|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 06 Sep 2001 17:18:39
To : All
Subject : URL: http://www.lwn.net/2001/0906/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
Trouble with Apache SQL authentication modules. The Apache web server
supports several modules which can perform user authentication from a
relational database. They are certainly widely used; a site does not
have to grow very large before the classic htpasswd mechanism becomes
unusable. So [15]this advisory pointing out "SQL insertion"
vulnerabilities in several of these modules is worthy of some concern.
SQL insertion happens when a hostile user, through a clever request to
the web server, is able to pass arbitrary SQL code through to the
underlying database. This code can disclose or modify data, or corrupt
the integrity of the database in a number of ways; it can also,
usually, be used to allow unauthorized access to the web site.
This type of vulnerability comes about as a result of the combination
of inadequate checking of user-supplied data and the passing of that
data across module boundaries. It is an easy sort of mistake to make,
and it is certain that numerous other, database-driven web
applications have similar vulnerabilities.
Fixing this sort of problem is relatively easy, once the programmer
thinks of it. A "white list" of allowed characters filters out most
such attacks without trouble. But, when passing user strings between
modules, filtering in one module can require a knowledge of what
strings can cause problems in the other. This kind of knowledge goes
against the information hiding techniques that are usually seen as
good, modular programming. As a result, programmers can be surprised,
even if they are thinking about properly sanitizing user-supplied
data.
As applications become more component driven, the chances are that
this sort of cross-module interaction will be seen more often.
Security is hard, and it's not getting any easier.
The X.C worm is apparently loose. This work takes advantage of the
buffer overrun vulnerability in telnetd (see updates, below) to infect
new systems. So far, this worm does not appear to have caused a lot of
problems; many systems are no longer running telnet services, and,
hopefully, most of those that still do have applied the updates.
Nonetheless, for those who are concerned, a [16]X.C discovery and
removal tool has been made available by William Stearns.
Security Reports
A security audit of xinetd. Solar Designer has performed [17]an
extensive audit of xinetd looking for certain types of security
vulnerabilities. So many problems were found in the code that the
resulting patch weighed in at over 100KB. This patch was only fully
merged as of xinetd 2.3.3.
The patched xinetd will certainly be safer, but Solar Designer's
disclaimer is worth noting:
To summarize the results, xinetd may be reasonably safe to use with
these patches, but the code remains far from clean and certain bugs
are there by design.
Distributor updates seen so far include:
* [18]Mandrake (August 31, 2001)
[19]Immunix (August 29, 2001)
Fun with Bugzilla Users of the Bugzilla bug tracking system should
upgrade to the new 2.14 release, which [20]fixes several security
holes. The worst of these vulnerabilities could lead to the disclosure
of "confidential" bugs, or the compromise of the Bugzilla server as a
whole.
A new lpr vulnerability. A new [21]buffer overrun vulnerability in lpr
has been reported. This time around, an attacker crafts a special,
incomplete print job; a subsequent request to view the printer queue
causes the overrun to happen. The advisory only mentions BSD systems,
but numerous Linux distributions run BSD lpr as well. Stay tuned for
updates...
An HTML injection vulnerability with gnut. The "gnut" Gnutella client
[22]is vulnerable to the injection of arbitrary HTML (including
scripts) if a hostile user shares a file with HTML tags embedded in
its name. This bug is compounded by the fact that gnut, apparently,
loads a lot of files from the local drive; browsers impose fewer
security restrictions in this situation. Upgrade to gnut 0.4.27 for a
fix.
POP3Lite message processing vulnerability. The POP3Lite POP server
[23]fails to escape leading dots in mail messages, opening it up to
denial of service attacks and the creation of untraceable forged
messages. Upgrading to version 0.2.4 fixes the problem.
SuSE updates screen. SuSE has issued [24]a security update to screen
fixing a local root exploit vulnerability in that package. It seems
that, if screen is installed setuid root, a clever user can engage in
some /tmp trickery to get root privileges. SuSE's fix deals with the
problem in the code, and also removes the setuid bit. That, in turn,
reduces the functionality of screen slightly; see the advisory for
information on whether you might need to restore the setuid bit after
applying the update.
web scripts.
The following web scripts were reported to contain vulnerabilities:
* PhpMyExplorer (a file manager) has a [25]a directory traversal
vulnerability which can be used to read any file on the system.
Upgrading to version 1.2.1 fixes the problem.
Proprietary products.
The following proprietary products were reported to contain
vulnerabilities:
* [26]A problem in PGP's key validity display has been discovered;
given enough assumptions, it could be used to fool users into
accepting keys that are not valid. Fixes are available.
* The Informix-SQL application [27]has a vulnerability which allows
local users to create any file with root privileges.
