Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
Network and Host Mapping
In order to keep yourself secure you must understand your enemy. Prevention is the only protection from becoming the victim of a security exploit. The first step in doing this is to determine what services your servers offer, so you can secure them in the best manner possible. Network scanning can be used to determine potential communication channels. Mapping their existence facilitates the exchange of information with the host, and thus is quite useful for anyone wishing to explore their networked environment, including attackers.
Scanning, as a method for discovering exploitable communication channels, has been around for ages. The idea is to probe as many listeners as possible, and keep track of the ones that are receptive or useful. Once these listeners are found, means to exploit the host can be developed. Unnecessarily offering a particular service to a hacker means another avenue to exploit the host.
Many different types of scanning are currently available. These range from a simple ping test to see if the host is alive, network broadcasts, and even performing a "stealth" attack by manipulating the ICMP, TCP, or UDP information in a data packet, intentionally violating the protocol definition in an attempt to trick a firewall.
Becoming familiar with the tools and techniques an attacker might use to probe a network is the only way to know what information is available if someone attempts to mount an attack against us. Among the things that can be determined from port scanning a machine include:
- Services a host is offering which can then be used to construct the appropriate attack based on information gathered from this process
- If there is in fact a host at the IP address that is being scanned
- A topology map of our network, which can be used to determine where firewalls and other hosts are positioned, trusted relationships between those hosts, and routing and DNS information.
- Operating system identification, vendor release and version, as well as applications and their versions
- Disclosure of the username and owner of any process connected via TCP, which can then be used to determine, for example, the username of which the web server is running
Linux Security Tip, by Ryan Maple:
howtos/learn-tips-and-tricks/network-and-host-mapping
LinuxSecurity.com Feature Extras:
A 2005 Linux Security Resolution - Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide.
State of Linux Security 2004 - In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Conectiva | ||
| Conectiva: mplayer vulnerabilities fix | ||
| 5th, January, 2005
iDEFENSE[2] found a buffer overflow vulnerability[3] due to an error in dynamically allocating memory and further investigation by mplayer team found more vulnerabilities. This announcement fixes these vulnerabilities. |
||
| Conectiva: Samba vulnerabilities fix | ||
| 6th, January, 2005
Remote exploitation of an integer overflow vulnerability[2] in the smbd daemon could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. |
||
| Conectiva: wxgtk2 library vulnerabilities fix | ||
| 6th, January, 2005
Several vulnerabilities were found in libtiff, which may also be in wxGTK library, since it has a private copy of libtiff's source. |
||
| Debian | ||
| Debian: CUPS arbitrary code execution fix | ||
| 31st, December, 2004
An iDEFENSE security researcher discovered a buffer overflow in xpdf, the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code. advisories/debian/debian-cups-arbitrary-code-execution-fix |
||
| Debian: htmlheadline insecure temporary files fix | ||
| 3rd, January, 2005
Javier Fern‡ndez-Sanguino Pe–a has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack. advisories/debian/debian-htmlheadline-insecure-temporary-files-fix |
||
| Debian: nasm arbitrary code execution fix | ||
| 4th, January, 2005
Jonathan Rockway discovered a buffer overflow in nasm, the general-purpose x86 assembler, which could lead to the execution of arbitrary code when compiling a maliciously crafted assembler source file. advisories/debian/debian-nasm-arbitrary-code-execution-fix |
||
| Debian: zip arbitrary code execution fix | ||
| 5th, January, 2005
