LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: October 7th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for gtkdiskfree, util-linux, ClamAV, loop-aes, helix-player, backupninja, squid, mysql, ntlmaps, mysql-dfsg, gopher, prozilla, cfengine, mozilla-firefox, apachetop, drupal, mailutils, egroupware, arc, mod-auth-shadow, mason, slocate, vixie-cron, net-snmp, kernel, openssh, binutils, perl, and gdb. The distributors include Debian, Gentoo, and Red Hat.


EnGarde Secure Linux 3.0 - Download Now!

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information

LEARN MORE:
http://www.guardiandigital.com/products/software/community/esl.html


Denial of Service Attacks
Dave Wreski

A "Denial of Service" (DoS) attack is one where the attacker tries to make some resource too busy to answer legitimate requests, or to deny legitimate users access to your machine.

Denial of service attacks have increased greatly in recent years. Some of the more popular and recent ones are listed below. Note that new ones show up all the time, so this is just a few examples. Read the Linux security lists and the bugtraq list and archives for more current information.

  • SYN Flooding - SYN flooding is a network denial of service attack. It takes advantage of a "loophole" in the way TCP connections are created. The newer Linux kernels (2.0.30 and up) have several configurable options to prevent SYN flood attacks from denying people access to your machine or services. See Section 7 for proper kernel protection options.

  • Ping Flooding - Ping flooding is a simple brute-force denial of service attack. The attacker sends a "flood" of ICMP packets to your machine. If they are doing this from a host with better bandwidth than yours, your machine will be unable to send anything on the network. A variation on this attack, called "smurfing", sends ICMP packets to a host with your machine's return IP, allowing them to flood you less detectably.

  • Ping o' Death - The Ping o' Death attack sends ICMP ECHO REQUEST packets that are too large to fit in the kernel data structures intended to store them. Because sending a single, large (65,510 bytes) "ping" packet to many systems will cause them to hang or even crash, this problem was quickly dubbed the "Ping o' Death." This one has long been fixed, and is no longer anything to worry about.

  • Teardrop / New Tear - One of the most recent exploits involves a bug present in the IP fragmentation code on Linux and Windows platforms. It is fixed in kernel version 2.0.33, and does not require selecting any kernel compile-time options to utilize the fix. Linux is apparently not vulnerable to the "newtear" exploit.

Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New gtkdiskfree packages fix insecure temporary file
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120472
 
  Debian: New util-linux packages fix privilege escalation
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120473
 
  Debian: New ClamAV packages fix denial of service
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120477
 
  Debian: New loop-aes-utils packages fix privilege escalation
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120478
 
  Debian: New helix-player packages fix multiple vulnerabilities
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120479
 
  Debian: New backupninja packages fix insecure temporary file
  29th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120480
 
  Debian: New squid packages fix denial of service
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120482
 
  Debian: New squid packages fix denial of service
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120483
 
  Debian: New mysql packages fix arbitrary code execution
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120484
 
  Debian: New ntlmaps packages fix information leak
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120485
 
  Debian: New mysql-dfsg packages fix arbitrary code execution
  30th, September, 2005

Update package.

http://www.linuxsecurity.com/content/view/120490
 
  Debian: New gopher packages fix several buffer overflows
  30th, September, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120492
 
  Debian: New mysql-dfsg-4.1 packages fix arbitrary code execution
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120494
 
  Debian: New prozilla packages fix arbitrary code execution
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120495
 
  Debian: New cfengine packages fix arbitrary file overwriting
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120496
 
  Debian: New cfengine2 packages fix arbitrary file overwriting
  1st, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120497
 
  Debian: New Mozilla Firefox packages fix denial of service
  2nd, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120498
 
  Debian: New mozilla-firefox packages fox multiple vulnerabilities
  2nd, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120500
 
  Debian: New apachetop packages fix insecure temporary file
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120507
 
  Debian: New drupal packages fix remote command execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120508
 
  Debian: New mailutils packages fix arbitrary code execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120514
 
  Debian: New egroupware packages fix arbitrary code execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120515
 
  Debian: New mysql-dfsg-4.1 package fixes arbitrary code execution
  4th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120518
 
  Debian: New arc packages fix insecure temporary files
  5th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120520
 
  Debian: New mod-auth-shadow packages fix authentication bypass
  5th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120521
 
  Debian: New mason packages fix missing init script
  6th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120537
 
   Gentoo
  Gentoo: AbiWord RTF import stack-based buffer overflow
  30th, September, 2005

AbiWord is vulnerable to a stack-based buffer overflow during RTF import, making it vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120486
 
  Gentoo: Hylafax Insecure temporary file creation in xferfaxstats
  30th, September, 2005

Hylafax is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120491
 
  Gentoo: Mozilla Suite, Mozilla Firefox Multiple
  30th, September, 2005

This advisory was originally released to fix the heap overflow in IDN headers. However, the official fixed release included several other security fixes as well.

http://www.linuxsecurity.com/content/view/120493
 
  Gentoo: gtkdiskfree Insecure temporary file creation
  3rd, October, 2005

gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120505
 
  Gentoo: Berkeley MPEG Tools Multiple insecure temporary
  3rd, October, 2005

The Berkeley MPEG Tools use temporary files in various insecure ways, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120506
 
  Gentoo: Uim Privilege escalation vulnerability
  4th, October, 2005

Under certain conditions, applications linked against Uim suffer from a privilege escalation vulnerability.

http://www.linuxsecurity.com/content/view/120517
 
  Gentoo: Texinfo Insecure temporary file creation
  5th, October, 2005

Texinfo is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/120524
 
   Red Hat
  RedHat: Low: slocate security update
  5th, October, 2005

An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120528
 
  RedHat: Low: vixie-cron security update
  5th, October, 2005

An updated vixie-cron package that fixes various bugs and a security issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120529
 
  RedHat: Low: net-snmp security update
  5th, October, 2005

Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120530
 
  RedHat: Updated kernel packages available for Red Hat
  5th, October, 2005

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version.

http://www.linuxsecurity.com/content/view/120531
 
  RedHat: Moderate: openssh security update
  5th, October, 2005

Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4.

http://www.linuxsecurity.com/content/view/120532
 
  RedHat: Low: binutils security update
  5th, October, 2005

An updated binutils package that fixes several bugs and minor security issues is now available.

http://www.linuxsecurity.com/content/view/120533
 
  RedHat: Low: perl security update
  5th, October, 2005

Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux.

http://www.linuxsecurity.com/content/view/120534
 
  RedHat: Low: mysql security update
  5th, October, 2005

Updated mysql packages that fix a temporary file flaw and a number of bugs are now available

http://www.linuxsecurity.com/content/view/120535
 
  RedHat: Low: gdb security update
  5th, October, 2005

An updated gdb package that fixes several bugs and minor security issues is now available.

http://www.linuxsecurity.com/content/view/120536
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.