![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsNIST gives away vulnerability database. The National Institute for Standards Technology announced this week that they are giving away their vulnerability database, free for public use. The data is being provided on a royalty-free basis, for inclusion in both proprietary and free products. Check the ICAT home-page for more details. Note that the data is provided as a Microsoft Access 2000 file. Hopefully someone will massage it into a more friendly, open format in the near future. Snort: Planning IDS for Your Enterprise (Linux Journal). The Snort Intrusion Detection System gets a look in this Linux Journal article. "Snort is often referred to as a lightweight intrusion detection system. Snort is labeled lightweight because it is designed primarily for small network segments. Snort is very flexible due to its rule-based architecture. The designers of Snort have made it very easy to insert and expand upon rules as new security threats are detected". This month's CRYPTO-GRAM newsletter. Bruce Schneier's CRYPTO-GRAM Newsletter for July is out. The main topics of interest this month are Internet-based telephony (and the associated security risks) and security monitoring. Also from Bruce this month is a a copy of his written testimony provided for the Senate Subcommittee on E-consumer Science, Technology and Space. The favorite quote of the week is, of course, this one: What will happen when the CFO looks at his premium and realizes that it will go down 50 percent if he gets rid of all his insecure Windows operating systems and replaces them with a secure version of Linux? The choice of which operating system to use will no longer be 100 percent technical.
In addition, however, many of his other comments are also worth reviewing, including his belief that the Internet will never be secure, but will, in fact, grow less secure. He emphasizes that automatic security will always be flawed and human intervention required. Which Is More Secure? -- Open Source Vs. Proprietary (Interactive Week). Jeremy Allison provides the open source argument in this two-sided story on Security from Interactive Week. "Most often, a security alert is issued for a proprietary software package once a cracker has created and published an exploit to take advantage of a problem. Most open source security alerts are issued because of third-party audits, not published exploits, and an alert is published in the spirit of openness to notify any users of the broken software about upgrades." PortSentry (Linux Journal). Linux Journal looks at PortSentry and LogCheck, two tools in the arsenal of security. "Once a host is targeted by an attacker, a port scan is almost always performed. The port scan is done to expose all services available on the target host and to provide a starting point for break-in attempts. PortSentry detects such scans by monitoring the unused ports on the host. " Security ReportsLinux init default umask vulnerability. Linux kernel versions 2.4.3 through 2.4.6 create the init process with a default umask of 0000. If a specific Linux distribution does not explicitly change this umask, this vulnerability can be exploited locally to gain root privileges. Check BugTraq ID 3031 for more details.Adding 'umask 022' to the beginning of the rc.sysinit file will resolve the problem, which has been fixed as of 2.4.7pre7. CERT security advisory for LDAP. CERT has issued a security advisory describing denial of service and remote compromise vulnerabilities in numerous LDAP servers, including OpenLDAP. CERT does not normally get into the picture until problems are being actively exploited, so, if you're running LDAP, it's probably worth taking a look and doing a quick update.Vulnerable versions of OpenLDAP include 1.x prior to 1.2.12 and 2.x prior to 2.0.8. Note that OpenLDAP was only found to be vulnerable to denial-of-service attacks; no remote compromise vulnerabilities were found. Check also BugTraq ID AllCommerce temporary file creation vulnerability. AllCommerce, a Perl and SQL92-based e-commerce application, has been reported to contain a temporary file creation vulnerability. Check also BugTraq ID 3016.
Engarde Secure Linux-specific sudo vulnerability. The default configuration of Engarde can lead to elevated privileges for accounts included in the admin group. They have issued an advisory and recommended workarounds. Check also BugTraq ID 3019.vipw insecure file permissions vulnerability. Red Hat has issued an advisory for vipw in Red Hat 7.1. If vipw is used to edit the /etc/shadow file, the modified file will be saved with improper permissions. Check also BugTraq ID 3036.Slackware /var/man permissions vulnerability. Slackware 8.0 and earlier has been reported to contain a vulnerability due to the permissions shipped by default on the /var/man/cat* directories. These directories are shipped with permissions "1777", allowing world-write access. Using symlinks, this access can be exploited to overwrite files owned by the person running the man command. In particular, if man is run by root, this can be exploited locally to gain root privileges. Modifying the permissions on the directories will close the vulnerability. BugTraq ID 3054.Opera malformed header vulnerabilty. The Opera web browser version 5.0 for Linux has been reported to have difficulties handling malformed headers. As a result, this can be exploited by malicious webmasters to cause the browser to crash. No response from Opera has been seen so far.web scripts. The following web scripts were reported to contain vulnerabilities:
Proprietary products. The following proprietary products were reported to contain vulnerabilities:
UpdatesOpenSSL Pseudo-random number generator weakness. Check the July 12th LWN Security Summary for the original report or BugTraq ID 3004. This week's updates: Previous updates:cfingerd buffer overflow and format string vulnerabilities. Check the June 28th LWN Security Summary for the original report or BugTraq ID 2914. These vulnerabilities can be exploited locally to gain elevated privileges, possibly including root access.This week's updates: fetchmail buffer overflow. Check the June 21st LWN Security Summary for the original report. This is remotely exploitable and could lead to root access if fetchmail is run by root. An upgrade to fetchmail 5.8.6 will resolve the problem.This week's updates:
Horde IMP Message Attachment symbolic link vulnerability. Check the June 7th, 2001 LWN Security Summary for the initial report (or BugTraq ID 2805). Horde Imp versions prior to 2.2.5 contain this vulnerability, which stems from the use of the PHP tempnam function for creating temporary files. Upgrading to Imp 2.2.5 and PHP 4.0.5 is recommended.This week's updates: elm alternate folder buffer overflow. Check the March 1st LWN Security Summary for the initial report. Elm 2.5 PL3 was impacted. The problem was fixed in elm 2.5.4. Updated versions of elm are available. Check BugTraq ID 2403 for more details.This week's updates:
Multiple buffer overflows in tcpdump. Multiple buffer overflows in tcpdump were reported in our November 2nd, 2000 edition. Check also BugTraq ID 1870This week's updates:
Events10th Usenix Security Symposium. The 10th Usenix Security Symposium is scheduled for August 13th through the 17th in Washington, D.C. Richard M. Smith, CTO of the Privacy Foundation, will be giving the keynote. Edward W. Felten, Princeton University, and his research team will be presenting a refereed paper on "Reading Between the Lines: Lessons from the SDMI Challenge". Upcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Liz Coolbaugh |
July 19, 2001
LWN Resources | ||||||||||||||||||
Copyright © 2001
Eklektix, Inc., all rights reserved
Next: Kernel