Главная страница


ru.linux

 
 - RU.LINUX ---------------------------------------------------------------------
 From : Sergey Lentsov                       2:4615/71.10   08 Nov 2001  17:11:12
 To : All
 Subject : URL: http://www.lwn.net/2001/1108/security.php3
 -------------------------------------------------------------------------------- 
 
    [1][LWN Logo] 
    
                                [2]Click Here 
    [LWN.net]
    
    Sections:
     [3]Main page
     Security
     [4]Kernel
     [5]Distributions
     [6]Development
     [7]Commerce
     [8]Linux in the news
     [9]Announcements
     [10]Linux History
     [11]Letters
    [12]All in one big page
    
    See also: [13]last week's Security page.
    
 Security
 
 News and Editorials
 
    OpenSSH 3.0 released. OpenSSH version 3.0 has been [14]released. It
    includes a great many new features, including smartcard support,
    improved Kerberos support, dynamic forwarding, and more.
    
    CERT advisory on lpd vulnerabilities. CERT has issued [15]an advisory
    regarding several vulnerabilities in the lpd print system. Most of the
    problems are old; the purpose of the advisory is to remind people to
    apply their upgrades.
    
 Security Reports
 
    Trouble with netfilter and syncookies. Just when you had installed a
    new kernel and thought that the security problems were behind you, a
    new one turns up. It's an obscure problem, but, in many cases, worth
    fixing anyway. Essentially, the "syncookies" mechanism, developed to
    defend against SYN flood attacks, can be exploited by a clever
    attacker to circumvent netfilter firewall rules that block incoming
    connections. Since many firewall setups depend on blocking these
    connections, this vulnerability could seriously compromise the
    protection of the system or network. A short-term workaround is to
    turn off syncookies:
   echo 0 > /proc/sys/net/ipv4/tcp_syncookies
 
    Syncookies will be reset at the next reboot; the system will also be
    more vulnerable to SYN flood (denial of service) attacks while
    syncookies are disabled. The real fix, of course, is to apply another
    kernel update. Here's the ones we've seen so far:
      * [16]Caldera (November 5, 2001)
      * [17]Conectiva (November 2, 2001)
      * [18]EnGarde (November 6, 2001)
      * [19]SuSE (October 26, 2001)
      * [20]Red Hat (November 2, 2001)
        
    Webalizer tag vulnerability. The "webalizer" logfile analysis program
    [21]has a vulnerability which can allow an attack to place arbitrary
    HTML tags into the reports. When the reports are viewed, these tags
    can be used toward unpleasant ends, including cross-site scripting
    attacks. A fix is available which closes the vulnerability.
    
    Updates seen so far:
      * [22]EnGarde (November 1, 2001)
      * [23]SuSE (November 6, 2001)
      * [24]Red Hat (October 30, 2001)
        
    Red Hat updates ghostscript. Red Hat has issued [25]a security update
    to ghostscript fixing an interesting problem. When ghostscript is used
    as part of the print spooling system (a common configuration), a
    clever attacker can use its PostScript file commands to read any file
    that is accessible to the print spooler. The update disables those
    commands in that context. There is also [26]a more comprehensive
    printer update available from Red Hat which includes this fix, a
    number of others, and tosses in the IBM Omni printer drivers for good
    measure.
    
    Denial of service vulnerability in Tux. The Tux kernel-based web
    server has [27]a denial of service vulnerability which can allow a
    remote attacker to crash the host system. Most systems do not run Tux;
    those which do should apply the [28]Red Hat kernel update for the
    syncookie problem; it also fixes this vulnerability.
    
    Caldera security update for libdb.
    Caldera has released a security update that fixes the [29]libdb
    package. The update fixes vulnerabilities from an unsafe version of
    the snprintf and vsnprintf that can be exploited by local and remote
    attacks.
    
    Format string vulnerability in rwhoisd. The "rwhoisd" whois server
    [30]has a format string vulnerability which can be used by a remote
    attacker to run arbitrary code. [31]A patch is available which should
    be quickly applied by anybody running this server; no distributor
    updates have been seen as of this writing.
    
 Updates
 
    Configuration file vulnerability in ht://Dig. The ht://Dig search
    engine contains a vulnerability which allows a remote user to specify
    an alternate configuration file. If that user is able to place a
    suitable file in a location where ht://Dig can read it, the system may
    be compromised. See [32]the original report from the ht://Dig project
    for details. This vulnerability first appeared in [33]the October 11
    LWN security page.
    
