Linux Security Week August 7 - In this issue: Advisories for mailman, netscape, cvsweb, kon2, and pam_console. Of these, remote root vulnerabilities are present in cvsweb and kon2. Also includes a feature article on the US and UK governments wanting to install a device on public networks to monitor traffic for suspected criminal activity, Interivew with Jasta: coder of Gnapster, Discussion of "Linux Sux Redux" Issue, How Do I Tighten Security on My System?, Bruce Schneier, "It doesn't look good.", Will Crypto Feast on Carnivore?, An Old Spy with a New Vision of Encryption, The Coroner's Toolkit, Running logcheck, the logfile auditing software for Unix, Tools of the Trade: nmap, and more.
bf97af94972bb92cba5531ed28482ba88123a064e99f846d6a1dee8d69777140Linux Security Week, August 7, 2000
By Dave Wreski
Submitted By: LinuxSecurity.com Contributors
Posted By: Dave Wreski
8/7/2000 17:11
For this week, advisories for mailman, netscape, cvsweb, kon2, and pam_console. Of these, remote root vulnerabilities
are present in cvsweb and kon2.
Our feature for this week is an article discussing the US and UK governments want to install a device on public
networks to monitor traffic for suspected criminal activities by Chris Parker. The article discusses both FBI's
Carnivore email surveillance system and the RIP Bill that has recently been passed in the UK.
Carnivore and Privacy: An Oxymoron?
Thanks to LinuxLock.org for making LinuxSecurity.com their Security Source of the Month
Our sponsor this week is WebTrends. Their Security Analyzer has the most vulnerability tests available for Red Hat & VA
Linux. It uses advanced agent-based technology, enabling you to scan your Linux servers from your Windows NT/2000
console and protect them against potential threats. Now with over 1,000 tests available.
Visit WebTrends
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our
readers with a quick summary of each week's most relevant Linux security headlines and system advisories.
Advisories
*Debian: mailman vulnerability
August 6th, 2000
Former versions of mailman v2.0 came with a security problem, introduced during the 2.0 beta cycle, that could be
exploited by clever local users to gain group mailman permission. No exploit does exist at the moment, though.
*SuSE: Misc Security Info
August 4th, 2000
This advisory contains information on the status of several outstanding potential security vulnerabilities present in
SuSE Linux. Including: netscape, knfsd, system user account nobody, pam_console, gpm, openldap, and mailman
*RedHat: mailman vulnerability
August 3rd, 2000
New mailman packages are available which close security holes present in earlier versions of mailman. All sites using
the mailman mailing list management software should upgrade.
*Mandrake: mailman
August 3rd, 2000
The wrapper program supplied with the mailman package has a format bug which could be exploited to obtain the
privileges of the mailman user which has read and write access to all files mailman uses. This vulnerability can only
be exploited by root users with shell access.
*Mandrake: pam vulnerability
August 2nd, 2000
There is a problem with the pam_console module that incorrectly identifies remote X logins for displays other than :0
(for example, :1, :2, etc.) as being local displays, thus giving control of the console to the remote user. Because the
remote user has control of the console they are able to issue commands to reboot the remote system after providing
their password. Please note that this vulnerability is only exploitable if the system is running a graphical login
manager like gdm, kdm, or xdm and if XDMCP is enabled and remote access is granted. Users are highly recommended to
upgrade to this version which fixes the exploit (thanks to RedHat).
*Conectiva: mailman vulnerability
August 2nd, 2000
The wrapper program supplied with the mailman package has a format bug which could be exploited to obtain the
privileges of the mailman user. This user has read and write access to all files of the mailman package. Note that this
vulnerability can only be exploited by local users with shell access.
*Mandrake: kon2 vulnerability
August 2nd, 2000
There is a vulnerable suid program called fld. This program accepts option input from a text file and it is possible to
input arbitrary code into the stack, thus spawning a root shell.
*TurboLinux: netscape-4.73 and earlier
August 2nd, 2000
Current and previous versions of netscape communicator have a buffer overflow condition in its handling of JPEG files.
