LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: October 28th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for mozilla, module-assistant, eric, sudo, libgda2, imlib, koffice, net-snmp, lynx, RTF, Netpbm, cURL, Zope, phpMyAdmin, ethereal, pam, and fetchmail. The distributors include Debian, Gentoo, and Red Hat.


EnGarde Secure Linux 3.0 - Download Now!

  • Linux 2.6 kernel featuring SELinux Mandatory Access Control
  • Guardian Digital Secure Network features free access to all system and security updates (to be available shortly through an updated release)
  • Support for new hardware, including 64-bit AMD architecture
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more.
  • Apache v2.0, BIND v9.3, MySQL v5.0(beta)
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Real-time access to system and service log information

LEARN MORE:
http://www.guardiandigital.com/products/software/community/esl.html


Security Compromise Underway?
By: Dave Wreski

Spotting a security compromise under way can be a tense undertaking. How you react can have large consequences.

If the compromise you are seeing is a physical one, odds are you have spotted someone who has broken into your home, office or lab. You should notify your local authorities. In a lab, you might have spotted someone trying to open a case or reboot a machine. Depending on your authority and procedures, you might ask them to stop, or contact your local security people.

If you have detected a local user trying to compromise your security, the first thing to do is confirm they are in fact who you think they are. Check the site they are logging in from. Is it the site they normally log in from? No? Then use a non-electronic means of getting in touch. For instance, call them on the phone or walk over to their office/house and talk to them. If they agree that they are on, you can ask them to explain what they were doing or tell them to cease doing it. If they are not on, and have no idea what you are talking about, odds are this incident requires further investigation. Look into such incidents , and have lots of information before making any accusations.

If you have detected a network compromise, the first thing to do (if you are able) is to disconnect your network. If they are connected via modem, unplug the modem cable; if they are connected via Ethernet, unplug the Ethernet cable. This will prevent them from doing any further damage, and they will probably see it as a network problem rather than detection.

If you are unable to disconnect the network (if you have a busy site, or you do not have physical control of your machines), the next best step is to use something like tcp_wrappers or ipfwadm to deny access from the intruder's site.

If you can't deny all people from the same site as the intruder, locking the user's account will have to do. Note that locking an account is not an easy thing. You have to keep in mind .rhosts files, FTP access, and a host of possible backdoors.

After you have done one of the above (disconnected the network, denied access from their site, and/or disabled their account), you need to kill all their user processes and log them off.

You should monitor your site well for the next few minutes, as the attacker will try to get back in. Perhaps using a different account, and/or from a different network address.

Read more from the Linux Security Howto:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New Mozilla packages fix several vulnerabilities
  20th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120623
 
  Debian: New module-assistant package fixes insecure temporary file
  20th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120624
 
  Debian: New Mozilla Thunderbird packages fix several vulnerabilities
  20th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120630
 
  Debian: New eric packages fix arbitrary code execution
  21st, October, 2005

Updated Package.

http://www.linuxsecurity.com/content/view/120638
 
  Debian: New sudo packages fix arbitrary command execution
  25th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120648
 
  Debian: New libgda2 packages fix arbitrary code execution
  25th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120655
 
  Debian: New libgda2 packages fix arbitrary code execution
  25th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120659
 
  Debian: New imlib packages fix arbitrary code execution
  26th, October, 2005

Upgrade package.

http://www.linuxsecurity.com/content/view/120660
 
  Debian: New koffice packages fix arbitrary code execution
  26th, October, 2005

Upgraded package.

http://www.linuxsecurity.com/content/view/120661
 
  Debian: New net-snmp packages fix denial of service
  26th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120668
 
  Debian: New lynx packages fix arbitrary code execution
  27th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120671
 
  Debian: New OpenSSL packages fix cryptographic weakness
  27th, October, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120672
 
   Gentoo
  Gentoo: AbiWord New RTF import buffer overflows
  20th, October, 2005

AbiWord is vulnerable to an additional set of buffer overflows during RTF import, making it vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120625
 
  Gentoo: Netpbm Buffer overflow in pnmtopng
  20th, October, 2005

The pnmtopng utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120626
 
  Gentoo: cURL NTLM username stack overflow
  22nd, October, 2005

cURL is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120640
 
  Gentoo: Zope File inclusion through RestructuredText
  25th, October, 2005

Zope is vulnerable to a file inclusion vulnerability when exposing RestructuredText functionalities to untrusted users.

http://www.linuxsecurity.com/content/view/120652
 
  Gentoo: phpMyAdmin Local file inclusion and XSS vulnerabilities
  25th, October, 2005

phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code, along with several cross-site scripting issues.

http://www.linuxsecurity.com/content/view/120653
 
   Red Hat
  RedHat: Moderate: ethereal security update
  25th, October, 2005

Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120658
 
  RedHat: Low: pam security update
  26th, October, 2005

An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120666
 
  RedHat: Low: fetchmail security update
  26th, October, 2005

Updated fetchmail packages that fix insecure configuration file creation is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120667
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.