Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
XXXXXXXXXXXXXXXXXXXX
| Debian: New man-db packages fix arbitrary code execution | ||
6th, April, 2007
A buffer overflow has been dicovered in the man command that could allow an attacker to execute code as the man user by providing specially crafted arguments to the -H flag. This is likely to be an issue only on machines with the man and mandb programs installed setuid. advisories/debian/debian-new-man-db-packages-fix-arbitrary-code-execution |
||
| Fedora Core 5 Update: libX11-1.0.0-4.fc5 | ||
10th, April, 2007
Aadded libX11-1.0.1-setuid.diff to fix potential security issue (required) advisories/fedora/fedora-core-5-update-libx11-100-4fc5-13-03-00-127757 |
||
| Gentoo: Evince Stack overflow in included gv code | ||
6th, April, 2007
Evince improperly handles user-supplied data possibly allowing for the execution of arbitrary code. |
||
| Gentoo: libwpd Multiple vulnerabilities | ||
6th, April, 2007
libwpd is vulnerable to several heap overflows and an integer overflow. |
||
| Gentoo: DokuWiki Cross-site scripting vulnerability | ||
12th, April, 2007
DokuWiki is vulnerable to a cross-site scripting attack. An attacker could entice a user to click a specially crafted link and inject CRLF characters into the variable. This would allow the creation of new lines or fields in the returned HTTP Response header, which would permit the attacker to execute arbitrary scripts in the context of the user's browser. |
||
| Mandriva: Updated krb5 packages fix vulnerabilities | ||
10th, April, 2007
A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password (CVE-2007-0956). |
||
| Mandriva: Updated freetype2 packages fix vulnerability | ||
10th, April, 2007
iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially |
||
| Mandriva: Updated tightvnc packages fix integer overflow vulnerabilities | ||
10th, April, 2007
Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. |
||
| Mandriva: Updated xorg-x11/XFree86 packages fix integer overflow vulnerabilities | ||
11th, April, 2007
Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. |
||
| Mandriva: Updated madwifi-source, wpa_supplicant packages fix vulnerabilities | ||
11th, April, 2007
The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. (CVE-2005-4835) |
||
| Mandriva: Updated apache-mod_perl packages fix DoS vulnerability | ||
11th, April, 2007
PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. Updated packages have been patched to correct this issue. |
||
| Ubuntu: ipsec-tools vulnerability | ||
9th, April, 2007
A flaw was discovered in the IPSec key exchange server "racoon". Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service. advisories/ubuntu/ubuntu-ipsec-tools-vulnerability |
||
| Ubuntu: Linux kernel vulnerabilities | ||
10th, April, 2007
The kernel key management code did not correctly handle key reuse. A local attacker could create many key requests, leading to a denial of service. (CVE-2007-0006) advisories/ubuntu/ubuntu-linux-kernel-vulnerabilities-39223 |
||
| Ubuntu: KDE library vulnerability | ||
11th, April, 2007
The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings. If a Konqueror user were tricked into visiting a web site containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data. advisories/ubuntu/ubuntu-kde-library-vulnerability-13075 |
||
