|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 14 Oct 2001 14:16:35
To : All
Subject : URL: http://www.lwn.net/2001/1011/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
PHP Nuke remains vulnerable. [15]Two weeks ago LWN reported on a
vulnerability in PHP Nuke's file manager functions. As of this
writing, there has been no new PHP Nuke release fixing that problem.
Meanwhile, [16]a new problem report has come out showing how to
exploit the vulnerability to upload arbitrary files and run commands
on the server system. This is a serious bug.
The PHP Nuke code is used to run a great many web sites; it is
disturbing that a vulnerability of this magnitude, which exposes so
many systems, can go unrepaired for so long. Those of you running PHP
Nuke sites will want to look at applying the [17]simple source fix
from two weeks ago, or moving to the [18]PostNuke variant, which does
not have this vulnerability.
Best Practices for Secure Development is a lengthy white paper written
by Razvan Peteanu. It covers security from an application developer's
point of view, describing how to write programs that are secure from
the beginning. Version 4 of this paper has just been [19]announced;
this version has been completely rewritten and includes a fair amount
of new material. Worth a look.
Security Reports
Race condition in devfs. At the end of September, Alexander Viro
[20]posted a description of a race condition vulnerability in the 2.4
device filesystem. This race could be used by a clueful, local
attacker to bring down the system. Very few Linux distributions ship
with devfs enabled at this point, but Mandrake is an exception. Thus,
MandrakeSoft has issued [21]a kernel security update to address the
problem. A new kernel package is not yet available; the update
contains a workaround boot option which can be used to close the
vulnerability for now.
2.4.x packet filtering vulnerability. The 2.4.x netfilter code can,
among many other things, filter packets based on their MAC (hardware)
address. It turns out that [22]very small packets can evade this
filtering and get through the firewall. It is a difficult
vulnerability to do anything interesting with, but it should be fixed
anyway. A patch was included with the advisory; it should also appear
in the 2.4.11 kernel.
ht://Dig configuration file vulnerability. ht://Dig 3.1.0b2 and later
[23]have a vulnerability wherein a remote user can specify that an
alternate configuration file be used by htsearch. If an attacker has a
way of placing a hostile configuration file on the server, this
vulnerability could be used to gain access to files on the system. The
fix is to upgrade to version 3.1.6 (or 3.2.0b4) or apply the patch
contained in the advisory.
Only one distributor update has been seen so far:
* [24]Caldera (October 9, 2001)
Caldera security update to sendmail configuration. Caldera
International has issued [25]a security update regarding its sendmail
configuration. It seems that the permissions are overly liberal,
allowing a denial of service attack by a local user. This isn't a
sendmail bug as such; it's a configuration error. The alert contains
the fix to close the hole.
web scripts.
The following web scripts were reported to contain vulnerabilities:
* Versions 1.4.2 and prior of phpBB have [26]an SQL injection
vulnerability that could be used to do unpleasant things. No
official fix is yet available.
Proprietary products.
The following proprietary products were reported to contain
vulnerabilities:
* Cisco has issued [27]an advisory for its PIX firewall systems; it
seems that the AAA authentication feature is susceptible to a
denial of service attack.
Updates
Buffer overrun vulnerability in lpr. A [28]buffer overrun
vulnerability in lpr has been reported. This time around, an attacker
crafts a special, incomplete print job; a subsequent request to view
the printer queue causes the overrun to happen. The advisory only
mentions BSD systems, but numerous Linux distributions run BSD lpr as
well. This problem was first reported in [29]the September 6 LWN
security page.
This week's updates:
* [30]SuSE (October 10, 2001) (fixes some additional, new problems).
Buffer overflows in most. The "most" pager has a number of buffer
overflow vulnerabilities; this problem was first reported in [31]the
September 20 LWN security page.
This week's updates:
* [32]Progeny (October 5, 2001)
Previous updates:
* [33]Debian (September 18, 2001)
slrn executes shell code. The slrn news reader has an interesting
problem: evidently slrn will execute any shell code it finds within an
article, on the theory that the article is a self-extracting archive.
This may have been desirable behavior in 1982, but it presents certain
difficulties in modern times. Users of slrn should apply the update.
This vulnerability was first reported in [34]the September 27 LWN
security page.
This week's updates:
* [35]Progeny (October 5, 2001)
Previous updates:
* [36]Debian (September 24, 2001)
Uucp local user exploits. There is a vulnerability in the command-line
argument handling of uucp which can be exploited by a local user to
obtain uid/gid uucp. See [37]the September 13, 2001 LWN security page
for the initial report.
New updates:
* [38]Progeny (October 5, 2001)
Previous updates:
* [39]Caldera (September 7, 2001)
* [40]Conectiva (September 11, 2001)
* [41]Debian (September 24, 2001)
* [42]Mandrake (September 21, 2001)
Resources
NSA offers supersecure Linux (CNN). CNN reports briefly on the
[43]NSA's security enhanced Linux distro. "SE Linux does not correct
any flaws in Linux, but rather serves as an example of how mandatory
access controls, including superuser access, can be added to Linux."
