Information Security News mailing list archives
Linux Advisory Watch - April 9th 2004
From: InfoSec News <isn () c4i org>
Date: Mon, 12 Apr 2004 02:59:45 -0500 (CDT)
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 9th, 2004 Volume 5, Number 15a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for the Linux kernel, interchange,
fte, sysstat, oftpd, squid, heimdal, tcpdump, portage, kde, tcpdump,
sysstat, ClamAV, Automake, and mplayer. The distributors include Debian,
Gentoo, Mandrake, and Turbolinux.
----
NEW Step-by-Step SSL Guide for Apache from Thawte
Thawte's new guide will show you how to test, purchase, install and use a
Thawte Digital Certificate on your Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.
http://ad.doubleclick.net/clk;7739216;9007465;r
----
File Integrity Monitoring
Recently, I stumbled across a relatively new tool called AFICK. It stands
for Another File Integrity CHecker. It is similar to both Tripwire and
AIDE. AFICK is GPLed and completely written in PERL. It is extremely
flexible has been tested on a wide range of Linux, Windows, and Unix
system. According to the AFICK project website, it has a decent
performance advantage over AIDE. However, I have not independently
verified this. If you're looking for a new toy to play with, I recommend
giving it a try.
Installing and using AFICK is a piece of cake. The core piece of code is
command line based. A perl-based GUI and webmin module is also available
for easy administration. AFICK is available as an independent tar.gz,
zip, RPM, and Debian package. It is good idea to take a look at the
afick.conf file before attempting to execute the script.
AFICK can be used with only a few simple commands. To use AFICK, an OS
configuration file must be specified and then your system initialized.
This can be done with the following command:
# afick.pl -c linux.conf -i
During the initialization process it builds a database of checksums for
all files on your system. Next, to compare the checksums of your files
and the values stored in the database, run the following command:
# afick.pl -c linux.conf -k
After making changes to a system, it is necessary to update the checksum
database. Updating is also easy:
# afick.pl -c linux.conf -u
As with all integrity checking software, it is advisable to create a
cron-job that will compare the files checksums with a database at a
regular interval. Also, the integrity of the database is very important.
If this is compromised, further changes to the system may go undetected.
Write protected media can be used to help this problem.
While the commands above may seem simple, its functionality is not limited
to those alone. A full listing of command line option are available on
the AFICK website:
http://afick.sourceforge.net/man.html
Until next time, cheers!
Benjamin D. Thomas
ben () linuxsecurity com
----
Guardian Digital Launches Next Generation Internet
Defense & Detection System
Guardian Digital has announced the first fully open source system designed
to provide both intrusion detection and prevention functions. Guardian
Digital Internet Defense & Detection System (IDDS) leverages best-in-class
open source applications to protect networks and hosts using a unique
multi-layered approach coupled with the security expertise and ongoing
security vigilance provided by Guardian Digital.
http://www.linuxsecurity.com/feature_stories/feature_story-163.html
--------------------------------------------------------------------
Interview with Siem Korteweg: System Configuration Collector
In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.
