This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Security

Linux Advisory Watch - January 23, 2004

By Benjamin D. Thomas on January 23, 2004 (8:00:00 AM)

Share    Print    Comments   

This week, advisories were released for cvs, screen, kdepim, mc, tcpdump, kernel, slocate, honeyd, isakmpd, and lftp. The distributors include Conectiva, Debian, Guardian Digital EnGarde Secure Linux, Gentoo, OpenBSD, Red Hat, Trustix, and Turbolinux.

In all business environments management must give a certain level of trust to staff in order for work to get done. In security, trust is extremely important. Security managers must trust staff to properly setup and configure systems, give appropriate access, and fix vulnerabilities as they arise. Trusting staff to get the job done is a fundamental part of doing business. As a manager, how can one be sure that the security staff is properly addressing security issues? How can one be sure that vulnerabilities are fixed and logs are monitored? Peter F. Drucker, a well known writer on business management topics once wrote, "if you cannot measure it, you cannot manage it."

This is directly relevant to security. How can a manager be sure that the backups are getting done? Are the IDS and firewall logs properly monitored? A manager can easily have trust in employees, but assurance also must be provided. Management should require staff to log backups, log reviews, server patching, etc. Rather than trusting staff to get the job done, it is necessary to have assurance. All general security maintenance tasks can be, and should be audit-able.

How will extra paper work help security? Will staff get fed up with all of the extra documentation? The purpose of extra documentation is not to burden staff, it is to increasingly justify security spending. If a security department is properly doing its job, incidents will have little affect. However, if the department isn't doing its job, something catastrophic could happen. It is hard for people not in security to see the value in spending more money when there are no security incidents. Having audit-able documented evidence of thwarted security attempts, log reviews, etc. can have a huge impact on the image of the security department. Rather than relying on trust, giving assurance and quantifying security will help get the budget necessary to have the appropriate level of protection.

Until next time, cheers!
Benjamin D. Thomas


LinuxSecurity Feature Extras:

Managing Linux Security Effectively in 2004 - This article examines the process of proper Linux security management in 2004. First, a system should be hardened and patched. Next, a security routine should be established to ensure that all new vulnerabilities are addressed. Linux security should be treated as an evolving process.

FEATURE: OSVDB - An Independent and Open Source Vulnerability Database - This article outlines the origins, purpose, and future of the Open Source Vulnerability Database project. Also, we talk to with Tyler Owen, a major contributor.

[ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]

 

Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.
[ Subscribe ]

 
Distribution: Conectiva
  1/20/2004 cvs
    Chroot escape vulnerability

By requesting malformed modules[2] a remote attacker can attempt to create files and directories on the server's root file system.
http://www.linuxsecurity.com/advisories/conectiva_advisory-3962.html
 
  1/20/2004 screen
    Buffer overflow vulnerability

This vulnerability could be exploited by an attacker who is able to send about 2Gb of data to the user's screen session.
http://www.linuxsecurity.com/advisories/conectiva_advisory-3963.html
 
  1/20/2004 kdepim
    Buffer overflow vulnerability

A carefully constructed .VCF file, if opened or previewed, could cause the execution of arbitrary code with the victim's privileges.
http://www.linuxsecurity.com/advisories/conectiva_advisory-3964.html
 
 
Distribution: Debian
  1/16/2004 mc
    Improper execution vulnerability

A malicious archive (such as a .tar file) could cause arbitrary code to be executed if opened by Midnight Commander.
http://www.linuxsecurity.com/advisories/debian_advisory-3955.html
 
  1/16/2004 tcpdump
    Multiple vulnerabilities

A number of buffer overflows could be exploited to crash tcpdump, or execute arbitrary code with the privileges of tcpdump.
http://www.linuxsecurity.com/advisories/debian_advisory-3957.html
 
  1/19/2004 netpbm-free Insecure temporary files
    Multiple vulnerabilities

Many of these programs were found to create temporary files in an insecure manner.
http://www.linuxsecurity.com/advisories/debian_advisory-3960.html
 
  1/19/2004 kernel
    MIPS version of mremap() fix

A flaw in bounds checking in mremap() in the Linux kernel may allow a local attacker to gain root privileges.
http://www.linuxsecurity.com/advisories/debian_advisory-3961.html
 
  1/20/2004 slocate
    Heap buffer overflow

This vulnerability could grant a local attacker "slocate" group privileges, which can access the list of all file pathnames on the system.
http://www.linuxsecurity.com/advisories/debian_advisory-3965.html
 
 
Distribution: EnGarde
  1/19/2004 'tcpdump' multiple vulnerabilities
    Heap buffer overflow

By sending specially constructed packets across the wire a malicious remote attacker could cause tcpdump to crash or potentially run arbitrary code as the user under which tcpdump was being run.
http://www.linuxsecurity.com/advisories/engarde_advisory-3958.html
 
  1/19/2004 tcpdump
    Multiple vulnerabilities

Several buffer overflows were recently discovered in tcpdump which could cause tcpdump to crash or run arbitrary code.
http://www.linuxsecurity.com/advisories/engarde_advisory-3959.html
 
 
Distribution: Gentoo
  1/22/2004 honeyd
    Honeyd remotely identifiable

Identification of Honeyd installations allows an adversary to launch attacks specifically against Honeyd.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3969.html
 
 
Distribution: OpenBSD
  1/16/2004 isakmpd
    SA deletion vulnerability

Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski.
http://www.linuxsecurity.com/advisories/openbsd_advisory-3956.html
 
 
Distribution: Red Hat
  1/21/2004 mc
    Buffer overflow vulnerability

This vulnerability allows remote attackers to execute arbitrary code during symlink conversion.
http://www.linuxsecurity.com/advisories/redhat_advisory-3966.html
 
  1/22/2004 slocate
    Heap overflow vulnerability

A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.
http://www.linuxsecurity.com/advisories/redhat_advisory-3970.html
 
 
Distribution: Trustix
  1/21/2004 slocate
    Privilege escalation vulnerability

Exploiting this would allow an attacker to obtain a list of all files in the filesystem.
http://www.linuxsecurity.com/advisories/trustix_advisory-3967.html
 
 
Distribution: Turbolinux
  1/22/2004 lftp
    and tcpdump Multiple vulnerabilities

lftp: buffer overflow tcpdump: multiple vulnerabilities
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3968.html
 

Share    Print    Comments   

Comments

on Linux Advisory Watch - January 23, 2004

There are no comments attached to this item.

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya