Linux Advisory Watch: July 22nd 2005 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 20th, 2013

Linux Advisory Watch: May 17th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Linux Advisory Watch: July 22nd 2005

User Rating:

How can I rate this item?

Source: LinuxSecurity.com Contributors - Posted by Pax Dickinson

This week, advisories were released for krb5, heimdal, phpgadmin, ekg, heartbeat, affix, zlib, cacti, java, diskdumputils, radvd, bind, kdelibs, freeradius, firefox, thunderbird, ypserv, mysql, setarch, openoffice, pvm, fetchmail, mozilla, epiphany, devhelp, yelp, php, ruby, acroread, phpgroupware, dhcpd, mediawiki, cpio, shorewall, and kdenetwork. The distributors include Debian, Fedora, Gentoo, and Red Hat.

Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

Network Server Monitoring With Nmap
By: Pax Dickinson

Portscanning, for the uninitiated, involves sending connection requests to a remote host to determine what ports are open for connections and possibly what services they are exporting. Portscanning is the first step a hacker will take when attempting to penetrate your system, so you should be preemptively scanning your own servers and networks to discover vulnerabilities before someone unfriendly gets there first.

Any open ports that are unnecessary for proper system operation should be closed. Every open port is a possible access point for an unauthorized user, and every service accepting connections from the world could have a vulnerability. Even if you are diligent about applying patches, any unnecessarily running service is still a window an attacker could possibly climb through.

One way of viewing open ports on your Linux system is with the netstat command. Issue the command netstat --inet -a to view both your established connections and open listening network ports. This command reads from your /etc/services file to determine the service name for a given port number, so seeing *:www under the Local Address heading indicates your server's port 80 is open and listening, not that there is necessarily a webserver running on that port. You should check the list and ensure that the servers listening are indeed desired, and if they are not, they should be disabled. For example, this output shows me that my system is accepting connections on the ports for www, ssh, smtp and https.

Read Complete Article:
http://www.linuxsecurity.com/content/view/119808/49/

LinuxSecurity.com Feature Extras:

Pull The Plug Revisited: An Interview Five Years Later - Five years after our original interview with Brian Gemberling, founder of PullthePlug.org, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Read more to find out...

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

	Debian
	Debian: New krb5 packages fix multiple vulnerabilities
	17th, July, 2005 Daniel Wachdorf reported two problems in the MIT krb5 distribution used for network authentication. http://www.linuxsecurity.com/content/view/119798

	Debian: New heimdal packages fix arbitrary code execution
	18th, July, 2005 A buffer overflow has been discovered in the telnet server from Heimdal, a free implementation of Kerberos 5, that could lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/119802

	Debian: New phppgadmin packages fix directory traversal vulnerability
	18th, July, 2005 A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that "magic_quotes_gpc" is disabled. http://www.linuxsecurity.com/content/view/119804

	Debian: New ekg packages fix several vulnerabilities
	18th, July, 2005 Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. http://www.linuxsecurity.com/content/view/119812

	Debian: New heartbeat packages fix insecure temporary files
	19th, July, 2005 Eric Romang discovered several insecure temporary file creations in heartbeat, the subsystem for High-Availability Linux. http://www.linuxsecurity.com/content/view/119816

	Debian: New affix packages fix arbitrary command and code execution
	19th, July, 2005 Kevin Finisterre discovered two problems in the Bluetooth FTP client from affix, user space utilities for the Affix Bluetooth protocol stack. http://www.linuxsecurity.com/content/view/119817

	Debian: New zlib packages fix buffer overflow
	20th, July, 2005 Flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file. http://www.linuxsecurity.com/content/view/119837

	Debian: New cacti packages fix several vulnerabilities
	21st, July, 2005 Several vulnerabilities have been discovered in cacti, a round-robin database (RRD) tool that helps create graphs from database information. http://www.linuxsecurity.com/content/view/119838

	Fedora
	Fedora Core 4 Update: java-1.4.2-gcj-compat-1.4.2.0-40jpp_31rh.FC4.1
	18th, July, 2005 Cope with impending libgcj and eclipse-ecj updates and provide aot-compile-rpm. http://www.linuxsecurity.com/content/view/119809

	Fedora Core 3 Update: diskdumputils-1.1.7-3
	18th, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119810

	Fedora Core 4 Update: diskdumputils-1.1.7-4
	18th, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119811

	Fedora Core 4 Update: radvd-0.8-1.FC4
	18th, July, 2005 New package released. http://www.linuxsecurity.com/content/view/119814

	Fedora Core 3 Update: radvd-0.8-1.FC3
	18th, July, 2005 New package released. http://www.linuxsecurity.com/content/view/119815

	Fedora Core 4 Update: bind-9.3.1-8.FC4
	19th, July, 2005 Fix named.init script bugs. http://www.linuxsecurity.com/content/view/119820

	Fedora Core 3 Update: bind-9.2.5-3
	19th, July, 2005 Fix named.init script bugs. http://www.linuxsecurity.com/content/view/119821

	Fedora Core 3 Update: radvd-0.8-2.FC3
	19th, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119822

	Fedora Core 4 Update: radvd-0.8-2.FC4
	19th, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119823

	Fedora Core 3 Update: kdelibs-3.3.1-2.14.FC3
	19th, July, 2005 A flaw was discovered affecting Kate, the KDE advanced text editor, and Kwrite. Depending on system settings it may be possible for a local user to read the backup files created by Kate or Kwrite. http://www.linuxsecurity.com/content/view/119824

	Fedora Core 4 Update: freeradius-1.0.4-1.FC4.1
	20th, July, 2005 Fixes missing ldap plugin. http://www.linuxsecurity.com/content/view/119828

