Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Introduction: IP Spoofing, Part II
IP Fragment Attacks:
When packets are too large to be sent in a single IP packet, due to interface hardware limitations for example, an intermediate router can split them up unless prohibited by the Don't Fragment flag. IP fragmentation occurs when a router receives a packet larger than the MTU (Maximum Transmission Unit) of the next network segment. All such fragments will have the same Identification field value, and the fragment offset indicates the position of the current fragment in the context of the pre-split up packet. Intermediate routers are not expected to re-assemble the fragments. The final destination will reassemble all the fragments of an IP packet and pass it to higher protocol layers like TCP or UDP.
Attackers create artificially fragmented packets in order to circumvent firewalls that do not perform packet reassembly. These only consider the properties of each individual fragment, and let the fragments through to final destination. One such attack involving fragments is known as the tiny fragment attack.
Two TCP fragments are created. The first fragment is so small that it does not even include the full TCP header, particularly the destination port number. The second fragment contains the remainder of the TCP header, including the port number. Another such type of malicious fragmentation involves fragments that have illegal fragment offsets.
A fragment offset value gives the index position of this fragment's data in a reassembled packet. The second fragment packet contains an offset value, which is less than the length of the data in the first packet. E.g..
If the first fragment was 24 bytes long, the second fragment may claim to have an offset of 20. Upon reassembly, the data in the second fragment overwrites the last four bytes of the data from the first fragment. If the unfragmented packet were TCP, then the first fragment would contain the TCP header overwriting the destination port number.
In the IP layer implementations of nearly all OS, there are bugs in the reassembly code. An attacker can create and send a pair of carefully crafted but malformed IP packets that in the process of reassembly cause a server to panic and crash. The receiving host attempts to reassemble such a packet, it calculates a negative length for the second fragment. This value is passed to a function (such as memcpy ()), which should do a copy from/ to memory, which takes the negative number to be an enormous unsigned (positive) number.
Another type of attack involves sending fragments that if reassembled will be an abnormally large packet, larger than the maximum permissible length for an IP packet. The attacker hopes that the receiving host will crash while attempting to reassemble the packet. The Ping of Death used this attack. It creates an ICMP echo request packet, which is larger than the maximum packet size of 65,535 bytes.
READ ENTIRE ARTICLE:
features/features/introduction-ip-spoofing
LinuxSecurity.com Feature Extras:
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.
Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New courier packages fix denial of service | ||
| 25th, August, 2005
Updated package. advisories/debian/debian-new-courier-packages-fix-denial-of-service-8523 |
||
| Debian: New libpam-ldap packages fix authentication bypass | ||
| 25th, August, 2005
Updated package. advisories/debian/debian-new-libpam-ldap-packages-fix-authentication-bypass |
||
| Debian: New simpleproxy packages fix arbitrary code execution | ||
| 26th, August, 2005
Updated package. advisories/debian/debian-new-simpleproxy-packages-fix-arbitrary-code-execution |
||
| Debian: New backup-manager package fixes several vulnerabilities | ||
| 26th, August, 2005
Updated package. advisories/debian/debian-new-backup-manager-package-fixes-several-vulnerabilities |
||
| Debian: New kismet packages fix arbitrary code execution | ||
| 29th, August, 2005
