+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|    June 19, 2000                           Volume 1, Number 8       |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@linuxsecurity.com    |
|                   Benjamin Thomas         ben@linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines and system
advisories. It is distributed each Monday by Guardian Digital, Inc.

After two weeks of constant advisories, it's comforting to see the amount
of activity die down. This week, updates are available for the Document
Template package, BRU Backup Utility, Kerberos 5, and a bug on
FreeBSD/Alpha systems that weakens its encryption.

In the news, OpenBSD announces its release of version 2.7, Mimestar
"Shoots Down Intruders" by releasing Version 3.0.7 of SecureNet PRO, and
the U.S. House gives its "OK" to the digital signature bill.

This week a number of interesting papers were posted. The article "Open
Sources, Security by Default" discusses actions taken by the OpenBSD team,
and Theo De Raadt, the founder of OpenBSD. With the release of OpenBSD
2.7, the goal was to "remove most of the extraneous, unnecessary, and
insecure protocols from the OS, tightened up the default configuration,
and then hunt for bugs ruthlessly." Sound advice for all users.

The historical paper, "Security Controls for Computer Systems" was
referenced on our site this week. It is regarded as "The Paper that
Launched Computer Security." The paper discusses intrusions, physical
security, threats, policy considerations, and gives recommendations.
Anyone interested in computer security and its history should definitly
take a look at this.  A majority of this paper is applicable to situations
we face today.

We've recently learned that Red Hat has released a development build of
the 2.2.16 kernel which fixes several security issues discovered last
week. Information on this rawhide (development) version is available at
http://www.linuxsecurity.com/articles/host_security_article-909.html.
We'll post their formal announcement as soon as it's made.

Our sponsor this week is WebTrends.  Thier Security Analyzer has the most
vulnerability tests available for Red Hat & VA Linux. It uses advanced
agent-based technology, enabling you to scan your Linux servers from your
Windows NT/2000 console and protect them against potential threats. Now
with over 1,000 tests available.

http://www.webtrends.com/redirect/linuxsecurity1.htm


HTML Version Available: 
http://www.linuxsecurity.com/articles/forums_article-910.html

Advisories this Week:
---------------------

Conectiva: Zope problems in DocumentTemplate - 06/16/2000 - The issue
involves an inadequately protected method in one of the base classes in
the DocumentTemplate package that could allow the contents of
+DTMLDocuments or DTMLMethods to be changed remotely or through DTML code
without forcing proper user authorization.

http://www.linuxsecurity.com/advisories/advisory_documents/other_advisory-490.html


RedHat 6.2: Kerberos 5 vulnerability - 06/15/2000 - Security
vulnerabilities have been found in the Kerberos 5 implementation shipped
with Red Hat Linux 6.2. A number of possible buffer overruns were found in
libraries included in the affected packages. A denial-of-service
vulnerability was also found in the ksu program.

http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-489.html


RedHat: New emacs packages available - 06/15/2000 - With emacs < 20.7,
unprivileged local users can eavesdrop the communication between Emacs and
its subprocesses. Red Hat offers an update for this package.

http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-487.html


Zope: Fixed version available - 06/15/2000 - The issue involves an
inadequately protected method in one of the base classes in the
DocumentTemplate package that could allow the contents of DTMLDocuments or
DTMLMethods to be changed remotely or through DTML code without forcing
proper user authorization.

http://www.linuxsecurity.com/advisories/advisory_documents/other_advisory-488.html


Caldera: local ROOT exploit in BRU - 06/14/2000 - There is a serious
vulnerability in the commandline option and logfile handling of the BRU
Backup Utility which can be exploited by a local attacker to gain root
access to the machine.

http://www.linuxsecurity.com/advisories/advisory_documents/caldera_advisory-486.html


FreeBSD: Alpha port vulnerability - 06/12/2000 - Cryptographic secrets
(such as OpenSSH public/private keys) generated on FreeBSD/Alpha systems
may be much weaker than their "advertised" strength, and may lead to data
compromise to a dedicated and knowledgeable attacker.

http://www.linuxsecurity.com/advisories/advisory_documents/freebsd_advisory-485.html