    This week's updates:
      * [34]Mandrake (November 1, 2001)
        
    Previous updates:
      * [35]SuSE (October 24, 2001)
      * [36]Conectiva (October 10, 2001)
      * [37]Debian (October 17, 2001)
        
    Procmail race conditions. See [38]the July 26 Security page for the
    initial report.
    
    This week's updates:
      * [39]Conectiva (November 6, 2001)
        
    Previous updates:
      * [40]Red Hat (July 26)
      * [41]Yellow Dog (July 25, 2001)
        
    Vulnerabilities in tetex. The tetex package has a temporary file
    handling vulnerability; this problem was first reported in [42]the
    July 12, 2001 LWN security page.
    
    This week's updates:
      * [43]Red Hat (October 23, 2001)
        
    Previous updates:
      * [44]Immunix (July 12, 2001)
        
    Several vulnerabilities in ucd-snmp. The ucd-snmp package has a number
    of vulnerabilities, including buffer overflows, format string
    problems, and temporary file races. This problem was first reported in
    [45]the August 23 LWN security page.
    
    This week's updates:
      * [46]Red Hat (October 31, 2001)
        
    Previous updates:
      * [47]Caldera (August 16, 2001)
        
    Improper credentials from login. A problem with the login program (in
    the util-linux package) can, in some situations, cause a user to be
    given the credentials of another user at login. Use of the pam_limits
    module, in particular, can bring about this problem. In general,
    distributions using the default PAM configuration are not vulnerable;
    an upgrade is probably a good idea anyway. This problem was first
    reported in [48]October 18 LWN security page.
    
    This week's updates:
      * [49]Mandrake (November 1, 2001)
        
    Previous updates:
      * [50]Red Hat (October 16, 2001) (Adds an update for version 7.2).
      * [51]SuSE (October 23, 2001) (Doesn't use util-linux login, but
        vulnerable anyway).
      * [52]Red Hat (October 16, 2001)
      * [53]Trustix (October 17, 2001)
        
 Resources
 
    Linux Security Week for November 5 from LinuxSecurity.com is now
    [54]available.
    
 Events
 
    Upcoming Security Events.
    Date Event Location
    November 8, 2001 [55]8th ACM Conference on Computer and Communication
    Security(CCS-8) Philadelphia, PA, USA
    November 13 - 15, 2001 [56]International Conference on Information and
    Communications Security(ICICS 2001) Xian, China
    November 19 - 22, 2001 [57]Black Hat Briefings Amsterdam
    November 21 - 23, 2001 [58]International Information Warfare Symposium
    AAL, Lucerne, Swizerland.
    November 24 - 30, 2001 [59]Computer Security Mexico Mexico City
    November 29 - 30, 2001 [60]International Cryptography Institute
    Washington, DC
    December 2 - 7, 2001 [61]Lisa 2001 15th Systems Administration
    Conference San Diego, CA.
    December 5 - 6, 2001 [62]InfoSecurity Conference & Exhibition Jacob K.
    Javits Center, New York, NY.
    December 10 - 14, 2001 [63]Annual Computer Security Applications
    Conference New Orleans, LA
    
    For additional security-related events, included training courses
    (which we don't list above) and events further in the future, check
    out Security Focus' [64]calendar, one of the primary resources we use
    for building the above list. To submit an event directly to us, please
    send a plain-text message to [65]lwn@lwn.net.
    
    Section Editor: [66]Jonathan Corbet
    November 8, 2001
    
                               [67]Click Here 
    LWN Resources
    [68]Security alerts archive
    Secured Distributions:
    [69]Astaro Security
    [70]Blue Linux
    [71]Castle
    [72]Engarde Secure Linux
    [73]Immunix
    [74]Kaladix Linux
    [75]NSA Security Enhanced
    [76]Openwall GNU/Linux
    [77]Trustix
    Security Projects
    [78]Bastille
    [79]Linux Security Audit Project
    [80]Linux Security Module
    [81]OpenSSH
    Security List Archives
    [82]Bugtraq Archive
    [83]Firewall Wizards Archive
    [84]ISN Archive
    Distribution-specific links
    [85]Caldera Advisories
    [86]Conectiva Updates
    [87]Debian Alerts
    [88]Kondara Advisories
    [89]Esware Alerts
    [90]LinuxPPC Security Updates
    [91]Mandrake Updates
    [92]Red Hat Errata
    [93]SuSE Announcements
    [94]Yellow Dog Errata
    BSD-specific links
    [95]BSDi
    [96]FreeBSD
    [97]NetBSD
    [98]OpenBSD
    Security mailing lists
    [99]Caldera
    [100]Cobalt
    [101]Conectiva
    [102]Debian
    [103]Esware
    [104]FreeBSD
    [105]Kondara
    [106]LASER5
    [107]Linux From Scratch
    [108]Linux-Mandrake
    [109]NetBSD
    [110]OpenBSD
    [111]Red Hat
    [112]Slackware
    [113]Stampede
    [114]SuSE
    [115]Trustix
    [116]turboLinux
    [117]Yellow Dog
    Security Software Archives
    [118]munitions
    [119]ZedZ.net (formerly replay.com)
    Miscellaneous Resources
    [120]CERT
    [121]CIAC
    [122]Comp Sec News Daily
    [123]Crypto-GRAM
    [124]LinuxLock.org
    [125]LinuxSecurity.com
    [126]Security Focus
    [127]SecurityPortal
    
