Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Review: SELinux by Example
By: Ryan W. Maple
If you use Linux then you've most probably at least heard of Security-Enhanced Linux (SELinux). In this feature story R yan W. Maple gives a review and his opinion of the latest and greatest book to cover SELinux: SELinux by Example: Using Security Enhanced Linux. Read on for Ryan's review.
"SELinux by Example" is a hands-on book aimed towards anybody interested in Security-Enhanced Linux (SELinux). Whether you want to learn how to write SELinux policy or administer a machine running SELinux, you will find tremendous value in this book. Each chapter conveniently wraps up with a bullet-point summary of the material that was covered and some exercises which do an excellent job of driving the points home, giving this book it's "hands-on" feel.
The book is written by Frank Mayer (the co-founder and CTO of Tresys Technology), David Caplan (a senior security engineer with Tresys), and Karl Macmillan (a very active contributor to the SELinux community), three of the most qualified people to write a book on this complicated subject. It consists of 14 chapters and four appendices, grouped into three main parts: SELinux Overview, SELinux Policy Language, and Creating and Writing SELinux Security Policies.
This is a very good book and is easily the best I've seen yet on the subject of SELinux. If you've been tasked with maintaining an SELinux-enabled machine, would like to write or enhance existing SELinux policy, or just want to understand what SELinux is and how it came to be, then this is the book for you. This book and an SELinux-enabled Linux distribution, such as the easy to use EnGarde Secure Linux, are all you need to get involved in the growing world of Security Enhanced Linux.
EnGarde Secure Linux v3.0.9 Now Available
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.9 (Version 3.0, Release 9). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and a couple of new packages available for installation.
news/vendors-products/engarde-secure-linux-v309-now-available
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New cheesetraceker packages fix buffer overflow | ||
| 13th, October, 2006
This update to DSA-1166 adds the architectures which were missing from the previous advisory. Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitary code. advisories/debian/debian-new-cheesetraceker-packages-fix-buffer-overflow-57316 |
||
| Debian: New clamav packages fix arbitrary code execution | ||
| 19th, October, 2006
Updated package. advisories/debian/debian-new-clamav-packages-fix-arbitrary-code-execution-21324 |
||
| Gentoo | ||
| Gentoo: Seamonkey Multiple vulnerabilities | ||
| 16th, October, 2006
The Seamonkey project has reported multiple security vulnerabilities in the application. |
||
| Gentoo: CAPI4Hylafax fax receiver Execution of arbitrary code | ||
| 17th, October, 2006
CAPI4Hylafax allows remote attackers to execute arbitrary commands. |
||
| Gentoo: Mozilla Network Security Service (NSS) RSA signature forgery | ||
| 17th, October, 2006
NSS fails to properly validate PKCS #1 v1.5 signatures. |
||
| Gentoo: Python Buffer Overflow | ||
| 17th, October, 2006
A buffer overflow in Python's "repr()" function can be exploited to cause a Denial of Service and potentially allows the execution of arbitrary code. |
||
| Gentoo: Python Buffer Overflow | ||
| 18th, October, 2006
Updated package. |
||
| Mandriva | ||
| Mandriva: Updated squid package corrects bug on x86_64 | ||
| 13th, October, 2006
This update fixes a problem in the squid package as shipped for Mandriva Linux 2007 which affects only the x86_64 architecture. On that platform, squid would not start, giving the following message: |
||
| Mandriva: Updated squid package correct transparent proxy issue | ||
| 13th, October, 2006
An issue in Squid's transparent proxy mode prevented it from working correctly, giving back to the client an error page stating "Unable to forward this request at this time". |
||
| Mandriva: Updated wxPythonGTK package correct path issue on x86_64 | ||
| 16th, October, 2006
A problem with wxPythonGTK would prevent some python programs, such as pyshell, from starting due to incorrect path locations. The updated packages correct this issue. |
||
| Mandriva: Updated smbldap-tools package fix smb.conf parsing bug | ||
| 16th, October, 2006
This update fixes a problem with the smbldap-tools package shipped with Mandriva Linux 2006 where it would issue warnings if the smb.conf configuration file had continuation lines using the "\" character. The updated packages correct this issue. |
||
| Mandriva: Updated libksba packages correct DoS vulnerability | ||
| 17th, October, 2006
The libksba library, as used by gpgsm in the gnupg2 package, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature. libksba-0.9.15 in Mandriva 2007.0 is not affected by this issue. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated clamav packages fix vulnerabilities | ||
| 17th, October, 2006
An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182). |
||
| Mandriva: Updated php packages to address multiple vulnerabilities | ||
| 18th, October, 2006