Linux Host Security:
--------------------

Network Intrusion Detection, An Analyst's Handbook - 6/17/2000 - Here is
an interesting book review for "Network Intrusion Detection, An Analyst's
Handbook" It gives chapter by chapter summaries throughout the book. "This
book is far-and-away one of the more relevant and well-written books on
security issues, and should be required reading for every system
administrator and network professional."

http://www.linuxsecurity.com/articles/intrusion_detection_article-904.html


Linux Kernel Bug prompts Security Alert - 6/15/2000 - The perceived
security of Linux has suffered a setback after the discovery of a serious
bug in the Linux kernel which allows attackers to gain root access through
a variety of programs, including Sendmail. The kernel bug affects versions
2.2.15 and earlier, as well as some 2.4.0 versions, and Linux users are
advised to upgrade to 2.2.16. The problem is all the more serious because
code that exploits the flaw has been posted widely on the internet,
including on a number of well-known security sites.

http://www.linuxsecurity.com/articles/host_security_article-887.html


Detecting Signs of Intrusion - 6/14/2000 - This paper discusses various
ways on how to detect intrusions. Intruders are always looking for new
ways to break into systems. "They may attempt to breach your network's
perimeter defenses from remote locations, or physically infiltrate your
organization to gain direct access to its information resources."

http://www.linuxsecurity.com/articles/intrusion_detection_article-882.html


An Overview of TCP and IP Spoofing - 6/12/2000 - To understand the
spoofing process, I will begin by explaining the TCP and IP authentication
process. Then I will discuss how an attacker can spoof your network.

http://www.linuxsecurity.com/articles/network_security_article-862.html


Linux Server Security:
----------------------

Building a Secure Gateway System - 6/15/2000 - This article explains how
to secure a Linux gateway. If you do not have a gateway already setup, it
suggest that you read this article. The author assumes that you are
already familiar with Linux and currently have a constant connection to
the internet.

http://www.linuxsecurity.com/articles/network_security_article-886.html


Sub7 vid Trojan can launch distributed attacks - 6/17/2000 - As it turns
out, the most recent build of Sub7 contains an undocumented feature which
can indeed be used to ping the living hell out of Web servers, from
numerous infected clients simultaneously, according to research just
completed by security outfit iDefense.

http://www.linuxsecurity.com/articles/network_security_article-903.html


BIND 8.2.x Overflow Vulnerability - 6/16/2000 - This paper covers a BIND
buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains
how the exploit works, "The exploit requires two systems to be successful.
The first is a DNS server that will have an altered DNS table. The second
machine is where the attack will take place."

http://www.linuxsecurity.com/articles/server_security_article-900.html


The Secrets of Snoop - 6/15/2000 - Lance writes, "Sniffers have exploded
in popularity over the past several years, from Network Generals Netxray
and Microsofts Network Monitor, to public domain tools such as Etherman
and Curry Sniffer. These tools are used for various reasons, including
network troubleshooting, traffic analysis, node discovery, etc. We will be
covering one of the most common, yet effective sniffers, snoop.

http://www.linuxsecurity.com/articles/intrusion_detection_article-889.html


Cracked! part 5: Rebuilding - 6/12/2000 - This is the fifth part of the
story of a community network that was cracked and what was done to recover
from it. By this point we have realized that we must get the cracker off
of our machines before it is to late. It is only a matter of time before
he trashes our system to clean up his tracks, gets a sniffer running under
a different architecture or uses us to launch some denial of service
attack.

http://www.linuxsecurity.com/articles/intrusion_detection_article-861.html


Cryptography:
-------------

Bruce Schneier's Crypto-Gram - 6/16/2000 - In this month's issue of Bruce
Schneier's Crypto-Gram, he discusses SOAP, Crypto-Gram Reprints, News,
Counterpane Internet Security News, Java and Viruses The Doghouse:
Infraworks, The Data Encryption Standard (DES), and Comments from eaders.
Always an excellent read.

http://www.linuxsecurity.com/articles/cryptography_article-898.html


The Death of Unencrypted Connections? - 6/14/2000 - Over the last few
years "hacker" tools have become much more widespread and available to
malicious attackers. Combine this with the ease of getting operating
systems - almost anything a corporation has short of a mainframe OS you
can download from the Internet and run on your Intel PC. Encryption is now
more important than ever.