Specifically, it trusts the purported length of JPEG files provided by the header and can be mislead into reading
arbitrary amounts of data, leading to the overwriting of memory.
*TurboLinux: cvsweb-1.90 and earlier
August 1st, 2000
Remote root exploit present in versions earlier than 2.0. Current and previous version of cvsweb allow remote users to
access/write files as the default web user via the cvsweb.cgi script.
*Mandrake: netscape vulnerability
August 1st, 2000
Previous versions of Netscape, from version 3.0 to 4.73 contain a serious overflow flaw due to improper input
verification in Netscape's JPEG processing code. The way Netscape processed JPEG comments trusted the length parameter
for comment fields. By manipulating this value, it was possible to cause Netscape to read in an excessive amount of
data which would then overwrite memory. Data with a malicious design could allow a remote site to execute arbitrary
code as the user of Netscape on the client system. It is highly recommended that everyone using Netscape upgrade to
this latest version that fixes the flaw.
*RedHat: netscape vulnerability
July 31st, 2000
Netscape's processing of JPEG comments trusted the length parameter for comment fields; by manipulating this value, it
would be possible to cause netscape to read in an excessive amount of data, overwriting memory. Specially designed data
could allow a remote site to execute arbitrary code as the user of netscape.
Top Articles
*Interivew with Jasta: coder of Gnapster
August 4th, 2000
Chris writes, "Since the invention of Napster, Peer to Peer sharing has been on all of our security concious minds...
Is this safe? Can this program allow my network to be comprimised? Was security an issue when these Apps were created?
Well, we interviewed Jasta, creator of Gnapster, the gnome napster client, about the security concerns of
Gnapster/Napster, the feedback of Open Source security hackers, and how much he thought about security when coding
Gnapster."
*Discussion of "Linux Sux Redux" Issue
August 4th, 2000
Peter writes, "This is in response to an article posted at abcnews.com by Fred Moody, available at:
http://abcnews.go.com/sections/tech/FredMoody/moody.html, in which he claims that Linux is a far less secure operating
system than NT, based on his interpretation of the Bugtraq vulnerability statistics.
*How Do I Tighten Security on My System?
July 31st, 2000
"Hardening" a system is the practice of making that system much harder to crack. I like to think that this involves
steps not only to prevent break-ins, but also to detect them when they happen.
*Bruce Schneier, "It doesn't look good."
July 31st, 2000
Speaking at the Black Hat Security Conference, cryptographer and security expert Bruce Schneier gave one of the opening
keynotes Wednesday. In it, he argued that inevitably, as the Internet and computer systems become more complex, they
become more insecure.
*Will Crypto Feast on Carnivore?
August 4th, 2000
In the aftermath of the FBI's recently revealed Carnivore email surveillance system, email security companies are
hoping they can convince average email users to seal their electronic envelopes -- and finally propel email encryption
into a broader market. "We're seeing Carnivore pop up and become a real threat to people's privacy and saying, 'Wait a
second -- we could take this product Mithril, our secure server product, re-brand it and put it out there," said Sean
Steele, director of business development at security firm ChainMail.
*An Old Spy with a New Vision of Encryption
August 3rd, 2000
Ex-NSA official and now Cylink CEO Bill Crowell is reviving the software maker and helping to bridge the
government-industry divide.After three decades at America's largest spy center, the National Security Agency, Crowell
turned to the private sector in 1998 and has brought Cylink Corp., which nearly collapsed under the weight of
accounting irregularities and a spate of resignations by top brass, back from the brink.
*The Coroner's Toolkit
August 5th, 2000
Wietse Venema and Dan Farmer the authors of SATAN have written a package called The Coroner's Toolkit (TCT) that is
designed to help a System Administrator do forensic analysis on their cracked Unix box. The authors say that TCT does
not have one single goal, but instead it has the theme of making a snapshot of the machine so that there can be an
attempt towards reconstruction of the past.
