposium on Recent Advances in Intrusion Detection has issued this last call for papers. RAID 2002 will be held in Zurich, Switzerland October 16-18, 2002. It is organized by Swiss Federal Institute of Technology and IBM Research Division. The deadline for submissions is the end of March 2002.DEF CON TEN Call for Papers. DEF DON TEN has issued this call for papers. "Papers and presentations are now being accepted for DEF CON TEN, the largest 'hacking' convention on the planet. Papers and requests to speak will be received and reviewed from NOW until July 1st."
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Dennis Tenney |
March 7, 2002
LWN Resources | |||||||||||||||||||||||||||||||||||||||||||||