LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch - December 17th 2004 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for zgv, atari800, MyODBC, mikmod, gstreamer, grep, flim, kdelibs, kdebase, selinux-policy-targeted, xcdroast, udev, PHProjekt, nfs-utils, ncpfs, vim, evolution, mkdonline, iproute, libpng, postgresql, IPSec, imlib, ruby, ncompress, and mod_ssl. The distributors include Debian, Fedora, Gentoo, Mandrake, OpenBSD, Red Hat, and TurboLinux.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

Detecting Physical Security Compromises

The first thing to always note is when your machine was rebooted. Since Linux is a robust and stable OS, the only times your machine should reboot is when you take it down for OS upgrades, hardware swapping, or the like. If your machine has rebooted without you doing it, that may be a sign that an intruder has compromised it. Many of the ways that your machine can be compromised require the intruder to reboot or power off your machine.

Check for signs of tampering on the case and computer area. Although many intruders clean traces of their presence out of logs, it's a good idea to check through them all and note any discrepancy.

It is also a good idea to store log data at a secure location, such as a dedicated log server within your well-protected network. Once a machine has been compromised, log data becomes of little use as it most likely has also been modified by the intruder.

The syslog daemon can be configured to automatically send log data to a central syslog server, but this is typically sent unencrypted, allowing an intruder to view data as it is being transferred. This may reveal information about your network that is not intended to be public. There are syslog daemons available that encrypt the data as it is being sent.

Also be aware that faking syslog messages is easy -- with an exploit program having been published. Syslog even accepts net log entries claiming to come from the local host without indicating their true origin.

Excerpt from LinuxSecurity HowTO:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
By: Dave Wreski (dave@linuxsecurity.com) & Kevin Fenzi

 

LinuxSecurity.com Feature Extras:

Vincenzo Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: zgv arbitrary code execution fix
  14th, December, 2004

Several vulnerabilities have been discovered in zgv, an SVGAlib graphics viewer for the i386 architecture.

http://www.linuxsecurity.com/content/view/117475
 
  Debian: atari800 local root exploit fix
  14th, December, 2004

Adam Zabrocki discovered multiple buffer overflows in atari800, an Atari emulator. In order to directly access graphics hardware, one of the affected programs is installed setuid root. A local attacker could exploit this vulnerability to gain root privileges.

http://www.linuxsecurity.com/content/view/117492
 
   Fedora
  Fedora: MyODBC-2.50.39-18.2 update
  10th, December, 2004

This update fixes a problem that occurs when the user's locale setting selects a decimal point other than ".".

http://www.linuxsecurity.com/content/view/117469
 
  Fedora: MyODBC-2.50.39-19.1 update
  10th, December, 2004

This update fixes a problem that occurs when the user's locale setting selects a decimal point other than ".".

http://www.linuxsecurity.com/content/view/117470
 
  Fedora: mikmod-3.1.6-30.2 update
  13th, December, 2004

This moves 'mikmod' back to the main package. It was incorrectly in the mikmod-devel package.

http://www.linuxsecurity.com/content/view/117476
 
  Fedora: gstreamer-0.8.7-4.FC3.0 update
  14th, December, 2004

This update adds multilib support to GStreamer; this fixes several issues people had on multilib architectures such as x86_64. It's been fairly well tested but please do not hesitate to report any issues.

http://www.linuxsecurity.com/content/view/117494
 
  Fedora: grep-2.5.1-31.2 update
  14th, December, 2004

This update improves performance when processing UTF-8 input.

http://www.linuxsecurity.com/content/view/117495
 
  Fedora: flim-1.14.7-0.FC2 update
  15th, December, 2004

Update to 1.14.7 release, which also fixes CAN-2004-0422.

http://www.linuxsecurity.com/content/view/117518
 
  Fedora: kdelibs-3.2.2-10.FC2 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117519
 
  Fedora: kdebase-3.2.2-8.FC2 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117520
 
  Fedora: kdelibs-3.3.1-2.4.FC3 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117521
 
  Fedora: kdebase-3.3.1-4.3.FC3 update
  15th, December, 2004

apply the patch to fix Konqueror Window Injection Vulnerability #142510 CAN-2004-1158, Thanks to KDE security team

http://www.linuxsecurity.com/content/view/117522
 
  Fedora: selinux-policy-targeted-1.17.30-2.51 update
  16th, December, 2004

Fix problems with winbind, nscd, apache and others.

http://www.linuxsecurity.com/content/view/117525
 
  Fedora: xcdroast-0.98a15-8 update
  16th, December, 2004

fixed frozen progress bars with patch from Didier Heyden (bug #134334)

http://www.linuxsecurity.com/content/view/117529
 
  Fedora: udev-039-10.FC3.6 update
  16th, December, 2004

fixed a case where reading /proc/ide/hd?/media returns EIO (bug rh#142713) and added simple dvb rules

http://www.linuxsecurity.com/content/view/117530
 
   Gentoo
  Gentoo: PHProjekt setup.php vulnerability
  10th, December, 2004

PHProjekt contains a vulnerability in the setup procedure allowing remote users without admin rights to change the configuration.