*Running logcheck, the logfile auditing software for Unix
August 3rd, 2000
Portsentry has some very specific behaviors when triggered: it drops the offending connection, locks out the offending
IP address, and then writes an alert to your system logs. Logcheck picks up where Portsentry leaves off, parsing system
logs at pre-set intervals and mailing information about the attack or alert to the administrator (or the admin's
designated recipient).
*Tools of the Trade: nmap
August 2nd, 2000
The intent of this article is to familiarize the reader with the network scanner nmap. As Lamont Grandquist (an nmap
contributor/developer) points out, nmap does three things: It will ping a number of hosts to determine if they are up.
It will portscan hosts to determine what services they are offering and it will attempt to determine the OS (operating
system) of host(s). Nmap allows the user to scan networks as small as a two node LAN (Local Area Network) or as large
as a 500 node LAN and even larger. Nmap also allows you to customize your scanning techniques.
*FBI Agrees To Release Carnivore Details
August 7th, 2000
Pushed by a court hearing and growing press attention, the FBI on Wednesday agreed to expedite its release of documents
detailing the inner workings of Carnivore, its controversial electronic wiretap system that scans private E-mail
through Internet service providers. But ISPs must allow the FBI to install the system on their networks in the
meantime.
*ISPs sued over spamming blacklist
August 5th, 2000
A leading Internet-based polling company is suing America Online Inc. and a dozen other Internet service providers for
blocking correspondence with some 2.7 million of its 6.6 million online members
*They Know Where You're Shopping
August 5th, 2000
Chris Hughes was surprised when Internet merchant PayPal rejected his credit card last week, but was even more
surprised when he found out why. PayPal's credit card verification service, Cybersource Corp., indicated Hughes was a
high risk because he had used 10 different credit cards at various Internet sites during the past several months.
*Interview with Lance Brown: StopCarnivore.org
August 4th, 2000
The HNS Staff did an interview with Lance Brown, the creator of http://www.stopcarnivore.org. Mr. Brown is the
President and Founder of Future Solutions, which was founded in 1996 with the goal of pursuing freedom-minded solutions
to tomorrow's problems. Mr. Brown is also: President and CEO of PeoplesForum.com; CIO/Technology Supervisor of Dispute
Solvers/Rent-a-Court, an online dispute resolution firm; Candidate for President (of the U.S.) in 2008.
*E-tailers violate own privacy policies
August 4th, 2000
Without knowing it, some Internet shoppers are forking over more than cash for their purchases. Several online
retailers have been giving their customers' personal information to a marketing company.
*'Uncle Spam' wants you!
August 3rd, 2000
Uncle Sam could become "Uncle Spam" if the government follows through with plans for creating an "official U.S. e-mail
box" for every address in America, say industry executives briefed on the proposal. The ruckus began earlier this week,
when the U.S. Postal Service disclosed that it was exploring the e-mail idea.The government would use the e-mail
addresses to send driver's license renewal forms, tax documents and other materials that would normally be sent by
snail mail. And Americans would visit two mailboxes every day -- the ones outside their homes and the ones inside their
computers, said Deputy Postmaster General John M. Nolan.
*Join Us, Don't Fight Us, Pentagon Tells Hackers
August 1st, 2000
The largest-ever convention of computer hackers opened here on Friday with top-ranking U.S. military officials offering
to hire the elite of the cybervandal world and put them to work defending against foreign government attacks. "I invite
you to join the government, or private industry for that matter. But get on the defense side," Art Money, U.S.
Assistant Secretary of Defense, and the Pentagon's Chief Information Officer with responsibility for command, control,
communications and intelligence."
[3spacer.gif] [1x1space.gif] [10x8spacer.gif]
[topstories.gif]
Linux Security Week, August 7, 2000
Aug 7
The Danger of Script Kiddies
Aug 7
FBI Agrees To Release Carnivore Details
Aug 7
The Reality of Building Secure Private Networks
Aug 7
Excite@Home IP flaw exposed
Aug 7
Hackers linked to China stole Los Alamos documents
Aug 5
ISPs sued over spamming blacklist
Aug 5
Contact Us | Legal Notice | About Our Site
© Guardian Digital, Inc., 2000
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed