+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | June 5, 2000 Volume 1, Number 6 | | | | Editorial Team: Dave Wreski dave@linuxsecurity.com | | Benjamin Thomas ben@linuxsecurity.com | +---------------------------------------------------------------------+ Greetings! We would like to take a moment to thank our readers for all of your support. The response has been tremendous for both our newsletter and website, LinuxSecurity.com. If you have any suggestions reguarding the website, newsletter, or anything else, please let us know! We are here to serve the open-source community; your voice should be heard. In the news, a few good articles were released. A few of my favorites included, "Cracked! Part 4: The Sniffer", "The Shell Game", and "Who's Sniffing Your Network?." 'Cracked!' and 'Who's Sniffing your network' both are written about the use of packet sniffers. While both take different approaches to explain this topic, they are interesting to read. The Shell Game explains the rational for SSH and using encrypted communications. Take a moment to treat yourself to these three articles. Last week, the major topic of concern was The Top 10 System Security Threats released by SANS. Articles such as "FBI, DOJ issue list of worst Internet threats and IT, Company Execs Add To Security Holes" spawned from SANS' initial release. This list should be familiar to most of you. If you are unaware of any of the ten problems listed in the report, be sure to educate yourself and your users to these potential threats. In a few instances, I saw the mainstream media portray this as "SANS is revealing the hacker's secrets." This really isn't the case. I think it is a wake up call for us all. =20 Many of us like to romanticize system intrusions by thinking of them as being "clever", while in reality, almost all of the intrusions that occur are a direct result of administrators not taking the proper steps to maintain a secure system. Want a real challege? Try to crack a properly secured Linux system. "Security is a Process, Not a Single Solution." Take time each day to address security issues. This should be done by developing a security policy, patching your system, and helping others gain a better security awareness. Last week's feature was an interview with Frank van Vliet. He is the author of AuditFile, many security advisories, and recently pointed out configuration errors on apache.org . In the interview, Frank explains how he audits a systems security, major pitfalls administrators fall into, and how he attempts to uncover bugs. We believe that everyone can learn something from this interview. Also recently added to the site is the WebTrends Security Analyzer. The WedTrends Security Analyzer has the most vulnerability tests for Red Hat & VA Linux. Using advanced agent-based technology, you can scan your Linux servers from your Windows NT/2000 console and protect them against potential threats. Now with over 1,000 tests available. http://www.webtrends.com/redirect/linuxsecurity1.htm Thank you for reading LinuxSecurity.com's weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines and system advisories. It is distributed each Monday by Guardian Digital, Inc. Would you like to contribute to this newsletter? We'd love to hear from you. Email newsletter-admins@linuxsecurity.com with comments, suggestions, or information on projects you're working on. To subscribe, send an email to newsletter-subscribe@linuxsecurity.com with "subscribe" in the subject. Editorial Team: Dave Wreski dave@linuxsecurity@.com Benjamin Thomas ben@linuxsecurity.com Linux Security Week Index: Advisories: May 31st, 2000 - RedHat 6.1: New majordomo package available May 30th, 2000 - TurboLinux: users can view shadowed password file May 30th, 2000 - PGP 5.0: Key generation weakness May 29th, 2000 - SuSE: kmulti local root compromise May 29th, 2000 - Mandrake: kdesu vulnerability May 29th, 2000 - NetBSD: Local "cpu-hog" denial of service May 29th, 2000 - NetBSD: SysV semaphore denial-of-service May 29th, 2000 - NetBSD 1.4.2: /etc/ftpchroot parsing broken May 29th, 2000 - NetBSD: Exploitable Vulnerability in Xlockmore May 29th, 2000 - OpenBSD: Xlockmore vulnerability May 29th, 2000 - OpenBSD 2.7: ipf vulnerability Firewall News:=20 June 2nd, 2000 - An Introduction to IP Masquerading - Part 2 May 30th, 2000 - Firewall placement Linux Host Security: June 4th, 2000 - Just Linux.com: From the Desktop June 2nd, 2000 - CERT Vulnerability Summary June 1st, 2000 - Cracked! Part 4: The Sniffer May 31st, 2000 - SANS Top 10 Threats May 29th, 2000 - IPv6 wins support as multimedia protocol Linux Server Security:=20 June 4th, 2000 - Who's Sniffing Your Network? May 31st, 2000 - Update: Blocking "Killer Resume" May 31st, 2000 - Buffer Overrun Vulnerabilities in Kerberos May 30th, 2000 - popa3d v0.4 contributed Kerberos=20 Cryptography:=20 June 1st, 2000 - Making an Unbreakable Code May 31st, 2000 - The Shell Game May 29th, 2000 - Maths prize could revolutionise encryption May 29th, 2000 - Life in an Era of Cryptographic Abundance May 29th, 2000 - Can IPv6 replace SSL? Vendors/Products/Tools:=20 June 2nd, 2000 - Retina=99 The Network Security Scanner June 2nd, 2000 - Information on SANS Security DC2000 June 1st, 2000 - Linux Deleted File Recovery Tool May 31st, 2000 - Nmap 2.53 Released May 30th, 2000 - Mission Critical Linux General Community News:=20 June 3rd, 2000 - Domain Hijacking Raises Security Issue June 2nd, 2000 - IT, Company Execs Add To Security Holes June 2nd, 2000 - Hackers' favorite security holes revealed June 2nd, 2000 - Security holes going unpatched May 31st, 2000 - Should We Hack back? May 31st, 2000 - Internet to Transmit "Notarized" Documents May 30th, 2000 - Privacy Looters May 30th, 2000 - Striking a Blow for Privacy May 30th, 2000 - Spring cleaning tips for managers May 30th, 2000 - Cross-Company Applications Open Up Security May 30th, 2000 - Senate hears computer export control arguments Advisories this Week: May 31st, 2000 RedHat 6.1: New majordomo package available A vulnerability in /usr/lib/majordomo/resend and /usr/lib/majordomo/wrapper will allow execution of arbitrary commands with elevated privileges. http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-= 460.html May 30th, 2000 TurboLinux: local users can view shadowed password file "The xlock program locks an X server until a valid password is entered. The command line option -mode provides a user with a mechanism to change the default display shown when the X server is locked. xlock is installed with privileges to obtain password information, although these are dropped as early as possible. An overflow in the -mode command line option allows a malicious attacker to reveal arbitrary portions of xlock's address space including the shadow password file." http://www.linuxsecurity.com/advisories/advisory_documents/turbolinux_advis= ory-459.html May 30th, 2000 PGP 5.0: Key generation weakness During a recent review of our published PGP 5.0 for Linux source code, researchers discovered that under specific, rare circumstances PGP 5.0 for Linux will generate weak, predictable public/private keypairs. http://www.linuxsecurity.com/advisories/advisory_documents/other_advisory-4= 61.html May 29th, 2000 SuSE: kmulti local root compromise The KDE CD player kscd is setgid disk to be able to access the device file of the CDROM. To perform some action kscd calls the unix command shell specified in the environment variable SHELL with the privileges of group disk. http://www.linuxsecurity.com/advisories/advisory_documents/suse_advisory-45= 2.html May 29th, 2000 Mandrake: kdesu vulnerability Problem: A vulnerability in kdesud will allow any user to exploit a buffer overflow. This user then can have a root group access on the machine, by exploiting a bug in the kdesud program. http://www.linuxsecurity.com/advisories/advisory_documents/mandrake_advisor= y-451.html May 29th, 2000 NetBSD: Local "cpu-hog" denial of service Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU. http://www.linuxsecurity.com/advisories/advisory_documents/netbsd_advisory-= 454.html May 29th, 2000 NetBSD: SysV semaphore denial-of-service An undocumented system call permits any user process to lock up the entire semaphore subsystem, preventing processes using semaphores from locking or unlocking them, and preventing processes holding semaphores from exiting. http://www.linuxsecurity.com/advisories/advisory_documents/netbsd_advisory-= 455.html May 29th, 2000 NetBSD 1.4.2: /etc/ftpchroot parsing broken A fix which attempted to make ftpd's parsing of /etc/ftpusers more robust was incorrect, and broke parsing of /etc/ftpchroot, allowing users listed in /etc/ftpchroot access to files outside their home directory. http://www.linuxsecurity.com/advisories/advisory_documents/netbsd_advisory-= 453.html May 29th, 2000 NetBSD: Exploitable Vulnerability in Xlockmore The advisory outlines how xlock can be manipulated to print the shadow password information even though it drops root privileges before an overflow occurs. http://www.linuxsecurity.com/advisories/advisory_documents/netbsd_advisory-= 456.html May 29th, 2000 OpenBSD: Xlockmore vulnerability xlockmore has a localhost attack against it which allows recovery of the encrypted hash of the root password. T...
zorazelda