Updated package. advisories/debian/debian-new-kismet-packages-fix-arbitrary-code-execution |
||
| Debian: New PHP 4 packages fix several vulnerabilities | ||
| 29th, August, 2005
Updated package. advisories/debian/debian-new-php-4-packages-fix-several-vulnerabilities |
||
| Debian: New phpldapadmin packages fix unauthorised access | ||
| 30th, August, 2005
Updated package. advisories/debian/debian-new-phpldapadmin-packages-fix-unauthorised-access |
||
| Debian: New maildrop packages fix arbitrary group mail command execution | ||
| 30th, August, 2005
Updated package. advisories/debian/debian-new-maildrop-packages-fix-arbitrary-group-mail-command-execution |
||
| Debian: New pstotext packages fix arbitrary command execution | ||
| 31st, August, 2005
Updated package. advisories/debian/debian-new-pstotext-packages-fix-arbitrary-command-execution |
||
| Debian: New sqwebmail packages fix cross-site scripting | ||
| 1st, September, 2005
Updated package. advisories/debian/debian-new-sqwebmail-packages-fix-cross-site-scripting |
||
| Debian: New Mozilla Firefox packages fix several vulnerabilities | ||
| 1st, September, 2005
Update Package. advisories/debian/debian-new-mozilla-firefox-packages-fix-several-vulnerabilities-71271 |
||
| Debian: New polygen packages fix denial of service | ||
| 1st, September, 2005
Updated package. advisories/debian/debian-new-polygen-packages-fix-denial-of-service |
||
| Fedora | ||
| Fedora Core 4 Update: audit-1.0.3-1.fc4 | ||
| 25th, August, 2005
This update corrects a flaw where the devmajor, devminor, success, exit, and inode values for syscall rules was getting set to 0 before sending to the kernel. advisories/fedora/fedora-core-4-update-audit-103-1fc4-12-59-00-120218 |
||
| Fedora Core 3 Update: freeradius-1.0.1-2.FC3.1 | ||
| 25th, August, 2005
Update package. advisories/fedora/fedora-core-3-update-freeradius-101-2fc31-12-59-00-120219 |
||
| Fedora Core 3 Update: openmotif-2.2.3-9.FC3.1 | ||
| 25th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-openmotif-223-9fc31-13-00-00-120220 |
||
| Fedora Core 3 Update: php-4.3.11-2.7 | ||
| 25th, August, 2005
This update includes the latest upstream version of the PEAR XML_RPC package, which fixes a security issue in request parsing in the XML_RPC Server code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue. advisories/fedora/fedora-core-3-update-php-4311-27-13-01-00-120221 |
||
| Fedora Core 4 Update: php-5.0.4-10.4 | ||
| 25th, August, 2005
This update includes the latest upstream version of the PEAR XML_RPC package, which fixes a security issue in request parsing in the XML_RPC Server code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue. advisories/fedora/fedora-core-4-update-php-504-104-13-01-00-120223 |
||
| Fedora Core 3 Update: ntp-4.2.0.a.20040617-5.FC3 | ||
| 26th, August, 2005
When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. This problem is now fixed by this update. advisories/fedora/fedora-core-3-update-ntp-420a20040617-5fc3-14-26-00-120232 |
||
| Fedora Core 4 Update: openoffice.org-1.9.125-1.1.0.fc4 | ||
| 26th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-openofficeorg-19125-110fc4-14-27-00-120233 |
||
| Fedora Core 3 Update: lesstif-0.93.36-6.FC3.2 | ||
| 26th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-lesstif-09336-6fc32-14-27-00-120234 |
||
| Fedora Core 4 Update: libsoup-2.2.3-4.FC4 | ||
| 26th, August, 2005
Fixes a problem with NTLM authentication in evolution-connector with usernames of the form DOMAINUSERNAME advisories/fedora/fedora-core-4-update-libsoup-223-4fc4-17-44-00-120235 |
||
| Fedora Core 3 Update: libsoup-2.2.2-2.FC3 | ||
| 26th, August, 2005
Fixes a problem with NTLM authentication in evolution-connector with usernames of the form DOMAINUSERNAME advisories/fedora/fedora-core-3-update-libsoup-222-2fc3-17-45-00-120236 |
||
| Fedora Core 3 Update: evolution-connector-2.0.4-2 | ||
| 26th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-evolution-connector-204-2-20-32-00-120237 |
