Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.
Pull the Plug Revisited: An Interview Five Years Later
By: Benjamin D. Thomas
Five years after our original interview with Brian Gemberling, founder of PullthePlug.org, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug?
LinuxSecurity.com: Please explain again for our readers what Pull the Plug is about. What is the concept? How does it work? Who can participate?
PullthePlug.org: The concept of PullThePlug has always been to provide an arena for like minded individuals to discuss, train, and learn about computer security and associated technologies.The primary focus of PullThePlug as a community is to deliver information and resources on computer security to a wide range of audiences. Some services we currently offer are war-game machines (vortex, semtex, catalyst, blackhole), mailing lists, IRC channels, and live lectures ( ) and repository/web hosting for research efforts ( ).
As a result of PullThePlug being community driven (by the community for the community), anybody can participate in some way or another. More often then not, new talents are seen when participating in our wargames or contributing to mailing lists, and people are also free to join the IRC and discuss any topic of interest, or provide ideas or services which help in furthering the community driven learning experience.
Read Complete Article:
features/features/pull-the-plug-revisited-an-interview-five-years-later
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New ppxp packages fix local root exploit | ||
4th, July, 2005
Updated package. advisories/debian/debian-new-ppxp-packages-fix-local-root-exploit-87195 |
||
| Debian: New gaim packages fix denial of service | ||
5th, July, 2005
Updated package. advisories/debian/debian-new-gaim-packages-fix-denial-of-service-52162 |
||
| Debian: New clamav packages fix potential DOS | ||
5th, July, 2005
Updated package. advisories/debian/debian-new-clamav-packages-fix-potential-dos |
||
| Debian: New razor packages fix potential DOS | ||
5th, July, 2005
Updated package. advisories/debian/debian-new-razor-packages-fix-potential-dos |
||
| Debian: New trac package fixes upload/download vulnerability | ||
6th, July, 2005
Stefan Esser discovered an input validation flaw within Trac, a wiki and issue tracking system, that allows download/upload of files and therefore can lead to remote code execution in some configurations. advisories/debian/debian-new-trac-package-fixes-uploaddownload-vulnerability |
||
| Debian: New zlib packages fix denial of service | ||
6th, July, 2005
An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file. advisories/debian/debian-new-zlib-packages-fix-denial-of-service |
||
| Debian: New bzip2 packages prevent decompression bomb | ||
7th, July, 2005
Chris Evans discovered that a specially crafted archive can trigger an infinete loop in bzip2, a high-quality block-sorting file compressor. advisories/debian/debian-new-bzip2-packages-prevent-decompression-bomb |
||
| Debian: New cvs packages fix arbitrary code execution | ||
7th, July, 2005
Derek Price, the current maintainer of CVS, discovered a buffer overflow in the CVS server, that serves the popular Concurrent Versions System, which could lead to the execution of arbitrary code. advisories/debian/debian-new-cvs-packages-fix-arbitrary-code-execution |
||
| Debian: New spamassassin packages fix potential DOS | ||
7th, July, 2005
A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack. advisories/debian/debian-new-spamassassin-packages-fix-potential-dos |
||
| Debian: New sudo packages fix pathname validation race | ||
7th, July, 2005
A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file. advisories/debian/debian-new-sudo-packages-fix-pathname-validation-race |
||
| Debian: New ht packages fix arbitrary code execution | ||
8th, July, 2005
Several problems have been discovered in ht, a viewer, editor and analyser for various executables, that may lead to the execution of arbitrary code. advisories/debian/debian-new-ht-packages-fix-arbitrary-code-execution |
||
| Debian: New fuse packages fix information disclosure | ||
8th, July, 2005
Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious local users to disclose potentially sensitive information. advisories/debian/debian-new-fuse-packages-fix-information-disclosure |
||
| Fedora | ||
| Fedora Core 3 Update: netpbm-10.27-4.FC3.1 | ||
1st, July, 2005
Updated package advisories/fedora/fedora-core-3-update-netpbm-1027-4fc31-12-24-00-119469 |
||
| Fedora Core 4 Update: netpbm-10.27-4.FC4.2 | ||
1st, July, 2005
Updated package. advisories/fedora/fedora-core-4-update-netpbm-1027-4fc42-12-25-00-119470 |
||
| Fedora Core 4 Update: kernel-2.6.12-1.1387_FC4 | ||
1st, July, 2005
Updated package. advisories/fedora/fedora-core-4-update-kernel-2612-11387fc4-15-12-00-119471 |
||
| Fedora Core 4 Update: cryptsetup-luks-1.0.1-0.fc4 | ||
1st, July, 2005