http://www.linuxsecurity.com/content/view/117468
 
  Gentoo: nfs-utils Multiple remote vulnerabilities
  13th, December, 2004

Multiple vulnerabilities have been discovered in nfs-utils that could lead to a Denial of Service, or the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117478
 
   Gentoo
  Gentoo: ncpfs Buffer overflow in ncplogin and ncpmap
  15th, December, 2004

ncpfs is vulnerable to a buffer overflow that could lead to local execution of arbitrary code with elevated privileges.

http://www.linuxsecurity.com/content/view/117505
 
  Gentoo: vim, gVim Vulnerable options in modelines
  15th, December, 2004

Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges.

http://www.linuxsecurity.com/content/view/117508
 
   Mandrake
  Mandrake: evolution various bugs fix
  14th, December, 2004

This update provides Evolution 2.0.3 which fixes a number of bugs found in the previous version of Evolution, including the possibility to lose mail when Evolution sends an email message, that fails to send, but Evolution doesn't realize it has failed.

http://www.linuxsecurity.com/content/view/117484
 
  Mandrake: mdkonline provide new features
  14th, December, 2004

This is a major update of mandrakeonline which fixes several issues and adds more features such as a text wizard for servers without Xwindow capabilities, support for server products, corporate and MNF for instance, errors displaying and md5sum file checks.

http://www.linuxsecurity.com/content/view/117485
 
  Mandrake: iproute2 temporary file vulnerability
  14th, December, 2004

Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack.

http://www.linuxsecurity.com/content/view/117486
 
  Mandrake: evolution various bugs fix
  14th, December, 2004

This update provides Evolution 2.0.3 which fixes a number of bugs found in the previous version of Evolution, including the possibility to lose mail when Evolution sends an email message, that fails to send, but Evolution doesn't realize it has failed.

http://www.linuxsecurity.com/content/view/117487
 
  Mandrake: libpng invalid zlib header problem fix
  14th, December, 2004

A problem in version 1.2.6 of the libpng library would cause libpng to write an invalid zlib header within the PNG datastream. This can cause some applications to display the images incorrectly.

http://www.linuxsecurity.com/content/view/117488
 
  Mandrake: postgresql temporary file vulnerability fix
  14th, December, 2004

The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary files he has access to.

http://www.linuxsecurity.com/content/view/117489
 
  Mandrake: kde various bug fixes
  15th, December, 2004

A number of KDE-related packages are being released to address a number of bugs in these packages. Updated packages include kdenetwork (which fixes problems in kget, kopete, and krfb), kdepim (which fixes problems in kmail, knode, knotes, and kontact), kwallet (which fixes problems in kwalleditor and kcmlirc), and kdesdk (which fixes a problem in cervisia).

http://www.linuxsecurity.com/content/view/117516
 
  Mandrake: kdelibs & kdebase vulnerability fix
  15th, December, 2004

Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication credentials used to access that remote resource. This includes, but is not limited to, browsing SMB (Samba) shares. Upon further investigation, it was found that the SMB protocol handler also unnecessarily exposed authentication credentials (CAN-2004-1171).

http://www.linuxsecurity.com/content/view/117517
 
  OpenBSD: kernel heap overflow in IPsec
  14th, December, 2004

On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ipsec(4) credentials on a socket. Stopping isakmpd(8) does not prevent the memory corruption.

http://www.linuxsecurity.com/content/view/117493
 
  Red Hat: imlib security vulnerabilities fix
  10th, December, 2004

Updated imlib packages that fix several integer and buffer overflows are now available.

http://www.linuxsecurity.com/content/view/117455
 
  Red Hat: ruby denial of service issue fix
  13th, December, 2004

An updated ruby package that fixes a denial of service issue for the CGI instance is now available.

http://www.linuxsecurity.com/content/view/117479
 
   Red Hat
  Red Hat: ncompress security issue and bug fix
  13th, December, 2004

An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available.

http://www.linuxsecurity.com/content/view/117480
 
  Red Hat: apache and mod_ssl security vulnerabilities fix
  13th, December, 2004

Updated apache and mod_ssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1.

http://www.linuxsecurity.com/content/view/117481
 
  Red Hat: kernel security vulnerability fix
  13th, December, 2004

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update.

http://www.linuxsecurity.com/content/view/117482
 
  Red Hat: Itanium security issues fix
  13th, December, 2004

Updated Itanium kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update.

http://www.linuxsecurity.com/content/view/117483
 
   TurboLinux
  TurboLinux: Security & Bugfix
  13th, December, 2004

Numerous issues in the Linux ELF binary loader. Issues relating to IDE DMA transfers which prevent installation on machines with SiS chipsets using the SiS 962/963 IDE controller. Null pointer dereferencing in the SG driver.

http://www.linuxsecurity.com/content/view/117471
 
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.