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. (CVE-2006-4625). |
||
| Red Hat | ||
| RedHat: Critical: kdelibs security update | ||
| 18th, October, 2006
Updated kdelibs packages that correct an integer overflow flaw are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-critical-kdelibs-security-update-42140 |
||
| SuSE | ||
| SuSE: clamav security problems | ||
| 18th, October, 2006
Updated package. |
||
| Ubuntu | ||
| Ubuntu: MySQL vulnerabilities | ||
| 16th, October, 2006
There are multiple vulnerabilities in MySQL. The following CVEIDs have been addressed: CVE-2006-4227 CVE-2006-4031 advisories/ubuntu/ubuntu-mysql-vulnerabilities-82610 |
||
| Ubuntu: OpenSSL vulnerability | ||
| 16th, October, 2006
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. advisories/ubuntu/ubuntu-openssl-vulnerability-15959 |
||
| Ubuntu: imagemagick vulnerabilities | ||
| 16th, October, 2006
Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges. advisories/ubuntu/ubuntu-imagemagick-vulnerabilities-95420 |
||
| Ubuntu: libxfont vulnerability | ||
| 16th, October, 2006
An integer overflow has been discovered in X.org's font handling library. By using a specially crafted font file, this could be exploited to crash the X server or execute arbitrary code with root privileges. advisories/ubuntu/ubuntu-libxfont-vulnerability |
||
| Ubuntu: PHP vulnerabilities | ||
| 16th, October, 2006
There are multiple vulnerabilities in PHP. The following CVEIDs have been addressed: CVE-2006-4020 CVE-2006-4481 CVE-2006-4482 CVE-2006-4484 advisories/ubuntu/ubuntu-php-vulnerabilities-97448 |
||
| Ubuntu: bind9 vulnerabilities | ||
| 16th, October, 2006
bind did not sufficiently verify particular requests and responses from other name servers and users. By sending a specially crafted packet, a remote attacker could exploit this to crash the name server. advisories/ubuntu/ubuntu-bind9-vulnerabilities |
||
| Ubuntu: X.org vulnerabilities | ||
| 16th, October, 2006
iDefense security researchers found several integer overflows in X.org's font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges. advisories/ubuntu/ubuntu-xorg-vulnerabilities |
||
| Ubuntu: mailman vulnerabilities | ||
| 16th, October, 2006
Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. (CVE-2006-2941) Various cross-site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. (CVE-2006-3636) URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log. advisories/ubuntu/ubuntu-mailman-vulnerabilities |
||
| Ubuntu: Linux kernel vulnerabilities | ||
| 16th, October, 2006
There are multiple vulnerabilities in the linux kernel. THe following CVEIDs have been addressed: CVE-2006-2934 CVE-2006-2935 CVE-2006-2936 CVE-2006-3468 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223 |
||
| Ubuntu: GnuTLS vulnerability | ||
| 16th, October, 2006
The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. advisories/ubuntu/ubuntu-gnutls-vulnerability |
||
| Ubuntu: Linux kernel vulnerabilities | ||
| 16th, October, 2006
Sridhar Samudrala discovered a local Denial of Service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535) Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538) advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223 |
||
| Ubuntu: gzip vulnerabilities | ||
| 16th, October, 2006
Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user's privileges. advisories/ubuntu/ubuntu-gzip-vulnerabilities |
||
| Ubuntu: Thunderbird vulnerabilities | ||
| 16th, October, 2006
This update upgrades Thunderbird from 1.0.8 to 1.5.0.7. This step was necessary since the 1.0.x series is not supported by upstream any more. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. The following CVEIDs have been addressed: CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812, CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571 CVE-2006-3804, CVE-2006-4340, CVE-2006-4567, CVE-2006-4570 advisories/ubuntu/ubuntu-thunderbird-vulnerabilities-67510 |
||
| Ubuntu: firefox vulnerabilities | ||
| 16th, October, 2006
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. The following CVEIDs have been addressed: CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569, CVE-2006-4571, CVE-2006-4340, CVE-2006-4567 advisories/ubuntu/ubuntu-firefox-vulnerabilities-99643 |
||
| Ubuntu: Thunderbird vulnerabilities | ||
| 16th, October, 2006
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. The following CVEIDs have been addressed: CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571, CVE-2006-4340, CVE-2006-4567, CVE-2006-4570 advisories/ubuntu/ubuntu-thunderbird-vulnerabilities-67510 |
||
| Ubuntu: openssl vulnerabilities | ||
| 16th, October, 2006
Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937) Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses. (CVE-2006-4343) advisories/ubuntu/ubuntu-openssl-vulnerabilities-29155 |
||
| Ubuntu: gdb vulnerability | ||
| 16th, October, 2006
Will Drewry, of the Google Security Team, discovered buffer overflows in GDB's DWARF processing. This would allow an attacker to execute arbitrary code with user privileges by tricking the user into using GDB to load an executable that contained malicious debugging information. advisories/ubuntu/ubuntu-gdb-vulnerability |