This update fixes twp incompatibilities:, when moving disks to/from 32/64-bit systems, when using piped passwords. advisories/fedora/fedora-core-4-update-cryptsetup-luks-101-0fc4-16-01-00-119472 |
||
| Fedora Core 3 Update: selinux-policy-targeted-1.17.30-3.16 | ||
4th, July, 2005
Updated package. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-316-21-10-00-119482 |
||
| Fedora Core 4 Update: kdevelop-3.2.1-0.fc4.2 | ||
5th, July, 2005
Updated package. advisories/fedora/subject-fedora-core-4-update-kdevelop-321-0fc42-09-42-00-119486 |
||
| Fedora Core 4 Update: kdeartwork-3.4.1-0.fc4.2 | ||
5th, July, 2005
Updated package. advisories/fedora/subject-fedora-core-4-update-kdeartwork-341-0fc42-09-43-00-119487 |
||
| Fedora Core 3 Update: kdenetwork-3.3.1-3.1 | ||
5th, July, 2005
Update package. advisories/fedora/subject-fedora-core-3-update-kdenetwork-331-31-10-44-00-119490 |
||
| Fedora Core 3 Update: php-4.3.11-2.6 | ||
5th, July, 2005
This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. advisories/fedora/fedora-core-3-update-php-4311-26-10-56-00-119491 |
||
| Fedora Core 4 Update: php-5.0.4-10.3 | ||
5th, July, 2005
This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. advisories/fedora/fedora-core-4-update-php-504-103-10-57-00-119492 |
||
| Fedora Core 4 Update: gjdoc-0.7.5-3 | ||
5th, July, 2005
Updated package. advisories/fedora/fedora-core-4-update-gjdoc-075-3-14-08-00-119494 |
||
| Fedora Core 4 Update: javacc-3.2-1jpp_2fc | ||
5th, July, 2005
Updated package. advisories/fedora/fedora-core-4-update-javacc-32-1jpp2fc-14-14-00-119495 |
||
| Fedora Core 4 Update: lucene-1.4.3-1jpp_3fc | ||
5th, July, 2005
Updated package. advisories/fedora/fedora-core-4-update-lucene-143-1jpp3fc-14-39-00-119496 |
||
| Fedora Core 4 Update: system-config-nfs-1.3.11-0.fc4.1 | ||
7th, July, 2005
advisories/fedora/fedora-core-4-update-system-config-nfs-1311-0fc41-10-52-00-119516 |
||
| Fedora Core 3 Update: zlib-1.2.1.2-2.fc3 | ||
7th, July, 2005
This update corrects security problem CAN-2005-2096. advisories/fedora/fedora-core-3-update-zlib-1212-2fc3-11-00-00-119517 |
||
| Fedora Core 4 Update: zlib-1.2.2.2-4.fc4 | ||
7th, July, 2005
This update corrects security problem CAN-2005-2096. advisories/fedora/fedora-core-4-update-zlib-1222-4fc4-11-00-00-119518 |
||
| Fedora Core 4 Update: grep-2.5.1-48.2 | ||
7th, July, 2005
This update fixes a regression in handling 'grep -Fw' for encodings other than UTF-8 (bug #161700). advisories/fedora/fedora-core-4-update-grep-251-482-12-00-00-119519 |
||
| Fedora Core 4 Update: selinux-policy-targeted-1.24-3 | ||
7th, July, 2005
Security-enhanced Linux is a patch of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. advisories/fedora/fedora-core-4-update-selinux-policy-targeted-124-3-21-36-00-119526 |
||
| Fedora Core 4 Update: kernel-2.6.12-1.1390_FC4 | ||
7th, July, 2005
advisories/fedora/fedora-core-4-update-kernel-2612-11390fc4-22-34-00-119527 |
||
| Gentoo | ||
| Gentoo: PEAR XML-RPC, phpxmlrpc PHP script injection | ||
3rd, July, 2005
The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands. |
||
| Gentoo: WordPress Multiple vulnerabilities | ||
4th, July, 2005
WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities. |
||
| Gentoo: phpBB Arbitrary command execution | ||
4th, July, 2005
A vulnerability in phpBB allows a remote attacker to execute arbitrary commands with the rights of the web server. |
||
| Gentoo: SpamAssassin 3, Vipul's Razor Denial of Service vulnerability | ||
4th, July, 2005
Sascha Lucas discovered that with certain malformed headers it was still possible to crash Vipul's Razor. The updated setions appear below. |
||
| Gentoo: RealPlayer Heap overflow vulnerability | ||
6th, July, 2005
RealPlayer is vulnerable to a heap overflow that could lead to remote execution of arbitrary code. |
||
| Gentoo: zlib Buffer overflow | ||
6th, July, 2005
A buffer overflow has been discovered in zlib, potentially resulting in the execution of arbitrary code. |
||
| Gentoo: TikiWiki Arbitrary command execution through XML-RPC | ||
6th, July, 2005
TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution. |
||
| Gentoo: Cacti Several vulnerabilities | ||
7th, July, 2005
Stefan Esser of the Hardened - PHP Project discovered that some of the recent vulnerabilities were incorrectly fixed, as well as a new vulnerability. The updated sections appear below. Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities. |
||
| Red Hat | ||
| RedHat: Critical: RealPlayer security update | ||
5th, July, 2005
An updated RealPlayer package that fixes a buffer overflow issue is now available. advisories/red-hat/redhat-critical-realplayer-security-update-56018 |
||
| RedHat: Important: zlib security update | ||
6th, July, 2005
Updated Zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-zlib-security-update-73777 |
||
| RedHat: Important: php security update | ||
7th, July, 2005
Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-php-security-update-98171 |
||
