[LWN Logo]
[LWN.net]

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page
All in one big page

See also: last week's Security page.

Security


News

As predicted, hacks for Intel's Pentium III serial number are already available, at least according to claims in this Wired News article. "...contrary to Intel's claims, the identifying Processor serial number in the Pentium III can be secretly turned on and off without the user's knowledge by a small software program."

Beginning March 2nd, Tripwire Security will be releasing its Linux version of Tripwire 2.0 for free. They will have CD's of their 2.0 version available for a limited number of people at next week's LinuxWorld conference. For more information, check out their press release or visit their booth at LinuxWorld.

Denial of Service Reports reclaim the spotlight. This comp.risks report on how to create denial of services attacks specifically aimed at filling the system process table came out Friday, February 19th. Finger is the primary service targeted by the report, but the authors state their belief that the UW imap and sendmail daemons could be used in a similar manner. Several people brought up the use of alternatives to inetd, such as xinetd or tcpserver to prevent such problems.

Kevin Lyda responded to initial reports of the problem with finger with patches and rpms for finger. The problem is also recorded as bug 1271 with Red Hat's Bugzilla. New versions of the finger rpms are available from contrib.redhat.com. Red Hat has not made an official report or new rpms.

Security Reports

Brian Jones has found and reported an overflow in autofs. His posting indicates that the problem impacts both the Linux kernel versions 2.0.36 and the later 2.2.1 series. He does not mention 2.2.2, but it seems unlikely that a fix for this problem has made it into the series as of yet. He provides a patch for the problem, but mentions that the autofs author has been notified and plans on fixing the problem in a different manner.

Chris Evans reported yet more problems with zgv. In his Bugtraq posting, he details why he thinks anyone with security concerns should just remove zgv from their system, along with any other SVGAlib programs. It seems that the current problem stems from the fact that zgv holds a vital resource, a writeable file descriptor to /dev/mem, even after it properly drops root privileges.

Steven Hodges reported a vulnerability in the TetriNet daemon (Tetrix) and provided a patch for the problem. Note that a follow-up message indicated that the patchh, as written, did not work.

xtvscreen under SuSE 6.0 can be used to overwrite any file on the system, according to this note from Andre Cruz.

Shane Wegner reported problems with the ".nu" domain registration system. It appears from his note that anyone willing to pay a $25 fee can knock out or redirect a host belonging to someone else.

Pavel Machek reported several Thinkpad gotchas with security implications. If you own a Thinkpad, you might want to check out his list.

Julien Nadeau reported a buffer overflow in NcFTPd, a commercial ftp server. It initially does not appear to be exploitable, according to his posting, though since it does not come with source code, this is difficult to verify. Mike Gleason from NcFTP software confirmed that there is a one-byte overflow and NcFTPd 2.4.1 is available to fix the problem.

Updates

As a result of the recently reported bugs in super, the program has gone through two quick updates. A description of some of the problems in older versions of super is available in this note from William Deich. It also includes pointers to the source code and notes that it is available under either the GNU or the Artistic License.

ISS has responded to recent discussions about the ISS Internet Scanner. Their response mentions a new version of the scanner to be released in March and mailing/discussion lists for their customers.

Red Hat has released an update for the lsof vulnerability. This appears to be a relatively minor hole on Red Hat systems, but it's probably a good idea to drop in the update anyway.

Resources

Version 0.06 of the Net:RawIP perl module for manipulating ra ip packets has been announced.

A review of "Top Secret Intranet" by Fredrick Thomas Martin from Robert Slade reports some "mildly interesting" information about some of the US Governments "secret" practices, but not much of anything useful to someone interested in building their own secure Intranet.

Events

SANS will be sponsoring the web-briefing "What the Hackers Know About Your Site, III". In this briefing, Rob Kolstad and Steven Northcutt will interview nlog-developer H. D. Moore and John Green. For more information, check out the description of the briefing from the ISN list. The briefing is free and will be held Tuesday, March 2nd and is free, though registration is required. For those unable to make the first briefing (maybe because of the LinuxWorld conference next week ...), re-runs of the briefing will be scheduled.

Computers, Freedom, and Privacy: The Global Internet is the title of an upcoming conference in Washington, D.C., scheduled to be held April 6th through the 8th. Check out the conference web-site for more details.


February 25, 1999

 

Next: Kernel

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds