LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: December 23rd 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Happy Holidays! This week, advisories were released for dropbear, nbd, phpbb2, OpenLDAP, Xpdf, cURL, CenterICQ, digikam, apache2, sudo, kernel, netpbm, udev, gpdf, kdegraphics, cups, and perl. The distributors include Debian, Gentoo, Mandriva, and Red Hat.


Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec


IPv6 approach for TCP SYN Flood attack over VoIP, Part I
By: Suhas Desai

Abstract

In this paper, we describe and analyze a network based DoS attack for IP based networks. It is known as SYN flooding. It works by an attacker sending many TCP connection requests with spoofed source addresses to a victim's machine. Each request causes the targeted host to instantiate data structures out of a limited pool of resources to deny further legitimate access. The paper contributes a detailed analysis of the SYN flooding attack and existing and proposed countermeasures. SYN flooding attacks in application Performance Validation with VoIP gives improper results. To overwhelm it, IPv6 approaches have been proposed here with successful implementation it with Network Tester using Moonerv6 Phases algorithms. Agilent Network Tester practices on the same principles to make availability of IPv6 service in Networks or sensor networks.

1. Introduction

The attack exploits weaknesses in the TCP/IP (Transmission Control Protocol/Internet Protocol) protocol suite. This cannot be corrected without significant modifications to its protocols. This denial of service attacks can be launched with little effort. Presently, it is difficult to trace an attack back to its originator.

Several possible solutions to this attack have been proposed by others, and some implemented. We have proposed and developed a monitoring tool in IPv6 that classifies IP source addresses with high probability as being falsified or genuine. Our approach finds connection establishment protocol messages that are coming from forged IP addresses, and takes actions to ensure that the resulting illegitimate half-open connections are reset immediately to work over VoIP applications.

2. Background

We will provide a brief description of the features of the TCP/IP protocol suite that facilitate this attack.

2.1. Internet Protocol

The Internet Protocol (IP) is the standard network layer protocol of the Internet that provides an unreliable, connection-less, best-effort packet delivery service. IP defines the basic unit of data transfer used throughout an IP network, called a datagram. The service is unreliable, because the delivery of datagrams is not guaranteed. Datagrams may be lost, duplicated, delayed, or delivered out of order. IP is connection-less, because each packet is treated independently of others — each may travel over different paths and some may be lost while others are delivered. IP provides best-effort delivery, because packets are not discarded unless resources are exhausted or underlying networks fail. Datagrams are routed towards their destination. A set of rules characterize how hosts and gateways should process packets, how and when error messages should be generated, and when packets should be discarded.

Read Article:
http://www.linuxsecurity.com/content/view/121083/49/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New dropbear packages fix arbitrary code execution
  19th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121037
 
  Debian: New nbd packages fix potential arbitrary code execution
  21st, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121071
 
  Debian: New phpbb2 packages fix several vulnerabilities
  22nd, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121073
 
   Gentoo
  Gentoo: OpenLDAP, Gauche RUNPATH issues
  15th, December, 2005

OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges.

http://www.linuxsecurity.com/content/view/121020
 
  Gentoo: Xpdf, GPdf, CUPS, Poppler Multiple vulnerabilities
  16th, December, 2005

Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and Poppler potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121023
 
  Gentoo: cURL Off-by-one errors in URL handling
  16th, December, 2005

cURL is vulnerable to local arbitrary code execution via buffer overflow due to the insecure parsing of URLs.

http://www.linuxsecurity.com/content/view/121028
 
  Gentoo: Opera Command-line URL shell command injection
  18th, December, 2005

Lack of URL validation in Opera command-line wrapper could be abused to execute arbitrary commands.

http://www.linuxsecurity.com/content/view/121035
 
  Gentoo: CenterICQ Multiple vulnerabilities
  20th, December, 2005

CenterICQ is vulnerable to a Denial of Service issue, and also potentially to the execution of arbitrary code through an included vulnerable ktools library.

http://www.linuxsecurity.com/content/view/121044
 
   Mandriva
  Mandriva: Updated digikam packages fixes printing functionality
  16th, December, 2005

The printing functionality of DigiKam in Mandriva 2006 is flawed in that when trying to print a picture, regardless of the size, it swaps near infinitely and takes an extremely long time until the photo comes out. As well, the photo may not come out because GhostScript fails due to lack of memory.

http://www.linuxsecurity.com/content/view/121034
 
  Mandriva: Updated apache2 packages fix vulnerability in worker MPM
  19th, December, 2005

A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service (memory consumption) via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections.

http://www.linuxsecurity.com/content/view/121043
 
  Mandriva: Updated sudo packages fix vulnerability
  20th, December, 2005

Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script.

http://www.linuxsecurity.com/content/view/121061
 
  Mandriva: Updated kernel packages fix numerous vulnerabilities
  21st, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121072
 
   Red Hat
  RedHat: Moderate: netpbm security update
  20th, December, 2005

Updated netpbm packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121050
 
  RedHat: Important: udev security update
  20th, December, 2005

Updated udev packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121051
 
  RedHat: Important: gpdf security update
  20th, December, 2005

An updated gpdf package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121052
 
  RedHat: Important: kdegraphics security update
  20th, December, 2005

Updated kdegraphics packages that resolve several security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121053
 
  RedHat: Moderate: curl security update
  20th, December, 2005

Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121054
 
  RedHat: Important: cups security update
  20th, December, 2005

Updated CUPS packages that fix multiple security issues are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121055
 
  RedHat: Moderate: perl security update
  20th, December, 2005

Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121056
 
  RedHat: Moderate: perl security update
  20th, December, 2005

Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121057
 
  RedHat: Important: xpdf security update
  20th, December, 2005

An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121059
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.