LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: February 24th 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for heimdal, GnuPG, pdfkit, tutos, netpbm, compat-db, kdebase, gndb-kernel, cman-kernel, dlm-kernel, GFS-kernel, BomberClone, GnuPG, OpenSSH, GPdf, bluez-hcidump, libtiff, kernel, MySQL, tar, metamail, and CASA. The distributors include Debian, Fedora, Gentoo, Mandriva, and SuSE.


EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi


Writing Behind a Buffer
By:
Angelo Rosiello

In this paper we are going to describe a kind of vulnerability that is known in the literature but also poor documented. In fact, the problem that is going to be analyzed can be reduced to a memory adjacent overwriting attack but usually it is obtained exploiting the last null byte of a buffer, hence we are going to show that the same result is still possible writing behind a buffer, under certain conditions. To fully understand the subject of this article it's necessary to describe the memory organization1 of running processes, then the memory adjacent overwrite attack, concluding with our analysis.

Memory Organization

A process can be defined as a running program, thus the operating system has loaded its instructions into memory and has allocated different areas of memory to manage its execution. The address space of a running process can be divided into five segments[1,2]:

* Code Segment: this segment contains the executable code of the program.

* Data and BSS Segment: both sectors are dedicated to the global variables and are allocated during the compile time. To be clear, the sector BSS contains not initialized data while data segment is reserved for static data.

* Stack Segment: local variables are allocated in this segment. It is particular useful for storing cotext and for function parameters. The stack memory grows downward.

* Heap Segment: this segment represents all the rest of memory ofthe process. The heap memory grows upward and is allocated dynamically.

The memory adjacent overwrite attack, exploits the memory allocated into the stack for automatic variables to produce a buffer overflow[6] and to gain the control of the process execution flow.

Memory Adjacent Overwrite Attack Last years were released some articles[4,5] about exploiting non-terminated adjacent memory space. The problem exists when the last null byte, terminating a buffer, is overwritten and another buffer precedes it.

In fact, when a buffer is declared it is finished into the stack with a null byte to separate it from the rest of the stack. To stay clear let's bring an example written in C where we are going to use two buffers.

Read Full Paper
http://www.linuxsecurity.com/images/stories/writing-behind-a-buffer.pdf


LinuxSecurity.com Feature Extras:

EnGarde Secure Community 3.0.4 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New heimdal packages fix several vulnerabilities
  16th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121646
 
  Debian: New GnuPG packages fix invalid success return
  17th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121658
 
  Debian: New pdfkit.framework packages fix several vulnerabilities
  17th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121665
 
  Debian: New tutos packages fix multiple vulnerabilities
  22nd, February, 2006

Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems...

http://www.linuxsecurity.com/content/view/121709
 
   Fedora
  Fedora Core 4 Update: netpbm-10.31-1.FC4.2
  16th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121656
 
  Fedora Core 4 Update: compat-db-4.2.52-2.FC4
  17th, February, 2006

updated package.

http://www.linuxsecurity.com/content/view/121666
 
  Fedora Core 4 Update: gnupg-1.4.2.1-1
  17th, February, 2006

The GNU Privacy Guard provides encryption and signing for messages and arbitrary files, and implements the OpenPGP standard as described by IETF RFC2440.

http://www.linuxsecurity.com/content/view/121667
 
  Fedora Core 4 Update: kdebase-3.5.1-0.3.fc4
  17th, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121668
 
  Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.57
  22nd, February, 2006

Updated GFS & Cluster Suite packages for the latest kernel (kernel-2.6.15-1.1831_FC4).

http://www.linuxsecurity.com/content/view/121718
 
  Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.22
  22nd, February, 2006

Updated GFS & Cluster Suite packages for the latest kernel (kernel-2.6.15-1.1831_FC4).

http://www.linuxsecurity.com/content/view/121719
 
  Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.21
  22nd, February, 2006

Updated GFS & Cluster Suite packages for the latest kernel (kernel-2.6.15-1.1831_FC4).