Updates
Buffer overrun vulnerabilities in fetchmail. (Found by Salvatore
Sanfilippo). Two buffer overrun vulnerabilities exist in the much-used
fetchmail program. Given a hostile server, arbitrary code can be run
on the system running fetchmail. The solution is to upgrade to
fetchmail 5.8.17. See [28]the August 16 Security page for the initial
report.
New updates:
* [29]Conectiva (September 5, 2001)
[30]Mandrake (August 31, 2001)
Previous updates:
* [31]Debian (August 10, 2001)
[32]EnGarde (August 16, 2001)
[33]Progeny (August 14, 2001)
[34]SuSE (August 16, 2001) OpenSSL Pseudo-random number generator
weakness A weakness has been discovered in the OpenSSL Pseudo random
number generator that can allow an attacker to discover the PNRG's
state and predict future values. (First reported [35]July 12).
This week's updates:
* [36]Conectiva (August 30, 2001)
Previous updates:
* [37]EnGarde (July 12)
* [38]Progeny (August 14, 2001)
[39]Trustix (July 12) Input validation problem with sendmail. An
input validation error exists in versions of sendmail prior to 8.11.6
(or 8.12.0Beta19) which may be exploited by local users to obtain root
access. See [40]the August 23 Security Page for the initial report.
This week's updates:
* [41]Mandrake (August 31, 2001)
Previous updates:
* [42]Caldera (August 24, 2001)
[43]Conectiva (August 23, 2001)
[44]Immunix (August 23, 2001)
[45]Slackware (August 27, 2001)
[46]SuSE (August 23, 2001)
Multiple vendor telnetd vulnerability. This vulnerability, originally
thought to be confined to BSD-derived systems, was first covered in
the [47]July 26th Security Summary. It is now known that Linux telnet
daemons are vulnerable as well.
This week's updates:
* [48]SuSE (September 3, 2001)
Previous updates:
* [49]Caldera (August 10, 2001)
[50]Conectiva (August 24, 2001)
[51]Debian (August 14, 2001) (SSL version)
[52]Debian (August 14, 2001) (Update for Sparc version)
[53]Mandrake (August 13, 2001)
[54]Progeny (August 14, 2001)
[55]Red Hat (August 9, 2001)
[56]Red Hat (August 9, 2001) (kerberos version).
[57]Slackware (August 9, 2001)
[58]Yellow Dog (August 10, 2001)
[59]Yellow Dog (August 10, 2001) (kerberos version).
Buffer overruns in Window Maker A buffer overrun exists in Window
Maker which could, conceivably, be exploited remotely if the user runs
a hostile application. This problem initially appeared in the
[60]August 16, 2001 LWN security page.
This week's updates:
* [61]Mandrake (August 31, 2001)
Previous updates:
* [62]Conectiva (August 13, 2001)
[63]Debian (August 12, 2001)
[64]Progeny (August 14, 2001) Buffer overflows in xloadimage This
problem was first covered in the [65]July 12 Security page.
This week's updates:
* [66]Mandrake (August 31, 2001)
Previous updates:
* [67]Conectiva (August 28, 2001)
[68]Debian (August 9, 2001)
[69]Progeny (August 14, 2001)
[70]Red Hat (July 12)
[71]SuSE (July 26)
[72]Yellow Dog (July 25, 2001)
Resources
The LinuxSecurity.com Weekly Newsletter for September 3 is
[73]available.
Events
Computer Security Mexico will be held November 24 to 30 in Mexico
City. The [74]call for papers has been issued; with submissions being
due by October 12.
Upcoming Security Events.
Date Event Location
September 11 - 13, 2001 [75]New Security Paradigms Workshop 2001(NSPW)
Cloudcroft, New Mexico, USA
September 28 - 30, 2001 [76]Canadian Association for Security and
Intelligence Studies(CASIS 2001) (Dalhousie University)Halifax, Nova
Scotia, Canada.
October 10 - 12, 2001 [77]Fourth International Symposium on Recent
Advances in Intrusion Detection(RAID 2001) Davis, CA
November 5 - 8, 2001 [78]8th ACM Conference on Computer and
Communication Security(CCS-8) Philadelphia, PA, USA
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [79]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [80]lwn@lwn.net.
