![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/security.png)
|
|
|
 Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Security page. |
SecurityNews and EditorialsSerious vulnerability in PHPNuke. PHPNuke 5.2 has an embarrassing vulnerability in its file manager function that can allow the creation and overwriting of arbitrary files on the server system. The advisory contains a quick source-level fix; a simpler fix was also posted. Note that PostNuke 0.63 appears not to be vulnerable.More SQL code injection problems. This RUS-CERT advisory describes a new range of SQL code injection vulnerabilities. This time the problem is with the PAM and NSS libraries shipped with most Linux (and Unix) systems. Through the use of properly-crafted usernames and passwords, an attacker can cause arbitrary SQL code to be executed. This, in turn, can lead to database corruption and unauthorized access. No vendor updates for the affected modules are yet available. CRYPTO-GRAM for September. For those who haven't yet seen it: Bruce Schneier's CRYPTO-GRAM Newsletter for September covers the September 11 attacks and several other topics. Security ReportsOpenSSH restricted command vulnerability. OpenSSH 2.9 and 2.9p2 are subject to unauthorized access problems in certain scenarios. If you are using authorized key pairs to provide remote access, and have restricted the commands that may be executed via that key pair, and have the sftp capability enabled, the command restrictions can be evaded. The result can be access to a shell on the server system even though that access had been explicitly denied. The fix, for now, exists only in the OpenSSH cvs archive; concerned administrators should update to the cvs version, or simply disable sftp.slrn executes shell code. The Debian Project has released a security update to slrn fixing an interesting problem: evidently slrn will execute any shell code it finds within an article, on the theory that the article is a self-extracting archive. This may have been desirable behavior in 1982, but it presents certain difficulties in modern times. Users of slrn should apply the update; none have yet been seen from other distributors. Minor DOS problem with squid. Also from Debian is this update to squid. Evidently a malformed FTP PUT command can cause the server to restart. The problem has been fixed in version 2.2.5-3.2. Updates seen so far: Format string problems in HylaFax. The HylaFax package has some format string vulnerabilities. On some systems (i.e. FreeBSD), the affected binaries are installed setuid uucp, and could thus provide unauthorized access to the system. Most Linux systems seem to not install HylaFax with added privileges, however.
Filename vulnerability in Red Hat's serial init script. Red Hat has
issued an alert warning of a
potential vulnerability with the setserial package. This one is obscure:
you must have installed setserial, copied the init script from the
documentation directory over to /etc/rc.d/init.d, and built your
own kernel with serial support installed as a module. If you've done all
those things, there is a potential problem with predictable temporary file
names. Most users, it is expected, need not worry about this one.
Proprietary products.
UpdatesSource page buffer overflow in man zen-parse reported a buffer overflow in man that, when manual pages begin with a '.so' statement, may be exploited to execute arbitrary code under the 'man' group id. For more details, check BugTraq ID 2872. (First reported in the June 21 LWN security page). New updates: Uucp local user exploits. There is a vulnerability in the command-line argument handling of uucp which can be exploited by a local user to obtain uid/gid uucp. See the September 13, 2001 LWN security page for the initial report.New updates:
Buffer overruns in Window Maker A buffer overrun exists in Window Maker which could, conceivably, be exploited remotely if the user runs a hostile application. This problem initially appeared in the August 16, 2001 LWN security page. New updates: Previous updates:
ResourcesPort list available. Kurt Seifried has released a comprehensive list of TCP and UDP ports, including 363 known trojan ports.
By the numbers: Comparing Windows security to Linux (TechRepublic). TechRepublic uses BugTraq reports to determine just how secure Linux is versus Microsoft, and the numbers are not tilted the way you might think. "As these numbers illustrate, Windows NT 4.0 was the leader in bugs identified during 2000. But Linux was not far behind. And in 2001, Windows 2000 has stabilized a bit and is actually running in the middle of the pack." A free registration is required to access this article. (Thanks to Sean Walton) EventsUpcoming Security Events.
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net. Section Editor: Jonathan Corbet |
September 27, 2001
LWN Resources | |||||||||||||||||||||
Copyright © 2001
Eklektix, Inc., all rights reserved
Next: Kernel