![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Linux in the news Security Kernel Distributions Development Commerce Announcements Back page All in one big page See also: last week's Security page. |
SecurityNewsThe Security and Freedom Through Encryption Act is drawing more publicity as the likelihood of its passage increases. This ZDnet/PCWeek/Smart Reseller article predicts victory and talks about the consequences. "Despite the lack of domestic restrictions, developers have segregated encryption features into specialized packages to keep their big-ticket products easily exportable. With this disincentive removed, expect near-ubiquitous adoption of user-friendly encryption in e-mail clients, office suites and other common software packages."Linux masquerading is the topic of this Byte.com article. "Firewalls can be implemented with varying levels of security. With Linux you can implement as much, or as little, security as you need because there is a very wide range of firewall software available." Security ReportsDeleGate, a "multi-protocol proxy daemon", was reported to contain a couple of security problems. An unofficial patch to correct these was provided by Kojima Hajime.Red Hat 6.0 when installed with the Squid web proxy/cache server, contains a cgi script that can be used remotely either for port scanning or as a denial of service tool. A confirmation of the problem came from Henrik Nordstrom, who suggested that squid be removed, if it is not in use, or provided suggestions for minimally securing the cgi script, otherwise.
UpdatesA couple of IP-chain related reports have come in to the Bugtraq mailing list this week. The first, a report from Andrej Todosic on a specific setup of a Linux firewall, with ipchains and Nat, which can be vulnerable to a kernel panic triggered remotely with a "ping -R". A similar problem was reported with FreeBSD.In addition, an advisory from data protect details a potential vulnerability in the Linux 2.2.10 ipchains firewall implementation. It is a variation on fragmentation attacks and a patch to resolve the problem is included. Last week's release of Samba 2.0.5, announced on our development page, contains fixes for three security holes, as noted on Bugtraq. The problems were found as a result of an audit done on Samba for Caldera by Olaf Kirch. Not too surprisingly, updated Samba packages for Red Hat are now available as are Caldera updates and Mandrake updates. The Caldera advisory contains more details on the actual security problems, which include a potential denial of service problem against nmbd and a buffer overflow in smbd. Red Hat has issued updated Gnumeric packages, details in the announcement. Gnumeric 0.23 is the default version shipped with Red Hat 6.0, but at the request of the Gnumeric maintainers, Red Hat has now made available packages for gnumeric 0.27, which addresses security problems in the older version of gnumeric. No details on the reported security problems were provided. ResourcesJob postings for security profesionals now have a new mailing list to which they can be posted: SecurityJobs. Hosted by Security Focus, both job openings, resumes and related postings for security professionals are allowed.The public Beta of L0pht's AntiSniff software has been released. It is a monitoring tool, designed to detect the patterns of early attempts to compromise a system or network. The public beta is currently only for NT, although a Unix command-line version has been promised. Meanwhile, the release of the Beta has generated some activity and even development of sniffers not vulnerable to AntiSniff. That should provide some good feedback to L0pht on ways to improve their program. EventsThe Toor Con '99 conference in San Diego, September 3rd and 4th, 1999, has a new way to pay in advance, cutting the price from $35 to $25 and including preferred seating for the lectures and a free raffle ticket.Section Editor: Liz Coolbaugh |
July 29, 1999
|
Copyright © 1999
Eklektix, Inc., all rights reserved
Next: Kernel