A buffer overflow has been discovered in zip, the archiver for .zip files. When doing recursive folder compression the program did not check the resulting path length, which would lead to memory being overwritten. A malicious person could convince a user to create an archive containing a specially crafted path name, which could lead to the execution of arbitrary code. advisories/debian/debian-zip-arbitrary-code-execution-fix |
||
| Debian: pcal arbitrary code execution fix | ||
| 5th, January, 2005
Danny Lungstrom discovered two buffer overflows in pcal, a program to generate Postscript calendars, that could lead to the execution of arbitrary code when compiling a calendar. advisories/debian/debian-pcal-arbitrary-code-execution-fix |
||
| Debian: tiff denial of service fix | ||
| 6th, January, 2005
Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to crash the application, and maybe also to execute arbitrary code. advisories/debian/debian-tiff-denial-of-service-fix |
||
| Debian: namazu2 cross-site scripting vulnerability fix | ||
| 6th, January, 2005
A cross-site scripting vulnerability has been discovered in namazu2, a full text search engine. An attacker could prepare specially crafted input that would not be sanitised by namazu2 and hence displayed verbatim for the victim. advisories/debian/debian-namazu2-cross-site-scripting-vulnerability-fix |
||
| Debian: imlib2 arbitrary code execution fix | ||
| 6th, January, 2005
Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib and imlib2, imaging libraries for X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib or imlib2 to execute arbitrary code when the file was opened by a victim. advisories/debian/debian-imlib2-arbitrary-code-execution-fix |
||
| Fedora | ||
| Fedora: selinux-policy-targeted-1.17.30-2.62 update | ||
| 31st, December, 2004
Fix for postgres startup scripts. advisories/fedora/fedora-selinux-policy-targeted-11730-262-update-00-00-00-117729 |
||
| Fedora: tetex-2.0.2-14FC2.1 update | ||
| 3rd, January, 2005
The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. advisories/fedora/fedora-tetex-202-14fc21-update-12774-11-03-14-117786 |
||
| Fedora: tetex-2.0.2-21.2 update | ||
| 3rd, January, 2005
The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. advisories/fedora/fedora-tetex-202-212-update-21608-11-04-27-117787 |
||
| Fedora: pcmcia-cs-3.2.7-2.1 update | ||
| 3rd, January, 2005
This update fixes bug #135508, silencing a warning message on cardmgr startup. advisories/fedora/fedora-pcmcia-cs-327-21-update-00-00-00-117750 |
||
| Fedora: pcmcia-cs-3.2.7-1.8.2.2 update | ||
| 3rd, January, 2005
This update fixes bug #135508, silencing a warning message on cardmgr startup. advisories/fedora/fedora-pcmcia-cs-327-1822-update-00-00-00-117751 |
||
| Fedora: kernel-2.6.9-1.11_FC2 update | ||
| 3rd, January, 2005
A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. advisories/fedora/fedora-kernel-269-111fc2-update-00-00-00-117752 |
||
| Fedora: kernel-2.6.9-1.724_FC3 update | ||
| 3rd, January, 2005
A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split. advisories/fedora/fedora-kernel-269-1724fc3-update-00-00-00-117753 |
||
| Fedora: mysql-3.23.58-14 update | ||
| 5th, January, 2005
work around SELinux restriction that breaks mysql_install_db (bug #141062). Add a restorecon to keep the mysql.log file in the right context (bz#143887). Fix init script to not need a valid username for startup check (bz#142328). Don't assume /etc/my.cnf will specify pid-file (bz#143724) advisories/fedora/fedora-mysql-32358-14-update-15-15-15-117777 |
||
| Fedora: man-pages-ja-20041215-1.FC3.0 update | ||
| 6th, January, 2005
prefer GNU fileutils's chown(1) rather than gnumaniak's. (#142077) advisories/fedora/fedora-man-pages-ja-20041215-1fc30-update-10-55-42-117783 |
||
| Fedora: ruby-1.8.2-1.FC3.0 update | ||
| 6th, January, 2005
New upstream release. advisories/fedora/fedora-ruby-182-1fc30-update-10-56-46-117784 |
||
| Fedora: man-pages-ja-20041215-1.FC2.0 update | ||
| 6th, January, 2005
ixed wrong filename for in.rlogind.8 man pages. prefer GNU fileutils's chown(1) rather than gnumaniak's. advisories/fedora/fedora-man-pages-ja-20041215-1fc20-update-11-01-56-117785 |
||
| Fedora: tetex-2.0.2-14FC2.1 update | ||
| 6th, January, 2005
The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. advisories/fedora/fedora-tetex-202-14fc21-update-12774-11-03-14-117786 |
||
| Fedora: tetex-2.0.2-21.2 update | ||
| 6th, January, 2005
The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. advisories/fedora/fedora-tetex-202-212-update-21608-11-04-27-117787 |
