Vyatta: Open-Source Router / Firewall / VPN Vyatta - software and appliances combine the features, performance and reliability of an enterprise-class router and firewall with the cost savings and flexibility of open source solutions.
Free Vyatta Community Edition 2 Software & Live Demo Webinars
LinuxSecurity.com Feature Extras:
RFID with Bio-Smart Card in Linux - In this paper, we describe the integration of fingerprint template and RF smart card for clustered network, which is designed on Linux platform and Open source technology to obtain biometrics security. Combination of smart card and biometrics has achieved in two step authentication where smart card authentication is based on a Personal Identification Number (PIN) and the card holder is authenticated using the biometrics template stored in the smart card that is based on the fingerprint verification. The fingerprint verification has to be executed on central host server for security purposes. Protocol designed allows controlling entire parameters of smart security controller like PIN options, Reader delay, real-time clock, alarm option and cardholder access conditions.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New php4 packages fix several vulnerabilities | ||
| 26th, April, 2007
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: advisories/debian/debian-new-php4-packages-fix-several-vulnerabilities-67618 |
||
| Debian: New php5 packages fix several vulnerabilities | ||
| 29th, April, 2007
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: advisories/debian/debian-new-php5-packages-fix-several-vulnerabilities-1312 |
||
| Debian: New qemu packages fix several vulnerabilities | ||
| 1st, May, 2007
Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems. advisories/debian/debian-new-qemu-packages-fix-several-vulnerabilities |
||
| Debian: New wordpress packages fix multiple vulnerabilities | ||
| 1st, May, 2007
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. advisories/debian/debian-new-wordpress-packages-fix-multiple-vulnerabilities |
||
| Debian: New Linux 2.6.18 packages fix several vulnerabilities | ||
| 2nd, May, 2007
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: advisories/debian/debian-new-linux-2618-packages-fix-several-vulnerabilities-45410 |
||
| Fedora | ||
| Fedora Core 6 Update: selinux-policy-2.4.6-62.fc6 | ||
| 30th, April, 2007
- Revert patch to stop secadm and sysadm from having audit_control - Allow clamav to create pid files in amavis_var_run - Allow apcupsd to send itselef signals advisories/fedora/fedora-core-6-update-selinux-policy-246-62fc6-18-37-00-127993 |
||
| Fedora Core 6 Update: policycoreutils-1.34.1-8.fc6 | ||
| 30th, April, 2007
policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context. advisories/fedora/fedora-core-6-update-policycoreutils-1341-8fc6-18-37-00-127994 |
||
| Fedora Core 6 Update: bind-9.3.4-4.fc6 | ||
| 30th, April, 2007
- race-condition has been discovered in bind's dbus code - some minor issues in bind-chroot-admin script advisories/fedora/fedora-core-6-update-bind-934-4fc6-18-37-00-127995 |
||
| Fedora Core 6 Update: kernel-2.6.20-1.2948.fc6 | ||
| 1st, May, 2007
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. advisories/fedora/fedora-core-6-update-kernel-2620-12948fc6-13-45-00-128016 |
||
| Fedora Core 5 Update: kernel-2.6.20-1.2316.fc5 | ||
| 1st, May, 2007
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. advisories/fedora/fedora-core-5-update-kernel-2620-12316fc5-13-45-00-128017 |
||
| Gentoo | ||
| Gentoo: BEAST Denial of Service | ||
| 27th, April, 2007
A vulnerability has been discovered in BEAST allowing for a Denial of Service. |
||
| Gentoo: capi4k-utils Buffer overflow | ||
| 27th, April, 2007
capi4k-utils is vulnerable to a buffer overflow in the bufprint() function. |
||
| Gentoo: Ktorrent Multiple vulnerabilities | ||
| 1st, May, 2007
Multiple vulnerabilities have been discovered in Ktorrent allowing for the remote execution of arbitrary code and a Denial of Service. A remote attacker could entice a user to download a specially crafted torrent file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running Ktorrent. |
||
| Gentoo: FreeType User-assisted execution of arbitrary code | ||
| 1st, May, 2007
A vulnerability has been discovered in FreeType allowing for user-assisted remote execution of arbitrary code. A remote attacker could entice a user to use a specially crafted BDF font, possibly resulting in a heap-based buffer overflow and the remote execution of arbitrary code. |
||
| Gentoo: Tomcat Information disclosure | ||
| 1st, May, 2007
