![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page All in one big page See also: last week's Security page. |
SecurityNews and EditorialsCredit your Source. One small irritant that has caught our attention as we wade through postings and advisories, week after week, is the lack of information in say, an advisory from a Linux distributor, about how they found out about the problem for which they are issuing a fix. If they found it via their own bug reporting system or an internal audit, they will occasionally mention that, but they generally don't say, "Found via So-and-so's posting to BugTraq" or "Reported to us by So-and-so". What does that matter? Well, several benefits come about if the sources of information are clearly provided. First of all, it allows people to check the multiple sources of information, to potentially better understand the problem. Second, it makes it much easier to determine whether two advisories, that use very different wording, are possibly talking about the exact same problem. Third, it makes it much easier for the person who originally found to problem to be credited and gives them a higher profile. In a realm where enhanced reputation is the only coin, this matters. Last though, and possibly most important, it allows people to share with each other their valuable sources. Sources that are referenced most frequently become easy to identify as highly valuable. The mention of a source that is new to many people helps educate everyone. Of course, none of this is intended to require disclosure in cases where a source prefers to be unidentified. However, the value of the Internet is derived from our ability to link information together. For those of you providing advisories, think of the possibilities behind the addition of one extra line: "Source:".
System Fingerprinting With Nmap (Network Magazine). Network Magazine.com has an in depth look at system identification through the use of network protocols, specifically with the use of nmap. "The easiest way to identify operating systems is to run nmap. Nmap started off as a very functional network and port scanner, but in 1998 Fyodor added operating system fingerprinting techniques." Security ReportsNetscape 4.75 buffer overflow. According to this FreeBSD advisory, a client-side exploit is enabled in Netscape 4.75 via a buffer overflow. Netscape 4.76, which was released on October 24th, apparently fixes this problem, though finding confirmation of why Netscape 4.76 was released and what problems it has fixed has proven a bit difficult.format vulnerability in top. This FreeBSD advisory warns of a format string vulnerability in the "top" utility, a popular binary that displays per process cpu and memory usage. Top can be exploited to gain "kmem" privileges, which, in turn, allow access to kernel memory, network traffic, disk buffers and terminal activity. Higher level privileges may also be obtainable. Other BSD and Linux systems should also be impacted.getnameinfo denial-of-service. The FreeBSD team put out an advisory warning of a denial-of-service vulnerability associated with the getnameinfo function. A patch to fix the problem is included. This problem presumably impacts other BSD versions, as well as Linux.quake server denial-of-service. An easy method of taking down a remote quake server was publicized on BugTraq this week. Check BugTraq ID 1900 for more information.nap format string vulnerabilities. Numerous format string vulnerabilities were reported in nap, a terminal-based napster client for Linux. The use of an alternate napster client might be advisable, until an updated version of nap has been made available.vlock vulnerability. A vulnerability has been reported in vlock, a program that locks a virtual console or all consoles. Under this vulnerability, when vlock is used on Red Hat 7.0 by an unprivileged user to lock all consoles, the console lock can be broken without a password. This vulnerability has not yet been confirmed, nor do we know if it affects distributions other than Red Hat. It does not work on Red Hat 6.x.BIND 8.2.2-P5 denial-of-service. A potential denial-of-service vulnerability in BIND 8.2.2-P5 was reported this week. Compiled by default without ZXFR support, the server will die if a Zone Transfer request is received, unless the server has been configured to deny Zone Transfer requests. No confirmation of this vulnerability has been seen as of yet.Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesdump-0.4b15 local root access. Check last week's LWN Security Summary for the original report. This exploit only affects dump/restore if they are installed setuid root. As of dump-0.4b18, dump and restore no longer require setuid root. dump-0.4b19-4 is the latest available version.This week's updates:
nss_ldap race condition. Check last week's LWN Security Summary for the original report. Note that last week, we mentioned that we couldn't find an update for this problem on PADL Software website. Michael Shuey dropped us a note to set the record straight. "I proved that this race condition was a problem a few weeks ago, then notified PADL Software. Shortly thereafter lukeh@padl.com produced nss_ldap-121, which fixed the problem. He then contacted RedHat, who incorporated the newest version (122 by then) into their update. This race condition has been fixed by the upstream maintainer for the past two or three weeks."This week's updates: Previous updates:
curl buffer overflow. A buffer overflow in curl, a command-line tool for getting data from a URL, was reported in October.This week's updates:
gnorpm tmpfile link vulnerability. Check last week's LWN Security Summary for more details.This week's updates: Previous updates:
Apache mod_rewrite vulnerabilty. Files outside of the document root can be accessed, if the mod_rewrite module for Apache is in use. For more details, check the October 5th LWN Security Summary.This week's updates: Previous updates:
Pine buffer overflow vulnerability. An exploitable buffer overflow in Pine was reported to BugTraq in early October. The problem involves Pine's handling of incoming mail during an open session. Check the October 5th LWN Security Summary for the initial report. Note that the FreeBSD update below is the first one we've seen for this problem.Also announced this week was pine 4.30, which, judging by the Changes, fixes this problem. This week's updates: Previous updates:
xfce startup script vulnerability. Check the October 5th LWN Security Summary for the original report of this problem. Xfce 3.5.2 was released on October 1st, with a fix.This week's updates: esound tmpfile link vulnerability. Check the September 7th LWN Security Summary for the original report of this problem from FreeBSD.This week's updates: Previous updates:
Multiple buffer overflows in tcpdump. Last week, FreeBSD reported multiple buffer overflows in tcpdump 3.5, found during an internal audit. This week, they re-released their advisory, to include a corrected version of their original patch for the problem.ResourcesInstalling Snort 1.6.3 on SuSE 6.x-7.x . This LinuxNewbie article describes how to install snort, a light-weight network intrusion detection system, from source. Although the example system was running SuSE Linux, most of the instructions should carry over to any Linux system. Software Releases.
EventsUpcoming security events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
November 9, 2000
LWN Resources | ||||||||||||||||||||||||||||||
Copyright © 2000
Eklektix, Inc., all rights reserved
Next: Kernel