Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: May 20th 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for kde, phpsysinfo, fonts-xorg, gaim,
phpBB, mozilla suite, PostgreSQL, FreeRADIUS, ncpfs, kdelibs, cyrus-imapd, rsh,
glibc, ia32el, and the Red Hat kernel. The distributors include Conectiva, Debian,
Fedora, Gentoo, and Red Hat.
Internet
Productivity Suite: Open Source Security - Trust Internet Productivity
Suite's open source architecture to give you the best security and productivity
applications available. Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced ideas and methods
into their design.
Buffer Overflow Basics
By: Suhas Desai
A buffer overflow occurs when a program or process tries to store more data
in a temporary data storage area than it was intended to hold. Since buffers
are created to contain a finite amount of data, the extra information can overflow
into adjacent buffers, corrupting or overwriting the valid data held in them.
Buffer overflows are a fertile source of bugs and malicious attacks. They occur
when a program attempts to write data past the end of a buffer. A buffer is
a contiguous allocated chunk of memory, such as an array or pointer in C. Limitation
of C and C++ is there are no automatic bounds checking on the buffer where user
can write past a buffer as given in example.
Note: All examples are compiled on Linux platform having x86 configuration.
int main ()
{
int buffer [10];
buffer[20]=10;
}
After execution of this program it won’t give errors but program
attempts to write beyond the allocated memory for the buffer which
results for unexpected output.
void function (char *str)
{
char buffer[16];
strcpy(buffer,str);
}
int main()
{
char *str=�I am greater than 16 bytes�;
function(str);
}
This program is guaranteed to cause unexpected behavior, because
a string (str) of 27 bytes has been copied to a location (buffer)
that has been allocated for only 16 bytes. The extra bytes run past
the buffer and overwrite the space allocated for the FP, return
address and so on. This corrupts the process stack. The function
used to copy the string is strcpy, which completes no checking of
bounds. Using strncpy would have prevented this corruption of
the stack.
Example:
int main()
{
char buff[15]={0};
printf(“Enter your name:�);
scanf(buff,�%s�);
}
In this example, program reads a string from the standard input but
does not check strings length. If the string has more than 14
characters, then it causes a buffer overflow as scanf() tries to
write the remaining character past buff’s end.
Note: One character is always reserved for a null terminator.
The result is most likely a segmentation fault that crashes the program. In
certain conditions, the users will receive a shell’s prompt after the crash.
Even if the shell has restricted privileges, they can examine the values of
environment variables; list the current directory files to detect the network
with the pig command.
Getting
to Know Linux Security: File Permissions - Welcome to the first
tutorial in the 'Getting to Know Linux Security' series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I'll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.
The
Tao of Network Security Monitoring: Beyond Intrusion Detection
- To be honest, this was one of the best books that I've read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Contectiva
Conectiva: kde Fixes for multiple KDE
security vulnerabilities
The fonts-xorg packages included in the initial release of Fedora
Core 3 contain a number of minor glitches which have been fixed in this
update release.
http://www.linuxsecurity.com/content/view/119123
Gentoo: Mozilla Suite, Mozilla Firefox
Remote compromise
15th, May, 2005
Several vulnerabilities in the Mozilla Suite and Firefox allow
an attacker to conduct cross-site scripting attacks or to execute arbitrary
code.
http://www.linuxsecurity.com/content/view/119118
An updated ncpfs package is now available. This update has been
rated as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/119130
RedHat: Important: kdelibs security update
17th, May, 2005
Updated kdelibs packages that fix a flaw in kimgio input validation
are now available for Red Hat Enterprise Linux 4. This update has been
rated as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/119131
RedHat: Moderate: cyrus-imapd security
update
17th, May, 2005
Updated cyrus-imapd packages that fix several buffer overflow
security issues are now available. This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119132
RedHat: Low: rsh security update
18th, May, 2005
Updated rsh packages that fix various bugs and a theoretical
security issue are now available. This update has been rated as having
low security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/119141
RedHat: Low: openssh security update
18th, May, 2005
Updated openssh packages that fix a potential security vulnerability
and various other bugs are now available for Red Hat Enterprise Linux
3. This update has been rated as having low security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/119142
RedHat: Low: glibc security update
18th, May, 2005
Updated glibc packages that address several bugs are now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/119143
RedHat: Low: ia32el security update
18th, May, 2005
An updated ia32el package that fixes several bugs is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/119144
RedHat: Updated kernel packages available
for Red Hat
18th, May, 2005
Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version 3. This is
the fifth regular update.
http://www.linuxsecurity.com/content/view/119145
Write Comment
Please keep the topic of messages relevant to the subject of the article.
Personal verbal attacks will be deleted.
Please don't use comments to plug your web site.. Such material will be removed.
