Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
State of Linux Security 2004
In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.
2004 started off on shaky ground with a flaw found in mremap(), a piece of kernel code that controls virtual memory. It affected versions 2.2, 2.4, and 2.6. It was later discovered that the same vulnerability was used to exploit several high-profile Linux development sites in November 2003. Patches were released in early January by each of the major distributions. The flaw was fixed in further kernel releases. In February, a second mremap vulnerability was discovered by the Polish security consulting firm ISec. The second mremap flaw was unrelated, but just as serious as the first. In theory, it could result in a denial of service or privilege escalation to root. Vendors responded much more quickly in this second instance. Fixes for 2.4 and 2.6 were released only in a matter of hours this second time. In March, Paul Starzetz of ISec released proof-of-concept exploit code for the second mremap flaw that was released in February. Several news sites failed to accurately read the report released in March and reported that a third kernel flaw as found. This was wrong, but it sparked a lot of interest in rumors. Many were relieved to find out that the "third vulnerability" was in fact a misinterpretation. It was beginning to look like the "year of the kernel flaw," but luckily things quieted down in second quarter. The remaining portion of the year was scattered with other kernel vulnerabilities, but non received as much press as mremap. Another notable one was discovered in 2.6 last October. It was claimed that the vulnerability could be used to shut down 2.6-based systems remotely. It only affected those systems using iptables based firewalls, because the flaw had to do with the way 2.6 handled firewall logging. Patches were released and the problem was resolved.
Read the rest of the article here:
features/features/state-of-linux-security-2004
LinuxSecurity.com Feature Extras:
Users Respond with Constructive Feedback - When the new version of LinuxSecurity.com was launched on December 1st, we also asked our readers to " Tell us what you think ." You have spoken, and we appreciate that! We received hundreds of comments & requests, and have been addressing a majority of them. We thought it was important to share some of the comments with you. While some were purely positive acknowledgements, others were thoughtful criticisms. We take every critique into account and address each as resources become available or when the criticism becomes the concern of many.
Vincenzo Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.
Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: cscope insecure temporary file | ||
| 17th, December, 2004
A vulnerability has been discovered in cscope, a program to interactively examine C source code, which may allow local users to overwrite files via a symlink attack. advisories/debian/debian-cscope-insecure-temporary-file |
||
| Debian: htget arbitrary code execution fix | ||
| 20th, December, 2004
"infamous41md" discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL. advisories/debian/debian-htget-arbitrary-code-execution-fix |
||
| Debian: a2ps arbitrary command execution fix | ||
| 20th, December, 2004
Rudolf Polzer discovered a vulnerability in a2ps, a converter and pretty-printer for many formats to PostScript. The program did not escape shell meta characters properly which could lead to the execution of arbitrary commands as a privileged user if a2ps is installed as a printer filter. advisories/debian/debian-a2ps-arbitrary-command-execution-fix |
||
| Debian: ethereal denial of service fix | ||
| 21st, December, 2004
Brian Caswell discovered that an improperly formatted SMB packet could make ethereal hang and eat CPU endlessly. advisories/debian/debian-ethereal-denial-of-service-fix |
||
| Debian: xzgv arbitrary code execution fix | ||
| 21st, December, 2004
Luke "infamous41md" discoverd multiple vulnerabilities in xzgv, a picture viewer for X11 with a thumbnail-based selector. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary code. advisories/debian/debian-xzgv-arbitrary-code-execution-fix |
