Linux Security Week july 3 - In this issue: Securing your pages in Apache, Simple commands for Intrusion Detection, Interview with Brian Gemberling of PullThePlug, WU-FTPD remote root vulnerability, DHCP remote root exploit, and much more.
462806e81f045f739ee597be8679297b537d9773eb0bfd6d756c91b8ba6ef7ca
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| July 3, 2000 Volume 1, Number 10 |
| |
| Editorial Team: Dave Wreski dave@linuxsecurity.com |
| Benjamin Thomas ben@linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines and system
advisories.
This week, several other vendors released patches for the wu-ftp
vulnerability. If you're not already familiar with this problem, it exists
in wu-ftpd's handling of the SITE EXEC command. The default configuration
of wu-ftpd is vulnerable to remote users gaining root access. Also, SuSE
released a kernel update to fix the capabilities problem in 2.2.x <
2.2.16.
In the news, the article "Securing Your Web Pages with Apache," provides
helpful information for users who wish to implement Apache's access
control methods. It covers authentication, authorisation, IP restriction,
labeling, inheritance, and other methods. If you have any outstanding
questions regarding Apache's security model, this may be just the article
for you.
Our feature this week, "Simple Commands for Intrusion Detection," by
Benjamin Thomas, explains how the use the Linux commands: w, who finger,
last, ps, and ifconfig as a first step toward intrusion detection.
Although this feature is targeted toward security newbies, seasoned
security gurus may find it helpful.
http://www.linuxsecurity.com/feature_stories/feature_story-56.html
Our interview this week, "Pull the Plug," is with Brian Gemberling. He is
the creator of PullthePlug.com, a project that offers multiple Linux, BSD,
and CISCO systems to the public for exploration. In the interview, Brian
is questioned about techniques used to secure his network, and methods
other people have tried/used to compromise his systems.
http://www.linuxsecurity.com/feature_stories/feature_story-50.html
Our sponsor this week is WebTrends. Their Security Analyzer has the most
vulnerability tests available for Red Hat & VA Linux. It uses advanced
agent-based technology, enabling you to scan your Linux servers from your
Windows NT/2000 console and protect them against potential threats. Now
with over 1,000 tests available.
http://www.webtrends.com/redirect/linuxsecurity1.htm
HTML Version Available:
http://www.linuxsecurity.com/articles/forums_article-1023.html
---------------------
Advisories This Week:
---------------------
* Debian: dhcp remote root exploit June 28th, 2000
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
(potato) are vulnerable to a root exploit. The OpenBSD team reports that
the client inappropriately executes commands embedded in replies sent from
a dhcp server. This means that a malicious dhcp server can execute
commands on the client with root privilages.
http://www.linuxsecurity.com/advisories/advisory_documents/debian_advisory-505.html
* Slackware: wu-ftpd update
June 28th, 2000
A remote exploit has been found in the FTP daemon, wu-ftpd. This can
allow an attacker full access to your machine. They have also provided a
seperate patch package for users who have already installed Slackware 7.1
and just want the new FTP daemon.
http://www.linuxsecurity.com/advisories/advisory_documents/slackware_advisory-506.html
* SuSE: Updated wu-ftpd package
June 27th, 2000
The wu-ftp FTP server does not do proper bounds checking while processing
the SITE EXEC command. An remote attacker could execute arbitrary machine
code as root on a FTP server using wu-ftpd. They recommend using our
audited 2.4er version of wu-ftpd.
http://www.linuxsecurity.com/advisories/advisory_documents/suse_advisory-503.html
* SuSE: Kernel update
June 27th, 2000
The implementation of the capability feature of the kernel 2.2.x < 2.2.16
is faulty. This bug allows an local adversary to exploit certain setuid
applications to increase his/her privileges.
http://www.linuxsecurity.com/advisories/advisory_documents/suse_advisory-504.html
* RedHat: UPDATE: Kernel update available
June 26th, 2000
This new kernel release fixes a security hole that could affect any setuid
program on the system. In addition, several accumulated fixes are
included.
http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-502.html
-----------------------
Top Articles This Week:
-----------------------
Network Security News:
---------------------
* Disabling Telnet and FTP at College.