Section Editor: [81]Jonathan Corbet
September 6, 2001
[82]Click Here
LWN Resources
[83]Security alerts archive
Secured Distributions:
[84]Blue Linux
[85]Castle
[86]Engarde Secure Linux
[87]Immunix
[88]Kaladix
[89]NSA Security Enhanced
[90]Openwall GNU/Linux
[91]Trustix
Security Projects
[92]Bastille
[93]Linux Security Audit Project
[94]Linux Security Module
[95]OpenSSH
Security List Archives
[96]Bugtraq Archive
[97]Firewall Wizards Archive
[98]ISN Archive
Distribution-specific links
[99]Caldera Advisories
[100]Conectiva Updates
[101]Debian Alerts
[102]Kondara Advisories
[103]Esware Alerts
[104]LinuxPPC Security Updates
[105]Mandrake Updates
[106]Red Hat Errata
[107]SuSE Announcements
[108]Yellow Dog Errata
BSD-specific links
[109]BSDi
[110]FreeBSD
[111]NetBSD
[112]OpenBSD
Security mailing lists [113]Caldera
[114]Cobalt
[115]Conectiva
[116]Debian
[117]Esware
[118]FreeBSD
[119]Kondara
[120]LASER5
[121]Linux From Scratch
[122]Linux-Mandrake
[123]NetBSD
[124]OpenBSD
[125]Red Hat
[126]Slackware
[127]Stampede
[128]SuSE
[129]Trustix
[130]turboLinux
[131]Yellow Dog
Security Software Archives
[132]munitions
[133]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[134]CERT
[135]CIAC
[136]Comp Sec News Daily
[137]Crypto-GRAM
[138]LinuxLock.org
[139]LinuxSecurity.com
[140]OpenSEC
[141]Security Focus
[142]SecurityPortal
[143]Next: Kernel
[144]Eklektix, Inc. Linux powered! Copyright Л 2001 [145]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0906/
4. http://lwn.net/2001/0906/kernel.php3
5. http://lwn.net/2001/0906/dists.php3
6. http://lwn.net/2001/0906/desktop.php3
7. http://lwn.net/2001/0906/devel.php3
8. http://lwn.net/2001/0906/commerce.php3
9. http://lwn.net/2001/0906/press.php3
10. http://lwn.net/2001/0906/announce.php3
11. http://lwn.net/2001/0906/history.php3
12. http://lwn.net/2001/0906/letters.php3
13. http://lwn.net/2001/0906/bigpage.php3
14. http://lwn.net/2001/0830/security.php3
15. http://lwn.net/2001/0906/a/sql-auth-modules.php3
16. http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/xcfind.htm
17. http://lwn.net/2001/0906/a/xinetd-audit.php3
18. http://lwn.net/alerts/Mandrake/MDKSA-2001:076.php3
19. http://lwn.net/alerts/Immunix/IMNX-2001-70-033-01.php3
20. http://lwn.net/2001/0906/a/bugzilla.php3
21. http://lwn.net/2001/0906/a/lpr.php3
22. http://lwn.net/2001/0906/a/gnut.php3
23. http://lwn.net/2001/0906/a/pop3lite.php3
24. http://lwn.net/alerts/SuSE/SuSE-SA:2001:030.php3
25. http://lwn.net/2001/0906/a/PhpMyExplorer.php3
26. http://lwn.net/2001/0906/a/pgpsdk.php3
27. http://lwn.net/2001/0906/a/informix.php3
28. http://lwn.net/2001/0816/security.php3#fetchmail
29. http://lwn.net/alerts/Conectiva/CLA-2001:419.php3
30. http://lwn.net/alerts/Mandrake/MDKSA-2001:072.php3
31. http://lwn.net/alerts/Debian/DSA-071-1.php3
32. http://lwn.net/alerts/EnGarde/ESA-20010816-01.php3
33. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-29.php3
34. http://lwn.net/alerts/SuSE/SuSE-SA:2001:026.php3
35. http://lwn.net/2001/0712/security.php3#openssl
36. http://lwn.net/alerts/Conectiva/CLA-2001:418.php3
37. http://lwn.net/2001/0712/a/eng-openssl.php3
38. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-23.php3
39. http://lwn.net/2001/0712/a/trustix-openssl.php3
40. http://lwn.net/2001/0823/security.php3#sendmail
41. http://lwn.net/alerts/Mandrake/MDKSA-2001:075.php3
42. http://lwn.net/alerts/Caldera/CSSA-2001-032.0.php3
43. http://lwn.net/alerts/Conectiva/CLA-2001:412.php3
44. http://lwn.net/alerts/Immunix/IMNX-2001-70-032-01.php3
45. http://lwn.net/alerts/Slackware/sl-998919787.php3
46. http://lwn.net/alerts/SuSE/SuSE-SA:2001:028.php3
47. http://lwn.net/2001/0726/security.php3#mtelnetd
48. http://lwn.net/alerts/SuSE/SuSE-SA:2001:029.php3
49. http://lwn.net/alerts/Caldera/CSSA-2001-030.0.php3
50. http://lwn.net/alerts/Conectiva/CLA-2001:413.php3
51. http://lwn.net/alerts/Debian/DSA-075-1.php3
52. http://lwn.net/alerts/Debian/DSA.php3
53. http://lwn.net/alerts/Mandrake/MDKSA-2001:068.php3
54. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-27.php3
