LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: September 2nd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for courier, libpman-ldap, simple proxy, backup-manager, kismet, php, phpldapadmin, maildrop, pstotext, sqwebmail, polygen, audit, freeradius, openmotif, freeradius, openmotif, php, ntp, openoffice, lesstif, libsoup, evolution, kernel, selinux- policy-targed, policycoreutils, xen, dbus, evince, poppler, phpWiki, phpGroupWare, phpWebSite, pam_ldap, and mplayer. The distributors include Debian, Fedora, Gentoo, and Red Hat.


Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

Introduction: IP Spoofing, Part II
IP Fragment Attacks:

When packets are too large to be sent in a single IP packet, due to interface hardware limitations for example, an intermediate router can split them up unless prohibited by the Don't Fragment flag. IP fragmentation occurs when a router receives a packet larger than the MTU (Maximum Transmission Unit) of the next network segment. All such fragments will have the same Identification field value, and the fragment offset indicates the position of the current fragment in the context of the pre-split up packet. Intermediate routers are not expected to re-assemble the fragments. The final destination will reassemble all the fragments of an IP packet and pass it to higher protocol layers like TCP or UDP.

Attackers create artificially fragmented packets in order to circumvent firewalls that do not perform packet reassembly. These only consider the properties of each individual fragment, and let the fragments through to final destination. One such attack involving fragments is known as the tiny fragment attack.

Two TCP fragments are created. The first fragment is so small that it does not even include the full TCP header, particularly the destination port number. The second fragment contains the remainder of the TCP header, including the port number. Another such type of malicious fragmentation involves fragments that have illegal fragment offsets.

A fragment offset value gives the index position of this fragment's data in a reassembled packet. The second fragment packet contains an offset value, which is less than the length of the data in the first packet. E.g..

If the first fragment was 24 bytes long, the second fragment may claim to have an offset of 20. Upon reassembly, the data in the second fragment overwrites the last four bytes of the data from the first fragment. If the unfragmented packet were TCP, then the first fragment would contain the TCP header overwriting the destination port number.

In the IP layer implementations of nearly all OS, there are bugs in the reassembly code. An attacker can create and send a pair of carefully crafted but malformed IP packets that in the process of reassembly cause a server to panic and crash. The receiving host attempts to reassemble such a packet, it calculates a negative length for the second fragment. This value is passed to a function (such as memcpy ()), which should do a copy from/ to memory, which takes the negative number to be an enormous unsigned (positive) number.

Another type of attack involves sending fragments that if reassembled will be an abnormally large packet, larger than the maximum permissible length for an IP packet. The attacker hopes that the receiving host will crash while attempting to reassemble the packet. The Ping of Death used this attack. It creates an ICMP echo request packet, which is larger than the maximum packet size of 65,535 bytes.

READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/120225/49/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New courier packages fix denial of service
  25th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120213
 
  Debian: New libpam-ldap packages fix authentication bypass
  25th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120222
 
  Debian: New simpleproxy packages fix arbitrary code execution
  26th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120227
 
  Debian: New backup-manager package fixes several vulnerabilities
  26th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120228
 
  Debian: New kismet packages fix arbitrary code execution
  29th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120243
 
  Debian: New PHP 4 packages fix several vulnerabilities
  29th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120248
 
  Debian: New phpldapadmin packages fix unauthorised access
  30th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120253
 
  Debian: New maildrop packages fix arbitrary group mail command execution
  30th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120254
 
  Debian: New pstotext packages fix arbitrary command execution
  31st, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120264
 
  Debian: New sqwebmail packages fix cross-site scripting
  1st, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120273
 
  Debian: New Mozilla Firefox packages fix several vulnerabilities
  1st, September, 2005

Update Package.

http://www.linuxsecurity.com/content/view/120278
 
  Debian: New polygen packages fix denial of service
  1st, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120280
 
   Fedora
  Fedora Core 4 Update: audit-1.0.3-1.fc4
  25th, August, 2005

This update corrects a flaw where the devmajor, devminor, success, exit, and inode values for syscall rules was getting set to 0 before sending to the kernel.

http://www.linuxsecurity.com/content/view/120218
 
  Fedora Core 3 Update: freeradius-1.0.1-2.FC3.1
  25th, August, 2005

Update package.

http://www.linuxsecurity.com/content/view/120219
 
  Fedora Core 3 Update: openmotif-2.2.3-9.FC3.1
  25th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120220
 
  Fedora Core 3 Update: php-4.3.11-2.7
  25th, August, 2005

This update includes the latest upstream version of the PEAR XML_RPC package, which fixes a security issue in request parsing in the XML_RPC Server code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.

