[LWN Logo]
[LWN.net]

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page
All in one big page

See also: last week's Security page.

Security


News

A report of a Linux-based "worm" showed up in this story on LinuxToday. However, discussion on BugTraq, where the message was originally posted, indicated that this was 1) not a worm, in that it does not automatically self-replicate but insteads mails back information to the author, which is then manually used in further attacks and 2) not new. For example, this CERT summary mentions that a file called "admw0rm" is known to have been found on many systems that have been successfully compromised.

Most importantly, the "ADM worm", as it was dubbed, does not exploit any new vulnerabilities, but instead just searches for a large number of well-known holes that people may not have patched. So the issue here is to follow the oft-repeated security rules:

  • Keep up with the patches and updates for your distribution!
  • Firewall your networks.
  • Don't allow yourself or your users to pass plaintext passwords across the Internet.
  • Strip down your exposed hosts to limit the number of potentially exploitable daemons that can be accessed.
  • Use packet filtering to control the packets that are allow access to your machine.
  • etc.

Although the Melissa Virus was not a Linux issue, you may want to note that the CERT advisory for Melissa contains information on how to configure sendmail to filter out messages that contain the virus. For more details, check out this web page.

Security Reports

A vulnerability in Linux kernels 2.1.89->2.2.3 can leave a system open to a denial of service attack. This posting from John McDonald provides exact details. If you are currently running an affected kernel, an upgrade to Linux kernel 2.2.5 is recommended.

A race problem in XFree86 is the focus of this advisory from SuSE, which contains a patch for the problem. It's exploitable only by local users, but probably still worth implementing. Here, also, is Red Hat's advisory on the problem. Note that not all distributions may have a vulnerable version of XFree86, (see this posting.

Also from Red Hat comes updated mutt and packages containing fixes to various problems previously reported on BugTraq or by the Linux Security Audit team. Upgrades to these packages are strongly recommended.

Cisco has issued an advisory covering a vulnerability in the Cisco Catalyst Series Ethernet Switches which can be used to trigger a denial-of-service attack remotely. An upgrade to the most recent version of the Catalyst switch software is recommended. More specific information is covered in the advisory, which was issued March 24, 1999.

Another Cisco security issue was issued the same day and covers a problem in the Cisco Catalyst Supervisor software. It can be used by remote TCP/IP users to trigger a remote reload, causing denial-of-service during the reload. The advisory covers which Cisco models are affected and how to get a fix for the problem.

Resources

HostSentry is a new security tool for which an alpha version has been released. It is designed as a "Login Anomaly Detector", and while not yet bug-free or complete, should be stable enough to be used. For more information, check out the announcement posted by Craig H. Rowland. HostSentry is part of the Abacus Suite of freely available security tools .

Section Editor: Liz Coolbaugh


April 1, 1999

 

Next: Kernel

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds