Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch - December 17th 2004
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for zgv, atari800, MyODBC, mikmod,
gstreamer, grep, flim, kdelibs, kdebase, selinux-policy-targeted,
xcdroast, udev, PHProjekt, nfs-utils, ncpfs, vim, evolution, mkdonline,
iproute, libpng, postgresql, IPSec, imlib, ruby, ncompress, and mod_ssl.
The distributors include Debian, Fedora, Gentoo, Mandrake, OpenBSD,
Red Hat, and TurboLinux.
Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more! Detecting Physical Security Compromises
The first thing to always note is when your machine was rebooted.
Since Linux is a robust and stable OS, the only times your machine
should reboot is when you take it down for OS upgrades, hardware
swapping, or the like. If your machine has rebooted without you
doing it, that may be a sign that an intruder has compromised it.
Many of the ways that your machine can be compromised require the
intruder to reboot or power off your machine.
Check for signs of tampering on the case and computer area. Although
many intruders clean traces of their presence out of logs, it's a
good idea to check through them all and note any discrepancy.
It is also a good idea to store log data at a secure location, such
as a dedicated log server within your well-protected network. Once
a machine has been compromised, log data becomes of little use as
it most likely has also been modified by the intruder.
The syslog daemon can be configured to automatically send log data
to a central syslog server, but this is typically sent unencrypted,
allowing an intruder to view data as it is being transferred. This
may reveal information about your network that is not intended to be
public. There are syslog daemons available that encrypt the data as
it is being sent.
Also be aware that faking syslog messages is easy -- with an exploit
program having been published. Syslog even accepts net log entries
claiming to come from the local host without indicating their true
origin.
Vincenzo
Ciaglia Speaks Security 2004- Vincenzo Ciaglia
of Linux Netwosix talks about this year of Linux Security. A full immersion
in the world of Linux Security from many sides and points of view.
Mass
deploying Osiris - Osiris is a centralized file-integrity program
that uses a client/server architecture to check for changes on a system. A central
server maintains the file-integrity database and configuration for a client
and at a specified time, sends the configuration file over to the client, runs
a scan and sends the results back to the server to compare any changes. Those
changes are then sent via email, if configured, to a system admin or group of
people. The communication is all done over an encrypted communication channel.
AIDE
and CHKROOTKIT -Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Adam Zabrocki discovered multiple buffer overflows in atari800,
an Atari emulator. In order to directly access graphics hardware, one
of the affected programs is installed setuid root. A local attacker could
exploit this vulnerability to gain root privileges. http://www.linuxsecurity.com/content/view/117492
This update adds multilib support to GStreamer; this fixes several
issues people had on multilib architectures such as x86_64. It's been
fairly well tested but please do not hesitate to report any issues.
http://www.linuxsecurity.com/content/view/117494
Several vulnerabilities related to the use of options in modelines
have been found and fixed in Vim. They could potentially result in a local
user escalating privileges. http://www.linuxsecurity.com/content/view/117508
Mandrake
Mandrake: evolution various bugs fix
14th, December, 2004
This update provides Evolution 2.0.3 which fixes a number of
bugs found in the previous version of Evolution, including the possibility
to lose mail when Evolution sends an email message, that fails to send,
but Evolution doesn't realize it has failed. http://www.linuxsecurity.com/content/view/117484
Mandrake: mdkonline provide new features
14th, December, 2004
This is a major update of mandrakeonline which fixes several
issues and adds more features such as a text wizard for servers without
Xwindow capabilities, support for server products, corporate and MNF for
instance, errors displaying and md5sum file checks. http://www.linuxsecurity.com/content/view/117485
Mandrake: iproute2 temporary file vulnerability
14th, December, 2004
Herbert Xu discovered that iproute can accept spoofed messages
sent via the kernel netlink interface by other users on the local machine.
This could lead to a local Denial of Service attack. http://www.linuxsecurity.com/content/view/117486
Mandrake: evolution various bugs fix
14th, December, 2004
This update provides Evolution 2.0.3 which fixes a number of
bugs found in the previous version of Evolution, including the possibility
to lose mail when Evolution sends an email message, that fails to send,
but Evolution doesn't realize it has failed. http://www.linuxsecurity.com/content/view/117487
Mandrake: libpng invalid zlib header
problem fix
14th, December, 2004
A problem in version 1.2.6 of the libpng library would cause
libpng to write an invalid zlib header within the PNG datastream. This
can cause some applications to display the images incorrectly. http://www.linuxsecurity.com/content/view/117488
The Trustix development team found insecure temporary file creation
problems in a script included in the postgresql package. This could allow
an attacker to trick a user into overwriting arbitrary files he has access
to. http://www.linuxsecurity.com/content/view/117489
Mandrake: kde various bug fixes
15th, December, 2004
A number of KDE-related packages are being released to address
a number of bugs in these packages. Updated packages include kdenetwork
(which fixes problems in kget, kopete, and krfb), kdepim (which fixes
problems in kmail, knode, knotes, and kontact), kwallet (which fixes problems
in kwalleditor and kcmlirc), and kdesdk (which fixes a problem in cervisia).
http://www.linuxsecurity.com/content/view/117516
Mandrake: kdelibs & kdebase vulnerability
fix
15th, December, 2004
Daniel Fabian discovered a potential privacy issue in KDE. When
creating a link to a remote file from various applications, including
Konqueror, the resulting URL may contain the authentication credentials
used to access that remote resource. This includes, but is not limited
to, browsing SMB (Samba) shares. Upon further investigation, it was found
that the SMB protocol handler also unnecessarily exposed authentication
credentials (CAN-2004-1171). http://www.linuxsecurity.com/content/view/117517
OpenBSD: kernel heap overflow in IPsec
14th, December, 2004
On systems running isakmpd(8) it is possible for a local user
to cause kernel memory corruption and system panic by setting ipsec(4)
credentials on a socket. Stopping isakmpd(8) does not prevent the memory
corruption. http://www.linuxsecurity.com/content/view/117493
Red Hat: apache and mod_ssl security
vulnerabilities fix
13th, December, 2004
Updated apache and mod_ssl packages that fix various minor security
issues and bugs in the Apache Web server are now available for Red Hat
Enterprise Linux 2.1. http://www.linuxsecurity.com/content/view/117481
Red Hat: kernel security vulnerability
fix
13th, December, 2004
Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version 2.1. This
is the sixth regular update. http://www.linuxsecurity.com/content/view/117482
Red Hat: Itanium security issues fix
13th, December, 2004
Updated Itanium kernel packages are now available as part of
ongoing support and maintenance of Red Hat Enterprise Linux version 2.1.
This is the sixth regular update. http://www.linuxsecurity.com/content/view/117483
TurboLinux
TurboLinux: Security & Bugfix
13th, December, 2004
Numerous issues in the Linux ELF binary loader. Issues relating
to IDE DMA transfers which prevent installation on machines with SiS chipsets
using the SiS 962/963 IDE controller. Null pointer dereferencing in the
SG driver. http://www.linuxsecurity.com/content/view/117471
Write Comment
Please keep the topic of messages relevant to the subject of the article.
Personal verbal attacks will be deleted.
Please don't use comments to plug your web site.. Such material will be removed.