June 30th, 2000
Florence Olsen writes: A computer-privacy expert warned colleges Sunday
against continuing to use two popular Internet tools -- Telnet and File
Transfer Protocol -- because they offer easy routes for unauthorized
people to gain access to personal data on campus networks.
http://www.linuxsecurity.com/articles/host_security_article-1010.html
* Securing Your Web Pages with Apache
June 29th, 2000
This article discusses the various security mechanisms for apache. "...
But what's all this noise about 'discretionary' and 'mandatory,' you ask?
Put simply, discretionary control (DAC) mechanisms check the validity of
the credentials given them at the discretion of the user, and mandatory
access controls (MAC) validate aspects that the user cannot control.
http://www.linuxsecurity.com/articles/server_security_article-1000.html
* Understanding a Blackhat
June 28th, 2000
Wired News reporter Chris Oakes has interviewed some scientists who
observed all kinds of hackers in their natural habitats, and he has a few
thoughts about all this cracker/hacker, spy vs. spy business.
http://www.linuxsecurity.com/articles/network_security_article-988.html
* Hacker attacks welcomed
June 27th, 2000
Openhack is an evolution of last year's interactive Hackpcweek.com test,
in which we pitted Linux and the Apache Web server against Microsoft
Corp.'s Windows NT and Internet Information Server 4 to see how each would
fare in a hostile Internet environment.
http://www.linuxsecurity.com/articles/host_security_article-979.html
* How to Protect Your Network
June 26th, 2000
ParaProtect, a network security portal in Alexandria, Va., reports that
90% of the security breaches its technicians work on are based on attacks
from within. Here 's a list of tips culled from industry analysts,
security experts, corporate executives and agents of the U.S. Secret
Service.
http://www.linuxsecurity.com/articles/network_security_article-971.html
Host Security News:
------------------
* Securing Apache for AllCommerce
June 29th, 2000
Tips on securing apache for use with virtual hosts. "There is no best way
to do this except to be paranoid about every detail, pay attention to
security alerts and trust no one. Fortunately, Apache has some
recommendations. Here is how to put them in practice for AllCommerce. The
basic procedure is to start by nailing *everything* down to the most
secure configuration.
http://www.linuxsecurity.com/articles/server_security_article-1004.html
* Cracked! Part 6: Talking with the Enemy
June 28th, 2000
Soon after rebuilding the system I started talking to someone on IRC that
identified themselves as the person that had cracked our system. He was
connecting from the same places that the cracker had been coming from and
seemed to know things that only the cracker would have known, so I decided
to take him at face value.
http://www.linuxsecurity.com/articles/projects_article-983.html
* Post Installation: Is it secure out of the box?
June 26th, 2000
Unfortunately, the most popular of Linux distributions are those with
insecure out-of-the-box setups. One of the defining features of Linux is
its customizability, and that can make it more secure. But, improperly
configured, Linux can be notoriously insecure.
http://www.linuxsecurity.com/articles/host_security_article-968.html
* Knowing when someone is knocking on your door.
June 26th, 2000
Lance E. Spitzner tells us how you can protect yourself by detecting
intrusion attempts and then covers what you can do about them. This
article will discuss how you can protect yourself by detecting these
intrusion attempts. I will then cover what you can do when you discover
these attempts.
http://www.linuxsecurity.com/articles/intrusion_detection_article-966.html
Cryptography News:
-----------------
* Certificate Revocation: When Not To Trust
June 29th, 2000
Installing and managing a PKI (public key infrastructure) have
far-reaching implications in an enterprise. A PKI by itself offers no
value until it is paired with applications and services designed to
leverage its functionality. Briefly, a PKI needs to issue digital
certificates to individuals and organizations, manage the certificates
during their life cycles and publish information about the certificates to
directories. In this article, we'll explain managing and applying
certificate revocation.