http://www.linuxsecurity.com/content/view/120221
 
  Fedora Core 4 Update: php-5.0.4-10.4
  25th, August, 2005

This update includes the latest upstream version of the PEAR XML_RPC package, which fixes a security issue in request parsing in the XML_RPC Server code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.

http://www.linuxsecurity.com/content/view/120223
 
  Fedora Core 3 Update: ntp-4.2.0.a.20040617-5.FC3
  26th, August, 2005

When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. This problem is now fixed by this update.

http://www.linuxsecurity.com/content/view/120232
 
  Fedora Core 4 Update: openoffice.org-1.9.125-1.1.0.fc4
  26th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120233
 
  Fedora Core 3 Update: lesstif-0.93.36-6.FC3.2
  26th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120234
 
  Fedora Core 4 Update: libsoup-2.2.3-4.FC4
  26th, August, 2005

Fixes a problem with NTLM authentication in evolution-connector with usernames of the form DOMAINUSERNAME

http://www.linuxsecurity.com/content/view/120235
 
  Fedora Core 3 Update: libsoup-2.2.2-2.FC3
  26th, August, 2005

Fixes a problem with NTLM authentication in evolution-connector with usernames of the form DOMAINUSERNAME

http://www.linuxsecurity.com/content/view/120236
 
  Fedora Core 3 Update: evolution-connector-2.0.4-2
  26th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120237
 
  Fedora Core 4 Update: kernel-2.6.12-1.1447_FC4
  28th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120239
 
  Fedora Core 3 Update: kernel-2.6.12-1.1376_FC3
  28th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120240
 
  Fedora Core 4 Update: selinux-policy-targeted-1.25.4-10
  29th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120245
 
  Fedora Core 4 Update: policycoreutils-1.23.11-3.2
  29th, August, 2005

Fix updates to not travers NFS home dirs.

http://www.linuxsecurity.com/content/view/120247
 
  Fedora Core 4 Update: xen-2-20050823
  29th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120251
 
  Fedora Core 4 Update: dbus-0.33-3.fc4.1
  29th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120252
 
  Fedora Core 4 Update: evince-0.4.0-1.1
  31st, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120270
 
  Fedora Core 4 Update: poppler-0.4.1-1.1
  31st, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120271
 
  Fedora Core 4 Update: xorg-x11-6.8.2-37.FC4.45
  31st, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120272
 
  Fedora Core 4 Update: evince-0.4.0-1.2
  1st, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120279
 
   Gentoo
  Gentoo: Kismet Multiple vulnerabilities
  26th, August, 2005

Kismet is vulnerable to multiple issues potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120231
 
  Gentoo: Apache 2.0 Denial of Service vulnerability
  25th, August, 2005

A bug in Apache may allow a remote attacker to perform a Denial of Service attack.

http://www.linuxsecurity.com/content/view/120208
 
  Gentoo: Tor Information disclosure
  25th, August, 2005

A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality.

http://www.linuxsecurity.com/content/view/120209
 
  Gentoo: libpcre Heap integer overflow
  25th, August, 2005

libpcre is vulnerable to a heap integer overflow, possibly leading to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120224
 
  Gentoo: PhpWiki Arbitrary command execution through XML-RPC
  26th, August, 2005

PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command execution.

http://www.linuxsecurity.com/content/view/120229
 
  Gentoo: lm_sensors Insecure temporary file creation
  30th, August, 2005

lm_sensors is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120260
 
  Gentoo: phpGroupWare Multiple vulnerabilities
  30th, August, 2005

phpGroupWare is vulnerable to multiple issues ranging from information disclosure to a potential execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120261
 
  Gentoo: phpWebSite Arbitrary command execution through XML-RPC and SQL injection
  31st, August, 2005

phpWebSite is vulnerable to multiple issues which result in the execution of arbitrary code and SQL injection.

http://www.linuxsecurity.com/content/view/120267
 
  Gentoo: pam_ldap Authentication bypass vulnerability
  31st, August, 2005

pam_ldap contains a vulnerability that may allow a remote attacker to gain system access.

http://www.linuxsecurity.com/content/view/120268
 
  Gentoo: MPlayer Heap overflow in ad_pcm.c
  1st, September, 2005

A heap overflow in MPlayer might lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120276
 
   Red Hat
  RedHat: Important: kernel security update
  25th, August, 2005

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120216
 
  RedHat: Important: kernel security update
  25th, August, 2005

Updated kernel packages are now available to correct security issues and bugs for Red Hat Enterprise Linux version 2.1 (Itanium). This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120217
 
  RedHat: Important: Evolution security update
  29th, August, 2005

Updated evolution packages that fix a format string issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120249
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.