||
| Debian: debmake insecure temporary directories fix | ||
| 22nd, December, 2004
Javier Fern‡ndez-Sanguino Pe–a noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim. advisories/debian/debian-debmake-insecure-temporary-directories-fix |
||
| Fedora | ||
| Fedora: selinux-policy-targeted-1.17.30-2.51 update | ||
| 16th, December, 2004
Fix problems with winbind, nscd, apache and others. advisories/fedora/fedora-selinux-policy-targeted-11730-251-update-09-27-25-117525 |
||
| Fedora: xcdroast-0.98a15-8 update | ||
| 16th, December, 2004
fixed frozen progress bars with patch from Didier Heyden (bug #134334) advisories/fedora/fedora-xcdroast-098a15-8-update-11-03-00-117529 |
||
| Fedora: udev-039-10.FC3.6 update | ||
| 16th, December, 2004
fixed a case where reading /proc/ide/hd?/media returns EIO (bug rh#142713) and added simple dvb rules advisories/fedora/fedora-udev-039-10fc36-update-11-04-25-117530 |
||
| Fedora: cups-1.1.20-11.7 update | ||
| 17th, December, 2004
Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed. advisories/fedora/fedora-cups-1120-117-update-11-51-56-117540 |
||
| Fedora: cups-1.1.22-0.rc1.8.1 update | ||
| 17th, December, 2004
Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed. advisories/fedora/fedora-cups-1122-0rc181-update-11-53-00-117541 |
||
| Fedora: postgresql-7.4.6-1.FC2.2 update | ||
| 17th, December, 2004
Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003) advisories/fedora/fedora-postgresql-746-1fc22-update-11-54-15-117542 |
||
| Fedora: postgresql-7.4.6-1.FC3.2 update | ||
| 17th, December, 2004
Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003) advisories/fedora/fedora-postgresql-746-1fc32-update-11-55-21-117543 |
||
| Fedora: namazu-2.0.14-0.FC2.0 update | ||
| 20th, December, 2004
Security fix release. advisories/fedora/fedora-namazu-2014-0fc20-update-16-27-24-117604 |
||
| Fedora: namazu-2.0.14-0.FC3.0 update | ||
| 20th, December, 2004
Security fix release. advisories/fedora/fedora-namazu-2014-0fc30-update-16-28-21-117605 |
||
| Fedora: pam-0.77-66.1 update | ||
| 20th, December, 2004
add argument to pam_console_apply to restrict its work to specified files. #140451 parse passwd entries correctly and test for failure advisories/fedora/fedora-pam-077-661-update-16-29-35-117606 |
||
| Fedora: samba-3.0.10-1.fc2 update | ||
| 20th, December, 2004
New upstream release that closes CAN-2004-1154 bz#142544. Include the -64bit patch from Nalin. This closes bz#142873. Update the -logfiles patch to work with 3.0.10 advisories/fedora/fedora-samba-3010-1fc2-update-00-00-00-117623 |
||
| Fedora: samba-3.0.10-1.fc3 update | ||
| 20th, December, 2004
New upstream release that closes CAN-2004-1154 bz#142544. Include the -64bit patch from Nalin. This closes bz#142873. Update the -logfiles patch to work with 3.0.10 advisories/fedora/fedora-samba-3010-1fc3-update-00-00-00-117624 |
||
| Fedora: glibc-2.3.4-2.fc3 update | ||
| 21st, December, 2004
work around rpm bug some more, this time by copying iconvconfig to iconvconfig.%{_target_cpu}. advisories/fedora/fedora-glibc-234-2fc3-update-00-00-00-117625 |
||
| Fedora: krb5-1.3.6-1 update | ||
| 21st, December, 2004
A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC. advisories/fedora/fedora-krb5-136-1-update-00-00-00-117626 |
||
| Fedora: krb5-1.3.6-2 update | ||
| 21st, December, 2004
A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC. advisories/fedora/fedora-krb5-136-2-update-00-00-00-117627 |
||
| Fedora: php-4.3.10-3.2 update | ||
| 21st, December, 2004
This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019) and exif image parsing (CVE CAN-2004-1065). advisories/fedora/fedora-php-4310-32-update-00-00-00-117628 |
||
| Fedora: php-4.3.10-2.4 update | ||
| 21st, December, 2004
This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019), exif image parsing (CVE CAN-2004-1065), and form upload parsing (CVE CAN-2004-0958 and CAN-2004-0959). advisories/fedora/fedora-php-4310-24-update-00-00-00-117629 |
||
| Fedora: gnumeric-1.2.13-10 update | ||
| 22nd, December, 2004
#rh133662# printer font fallback advisories/fedora/fedora-gnumeric-1213-10-update-15-37-05-117648 |
||
| Fedora: selinux-policy-targeted-1.17.30-2.58 update | ||
| 22nd, December, 2004