||
| Ubuntu: openssh vulnerabilities | ||
| 16th, October, 2006
Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924) Mark Dowd discovered a race condition in the server's signal handling. A remote attacker could exploit this to crash the server. (CVE-2006-5051) advisories/ubuntu/ubuntu-openssh-vulnerabilities |
||
| Ubuntu: Mono vulnerability | ||
| 16th, October, 2006
Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes. advisories/ubuntu/ubuntu-mono-vulnerability |
||
| Ubuntu: ffmpeg, xine-lib vulnerabilities | ||
| 16th, October, 2006
XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4799) Multiple integer overflows were discovered in ffmpeg and tools that contain a copy of ffmpeg (like xine-lib and kino), for several types of video formats. By tricking a user into running a video player that uses ffmpeg on a stream with malicious content, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4800) advisories/ubuntu/ubuntu-ffmpeg-xine-lib-vulnerabilities |
||
| Ubuntu: OpenSSL vulnerability | ||
| 16th, October, 2006
USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch. For reference, this is the relevant part of the original advisory: Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940) advisories/ubuntu/ubuntu-openssl-vulnerability-15959 |
||
| Ubuntu: Python vulnerability | ||
| 16th, October, 2006
Benjamin C. Wiley Sittler discovered that Python's repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application. advisories/ubuntu/ubuntu-python-vulnerability |
||
| Ubuntu: awstats vulnerabilities | ||
| 16th, October, 2006
awstats did not fully sanitize input, which was passed directly to the user's browser, allowing for an XSS attack. If a user was tricked into following a specially crafted awstats URL, the user's authentication information could be exposed for the domain where awstats was hosted. (CVE-2006-3681) awstats could display its installation path under certain conditions. However, this might only become a concern if awstats is installed into an user's home directory. (CVE-2006-3682) advisories/ubuntu/ubuntu-awstats-vulnerabilities |
||
| Ubuntu: Mozilla vulnerabilities | ||
| 16th, October, 2006
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. The following CVEIDs are addressed: CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571, CVE-2006-3808, CVE-2006-4340, CVE-2006-4570 advisories/ubuntu/ubuntu-mozilla-vulnerabilities |
||
| Ubuntu: PHP vulnerabilities | ||
| 16th, October, 2006
The stripos() function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly. A remote attacker could exploit this to cause a Denial of Service attack through memory exhaustion. (CVE-2006-4486) Maksymilian Arciemowicz discovered that security relevant configuration options like open_basedir and safe_mode (which can be configured in Apache's httpd.conf) could be bypassed and reset to their default value in php.ini by using the ini_restore() function. (CVE-2006-4625) Stefan Esser discovered that the ecalloc() function in the Zend engine did not check for integer overflows. This particularly affected the unserialize() function. In applications which unserialize untrusted user-defined data, this could be exploited to execute arbitrary code with the application's privileges. (CVE-2006-4812) advisories/ubuntu/ubuntu-php-vulnerabilities-97448 |
||
| Ubuntu: libmusicbrainz vulnerability | ||
| 16th, October, 2006
Luigi Auriemma discovered multiple buffer overflows in libmusicbrainz. When a user made queries to MusicBrainz servers, it was possible for malicious servers, or man-in-the-middle systems posing as servers, to send a crafted reply to the client request and remotely gain access to the user's system with the user's privileges. advisories/ubuntu/ubuntu-libmusicbrainz-vulnerability |
||
| Ubuntu: Fixed linux-restricted-modules-2.6.15 | ||
| 16th, October, 2006
USN-346-1 provided an updated Linux kernel to fix several security vulnerabilities. Unfortunately the update broke the binary 'nvidia' driver from linux-restricted-modules. This update corrects this problem. We apologize for the inconvenience. advisories/ubuntu/ubuntu-fixed-linux-restricted-modules-2615 |
||
| Ubuntu: Xsession vulnerability | ||
| 16th, October, 2006
A race condition existed that would allow other local users to see error messages generated during another user's X session. This could allow potentially sensitive information to be leaked. advisories/ubuntu/ubuntu-xsession-vulnerability |
||
| Ubuntu: libksba vulnerability | ||
| 16th, October, 2006
A parsing failure was discovered in the handling of X.509 certificates that contained extra trailing data. Malformed or malicious certificates could cause services using libksba to crash, potentially creating a denial of service. advisories/ubuntu/ubuntu-libksba-vulnerability |
||
| Ubuntu: binutils vulnerability | ||
| 18th, October, 2006
A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges. advisories/ubuntu/ubuntu-binutils-vulnerability |
||
| Ubuntu: Pike vulnerability | ||
| 18th, October, 2006
An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. advisories/ubuntu/ubuntu-pike-vulnerability |
||