55. http://lwn.net/alerts/RedHat/RHSA-2001:099-06.php3
56. http://lwn.net/alerts/RedHat/RHSA-2001:100-02.php3
57. http://lwn.net/alerts/Slackware/sl-997726350.php3
58. http://lwn.net/alerts/YellowDog/YDU-20010810-1.php3
59. http://lwn.net/alerts/YellowDog/YDU-20010810-2.php3
60. http://lwn.net/2001/0816/security.php3
61. http://lwn.net/alerts/Mandrake/MDKSA-2001:074.php3
62. http://lwn.net/alerts/Conectiva/CLA-2001:411.php3
63. http://lwn.net/alerts/Debian/DSA-074-1.php3
64. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-32.php3
65. http://lwn.net/2001/0712/security.php3#xloadimage
66. http://lwn.net/alerts/Mandrake/MDKSA-2001:073.php3
67. http://lwn.net/alerts/Conectiva/CLA-2001:415.php3
68. http://lwn.net/alerts/Debian/DSA-069-1.php3
69. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-31.php3
70. http://lwn.net/2001/0712/a/rh-xloadimage.php3
71. http://lwn.net/2001/0726/a/suse-xli.php3
72. http://lwn.net/alerts/YellowDog/YDU-20010725-11.php3
73. http://lwn.net/2001/0906/a/security-week.php3
74. http://lwn.net/2001/0906/a/mexico.php3
75. http://www.nspw.org/
76. http://www.sfu.ca/igs/CASIS/
77. http://www.raid-symposium.org/Raid2001
78. http://www.bell-labs.com/user/reiter/ccs8/
79. http://securityfocus.com/calendar
80. mailto:lwn@lwn.net
81. mailto:lwn@lwn.net
82. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
83. http://lwn.net/alerts/
84. http://bluelinux.sourceforge.net/
85. http://castle.altlinux.ru/
86. http://www.engardelinux.org/
87. http://www.immunix.org/
88. http://www.maganation.com/~kaladix/
89. http://www.nsa.gov/selinux/
90. http://www.openwall.com/Owl/
91. http://www.trustix.com/
92. http://www.bastille-linux.org/
93. http://lsap.org/
94. http://lsm.immunix.org/
95. http://www.openssh.com/
96. http://www.securityfocus.com/bugtraq/archive/
97. http://www.nfr.net/firewall-wizards/
98. http://www.jammed.com/Lists/ISN/
99. http://www.calderasystems.com/support/security/
100. http://www.conectiva.com.br/atualizacoes/
101. http://www.debian.org/security/
102. http://www.kondara.org/errata/k12-security.html
103. http://www.esware.com/actualizaciones.html
104. http://linuxppc.org/security/advisories/
105. http://www.linux-mandrake.com/en/fupdates.php3
106. http://www.redhat.com/support/errata/index.html
107. http://www.suse.de/security/index.html
108. http://www.yellowdoglinux.com/resources/errata.shtml
109. http://www.BSDI.COM/services/support/patches/
110. http://www.freebsd.org/security/security.html
111. http://www.NetBSD.ORG/Security/
112. http://www.openbsd.org/security.html
113. http://www.calderasystems.com/support/forums/announce.html
114. http://www.cobalt.com/support/resources/usergroups.html
115. http://distro.conectiva.com.br/atualizacoes/
116. http://www.debian.org/MailingLists/subscribe
117. http://www.esware.com/lista_correo.html
118. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
119. http://www.kondara.org/mailinglist.html.en
120. http://l5web.laser5.co.jp/ml/ml.html
121. http://www.linuxfromscratch.org/services/mailinglistinfo.php
122. http://www.linux-mandrake.com/en/flists.php3
123. http://www.netbsd.org/MailingLists/
124. http://www.openbsd.org/mail.html
125. http://www.redhat.com/mailing-lists/
126. http://www.slackware.com/lists/
127. http://www.stampede.org/mailinglists.php3
128. http://www.suse.com/en/support/mailinglists/index.html
129. http://www.trustix.net/support/
130. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
131. http://lists.yellowdoglinux.com/ydl_updates.shtml
132. http://munitions.vipul.net/
133. http://www.zedz.net/
134. http://www.cert.org/nav/alerts.html
135. http://ciac.llnl.gov/ciac/
136. http://www.MountainWave.com/
137. http://www.counterpane.com/crypto-gram.html
138. http://linuxlock.org/
139. http://linuxsecurity.com/
140. http://www.opensec.net/
141. http://www.securityfocus.com/
142. http://www.securityportal.com/
143. http://lwn.net/2001/0906/kernel.php3
144. http://www.eklektix.com/
145. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/0906/security.php3 |
Sergey Lentsov |
06 Sep 2001 17:18:39 |
|
|
