LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: June 17th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for mikmod, tcpdump, yum, elinks, parted, system-config-securitylevel, checkpolicy, spamassassin, gaim, libextractor, Ettercap, shtool, gedit, MediaWiki, gzip, gftp, squid, rsh, sysreport, telnet, bz, and mc. The distributors include Fedora, Gentoo, and Red Hat.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

SPF: Ready for Prime Time?
by Pete O'Hara

Introduction

As of the time of this writing in the fight against SPAM a policy has been drafted to target sender address forging called SPF (Sender Policy Framework). The basic premise is to verify that the sender of an email is in fact who they by claim to be. If they are not then mail can be rejected. This could potentially eliminate a big percentage of SPAM and who wouldn't want that.. But there have been problems with SPF and it isn't the big solution that everyone had imagined when it first hit the scene. There are a couple of plaguing issues that keep it from becoming a mature solution with a standard.

What is SPF?

The first version of SPF (also know as "Classic" SPF) was a creation of Meng Wong, founder of Pobox.com. In short the scheme is based on domains publishing what servers are allowed to send mail for themselves using DNS TXT records. A receiving MTA can then look at the domain the sender is claiming to be from and the IP address of the connecting client and check the SPF (DNS TXT) record for that domain and verify if the client is allowed to send mail for the said domain. From the results the receiving MTA can take appropriate actions. The goal is to prevent sender forgery, one of the most common characteristics of spam. SPF was a proposal considered by IETF's MARID group.

Summary

I, as everyone else, would love to be able to block all SPAM and I certainly applaud all of the efforts that have been and are still being made. But it seems obvious that SPF alone isn't going to be the answer. It doesn't handle the forwarding issue and SRS isn't ready as a solution. One could argue that SPF can at least be used not to reject mail but to whitelist mail from senders that pass SPF checks. In view of spammers deploying SPF themselves this would actually be counter productive as it gives them a form of credibility.

Based on the material presented here there are options other than standalone SPF that on the surface seem to provide a better solution but the cost is that they are more complex in that they require reputation/accreditation services. But does the lack of agreement on the simpler SPF (which turned out to be not so simple once the forwarding issues surfaced) foreshadow the difficulties in standardizing more elaborate proposals? If the trend towards reputation/accreditation gains momentum, which by the way would still require some form of sender validation to be established (you can't build a dependable reputation of a sender when it can't be verified), harmony on the architecture of such services seems a very long way off. Sender verification is a problem that certainly needs to be addressed but SMTP wasn't originally designed with this functionality in mind. Therefore a viable solution is not going to be as simple as publishing DNS records of authorized mail servers. SPF on it's own isn't the answer.

Read Entire Article:
http://infocenter.guardiandigital.com/documentation/spf.html


LinuxSecurity.com Feature Extras:

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.

Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Fedora
  Fedora Core 3 Update: mikmod-3.1.6-31.FC3
  9th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119277
 
  Fedora Core 3 Update: tcpdump-3.8.2-9.FC3
  9th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119278
 
  Fedora Core 3 Update: yum-2.2.1-0.fc3
  13th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119303
 
  Fedora Core 4 Update: elinks-0.10.3-3.1
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119321
 
  Fedora Core 4 Update: mikmod-3.1.6-35.FC4
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119322
 
  Fedora Core 4 Update: tcpdump-3.8.2-13.FC4
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119323
 
  Fedora Core 4 Update: parted-1.6.22-3.FC4
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119324
 
  Fedora Core 4 Update: system-config-securitylevel-1.5.8.1-1
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119325
 
  Fedora Core 3 Update: checkpolicy-1.17.5-1.2
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119327
 
  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-3.9
  16th, June, 2005

Updated package.

http://www.linuxsecurity.com/content/view/119328
 
  Fedora Core 3 Update: spamassassin-3.0.4-1.fc3
  16th, June, 2005

Important update for a Denial of Service vulnerability, plus more bug fixes from upstream. More details available at: http://wiki.apache.org/spamassassin/NextRelease

http://www.linuxsecurity.com/content/view/119332
 
  Fedora Core 4 Update: spamassassin-3.0.4-1.fc4
  16th, June, 2005

Important update for a Denial of Service vulnerability, plus more bug fixes from upstream. More details available at: http://wiki.apache.org/spamassassin/NextRelease

http://www.linuxsecurity.com/content/view/119333
 
  Fedora Core 3 Update: gaim-1.3.1-0.fc3
  16th, June, 2005

More bug and denial of service fixes.

