Linux Advisory Watch - October 1st 2004

    Date01 Oct 2004
    Posted ByAnthony Pell
    This week, advisories were released for kernel, imlib, getmail, sendmail, vnc, CUPS, cadaver, tcpdump, freenet6, apache, subversion, sharutils, webmin, and NetPBM. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, and Trustix. . . .

    This week, advisories were released for kernel, imlib, getmail, sendmail, vnc, CUPS, cadaver, tcpdump, freenet6, apache, subversion, sharutils, webmin, and NetPBM. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, and Trustix.

    SSL123 - New from Thawte - Get SSL123 the new full 128-bit capable digital certificate - issued within minutes for US $159.00. Free reissues and experienced 24/5 multi-lingual support included for the life of the certificate.
    Click Here to Read More

    Physical Security

    The first ``layer'' of security you need to take into account is the physical security of your computer systems. Who has direct physical access to your machine? Should they? Can you protect your machine from their tampering? Should you?

    How much physical security you need on your system is very dependent on your situation, and/or budget.

    If you are a home user, you probably don't need a lot (although you might need to protect your machine from tampering by children or annoying relatives). If you are in a Lab environment, you need considerably more, but users will still need to be able to get work done on the machines. Many of the following sections will help out. If you are in a Office, you may or may not need to secure your machine off hours or while you are away. At some companies, leaving your console unsecured is a termination offense.

    Obvious physical security methods such as locks on doors, cables, locked cabinets, and video surveillance are all a good idea, but beyond the scope of this document.

    Make use of /etc/shutdown.allow to prevent someone from rebooting your machine. This file is consulted when the machine is rebooted using the Control-Alt-Del keys. It contains a list of usernames that are authorized to reboot the machine.

    Excerpt from the LinuxSecurity Administrator's Guide:
    Written by: Dave Wreski (This email address is being protected from spambots. You need JavaScript enabled to view it.)

    LinuxSecurity Feature Extras:

    AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.

    An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at

    Security Expert Dave Wreski Discusses Open Source Security - Dave Wreski, CEO of Guardian Digital, Inc. and respected author of various hardened security and Linux publications, talks about how Guardian Digital is changing the face of IT security today. Guardian Digital is perhaps best known for their hardened Linux solution EnGarde Secure Linux, touted as the premier secure, open-source platform for its comprehensive array of general purpose services, such as web, FTP, email, DNS, IDS, routing, VPN, firewalling, and much more.

    [ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]

    Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.[ Subscribe ]

       vulnerability fix

    This announcement fixes a missing[1] Discretionary Access Control (DAC) check in the chown system call that allowed a local user to change the group ownership of arbitrary files to a group that he or she belongs to, leading to a privileges escalation vulnerability.
       and imlib2 Fix for a buffer overflow

    Marcus Meissner noticed that due to improper bounds checking, imlib[3] and imlib2[4] are vulnerable to a buffer overflow when decoding runlength-encoded bitmaps.
       symlink vulnerability

    A security problem has been discovered in getmail, a POP3 and APOP mail gatherer and forwarder. An attacker with a shell account on the victims host could utilise getmail to overwrite arbitrary files when it is running as root.
       pre-set password

    Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing "sasl-bin" to use sasl in connection with sendmail, the sendmail configuration script use fixed user/pass information to initialise the sasl database.
       update fixes several bugs

    This package updates VNC to the latest released version, 4.0. It also fixes several bugs not fixed upstream.
       update fixes a denial of service problem

    This update fixes a denial of service problem causing loss of browse services. The Common Vulnerabilities and Exposures project ( has assigned the name CAN-2004-0558 to this issue.
     9/29/2004system-config-display update fixes reconfig mode
       update fixes a denial of service problem

    This release fixes reconfig mode for system-config-display for Fedora Core 2.
       security vulnerabilities

    Updated cadaver packages that fix multiple security vulnerability are now available.
       multiple security vulnerabilities

    Updated tcpdump packages that fix multiple security vulnerabilities are now available.
       wrong file permissions

    Simon Josefsson noticed that the tspc.conf configuration file in freenet6, a client to configure an IPv6 tunnel to, is set world readable.
       Exposure of protected directories

    A bug in the way Apache handles the Satisfy directive can lead to the exposure of protected directories to unauthorized users.
     9/27/, XFree86 Integer and stack overflows in libXpm
       Exposure of protected directories

    libXpm, the X Pixmap library that is a part of the X Window System, contains multiple stack and integer overflows that may allow a carefully-crafted XPM file to crash applications linked against libXpm, potentially allowing the execution of arbitrary code.
       Metadata information leak

    An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users.
       Buffer overflows

    sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution.

    A vulnerability in webmin was discovered by Ludwig Nussel. A temporary directory was used in webmin, however it did not check for the previous owner of the directory.
       update fixes a number of temporary file bugs

    A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities.
     9/28/ update fixes temporary file vulnerabilities
       update fixes a number of temporary file bugs

    A vulnerability in was reported by pmladek where a local user may be able to obtain and read documents that belong to another user.
     9/30/2004gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm, mysql, netatalk, openssl, perl, postgresql Insecure tempfile handling
       update fixes a number of temporary file bugs

    Trustix Security Engineers identified that all these packages had one or more script(s) that handled temporary files in an insecure manner. While it is not believed that any of these holes could lead to privilege escalation, it would be possible to trick the scripts to overwrite data writable by the user that invokes the script.

    LinuxSecurity Poll

    What is your favorite feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.