||
| Fedora: gpdf-2.8.0-8.2 update | ||
| 6th, January, 2005
Applied patch to fix CAN-2004-1125 (bug #144210) advisories/fedora/fedora-gpdf-280-82-update-11-05-23-117788 |
||
| Fedora: gpdf-2.8.0-4.2.fc2 update | ||
| 6th, January, 2005
Applied patch to fix CAN-2004-1125 (bug #144210) advisories/fedora/fedora-gpdf-280-42fc2-update-11-06-16-117789 |
||
| Fedora: hotplug-2004_04_01-8.1 update | ||
| 6th, January, 2005
This adds a fix to properly set the path for devices on USB removal. advisories/fedora/fedora-hotplug-20040401-81-update-13-18-03-117792 |
||
| Gentoo | ||
| Gentoo: LinPopUp Buffer overflow in message reply | ||
| 4th, January, 2005
LinPopUp contains a buffer overflow potentially allowing execution of arbitrary code. |
||
| Gentoo: a2ps Insecure temporary files handling | ||
| 4th, January, 2005
The fixps and psmandup scripts in the a2ps package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: Mozilla, Firefox, Thunderbird Various vulnerabilities | ||
| 5th, January, 2005
Various vulnerabilities were found and fixed in Mozilla-based products, ranging from a potential buffer overflow and temporary files disclosure to anti-spoofing issues. |
||
| Gentoo: shoutcast Remote code execution | ||
| 5th, January, 2005
Shoutcast Server contains a possible buffer overflow that could lead to the execution of arbitrary code. |
||
| Gentoo: mit-kbr5 Heap overflow in libkadm5srv | ||
| 5th, January, 2005
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap overflow that could lead to execution of arbitrary code. |
||
| Gentoo: tiff New overflows in image decoding | ||
| 5th, January, 2005
An integer overflow has been found in the TIFF library image decoding routines and the tiffdump utility, potentially allowing arbitrary code execution. |
||
| Gentoo: xine-lib Multiple overflows | ||
| 6th, January, 2005
xine-lib contains multiple overflows potentially allowing execution of arbitrary code. |
||
| Gentoo: phpGroupWare Various vulnerabilities | ||
| 6th, January, 2005
Multiple vulnerabilities have been discovered in phpGroupWare that could lead to information disclosure or remote compromise. |
||
| Gentoo: xzgv Multiple overflows | ||
| 6th, January, 2005
xzgv contains multiple overflows that may lead to the execution of arbitrary code. |
||
| Gentoo: vilistextum Buffer overflow vulnerability | ||
| 6th, January, 2005
Vilistextum is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious webpage. |
||
| Mandrake | ||
| Mandrake: libtiff multiple vulnerabilities fix | ||
| 6th, January, 2005
Several vulnerabilities have been discovered in the libtiff package. |
||
| Mandrake: wcGTK2 vulnerabilities fix | ||
| 6th, January, 2005
Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities. |
||
| Mandrake: vim modeline vulnerabilities fix | ||
| 6th, January, 2005
Several "modeline"-related vulnerabilities were discovered in Vim by Ciaran McCreesh. The updated packages have been patched with Bram Moolenaar's vim 6.3.045 patch which fixes the reported vulnerabilities and adds more conservative "modeline" rights. |
||
| Mandrake: nasm buffer overflow vulnerability fix | ||
| 6th, January, 2005
A buffer overflow in nasm was discovered by Jonathan Rockway. This vulnerability could lead to the execution of arbitrary code when compiling a malicious assembler source file. |
||
| Mandrake: libtiff multiple vulnerabilities fix | ||
| 6th, January, 2005
Several vulnerabilities have been discovered in the libtiff package. |
||
| Red Hat | ||
| Red Hat: mc security vulnerabilities fix | ||
| 5th, January, 2005
An updated mc package that resolves several shell escape security issues is now available. advisories/red-hat/red-hat-mc-security-vulnerabilities-fix-RHSA-2004-464-02 |
||
| Red Hat: fam security issue fix | ||
| 5th, January, 2005
Updated fam packages that fix an information disclosure bug are now available. advisories/red-hat/red-hat-fam-security-issue-fix-RHSA-2005-005-01 |
||
| Red Hat: VIM security vulnerability fix | ||
| 5th, January, 2005
Updated vim packages that fix a modeline vulnerability are now available. advisories/red-hat/red-hat-vim-security-vulnerability-fix-RHSA-2005-010-01 |
||
| Red Hat: samba security issue fix | ||
| 5th, January, 2005
Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1. advisories/red-hat/red-hat-samba-security-issue-fix-35540 |
||