http://www.linuxsecurity.com/content/view/121720
 
  Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.24
  22nd, February, 2006

Updated GFS & Cluster Suite packages for the latest kernel (kernel-2.6.15-1.1831_FC4).

http://www.linuxsecurity.com/content/view/121721
 
   Gentoo
  Gentoo: libtasn1, GNU TLS Security flaw in DER decoding
  16th, February, 2006

A flaw in the parsing of Distinguished Encoding Rules (DER) has been discovered in libtasn1, potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121654
 
  Gentoo: BomberClone Remote execution of arbitrary code
  16th, February, 2006

BomberClone is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121655
 
  Gentoo: GnuPG Incorrect signature verification
  18th, February, 2006

Applications relying on GnuPG to authenticate digital signatures may incorrectly believe a signature has been verified.

http://www.linuxsecurity.com/content/view/121673
 
  Gentoo: OpenSSH, Dropbear Insecure use of system() call
  20th, February, 2006

A flaw in OpenSSH and Dropbear allows local users to elevate their privileges via scp.

http://www.linuxsecurity.com/content/view/121683
 
  Gentoo: GPdf Heap overflows in included Xpdf code
  21st, February, 2006

GPdf includes vulnerable Xpdf code to handle PDF files, making it vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121698
 
   Mandriva
  Mandriva: Updated kernel packages fix multiple vulnerabilities
  17th, February, 2006

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The udp_v6_get_port function in udp.c, when running IPv6, allows local users to cause a Denial of Service (infinite loop and crash) (CVE-2005-2973).

http://www.linuxsecurity.com/content/view/121669
 
  Mandriva: Updated bluez-hcidump packages fix buffer overflow vulnerability
  17th, February, 2006

Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.

http://www.linuxsecurity.com/content/view/121670
 
  Mandriva: Updated libtiff packages fix vulnerability
  17th, February, 2006

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.

http://www.linuxsecurity.com/content/view/121671
 
  Mandriva: Updated gnupg packages fix signature file verification vulnerability
  17th, February, 2006

Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file. The updated packages have been patched to address this issue.

http://www.linuxsecurity.com/content/view/121672
 
  Mandriva: Updated kernel packages fix multiple vulnerabilities
  21st, February, 2006

A number of vulnerabilities have been discovered and corrected in the Linux 2.4 kernel: A numeric casting discrepancy in sdla_xfer could allow a local user to read portions of kernel memory via a large len argument (CVE-2004-2607).

http://www.linuxsecurity.com/content/view/121701
 
  Mandriva: Updated MySQL packages fix temporary file vulnerability
  22nd, February, 2006

Eric Romang discovered a temporary file vulnerability in the mysql_install_db script provided with MySQL. This vulnerability only affects versions of MySQL 4.1.x prior to 4.1.12. The updated packages have been patched to address this issue.

http://www.linuxsecurity.com/content/view/121710
 
  Mandriva: Updated tar packages fix vulnerability
  22nd, February, 2006

Gnu tar versions 1.14 and above have a buffer overflow vulnerability and some other issues including...

http://www.linuxsecurity.com/content/view/121711
 
  Mandriva: Updated metamail packages fix vulnerability
  23rd, February, 2006

Ulf Harnhammar discovered a buffer overflow vulnerability in the way that metamail handles certain mail messages. An attacker could create a carefully-crafted message that, when parsed via metamail, could execute arbitrary code with the privileges of the user running metamail.

http://www.linuxsecurity.com/content/view/121722
 
    Red Hat
  RedHat: Low: tar security update
  21st, February, 2006

An updated tar package that fixes a path traversal flaw is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121693
 
  RedHat: Important: metamail security update
  21st, February, 2006

An updated metamail package that fixes a buffer overflow vulnerability for Red Hat Enterprise Linux 2.1 is now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121694
 
   SuSE
  SuSE: gpg,liby2util signature checking
  20th, February, 2006

With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected.

http://www.linuxsecurity.com/content/view/121681
 
  SuSE: CASA remote code execution
  22nd, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121705
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.