    
                                                         [128]Next: Kernel
    
    [129]Eklektix, Inc. Linux powered! Copyright Л 2001 [130]Eklektix,
    Inc., all rights reserved
    Linux (R) is a registered trademark of Linus Torvalds
 
 References
 
    1. http://lwn.net/
    2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
    3. http://lwn.net/2001/1108/
    4. http://lwn.net/2001/1108/kernel.php3
    5. http://lwn.net/2001/1108/dists.php3
    6. http://lwn.net/2001/1108/devel.php3
    7. http://lwn.net/2001/1108/commerce.php3
    8. http://lwn.net/2001/1108/press.php3
    9. http://lwn.net/2001/1108/announce.php3
   10. http://lwn.net/2001/1108/history.php3
   11. http://lwn.net/2001/1108/letters.php3
   12. http://lwn.net/2001/1108/bigpage.php3
   13. http://lwn.net/2001/1101/security.php3
   14. http://lwn.net/2001/1108/a/openssh-3.0.php3
   15. http://lwn.net/2001/1108/a/cert-lpd.php3
   16. http://lwn.net/alerts/Caldera/CSSA-2001-038.0.php3
   17. http://lwn.net/alerts/Conectiva/CLA-2001:432.php3
   18. http://lwn.net/alerts/EnGarde/ESA-20011106-01.php3
   19. http://lwn.net/alerts/SuSE/SuSE-SA:2001:036,.php3
   20. http://lwn.net/alerts/RedHat/RHSA-2001:142-15.php3
   21. http://lwn.net/2001/1108/a/webalizer.php3
   22. http://lwn.net/alerts/EnGarde/ESA-20011101-01.php3
   23. http://lwn.net/alerts/SuSE/SuSE-SA:2001:040.php3
   24. http://lwn.net/alerts/RedHat/RHSA-2001:140-05.php3
   25. http://lwn.net/alerts/RedHat/RHSA-2001:112-07.php3
   26. http://lwn.net/alerts/RedHat/RHSA-2001:138-10.php3
   27. http://lwn.net/2001/1108/a/tux-dos.php3
   28. http://lwn.net/alerts/RedHat/RHSA-2001:142-15.php3
   29. http://lwn.net/alerts/Caldera/CSSA-2001-037.0.php3
   30. http://lwn.net/2001/1108/a/rwhoisd.php3
   31. http://lwn.net/2001/1108/a/rwhoisd-patch.php3
   32. http://lwn.net/2001/1011/a/htdig.php3
   33. http://lwn.net/2001/1011/security.php3#htdig
   34. http://lwn.net/alerts/Mandrake/MDKSA-2001:083.php3
   35. http://lwn.net/alerts/SuSE/SuSE-SA:2001:035.php3
   36. http://lwn.net/alerts/Conectiva/CLA-2001:429.php3
   37. http://lwn.net/alerts/Debian/DSA-080-1.php3
   38. http://lwn.net/2001/0726/security.php3#procmail
   39. http://lwn.net/alerts/Conectiva/CLA-2001:433.php3
   40. http://lwn.net/2001/0726/a/rh-procmail.php3
   41. http://lwn.net/alerts/YellowDog/YDU-20010725-12.php3
   42. http://lwn.net/2001/0712/security.php3#tetex
   43. http://lwn.net/alerts/RedHat/RHSA-2001:102-10.php3
   44. http://lwn.net/2001/0712/a/imm-tetex.php3
   45. http://lwn.net/2001/0823/security.php3#snmp
   46. http://lwn.net/alerts/RedHat/RHSA-2001:101-07.php3
   47. http://lwn.net/alerts/Caldera/CSSA-2001-031.0.php3
   48. http://lwn.net/2001/1018/security.php3#pam
   49. http://lwn.net/alerts/Mandrake/MDKSA-2001:084.php3
   50. http://lwn.net/alerts/RedHat/RHSA-2001:132-04.php3
   51. http://lwn.net/alerts/SuSE/SuSE-SA:2001:034.php3
   52. http://lwn.net/alerts/RedHat/RHSA-2001:132-03.php3
   53. http://lwn.net/alerts/Trustix/2001-0025.php3
   54. http://lwn.net/2001/1108/a/security-week.php3
   55. http://www.bell-labs.com/user/reiter/ccs8/
   56. http://homex.coolconnect.com/member2/icisa/icics2001.html
   57. http://www.blackhat.com/
   58. http://www.sympinfowarfare.ch/
   59. http://www.seguridad2001.unam.mx/
   60. http://www.nipli.org/isse/events/2001/cryptography
   61. http://www.usenix.org/events/lisa2001/
   62. http://www.infosecurityevent.com/
   63. http://www.acsac.org/
   64. http://securityfocus.com/calendar
   65. mailto:lwn@lwn.net
   66. mailto:lwn@lwn.net
   67. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
   68. http://lwn.net/alerts/
   69. http://www.astaro.com/products/index.html
   70. http://bluelinux.sourceforge.net/
   71. http://castle.altlinux.ru/
   72. http://www.engardelinux.org/
   73. http://www.immunix.org/
   74. http://www.kaladix.org/
   75. http://www.nsa.gov/selinux/
   76. http://www.openwall.com/Owl/
   77. http://www.trustix.com/
   78. http://www.bastille-linux.org/
   79. http://lsap.org/
   80. http://lsm.immunix.org/
   81. http://www.openssh.com/
   82. http://www.securityfocus.com/bugtraq/archive/
   83. http://www.nfr.net/firewall-wizards/
   84. http://www.jammed.com/Lists/ISN/
   85. http://www.calderasystems.com/support/security/
   86. http://www.conectiva.com.br/atualizacoes/
   87. http://www.debian.org/security/
   88. http://www.kondara.org/errata/k12-security.html
   89. http://www.esware.com/actualizaciones.html
   90. http://linuxppc.org/security/advisories/
   91. http://www.linux-mandrake.com/en/fupdates.php3
   92. http://www.redhat.com/support/errata/index.html
   93. http://www.suse.de/security/index.html
   94. http://www.yellowdoglinux.com/resources/errata.shtml
   95. http://www.BSDI.COM/services/support/patches/
   96. http://www.freebsd.org/security/security.html
   97. http://www.NetBSD.ORG/Security/
   98. http://www.openbsd.org/security.html
   99. http://www.calderasystems.com/support/forums/announce.html
  100. http://www.cobalt.com/support/resources/usergroups.html
  101. http://distro.conectiva.com.br/atualizacoes/
  102. http://www.debian.org/MailingLists/subscribe
  103. http://www.esware.com/lista_correo.html
  104. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
  105. http://www.kondara.org/mailinglist.html.en
  106. http://l5web.laser5.co.jp/ml/ml.html
  107. http://www.linuxfromscratch.org/services/mailinglistinfo.php
  108. http://www.linux-mandrake.com/en/flists.php3
  109. http://www.netbsd.org/MailingLists/
  110. http://www.openbsd.org/mail.html
  111. http://www.redhat.com/mailing-lists/
  112. http://www.slackware.com/lists/
  113. http://www.stampede.org/mailinglists.php3
  114. http://www.suse.com/en/support/mailinglists/index.html
  115. http://www.trustix.net/support/
  116. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
  117. http://lists.yellowdoglinux.com/ydl_updates.shtml
  118. http://munitions.vipul.net/
  119. http://www.zedz.net/
  120. http://www.cert.org/nav/alerts.html
  121. http://ciac.llnl.gov/ciac/
  122. http://www.MountainWave.com/
  123. http://www.counterpane.com/crypto-gram.html
  124. http://linuxlock.org/
  125. http://linuxsecurity.com/
  126. http://www.securityfocus.com/
  127. http://www.securityportal.com/
  128. http://lwn.net/2001/1108/kernel.php3
  129. http://www.eklektix.com/
  130. http://www.eklektix.com/
 
 --- ifmail v.2.14.os7-aks1
  * Origin: Unknown (2:4615/71.10@fidonet)
 
 

Вернуться к списку тем, сортированных по: возрастание даты  уменьшение даты  тема  автор 

 Тема:    Автор:    Дата:  
 URL: http://www.lwn.net/2001/1108/security.php3   Sergey Lentsov   08 Nov 2001 17:11:12 
Архивное /ru.linux/19861db743ad4.html, оценка 2 из 5, голосов 10
Яндекс.Метрика
Valid HTML 4.01 Transitional