http://www.linuxsecurity.com/articles/network_security_article-879.html


New MI5 unit to crack criminal computer codes - 6/13/2000 - A special
codebreaking organisation is to be set up inside the headquarters of MI5
to crack encrypted communications and computer discs belonging to
suspected organised criminals and terrorists. The new centre, which will
begin to recruit expert codebreakers soon, will cost about 25 million
over the next few years, and has already been budgeted for by the Home
Office.

http://www.linuxsecurity.com/articles/cryptography_article-872.html


Products/Vendors/Tools:
-----------------------

OpenBSD Announces Release 2.7 - 6/15/2000 - Calgary, Canada -- OpenBSD
announces release 2.7 of the "Secure by Default" operating system for
Internet servers and workstations. OpenBSD 2.7 significantly enhances the
built-in strong cryptography with the OpenSSH suite to support the SSH 1
and 2 secure communication protocols and drivers for hardware accelerators
for IPSec VPNs.

http://www.linuxsecurity.com/articles/cryptography_article-872.html


RootFest Opens Today - 6/14/2000 - "The Midwest's largest computer
security convention opens today in St. Paul's RiverCentre. RootFest
organizers estimate that as many as 1000 people may attend RootFest this
year.

http://www.linuxsecurity.com/articles/projects_article -883.html


MimeStar Shoots Down Intruders - 6/12/2000 - Version 3.0.7 of MimeStar's
SecureNet PRO Network Intrusion Detection and Monitoring suite has been
unveiled, revealing an enterprise-scalable security platform with custom
protocol decoding, real-time monitoring and unique intrusion response
features.

http://www.linuxsecurity.com/articles/intrusion_detection_article-866.html


Internet Security Voice Verification Technology - 6/12/2000 - Israeli
start-up Sentry Com has developed technology for a biometric voice
signature that is capable of creating a revolution in entry security and
protection of commercial transactions over the Internet. The company's
product, named VoiceShield, was demonstrated for the first time at the
SuperCOM 2000 communications exhibition in Atlanta in the US at the end of
last week, and aroused a great deal of interest.

http://www.linuxsecurity.com/articles/vendors_products_article-856.html


General News:
--------------

IT Directors Under Fire for Poor Security Policies - 6/15/2000 - IT
decision makers have come under fire for failing to invest in adequate
network security as more companies adopt ecommerce strategies. According
to a report by research house Ovum, organisations are increasingly relying
on an out-dated approach to security. A failure to distinguish between
different applications and systems also left the network vulnerable to
intruders.

http://www.linuxsecurity.com/articles/network_security_article-888.html


U.S. House gives OK to digital signature - 6/15/2000 - A bill that gives
electronic signatures and documents the same force in law as their paper
counterparts won near unanimous approval in the U.S. House of
Representatives on Wednesday. Under the proposed law, consumers and
businesses will be able to sign checks, complete loan applications and
contract services all online in a further broadening of e-commerce.

http://www.linuxsecurity.com/articles/general_article-8 93.html


Old security models inadequate for ebusiness - 6/15/2000 - In its report
E-Business Security: New Directions and Successful Strategies, Ovum argues
that the traditional hierarchy of trust adopted by organisations does not
fit the ebusiness model, meaning that access channels, such as mobile
devices, could pose a major security threat.

http://www.linuxsecurity.com/articles/network_security_article-890.html


The Paper that Launched Computer Security - 6/13/2000 - This is reportedly
the document that started computer security. It discusses intrusions,
physical security, threats, policy considerations, and recommendations.
Quite good.

http://www.linuxsecurity.com/articles/documentation_article-871.html


Open Sources, Security by Default 6/12/2000 What would happen if you
removed most of the extraneous, unnecessary and insecure protocols from
your OS, tightened up the default configuration and then hunted bugs
ruthlessly? Something very much like OpenBSD, because that's precisely
what project founder Theo De Raadt decided to do. The result has been
largely successful in terms of achieving "security by default."

http://www.linuxsecurity.com/articles/host_security_article-860.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------