LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: September 23rd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for turqstat, centericq, lm-sensors, kdebase, python, XFree86, Mailutils, Shorewall, mozilla, mod_ssl, clam, mod_ssl, Zebedee, umount, squid, and mod_ssl. The distributors include Debian, Fedora, Gentoo, and Red Hat.


Master of Science in Information Security - Earn your Master of Science in Information Security online from Norwich University. Designated a "Center of Excellence", the program offers a solid education in the management of information assurance, and the unique case study method melds theory into practice. Using today's e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

Security Basics

In the ever-changing world of global data communications, inexpensive Internet connections, and fast-paced software development, security is becoming more and more of an issue. Security is now a basic requirement because global computing is inherently insecure. As your data goes from point A to point B on the Internet, for example, it may pass through several other points along the way, giving other users the opportunity to intercept, and even alter, your data. Even other users on your system may maliciously transform your data into something you did not intend. Unauthorized access to your system may be obtained by intruders, also known as ``crackers'', who then use advanced knowledge to impersonate you, steal information from you, or even deny you access to your own resources. If you're still wondering what the difference is between a ``Hacker'' and a ``Cracker'', see Eric Raymond's document, ``How to Become A Hacker'', available at: http://www.catb.org/~esr/faqs/hacker-howto.html

How Vulnerable Are We?

While it is difficult to determine just how vulnerable a particular system is, there are several indications we can use:

  • The Computer Emergency Response Team consistently reports an increase in computer vulnerabilities and exploits.
  • TCP and UDP, the protocols that comprise the Internet, were not written with security as their first priority when it was created more than 30 years ago.
  • A version of software on one host has the same vulnerabilities as the same version of software on another host. Using this information, an intruder can exploit multiple systems using the same attack method.
  • Many administrators don't even take simple security measures necessary to protect their site, or don't understand the ramifications of implementing some services. Many administrators are not given the additional time necessary to integrate the necessary security measures.

Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@guardiandigital.com)


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


  Debian: New turqstat packages fix buffer overflow
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120389
 
  Debian: New centericq packages fix several vulnerabilities
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120392
 
  Debian: New lm-sensors packages fix insecure temporary file
  15th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120395
 
  Debian: New kdebase packages fix local root vulnerability
  16th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120399
 
  Debian: New python2.2 packages fix arbitrary code execution
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120425
 
  Debian: New XFree86 packages fix arbitrary code execution
  22nd, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120426
 
  Fedora Core 4 Update: dia-0.94-12.fc4
  16th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120400
 
  Fedora Core 4 Update: qt-3.3.4-15.4
  16th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120401
 
  Gentoo: Py2Play Remote execution of arbitrary Python
  17th, September, 2005

A design error in Py2Play allows attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120402
 
  Gentoo: Mailutils Format string vulnerability in imap4d
  17th, September, 2005

The imap4d server contains a vulnerability allowing an authenticated user to execute arbitrary code with the privileges of the imap4d process.

http://www.linuxsecurity.com/content/view/120403
 
  Gentoo: Shorewall Security policy bypass
  17th, September, 2005

A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.

http://www.linuxsecurity.com/content/view/120404
 
  Gentoo: Mozilla Suite, Mozilla Firefox Buffer overflow
  18th, September, 2005

Mozilla Suite and Firefox are vulnerable to a buffer overflow that might be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120405
 
  Gentoo: Apache, mod_ssl Multiple vulnerabilities
  19th, September, 2005

mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation.

http://www.linuxsecurity.com/content/view/120408
 
  Gentoo: Clam AntiVirus Multiple vulnerabilities
  19th, September, 2005

Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service to execution of arbitrary code when handling compressed executables.

http://www.linuxsecurity.com/content/view/120409
 
  Gentoo: Apache, mod_ssl Multiple vulnerabilities
  19th, September, 2005

mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation.

http://www.linuxsecurity.com/content/view/120411
 
  Gentoo: Shorewall Security policy bypass
  19th, September, 2005

A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.

http://www.linuxsecurity.com/content/view/120412
 
  Gentoo: Zebedee Denial of Service vulnerability
  20th, September, 2005

A bug in Zebedee allows a remote attacker to perform a Denial of Service attack.

http://www.linuxsecurity.com/content/view/120417
 
  Gentoo: util-linux umount command validation error
  20th, September, 2005

A command validation error in umount can lead to an escalation of privileges.

http://www.linuxsecurity.com/content/view/120418
 
  RedHat: Important: XFree86 security update
  15th, September, 2005

This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120390
 
  RedHat: Important: squid security update
  15th, September, 2005

An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120391
 
  RedHat: Important: mod_ssl security update
  15th, September, 2005

An updated mod_ssl package for Apache that corrects a security issue is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120396
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.