http://www.linuxsecurity.com/articles/cryptography_article-997.html
Vendor/Product/Tools News:
-------------------------
* Time May Be Right For Biometrics
June 30th, 2000
The world of James Bond may be inching toward reality. A new generation of
biometric devices -- gadgets that identify you by scanning your face,
fingerprint, or voice, have a distinctly futuristic look and feel, but
have yet to make much of a wave in the market.
http://www.linuxsecurity.com/articles/cryptography_article-1012.html
* Trustix Secure Linux 1.1
June 30th, 2000
Trustix AS, the leader in eBusiness Systems Management Solution for Linux,
announces the release of Trustix Secure Linux 1.1, the preferred Linux
distribution for eCommerce applications. Trustix Secure Linux 1.1 is
primarily a maintenance release, however the new release does have some
new features.
http://www.linuxsecurity.com/articles/vendors_products_article-1017.html
* TheLinuxStore.com Pairs with LinuxSolve Inc. to Resell Industry's
First Secure Server Appliances
June 29th, 2000
Under the terms of the agreement, TheLinuxStore.com obtains the rights to
market, promote and resell LinuxSolve's line of Linux-based server
applications, running firewalls/gateways, email, file, print and web
server applications all managed via its browser-based tools through
mid-2001.
http://www.linuxsecurity.com/articles/vendors_products_article-999.html
* Check Point readies Secure Virtual Network
June 28th, 2000
Check Point Software Technologies is set for Phase II of its Secure
Virtual Network (SVN) architecture for e-business application security,
claiming it has advanced its SVN architecture to provide a common security
backbone for e-business applications, such as SAP, Oracle, Citrix, and
Broadvision.
http://www.linuxsecurity.com/articles/vendors_products_article-987.html
* Secure messaging Hailed
June 27th, 2000
CRITICAL PATH HAS detailed a suite of secure messaging services designed
to help enterprises protect information assets such as engineering
drawings, financial documents, and legal agreements transferred over the
Internet.
http://www.linuxsecurity.com/articles/vendors_products_article-977.html
General News:
-------------
* Do privacy policies really protect you?
June 30th, 2000
Every e-commerce site seems to have a "privacy policy" these days--but
American advocates of strong, European-style privacy laws say that weak
policies may be worse than no policies at all.
http://www.linuxsecurity.com/articles/general_article-1008.html
* Survey - Cybercrime Concern Outweighs Precautions
June 29th, 2000
Consumers and tech professionals are plenty concerned about being
victimized by cybercrime, but only a fraction of them use firewalls on
their personal computers, according to a survey by online security
provider Symantec Corp. Eighty-seven percent of consumers and nearly 95
percent of technology professionals use anti-virus software to protect
their computer from damaging viruses but leave themselves vulnerable to
hacker attacks and theft of financial data, the survey said.
http://www.linuxsecurity.com/articles/general_article-1003.html
* Attacks Put Security Pros On the Most-Wanted List
June 26th, 2000
Talk about job security. Network-security specialists are in high demand
these days, especially given the recent denial-of-service attacks on
high-profile Web sites. Secure systems and networks capable of
withstanding the use and abuse from outside and inside an organization are
the goal of businesses, as heterogeneous networks link remote staff to
headquarters, the business to customers and everyone to the Internet.
http://www.linuxsecurity.com/articles/general_article-974.html
* The Motives and Psychology of the Black-hat Community
June 26th, 2000
This paper is a continuation of the Know Your Enemy series. This series is
dedicated to learning the tools and tactics of the black-hat community.
Unlike the previous papers which focused purely on the "what" and "how" of
the black-hat community, specifically the technical tools, their use and
implementation, this paper explores the motivation and psychology of the
black-hat community, in their very own words.
http://www.linuxsecurity.com/articles/intrusion_detection_article-975.html
* Securing dot-com
June 26th, 2000
This article includes information from the recent SANS report, discussion
of what can be done about this problems, and more. "Security problems are
growing more numerous as knowledge and the number of Internet-connected
systems grow. The number of reported security problems registered a sharp
uptick last year, according to Computer Emergency Response Team
statistics.
http://www.linuxsecurity.com/articles/network_security_article-970.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------