LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: December 30th 2005 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for phpbb2, ketm, tkdiff, dhis-tools-dns, Mantis, NDB, rssh, OpenMotif, scponly, msec, fetchmail, cpio, php-mbstring, and libgphoto. The distributors include Debian, Gentoo, and Mandriva.


Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec


IPv6 approach for TCP SYN Flood attack over VoIP, Part II
By: Suhas Desai

There are several general categories of DoS attacks. Some groups divide attacks into three classes: bandwidth attacks, protocol attacks, and logic attacks. Following are brief descriptions of some common types of DoS attacks.

3.1 Bandwidth attacks

Bandwidth attacks are relatively straightforward attempts to consume resources, such as network bandwidth or equipment throughput. High-data-volume attacks can consume all available bandwidth between an ISP and your site. The link fills up, and legitimate traffic slows down. Timeouts may occur, causing retransmission, generating even more traffic. An attacker can consume bandwidth by transmitting any traffic at all on your network connection. A basic flood attack might use UDP or ICMP packets to simply consume all available bandwidth. For that matter, an attack could consist of TCP or raw IP packets, as long as the traffic is routed to your network.

A simple bandwidth-consumption attack can exploit the throughput limits of servers or network equipment by focusing on high packet rates—sending large numbers of small packets. High-packet-rate attacks typically overwhelm network equipment before the traffic reaches the limit of available bandwidth. Routers, servers, and firewalls all have constraints on input-output processing, interrupt processing, CPU, and memory resources. Network equipment that reads packet headers to properly route traffic becomes stressed handling the high packet rate (pps), not the volume of the data (Mbps). In practice, denial of service is often accomplished by high packet rates, not by sheer traffic volume.

3.2 Protocol Attacks

The basic flood attack can be further refined to take advantage of the inherent design of common network protocols. These attacks do not directly exploit weaknesses in TCP/IP stacks or network applications but, instead, use the expected behavior of protocols such as TCP, UDP, and ICMP to the attacker's advantage. Examples of protocol attacks include the following:

3.2.1
SYN flood is an asymmetric resource starvation attack in which the attacker floods the victim with TCP SYN packets and the victim allocates resources to accept perceived incoming connections. As mentioned above, the proposed Host Identity Payload and Protocol (HIP) are designed to mitigate the effects of a SYN flood attack. Another technique, SYN Cookies is implemented in some TCP/IP stacks.

3.2.2
Smurf is an asymmetric reflector attack that targets a vulnerable network broadcast address with ICMP ECHO REQUEST packets and spoofs the source of the victim.

3.2.3
Fraggle is a variant of smurf that sends UDP packets to echo or chargen ports on broadcast addresses and spoofs the source of the victim.

3.3 Software Vulnerability Attacks

Unlike flooding and protocol attacks, which seek to consume network or state resources, logic attacks exploit vulnerabilities in network software, such as a web server, or the underlying TCP/IP stack. Some vulnerability by crafting even a single malformed packet.

3.3.1
Teardrop (bonk, boink) exploits TCP/IP IP stacks that do not properly handle overlapping IP fragments.

3.3.2
Land crafts IP packets with the source address and port set to be the same as the destination address and port.

3.3.3
Ping of death sends a single large ICMP ECHO REQUEST packet to the target.

3.3.4
Naptha is a resource-starvation attack that exploits vulnerable TCP/IP stacks using crafted TCP packets. There are many variations on these common types of attacks and many varieties of attack tools to implement them.

Read Article:
http://www.linuxsecurity.com/content/view/121124/49/


LinuxSecurity.com Feature Extras:

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Getting to Know Linux Security: File Permissions - Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.

 

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New phpbb2 packages fix several vulnerabilities
  22nd, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121073
 
  Debian: New ketm packages fix privilege escalation
  23rd, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121092
 
  Debian: New ketm packages fix privilege escalation
  23rd, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121094
 
  Debian: New tkdiff packages fix insecure temporary file creation
  27th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121103
 
  Debian: New dhis-tools-dns packages fix insecure temporary file creation
  27th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121107
 
  Debian: New tkdiff packages fix insecure temporary file creation
  29th, December, 2005

Updated package.

http://www.linuxsecurity.com/content/view/121115
 
   Gentoo
  Gentoo: Mantis Multiple vulnerabilities
  22nd, December, 2005

Mantis is affected by multiple vulnerabilities ranging from file upload and SQL injection to cross-site scripting and HTTP response splitting.

http://www.linuxsecurity.com/content/view/121082
 
  Gentoo: Dropbear Privilege escalation
  23rd, December, 2005

A buffer overflow in Dropbear could allow authenticated users to execute arbitrary code as the root user.

http://www.linuxsecurity.com/content/view/121086
 
  Gentoo: NBD Tools Buffer overflow in NBD server
  23rd, December, 2005

The NBD server is vulnerable to a buffer overflow that may result in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121093
 
  Gentoo: rssh Privilege escalation
  27th, December, 2005

Local users could gain root privileges by chrooting into arbitrary directories.

http://www.linuxsecurity.com/content/view/121109
 
  Gentoo: OpenMotif, AMD64 x86 emulation X libraries Buffer
  28th, December, 2005

Two buffer overflows have been discovered in libUil, part of the OpenMotif toolkit, that can potentially lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121114
 
  Gentoo: scponly Multiple privilege escalation issues
  29th, December, 2005

Local users can exploit an scponly flaw to gain root privileges, and scponly restricted users can use another vulnerability to evade shell restrictions.

http://www.linuxsecurity.com/content/view/121116
 
   Mandriva
  Mandriva: Updated msec packages fixes various bugs
  22nd, December, 2005

Bugs in the msec package have been corrected: msec wasn't properly parsing the output on security checks to check ownership of files, reporting files as unowned when they were in fact properly owned by a valid user.

http://www.linuxsecurity.com/content/view/121085
 
  Mandriva: Updated fetchmail packages fix vulnerability
  23rd, December, 2005

Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a DoS (application crash) by sending messages without headers from upstream mail servers.

http://www.linuxsecurity.com/content/view/121095
 
  Mandriva: Updated cpio packages fix buffer overflow on x86_64
  23rd, December, 2005

A buffer overflow in cpio 2.6 on 64-bit platforms could allow a local user to create a DoS (crash) and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits.

http://www.linuxsecurity.com/content/view/121096
 
  Mandriva: Updated digikamimageplugins packages fix showfoto crash issue.
  26th, December, 2005

A previous update of DigiKam (MDKA-2005:059) bumped the version to 0.8.0. After this update, Narfi Stefansson reported that showfoto, from digikamimageplugins was crashing when trying to use "Free Rotation". This update bumps digikamimageplugins to version 0.8.0 also.

http://www.linuxsecurity.com/content/view/121101
 
  Mandriva: Updated php/php-mbstring packages fix mail injection vulnerability
  27th, December, 2005

A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent).

http://www.linuxsecurity.com/content/view/121110
 
  Mandriva: Updated libgphoto packages fixes issue with some cameras
  29th, December, 2005

The hotplug usermap has been restored for this package because it is used by HAL to correctly detect digital cameras which are not using USB Mass storage (for instance, all Canon digital cameras, as well as some Nikon ones and all PTP cameras). This should allow gnome-volume-manager to automatically popup a "Do you want to import photos?" dialog when the camera is plugged in.

http://www.linuxsecurity.com/content/view/121117
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.