	Fedora Core 3 Update: firefox-1.0.6-1.1.fc3
	20th, July, 2005 Fix various security related bugs. http://www.linuxsecurity.com/content/view/119831

	Fedora Core 3 Update: thunderbird-1.0.6-1.1.fc3
	20th, July, 2005 Fix various security related bugs. http://www.linuxsecurity.com/content/view/119832

	Fedora Core 4 Update: firefox-1.0.6-1.1.fc4
	20th, July, 2005 Fix various security related bugs. http://www.linuxsecurity.com/content/view/119833

	Fedora Core 4 Update: thunderbird-1.0.6-1.1.fc4
	20th, July, 2005 Fix various security related bugs. http://www.linuxsecurity.com/content/view/119834

	Fedora Core 4 Update: ypserv-2.13-7
	20th, July, 2005 Fix crash with ypxfr caused by failing to zero out data. http://www.linuxsecurity.com/content/view/119836

	Fedora Core 4 Update: mysql-4.1.12-2.FC4.1
	20th, July, 2005 Update to MySQL 4.1.12 (includes a low-impact security fix, see bz#158689). Repair some issues in openssl support. Re-enable the old ISAM table type. http://www.linuxsecurity.com/content/view/119835

	Fedora Core 4 Update: setarch-1.8-1.FC4
	21st, July, 2005 Bugfix package release. http://www.linuxsecurity.com/content/view/119842

	Fedora Core 4 Update: openoffice.org-1.9.117-3.1.0.fc4
	21st, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119843

	Fedora Core 3 Update: pvm-3.4.5-5_FC3
	21st, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119844

	Fedora Core 4 Update: pvm-3.4.5-5_FC4
	21st, July, 2005 Updated package released. http://www.linuxsecurity.com/content/view/119845

	Fedora Core 4 Update: fetchmail-6.2.5-7.fc4.1
	21st, July, 2005 A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause fetchmail to execute arbitrary code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2355 to this issue. All fetchmail users should upgrade to the updated package, which fixes this issue. http://www.linuxsecurity.com/content/view/119846

	Fedora Core 3 Update: fetchmail-6.2.5-7.fc3.1
	21st, July, 2005 A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause fetchmail to execute arbitrary code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2355 to this issue. All fetchmail users should upgrade to the updated package, which fixes this issue. http://www.linuxsecurity.com/content/view/119847

	Fedora Core 3 Update: mozilla-1.7.10-1.3.1
	22nd, July, 2005 Package repairs various vulnerabilities. http://www.linuxsecurity.com/content/view/119853

	Fedora Core 3 Update: epiphany-1.4.4-4.3.5
	22nd, July, 2005 There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/119854

	Fedora Core 3 Update: devhelp-0.9.2-2.3.5
	22nd, July, 2005 There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/119855

	Fedora Core 4 Update: mozilla-1.7.10-1.5.1
	22nd, July, 2005 Package repairs various vulnerabilities. http://www.linuxsecurity.com/content/view/119856

	Fedora Core 4 Update: epiphany-1.6.3-2
	22nd, July, 2005 There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/119857

	Fedora Core 4 Update: devhelp-0.10-1.4.1
	22nd, July, 2005 There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/119858

	Fedora Core 4 Update: yelp-2.10.0-1.4.1
	22nd, July, 2005 There were several security flaws found in the mozilla package, which yelp depends on. Users of yelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws. http://www.linuxsecurity.com/content/view/119859

	Gentoo
	Gentoo: Mozilla Firefox Multiple Vulnerabilities
	15th, July, 2005 Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak. http://www.linuxsecurity.com/content/view/119617

	Gentoo: PHP Script injection through XML-RPC
	15th, July, 2005 PHP includes an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands. http://www.linuxsecurity.com/content/view/119622

	Gentoo: Ruby Arbitrary command execution through XML-RPC
	15th, July, 2005 A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute arbitrary commands. http://www.linuxsecurity.com/content/view/119628

	Gentoo: Adobe Acrobat Reader Buffer overflow vulnerability
	15th, July, 2005 Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/119629

	Gentoo: phpGroupWare, eGroupWare PHP script injection vulnerability
	15th, July, 2005 phpGroupWare and eGroupWare include an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands. http://www.linuxsecurity.com/content/view/119630

	Gentoo: dhcpcd Denial of Service vulnerability
	15th, July, 2005 A vulnerability in dhcpcd may cause the dhcpcd daemon to crash. http://www.linuxsecurity.com/content/view/119632

	Gentoo: Mozilla Thunderbird Multiple Vulnerabilities
	18th, July, 2005 Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak. http://www.linuxsecurity.com/content/view/119803

	Gentoo: Mozilla Thunderbird Multiple vulnerabilities
	19th, July, 2005 Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leaks. http://www.linuxsecurity.com/content/view/119825

	Gentoo: MediaWiki Cross-site scripting vulnerability
	20th, July, 2005 MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution. http://www.linuxsecurity.com/content/view/119826

	Gentoo: zlib Buffer overflow
	22nd, July, 2005 zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119860

	Gentoo: Shorewall Security policy bypass
	22nd, July, 2005 A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules. http://www.linuxsecurity.com/content/view/119861

	Red Hat
	RedHat: Important: firefox security update
	21st, July, 2005 An updated firefox package that fixes various security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119839

	RedHat: Low: cpio security update
	21st, July, 2005 An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119848

	RedHat: Important: zlib security update
	21st, July, 2005 Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119849

	RedHat: Important: thunderbird security update
	21st, July, 2005 Updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119850

	RedHat: Critical: kdenetwork security update
	21st, July, 2005 Updated kdenetwork packages to correct a security flaw in Kopete are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119852

	RedHat: Important: mozilla security update
	22nd, July, 2005 Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/119862