LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch: June 2nd 2006 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch This week, advisories were released for awstats, lynx, tiff, mysql, dovecot, libextractor, kernel, motor, typespeed, netpbm, mpg123, dia, foomatic-filters, cron, and rug. The distributors include Debian, Mandriva, and SuSE.


Security on your mind?

Protect your home and business networks with the free, community version of EnGarde Secure Linux. Don't rely only on a firewall to protect your network, because firewalls can be bypassed. EnGarde Secure Linux is a security-focused Linux distribution made to protect your users and their data.

The security experts at Guardian Digital fortify every download of EnGarde Secure Linux with eight essential types of open source packages. Then we configure those packages to provide maximum security for tasks such as serving dynamic websites, high availability mail, transport, network intrusion detection, and more. The result for you is high security, easy administration, and automatic updates.

The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.

http://www.engardelinux.org/modules/index/register.cgi


Security Compromise Underway?

Spotting a security compromise under way can be a tense undertaking. How you react can have large consequences.

If the compromise you are seeing is a physical one, odds are you have spotted someone who has broken into your home, office or lab. You should notify your local authorities. In a lab, you might have spotted someone trying to open a case or reboot a machine. Depending on your authority and procedures, you might ask them to stop, or contact your local security people.

If you have detected a local user trying to compromise your security, the first thing to do is confirm they are in fact who you think they are. Check the site they are logging in from. Is it the site they normally log in from? No? Then use a non-electronic means of getting in touch. For instance, call them on the phone or walk over to their office/house and talk to them. If they agree that they are on, you can ask them to explain what they were doing or tell them to cease doing it. If they are not on, and have no idea what you are talking about, odds are this incident requires further investigation. Look into such incidents , and have lots of information before making any accusations.

If you have detected a network compromise, the first thing to do (if you are able) is to disconnect your network. If they are connected via modem, unplug the modem cable; if they are connected via Ethernet, unplug the Ethernet cable. This will prevent them from doing any further damage, and they will probably see it as a network problem rather than detection.

If you are unable to disconnect the network (if you have a busy site, or you do not have physical control of your machines), the next best step is to use something like tcp_wrappers or ipfwadm to deny access from the intruder's site.

If you can't deny all people from the same site as the intruder, locking the user's account will have to do. Note that locking an account is not an easy thing. You have to keep in mind .rhosts files, FTP access, and a host of possible backdoors.

After you have done one of the above (disconnected the network, denied access from their site, and/or disabled their account), you need to kill all their user processes and log them off.

You should monitor your site well for the next few minutes, as the attacker will try to get back in. Perhaps using a different account, and/or from a different network address.

From the Linux Security HowTo by Dave Wreski:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/


LinuxSecurity.com Feature Extras:

EnGarde Secure Linux v3.0.6 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.6 (Version 3.0, Release 6). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New awstats packages fix arbitrary command execution
  26th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122897
 
  Debian: New lynx packages fix denial of service
  26th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122905
 
  Debian: New tiff packages fix denial of service
  27th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122913
 
  Debian: New MySQL 4.0 packages fix several vulnerabilities
  29th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122914
 
  Debian: New dovecot packages fix directory traversal
  29th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122915
 
  Debian: New libextractor packages fix arbitrary code execution
  29th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122916
 
  Debian: New Linux kernel 2.4.17 packages fix several vulnerabilities
  29th, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122928
 
  Debian: New motor packages fix arbitrary code execution
  31st, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122940
 
  Debian: New typespeed packages fix arbitrary code execution
  31st, May, 2006

Niko Tyni discovered a buffer overflow in the processing of network data in typespeed, a game for testing and improving typing speed, which could lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122948
 
  Debian: New lynx-cur packages fix several vulnerabilities
  1st, June, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122956
 
   Mandriva
  Mandriva: Updated netpbm packages fix crash issues with some converters
  26th, May, 2006

The pnmtopalm program, part of netpbm, crashes on many images. The pnmtofits program, part of netpbm, crashes during conversion. Updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/122907
 
  Mandriva: Updated mpg123 packages fix DoS vulnerability.
  26th, May, 2006

An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. Packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/122912
 
  Mandriva: Updated dia packages fix string format vulnerabilities.
  30th, May, 2006

A format string vulnerability in Dia allows user-complicit attackers to cause a denial of service (crash) and possibly execute srbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms inputs that are automatically process by Dia, such as a crafted .dia file. (CVE-2006-2480) Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. (CVE-2006-2453) Packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/122936
 
   SuSE
  SuSE: foomatic-filters shellcode injection
  30th, May, 2006

A bug in cupsomatic/foomatic-filters that allowed remote printer users to execute arbitrary commands with the UID of the printer daemon has been fixed (CVE-2004-0801).

http://www.linuxsecurity.com/content/view/122932
 
  SuSE: cron local privilege escalation
  31st, May, 2006

The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. This problem is known to affect only distributions with Linux 2.6 kernels, but the package was updated for all distributions for completeness. This problem is tracked by the Mitre CVE ID CVE-2006-2607.

http://www.linuxsecurity.com/content/view/122947
 
  SuSE: kernel (SUSE-SA:2006:028)
  31st, May, 2006

Multiple vulnerabilities have been fixed in the linux kernel.

http://www.linuxsecurity.com/content/view/122949
 
  SuSE: rug (SUSE-SA:2006:029)
  31st, May, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122950
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.