A vulnerability has been discovered in Tomcat that allows for the disclosure of sensitive information.A remote attacker could send a specially crafted URL to the vulnerable Tomcat server, possibly resulting in a directory traversal and read access to arbitrary files with the privileges of the user running Tomcat. Note that this vulnerability can only be exploited when using apache proxy modules like mod_proxy, mod_rewrite or mod_jk. |
||
| Gentoo: Apache mod_perl Denial of Service | ||
| 2nd, May, 2007
The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions. A remote attacker could send a specially crafted URL to the vulnerable server, possibly resulting in a massive resource consumption. |
||
| Gentoo: Quagga Denial of Service | ||
| 2nd, May, 2007
A vulnerability has been discovered in Quagga allowing for a Denial of Service. A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon. |
||
| Mandriva | ||
| Mandriva: Updated postgresql packages fix vulnerability | ||
| 26th, April, 2007
A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function. |
||
| Mandriva: Updated ktorrent packages fix vulnerability | ||
| 1st, May, 2007
A directory traversal vulnerability was found in KTorrent prior to 2.1.2, due to an incomplete fix for a prior directory traversal vulnerability that was corrected in version 2.1.2. Previously, KTorrent would only check for the string .., which could permit strings such as ../. |
||
| Mandriva: Updated quagga packages fix DoS vulnerability | ||
| 2nd, May, 2007
The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read. Updated packages have been patched to correct this issue. |
||
| Mandriva: Updated xscreensaver packages fix vulnerability | ||
| 3rd, May, 2007
A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen. Updated packages have been patched to correct this issue. |
||
| Red Hat | ||
| RedHat: Important: kernel security and bug fix update | ||
| 30th, April, 2007
Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. Fixes a flaw in the IPv6 socket option handling that allowed a local user to read arbitrary kernel memory. Also flaw in the IPv6 socket option handling that allowed a local user to cause a denial of service. And a flaw in the utrace support that allowed a local user to cause a denial of service. |
||
| RedHat: Low: unzip security and bug fix update | ||
| 1st, May, 2007
Updated unzip packages that fix two security issues and various bugs are now available. A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475) advisories/red-hat/redhat-low-unzip-security-and-bug-fix-update-RHSA-2007-0203-02 |
||
| RedHat: Low: w3c-libwww security and bug fix update | ||
| 1st, May, 2007
Updated w3c-libwww packages that fix a security issue and a bug are now available. Several buffer overflow flaws in w3c-libwww were found. If a client application that uses w3c-libwww connected to a malicious HTTP server, it could trigger an out of bounds memory access, causing the client application to crash (CVE-2005-3183). advisories/red-hat/redhat-low-w3c-libwww-security-and-bug-fix-update-RHSA-2007-0208-02 |
||
| RedHat: Moderate: gcc security and bug fix update | ||
| 1st, May, 2007
Updated gcc packages that fix a security issue and various bugs are now available. Weigert discovered a directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to. advisories/red-hat/redhat-moderate-gcc-security-and-bug-fix-update-RHSA-2007-0473-01 |
||
| RedHat: Low: gdb security and bug fix update | ||
| 1st, May, 2007
An updated gdb package that fixes a security issue and various bugs is now available. Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. advisories/red-hat/redhat-low-gdb-security-and-bug-fix-update-RHSA-2007-0469-01 |
||
| RedHat: Low: util-linux security and bug fix update | ||
| 1st, May, 2007
An updated util-linux package that corrects a security issue and fixes several bugs is now available.A flaw was found in the way the login process handled logins which did not require authentication. Certain processes which conduct their own authentication could allow a remote user to bypass intended access policies which would normally be enforced by the login process. advisories/red-hat/redhat-low-util-linux-security-and-bug-fix-update-RHSA-2009-0981-01 |
||
| RedHat: Low: busybox security update | ||
| 1st, May, 2007
Updated busybox packages that fix a security issue are now available. BusyBox did not use a salt when generating passwords. This made it easier for local users to guess passwords from a stolen password file. advisories/red-hat/redhat-low-busybox-security-update-RHSA-2007-0244-02 |
||
| RedHat: Low: cpio security and bug fix update | ||
| 1st, May, 2007
