Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch - March 30th 2007
Source: LinuxSecurity.com Administrator - Posted by Benjamin D. Thomas
This week, advisories were released for nas, openoffice, mgv, file, mozilla-firefox,
libwpd, evolution, squid, xmms, and KDE library. The distributors include Debian,
Gentoo, Red Hat, Slackware, and Ubuntu.
RFID
with Bio-Smart Card in Linux - In this paper, we describe the integration
of fingerprint template and RF smart card for clustered network, which is
designed on Linux platform and Open source technology to obtain biometrics
security. Combination of smart card and biometrics has achieved in two step
authentication where smart card authentication is based on a Personal Identification
Number (PIN) and the card holder is authenticated using the biometrics template
stored in the smart card that is based on the fingerprint verification.
The fingerprint verification has to be executed on central host server for
security purposes. Protocol designed allows controlling entire parameters
of smart security controller like PIN options, Reader delay, real-time clock,
alarm option and cardholder access conditions.
Linux
File & Directory Permissions Mistakes - One common mistake Linux
administrators make is having file and directory permissions that are far
too liberal and allow access beyond that which is needed for proper system
operations. A full explanation of unix file permissions is beyond the scope
of this article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one is available
right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Debian
Debian: New nas packages fix multiple
remote vulnerabilities
An updated file package that fixes a security flaw is now available
for Red Hat Enterprise Linux 4 and 5.This update has been rated as having
moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/127544
Ulf Harnhammar of Secunia Research discovered that Evolution
did not correctly handle format strings when displaying shared memos.
If a remote attacker tricked a user into viewing a specially crafted shared
memo, they could execute arbitrary code with user privileges.
http://www.linuxsecurity.com/content/view/127567
Ubuntu: Squid vulnerability
26th, March, 2007
A flaw was discovered in Squid's handling of the TRACE request
method which could lead to a crash. Remote attackers with access to the
Squid server could send malicious TRACE requests, and cause a denial of
service.
http://www.linuxsecurity.com/content/view/127568
Ubuntu: Firefox vulnerability
27th, March, 2007
A flaw was discovered in how Firefox handled PASV FTP responses.
If a user were tricked into visiting a malicious FTP server, a remote
attacker could perform a port-scan of machines within the user's network,
leading to private information disclosure.
http://www.linuxsecurity.com/content/view/127594
Ubuntu: XMMS vulnerabilities
27th, March, 2007
Sven Krewitt of Secunia Research discovered that XMMS did not
correctly handle BMP images when loading GUI skins. If a user were tricked
into loading a specially crafted skin, a remote attacker could execute
arbitrary code with user privileges.
http://www.linuxsecurity.com/content/view/127596
Ubuntu: OpenOffice.org vulnerabilities
27th, March, 2007
A stack overflow was discovered in OpenOffice.org's StarCalc
parser. If a user were tricked into opening a specially crafted document,
a remote attacker could execute arbitrary code with user privileges. (CVE-2007-0238)
A flaw was discovered in OpenOffice.org's link handling code. If a user
were tricked into clicking a link in a specially crafted document, a remote
attacker could execute arbitrary shell commands with user privileges.
http://www.linuxsecurity.com/content/view/127597
Ubuntu: NAS vulnerabilities
28th, March, 2007
Luigi Auriemma discovered multiple flaws in the Network Audio
System server. Remote attackers could send specially crafted network requests
that could lead to a denial of service or execution of arbitrary code.
Note that default Ubuntu installs do not include the NAS server.
http://www.linuxsecurity.com/content/view/127600
Ubuntu: KDE library vulnerabilities
28th, March, 2007
It was discovered that Konqueror did not correctly handle iframes
from JavaScript. If a user were tricked into visiting a malicious website,
Konqueror could crash, resulting in a denial of service. (CVE-2007-1308)A
flaw was discovered in how Konqueror handled PASV FTP responses. If a
user were tricked into visiting a malicious FTP server, a remote attacker
could perform a port-scan of machines within the user's network, leading
to private information disclosure. (CVE-2007-1564)
http://www.linuxsecurity.com/content/view/127606
Only registered users can write comments. Please login or register.