http://www.linuxsecurity.com/feature_stories/feature_story-162.html
--------------------------------------------------------------------
Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suites open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 4/5/2004 - kernel 2.4 mips/pa-risc Privilege escalation vulnerabilities Herein is combined the Debian advisories for the same kernel bugs on both the mips and pa-risc platforms. http://www.linuxsecurity.com/advisories/debian_advisory-4190.html 4/5/2004 - interchange Missing input sanitation This vulnerability can be exploited by an attacker to expose the content of arbitrary variables. http://www.linuxsecurity.com/advisories/debian_advisory-4191.html 4/5/2004 - fte Multiple buffer overflow vulnerabilities This patch removes setuid root from vfte, which has a number of known buffer overflows. http://www.linuxsecurity.com/advisories/debian_advisory-4192.html 4/5/2004 - sysstat Insecure temporary file vulnerability As usual for temporary file vulnerabilities, this allows local users to read/overwrite arbitrary files with the permissions of the running user. http://www.linuxsecurity.com/advisories/debian_advisory-4193.html 4/5/2004 - oftpd Denial of service vulnerability A remote attacker could cause the oftpd process to crash by specifying a large value in a PORT command. http://www.linuxsecurity.com/advisories/debian_advisory-4194.html 4/5/2004 - squid ACL bypass vulnerability A URL can be crafted to be ignored (and automatically pass) by Squid's ACL system. http://www.linuxsecurity.com/advisories/debian_advisory-4195.html 4/6/2004 - heimdal Cross-realm impersonation vulnerability Patch fixes an error which allows someone with control over a realm to impersonate anyone in the cross-realm trust path. http://www.linuxsecurity.com/advisories/debian_advisory-4197.html 4/6/2004 - xine-ui Insecure temporary file vulnerability Cross-realm impersonation vulnerability Bug allows attacker to read/write arbitrary files with the permissions of the program user. http://www.linuxsecurity.com/advisories/debian_advisory-4198.html 4/7/2004 - tcpdump Denial of service vulnerability Crafted invalid ISAKMP packets can remotely crash tcpdump. http://www.linuxsecurity.com/advisories/debian_advisory-4203.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 4/6/2004 - Portage Insecure temporary file vulnerability Exploitation of this bug could allow an attacker to wipe out the contents of an arbitrary file. http://www.linuxsecurity.com/advisories/gentoo_advisory-4199.html 4/6/2004 - kde Buffer overflow vulnerability KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system. http://www.linuxsecurity.com/advisories/gentoo_advisory-4200.html 4/6/2004 - tcpdump Multiple buffer overflows Attacker could exploit this to execute arbitrary code with the permissions of the 'pcap' user. http://www.linuxsecurity.com/advisories/gentoo_advisory-4201.html 4/7/2004 - sysstat Multiple vulnerabilities Multiple vulnerabilities may allow an attacker to execute arbitrary code or overwrite arbitrary files. http://www.linuxsecurity.com/advisories/gentoo_advisory-4204.html 4/7/2004 - ipsec-tools Key non-verification vulnerability Multiple vulnerabilities racoon (a utility in the ipsec-tools package) does not verify digital signatures on Phase1 packets. http://www.linuxsecurity.com/advisories/gentoo_advisory-4207.html 4/7/2004 - util-linux Information leak vulnerability Multiple vulnerabilities Due to a pointer error, the 'login' program might leak sensitive information. http://www.linuxsecurity.com/advisories/gentoo_advisory-4208.html 4/7/2004 - ClamAV Denial of service vulnerability ClamAV is vulnerable to a denial of service attack when processing certain RAR archives. http://www.linuxsecurity.com/advisories/gentoo_advisory-4209.html 4/8/2004 - Automake Symbolic link vulnerability Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges. http://www.linuxsecurity.com/advisories/gentoo_advisory-4210.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 4/6/2004 - mplayer Buffer overflow vulnerability Exploitation could result in the execution of arbitrary code with the permissions of the user. http://www.linuxsecurity.com/advisories/mandrake_advisory-4202.html 4/7/2004 - fileutils/coreutils Denial of service vulnerability Buffer overflow vulnerability 'ls' can be made to segfault upon listing directories with large numbers of files on an amd64 platform. http://www.linuxsecurity.com/advisories/mandrake_advisory-4205.html +---------------------------------+ | Distribution: Turbolinux | ----------------------------// +---------------------------------+ 4/7/2004 - apache/httpd/libxml2/mod_python Multiple vulnerabilities Buffer overflow vulnerability Many fixes for buffer overflows and DOS attacks. http://www.linuxsecurity.com/advisories/turbolinux_advisory-4206.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
Current thread:
- Linux Advisory Watch - April 9th 2004 InfoSec News (Apr 12)