http://www.linuxsecurity.com/content/view/119334
 
  Fedora Core 4 Update: gaim-1.3.1-0.fc4
  16th, June, 2005

More bug and denial of service fixes.

http://www.linuxsecurity.com/content/view/119335
 
   Gentoo
  Gentoo: libextractor Multiple overflow vulnerabilities
  9th, June, 2005

libextractor is affected by several overflow vulnerabilities in the PDF, Real and PNG extractors, making it vulnerable to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/119279
 
  Gentoo: Ettercap Format string vulnerability
  11th, June, 2005

A format string vulnerability in Ettercap could allow a remote attacker to execute arbitrary code.

http://www.linuxsecurity.com/content/view/119283
 
  Gentoo: GNU shtool, ocaml-mysql Insecure temporary file
  11th, June, 2005

GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/119284
 
  Gentoo: gedit Format string vulnerability
  11th, June, 2005

gedit suffers from a format string vulnerability that could allow arbitrary code execution.

http://www.linuxsecurity.com/content/view/119285
 
  Gentoo: GNU shtool, ocaml-mysql Insecure temporary file
  11th, June, 2005

GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/119286
 
  Gentoo: LutelWall Insecure temporary file creation
  11th, June, 2005

LutelWall is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/119287
 
  Gentoo: Ettercap Format string vulnerability
  11th, June, 2005

A format string vulnerability in Ettercap could allow a remote attacker to execute arbitrary code.

http://www.linuxsecurity.com/content/view/119288
 
  Gentoo: Gaim Denial of Service vulnerabilities
  12th, June, 2005

Gaim contains two remote Denial of Service vulnerabilities.

http://www.linuxsecurity.com/content/view/119290
 
  Gentoo: TCPDump Decoding routines Denial of Service
  13th, June, 2005

While working on the tcpdump issues solved in the original version of this GLSA, Simon L. Nielsen from FreeBSD Security Team discovered a similar infinite loop DoS vulnerability in the BGP handling code (CAN-2005-1267).

http://www.linuxsecurity.com/content/view/119305
 
  Gentoo: MediaWiki Cross-site scripting vulnerability
  13th, June, 2005

MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary scripting code execution.

http://www.linuxsecurity.com/content/view/119306
 
   Red Hat
  RedHat: Low: gzip security update
  13th, June, 2005

An updated gzip package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119295
 
  RedHat: Moderate: gftp security update
  13th, June, 2005

An updated gFTP package that fixes a directory traversal issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119296
 
  RedHat: Low: squid security update
  13th, June, 2005

An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119297
 
  RedHat: Low: rsh security update
  13th, June, 2005

Updated rsh packages that fix a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/119298
 
  RedHat: Moderate: gedit security update
  13th, June, 2005

An updated gedit package that fixes a file name format string vulnerability is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/119299
 
  RedHat: Moderate: sysreport security update
  13th, June, 2005

An updated sysreport package that fixes an information disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team

http://www.linuxsecurity.com/content/view/119300
 
  RedHat: Low: tcpdump security update
  13th, June, 2005

Updated tcpdump packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119301
 
  RedHat: Low: mikmod security update
  13th, June, 2005

Updated mikmod packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119302
 
  RedHat: Low: squid security update
  14th, June, 2005

An updated squid package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119312
 
  RedHat: Moderate: telnet security update
  14th, June, 2005

Updated telnet packages that fix an information disclosure issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119313
 
  RedHat: Low: bzip2 security update
  16th, June, 2005

Updated bzip2 packages that fix multiple issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119329
 
  RedHat: Moderate: mc security update
  16th, June, 2005

Updated mc packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119330
 
  RedHat: Moderate: gaim security update
  16th, June, 2005

An updated gaim package that fixes two denial of service issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119331
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.