An updated cpio package that fixes a security issue and various bugs is now available. A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268) advisories/red-hat/redhat-low-cpio-security-and-bug-fix-update-RHSA-2007-0245-02 |
||
| RedHat: Low: sendmail security and bug fix update | ||
| 1st, May, 2007
Updated sendmail packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4.The configuration of Sendmail on Red Hat Enterprise Linux was found to not reject the "localhost.localdomain" domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages advisories/red-hat/redhat-low-sendmail-security-and-bug-fix-update-RHSA-2007-0252-02 |
||
| RedHat: Low: openssh security and bug fix update | ||
| 1st, May, 2007
Updated openssh packages that fix a security issue and various bugs are now available. OpenSSH stores hostnames, IP addresses, and keys in plaintext in the known_hosts file. A local attacker that has already compromised a user's SSH account could use this information to generate a list of additional targets that are likely to have the same password or key. advisories/red-hat/redhat-low-openssh-security-and-bug-fix-update-RHSA-2007-0257-02 |
||
| RedHat: Low: shadow-utils security and bug fix update | ||
| 1st, May, 2007
Updated shadow-utils packages that fix a security issue and various bugs are now available. A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. advisories/red-hat/redhat-low-shadow-utils-security-and-bug-fix-update-RHSA-2007-0431-01 |
||
| RedHat: Low: gdm security and bug fix update | ||
| 1st, May, 2007
An updated gdm package that fixes a security issue and a bug is now available. Marcus Meissner discovered a race condition issue in the way Gdm modifies the permissions on the .ICEauthority file. A local attacker could exploit this flaw to gain privileges. Due to the nature of the flaw, however, a successful exploitation was unlikely. advisories/red-hat/redhat-low-gdm-security-and-bug-fix-update-RHSA-2009-1364-02 |
||
| RedHat: Low: openldap security update | ||
| 1st, May, 2007
A updated openldap packages that fix a security flaw is now available for Red Hat Enterprise Linux 4. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. advisories/red-hat/redhat-low-openldap-security-update-RHSA-2007-0310-02 |
||
| RedHat: Important: xscreensaver security update | ||
| 2nd, May, 2007
An updated xscreensaver package that fixes a security flaw is now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-important-xscreensaver-security-update-RHSA-2007-0322-01 |
||
| RedHat: Moderate: postgresql security update | ||
| 3rd, May, 2007
Updated postgresql packages that fix several security vulnerabilities are now available for the Red Hat Application Stack. A flaw was found in the way PostgreSQL allows authenticated users to execute security-definer functions. It was possible for an unprivileged user to execute arbitrary code with the privileges of the security-definer function. This update has been rated as having moderate security impact by the Red Hat Security Response Team. advisories/red-hat/redhat-moderate-postgresql-security-update-63406 |
||
| SuSE | ||
| SuSE: Linux kernel (SUSE-SA:2007:029) | ||
| 3rd, May, 2007
A NULL pointer dereference in the IPv6 sockopt handling could potentially be used by local attackers to read arbitrary kernel memory and thereby gain access to private information. |
||
| Ubuntu | ||
| Ubuntu: rdesktop regression | ||
| 26th, April, 2007
USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem. advisories/ubuntu/ubuntu-rdesktop-regression |
||
| Ubuntu: PHP vulnerabilities | ||
| 27th, April, 2007
Stefan Esser discovered multiple vulnerabilities in the "Month of PHP bugs". The substr_compare() function did not sufficiently verify its length argument. This might be exploited to read otherwise unaccessible memory, which might lead to information disclosure. (CVE-2007-1375) The shared memory (shmop) functions did not verify resource types, thus they could be called with a wrong resource type that might contain user supplied data. This could be exploited to read and write arbitrary memory addresses of the PHP interpreter. This issue does not affect Ubuntu 7.04. (CVE-2007-1376) advisories/ubuntu/ubuntu-php-vulnerabilities-97448 |
||
| Ubuntu: PostgreSQL vulnerability | ||
| 27th, April, 2007
PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. advisories/ubuntu/ubuntu-postgresql-vulnerability |
||
| Ubuntu: net-snmp vulnerability | ||
| 2nd, May, 2007
The SNMP service did not correctly handle TCP disconnects. Remote subagents could cause a denial of service if they dropped a connection at a specific time. advisories/ubuntu/ubuntu-net-snmp-vulnerability |
||