||
| Fedora Core 4 Update: kernel-2.6.12-1.1447_FC4 | ||
| 28th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-kernel-2612-11447fc4-22-04-00-120239 |
||
| Fedora Core 3 Update: kernel-2.6.12-1.1376_FC3 | ||
| 28th, August, 2005
Updated package. advisories/fedora/fedora-core-3-update-kernel-2612-11376fc3-22-05-00-120240 |
||
| Fedora Core 4 Update: selinux-policy-targeted-1.25.4-10 | ||
| 29th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-selinux-policy-targeted-1254-10-11-27-00-120245 |
||
| Fedora Core 4 Update: policycoreutils-1.23.11-3.2 | ||
| 29th, August, 2005
Fix updates to not travers NFS home dirs. advisories/fedora/fedora-core-4-update-policycoreutils-12311-32-11-27-00-120247 |
||
| Fedora Core 4 Update: xen-2-20050823 | ||
| 29th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-xen-2-20050823-23-30-00-120251 |
||
| Fedora Core 4 Update: dbus-0.33-3.fc4.1 | ||
| 29th, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-dbus-033-3fc41-23-31-00-120252 |
||
| Fedora Core 4 Update: evince-0.4.0-1.1 | ||
| 31st, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-evince-040-11-15-01-00-120270 |
||
| Fedora Core 4 Update: poppler-0.4.1-1.1 | ||
| 31st, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-poppler-041-11-15-01-00-120271 |
||
| Fedora Core 4 Update: xorg-x11-6.8.2-37.FC4.45 | ||
| 31st, August, 2005
Updated package. advisories/fedora/fedora-core-4-update-xorg-x11-682-37fc445-21-36-00-120272 |
||
| Fedora Core 4 Update: evince-0.4.0-1.2 | ||
| 1st, September, 2005
Updated package. advisories/fedora/fedora-core-4-update-evince-040-12-11-23-00-120279 |
||
| Gentoo | ||
| Gentoo: Kismet Multiple vulnerabilities | ||
| 26th, August, 2005
Kismet is vulnerable to multiple issues potentially resulting in the execution of arbitrary code. |
||
| Gentoo: Apache 2.0 Denial of Service vulnerability | ||
| 25th, August, 2005
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. |
||
| Gentoo: Tor Information disclosure | ||
| 25th, August, 2005
A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality. |
||
| Gentoo: libpcre Heap integer overflow | ||
| 25th, August, 2005
libpcre is vulnerable to a heap integer overflow, possibly leading to the execution of arbitrary code. |
||
| Gentoo: PhpWiki Arbitrary command execution through XML-RPC | ||
| 26th, August, 2005
PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command execution. |
||
| Gentoo: lm_sensors Insecure temporary file creation | ||
| 30th, August, 2005
lm_sensors is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: phpGroupWare Multiple vulnerabilities | ||
| 30th, August, 2005
phpGroupWare is vulnerable to multiple issues ranging from information disclosure to a potential execution of arbitrary code. |
||
| Gentoo: phpWebSite Arbitrary command execution through XML-RPC and SQL injection | ||
| 31st, August, 2005
phpWebSite is vulnerable to multiple issues which result in the execution of arbitrary code and SQL injection. |
||
| Gentoo: pam_ldap Authentication bypass vulnerability | ||
| 31st, August, 2005
pam_ldap contains a vulnerability that may allow a remote attacker to gain system access. |
||
| Gentoo: MPlayer Heap overflow in ad_pcm.c | ||
| 1st, September, 2005
A heap overflow in MPlayer might lead to the execution of arbitrary code. |
||
| Red Hat | ||
| RedHat: Important: kernel security update | ||
| 25th, August, 2005
Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
| RedHat: Important: kernel security update | ||
| 25th, August, 2005
Updated kernel packages are now available to correct security issues and bugs for Red Hat Enterprise Linux version 2.1 (Itanium). This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-kernel-security-update-85756 |
||
| RedHat: Important: Evolution security update | ||
| 29th, August, 2005
Updated evolution packages that fix a format string issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-evolution-security-update-RHSA-2007-0509-01 |
||