Several updates to fix problems with Apache, Squid, postgresql advisories/fedora/fedora-selinux-policy-targeted-11730-258-update-15-38-45-117649 |
||
| Fedora: abiword-2.0.12-9 update | ||
| 22nd, December, 2004
RH#143180# backport fix for really stupid ownership of string bug advisories/fedora/fedora-abiword-2012-9-update-15-39-36-117650 |
||
| Fedora: libtiff-3.5.7-21.fc2 update | ||
| 22nd, December, 2004
Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisory: CAN-2004-1308 advisories/fedora/fedora-libtiff-357-21fc2-update-15-40-31-117651 |
||
| Fedora: libtiff-3.6.1-8.fc3 update | ||
| 22nd, December, 2004
Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisory: CAN-2004-1308 advisories/fedora/fedora-libtiff-361-8fc3-update-15-41-26-117652 |
||
| Gentoo | ||
| Gentoo: cscope Insecure creation of temporary files | ||
| 16th, December, 2004
Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: Adobe Acrobat Reader Buffer overflow vulnerability | ||
| 16th, December, 2004
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code. |
||
| Gentoo: samba Integer overflow | ||
| 17th, December, 2004
Samba contains a bug that could lead to remote execution of arbitrary code. |
||
| Gentoo: PHP Multiple vulnerabilities | ||
| 19th, December, 2004
Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code. |
||
| Gentoo: Ethereal Multiple vulnerabilities | ||
| 19th, December, 2004
Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization. |
||
| Gentoo: kdelibs, kdebase Multiple vulnerabilities | ||
| 19th, December, 2004
kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection. |
||
| Gentoo: kfax Multiple overflows in the included TIFF library | ||
| 19th, December, 2004
kfax contains several buffer overflows potentially leading to execution of arbitrary code. |
||
| Gentoo: abcm2ps Buffer overflow vulnerability | ||
| 19th, December, 2004
abcm2ps is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code. |
||
| Gentoo: phpMyAdmin Multiple vulnerabilities | ||
| 19th, December, 2004
phpMyAdmin contains multiple vulnerabilities which could lead to file disclosure or command execution. |
||
| Gentoo: WordPress HTTP response splitting and XSS vulnerabilities | ||
| 19th, December, 2004
Thomas Waldegger, who discovered these vulnerabilities, reported that these issues were not fixed in version 1.2.1. After notifying the developers, they released 1.2.2 to fix these flaws. |
||
| Gentoo: NASM Buffer overflow vulnerability | ||
| 20th, December, 2004
NASM is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious object file. |
||
| Gentoo: MPlayer Multiple overflows | ||
| 20th, December, 2004
Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code. |
||
| Gentoo: mpg123 Playlist buffer overflow | ||
| 21st, December, 2004
mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist. |
||
| Gentoo: Zwiki XSS vulnerability | ||
| 21st, December, 2004
Zwiki is vulnerable to cross-site scripting attacks. |
||
| Mandrake | ||
| Mandrake: wget download bug fix | ||
| 17th, December, 2004
A problem in wget prevents it from downloading very large data files. The updated packages are patched to fix the problem. |
||
| Mandrake: urpmi ssh parallel support fix | ||
| 17th, December, 2004
A bug in the parallel ssh extension in urpmi would prevent parallel installations using ssh; urpmi would crash. The updated pacakges fix the problem. |
||
| Mandrake: urpmi ssh parallel support fix | ||
| 18th, December, 2004
A bug in the parallel ssh extension in urpmi would prevent parallel installations using ssh; urpmi would crash. The updated pacakges fix the problem. |
||
| Mandrake: php multiple vulnerabilities fix | ||
| 18th, December, 2004
A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the vulnerabilities, thanks to the efforts of the OpenPKG team who extracted and backported the fixes. |
||
| Mandrake: aspell vulnerability fix | ||
| 20th, December, 2004
A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code. |
||
| Mandrake: ethereal multiple vulnerabilities fix | ||
| 20th, December, 2004
A number of vulnerabilities were discovered in Ethereal. |
||
| Mandrake: krb5 buffer overflow vulnerability fix | ||
| 22nd, December, 2004
Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server. |
||
| Mandrake: kdelibs multiple vulnerability fix | ||
| 22nd, December, 2004
A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges (through JavaScript calling into Java code). This includes the reading and writing of files with the privileges of the user running the applet. |
||
| Mandrake: logcheck temporary file vulnerability fix | ||
| 22nd, December, 2004
A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges. |
||
| Mandrake: mplayer multiple vulnerabilities fix | ||
| 22nd, December, 2004
A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code. |
||
| NetBSD | ||
| NetBSD: Insufficient argument validation in compat code | ||
| 17th, December, 2004
Some of the translation functions performed unsafe operations using the syscall arguments, and were exploitable to cause kernel traps. Some of the flaws may be exploitable and result in privilege escalation. |
||
| Trustix | ||
| Trustix: samba, php security update | ||
| 20th, December, 2004
Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. |
||
| Trustix: kernel Remote hole, local DoS | ||
| 20th, December, 2004
Paul Starzetz discovered a bug in the IGMP networking modules of the Linux kernel. This allows for a remote DoS and local root exploit. |
||
| Trustix: anaconda, mailcap, mkinitrd, vim, postgresql, ntp, sqlgrey, db4, rsync, postgresql bugfixes | ||
| 20th, December, 2004
The previous attempt to get PXE booting working with more network cards turned out not to work. This update fixes that. |
||
| Trustix: kerberos5 execution of arbitary code by authenticated user | ||
| 21st, December, 2004
There is a buffer overflow in the password history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitary code on a Key Distribution Center (KDC) server. |
||
| Red Hat | ||
| Red Hat: zip security issue fix | ||
| 16th, December, 2004
An updated zip package that fixes a buffer overflow vulnerability is now available. advisories/red-hat/red-hat-zip-security-issue-fix-RHSA-2004-634-01 |
||
| Red Hat: libxml security vulnerabilities | ||
| 16th, December, 2004
An updated libxml package that fixes multiple buffer overflows is now available. advisories/red-hat/red-hat-libxml-security-vulnerabilities-RHSA-2004-650-01 |
||
| Red Hat: samba security issue fix | ||
| 16th, December, 2004
Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 3. advisories/red-hat/red-hat-samba-security-issue-fix-35540 |
||
| Red Hat: gd security issues fix | ||
| 17th, December, 2004
Updated gd packages that fix security issues with overflow in various memory allocation calls are now available. advisories/red-hat/red-hat-gd-security-issues-fix-RHSA-2004-638-01 |
||
| Red Hat: Xfree86 security issues fix | ||
| 20th, December, 2004
Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 2.1. advisories/red-hat/red-hat-xfree86-security-issues-fix-RHSA-2004-610-01 |
||
| Red Hat: rh-postgresql update | ||
| 20th, December, 2004
Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to this issue. advisories/red-hat/red-hat-rh-postgresql-update-RHSA-2004-489-01 |
||
| Red Hat: nfs-utils security vulnerabilities fix | ||
| 20th, December, 2004
SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1014 to this issue. advisories/red-hat/red-hat-nfs-utils-security-vulnerabilities-fix-RHSA-2004-583-01 |
||
| Red Hat: glibc update | ||
| 20th, December, 2004
This errata fixes several bugs in the GNU C Library. advisories/red-hat/red-hat-glibc-update-RHSA-2004-586-01 |
||
| Red Hat: php security issues and bugs fix | ||
| 21st, December, 2004
Updated php packages that fix various security issues and bugs are now available for Red Hat Enterprise Linux 3. advisories/red-hat/red-hat-php-security-issues-and-bugs-fix-RHSA-2004-687-01 |
||
| Red Hat: samba security issue fix | ||
| 21st, December, 2004
Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1 advisories/red-hat/red-hat-samba-security-issue-fix-35540 |
||
| SuSE | ||
| SuSE: various kernel problems | ||
| 21st, December, 2004
Several vulnerabilities have been found and fixed in the Linux kernel. |
||
| SuSE: samba remote privilege escalation | ||
| 22nd, December, 2004
The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. |
||
