[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Advisory Watch - October 21st 2005

|  LinuxSecurity.com                             Weekly Newsletter    |
|  October 21st, 2005                         Volume 6, Number 43a    |

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for Ruby, hylafax, Mozilla,
module-assistant, Lynx, phpMyAdmin, AbiWord, netpbm, gdb, xloadimage,
and openldap. The distributors include Debian, Gentoo, and Red Hat.


Local User Security
By: Dave Wreski

Getting access to a local user account is one of the first things that
system intruders attempt while on their way to exploiting the root
account. With lax local security, they can then "upgrade" their normal
user access to root access using a variety of bugs and poorly setup
local services. If you make sure your local security is tight, then
the intruder will have another hurdle to jump.

Local users can also cause a lot of havoc with your system even
(especially) if they really are who they say they are. Providing accounts
to people you don't know or for whom you have no contact information is
a very bad idea.

You should make sure you provide user accounts with only the minimal
requirements for the task they need to do. If you provide your son
(age 10) with an account, you might want him to only have access to a
word processor or drawing program, but be unable to delete data that
is not his.

Several good rules of thumb when allowing other people legitimate
access to your Linux machine:

    * Give them the minimal amount of privileges they need.
    * Be aware when/where they login from, or should be logging in from.
    * Make sure you remove inactive accounts, which you can determine
      by using the 'last' command and/or checking log files for any
      activity by the user.
    * The use of the same userid on all computers and networks is
      advisable to ease account maintenance, and permits easier analysis
      of log data.
    * The creation of group user-id's should be absolutely prohibited.
      User accounts also provide accountability, and this is not possible
      with group accounts.

Many local user accounts that are used in security compromises have not
been used in months or years. Since no one is using them they, provide the
ideal attack vehicle.

Read more from the Linux Security Howto:


Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.



Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.



Review: The Book of Postfix: State-of-the-Art Message Transport
I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Debian           | ----------------------------//

* Debian: New Ruby 1.8 packages fix safety bypass
  13th, October, 2005

Updated package.


* Debian: New hylafax packages fix insecure temporary files
  13th, October, 2005

Updated package.


* Debian: New Mozilla packages fix several vulnerabilities
  20th, October, 2005

Updated package.


* Debian: New module-assistant package fixes insecure temporary file
  20th, October, 2005

Updated package.


|  Distribution: Gentoo           | ----------------------------//

* Gentoo: KOffice, KWord RTF import buffer overflow
  14th, October, 2005

KOffice and KWord are vulnerable to a buffer  overflow in the RTF
importer, potentially resulting in the execution of arbitrary code.


* Gentoo: SPE Insecure file permissions
  15th, October, 2005

SPE files are installed with world-writeable permissions, potentially
leading to privilege escalation.


* Gentoo: Perl, Qt-UnixODBC, CMake RUNPATH issues
  17th, October, 2005

Multiple packages suffer from RUNPATH issues that may allow users in
the "portage" group to escalate privileges.


* Gentoo: Lynx Buffer overflow in NNTP processing
  17th, October, 2005

Lynx contains a buffer overflow that may be exploited to execute
arbitrary code.


* Gentoo: phpMyAdmin Local file inclusion vulnerability
  17th, October, 2005

phpMyAdmin contains a local file inclusion vulnerability that may
lead to the execution of arbitrary code.


* Gentoo: AbiWord New RTF import buffer overflows
  20th, October, 2005

AbiWord is vulnerable to an additional set of buffer overflows during
RTF import, making it vulnerable to the execution of arbitrary code.


* Gentoo: Netpbm Buffer overflow in pnmtopng
  20th, October, 2005

The pnmtopng utility, part of the Netpbm tools, contains a
vulnerability which can potentially result in the execution of
arbitrary code.


|  Distribution: Red Hat          | ----------------------------//

* RedHat: Moderate: openldap and nss_ldap security update
  17th, October, 2005

Updated openldap and nss_ldap packages that correct a potential
password disclosure issue are now available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.


* RedHat: Moderate: openldap and nss_ldap security update
  17th, October, 2005

Updated openldap and nss_ldap packages that correct a potential
password disclosure issue and possible authentication vulnerability
are now available.


* RedHat: Critical: lynx security update
  17th, October, 2005

An updated lynx package that corrects a security flaw is now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.


* RedHat: Moderate: netpbm security update
  18th, October, 2005

Updated netpbm packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.


* RedHat: Low: gdb security update
  18th, October, 2005

An updated gdb package that fixes minor security issues is now
available. This update has been rated as having low security impact
by the Red Hat Security Response Team.


* RedHat: Low: xloadimage security update
  18th, October, 2005

A new xloadimage package that fixes bugs in handling malformed tiff
and pbm/pnm/ppm images, and in handling metacharacters in file names
is now available.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.

InfoSec News v2.0 - Coming Soon!