Experts: Easy Installations Kill (Wired). Wired covers the [44]SANS
Institute's report on computer security which says that events like
Code Red and Nimda aren't the network's biggest problems, but default
installations are. "System administrators have reported to SANS and
other security organizations that holes often go unpatched because the
constant barrage of patches and security alerts are overwhelming. So
the Top 20 list prioritizes the threats and also offers comprehensive
advice on detecting and fixing these dangerous vulnerabilities from
dozens of leading security experts."
LinuxSecurity.com's Linux Security Week for October 8 is now
[45]available.
Wireless LAN security FAQ. Version 1.1 of the WLAN Security FAQ has
been [46]released by Chris Klaus.
Version 2.0 of the Unix Security Checklist is now [47]available from
AusCERT.
Events
Upcoming Security Events.
Date Event Location
October 11 - 12, 2001 [48]Fourth International Symposium on Recent
Advances in Intrusion Detection(RAID 2001) Davis, CA
November 5 - 8, 2001 [49]8th ACM Conference on Computer and
Communication Security(CCS-8) Philadelphia, PA, USA
November 13 - 15, 2001 [50]International Conference on Information and
Communications Security(ICICS 2001) Xian, China
November 19 - 22, 2001 [51]Black Hat Briefings Amsterdam
November 21 - 23, 2001 [52]International Information Warfare Symposium
AAL, Lucerne, Swizerland.
November 24 - 30, 2001 [53]Computer Security Mexico Mexico City
November 29 - 30, 2001 [54]International Cryptography Institute
Washington, DC
December 2 - 7, 2001 [55]Lisa 2001 15th Systems Administration
Conference San Diego, CA.
December 5 - 6, 2001 [56]InfoSecurity Conference & Exhibition Jacob K.
Javits Center, New York, NY.
December 10 - 14, 2001 [57]Annual Computer Security Applications
Conference New Orleans, LA
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [58]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [59]lwn@lwn.net.
Section Editor: [60]Jonathan Corbet
October 11, 2001
[61]Click Here
LWN Resources
[62]Security alerts archive
Secured Distributions:
[63]Astaro Security
[64]Blue Linux
[65]Castle
[66]Engarde Secure Linux
[67]Immunix
[68]Kaladix Linux
[69]NSA Security Enhanced
[70]Openwall GNU/Linux
[71]Trustix
Security Projects
[72]Bastille
[73]Linux Security Audit Project
[74]Linux Security Module
[75]OpenSSH
Security List Archives
[76]Bugtraq Archive
[77]Firewall Wizards Archive
[78]ISN Archive
Distribution-specific links
[79]Caldera Advisories
[80]Conectiva Updates
[81]Debian Alerts
[82]Kondara Advisories
[83]Esware Alerts
[84]LinuxPPC Security Updates
[85]Mandrake Updates
[86]Red Hat Errata
[87]SuSE Announcements
[88]Yellow Dog Errata
BSD-specific links
[89]BSDi
[90]FreeBSD
[91]NetBSD
[92]OpenBSD
Security mailing lists [93]Caldera
[94]Cobalt
[95]Conectiva
[96]Debian
[97]Esware
[98]FreeBSD
[99]Kondara
[100]LASER5
[101]Linux From Scratch
[102]Linux-Mandrake
[103]NetBSD
[104]OpenBSD
[105]Red Hat
[106]Slackware
[107]Stampede
[108]SuSE
[109]Trustix
[110]turboLinux
[111]Yellow Dog
Security Software Archives
[112]munitions
[113]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[114]CERT
[115]CIAC
[116]Comp Sec News Daily
[117]Crypto-GRAM
[118]LinuxLock.org
[119]LinuxSecurity.com
[120]OpenSEC
[121]Security Focus
[122]SecurityPortal
[123]Next: Kernel
[124]Eklektix, Inc. Linux powered! Copyright Л 2001 [125]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/1011/
4. http://lwn.net/2001/1011/kernel.php3
5. http://lwn.net/2001/1011/dists.php3
6. http://lwn.net/2001/1011/desktop.php3
7. http://lwn.net/2001/1011/devel.php3
8. http://lwn.net/2001/1011/commerce.php3
9. http://lwn.net/2001/1011/press.php3
10. http://lwn.net/2001/1011/announce.php3
11. http://lwn.net/2001/1011/history.php3
12. http://lwn.net/2001/1011/letters.php3
13. http://lwn.net/2001/1011/bigpage.php3
14. http://lwn.net/2001/1004/security.php3
15. http://lwn.net/2001/0927/security.php3#phpnuke
16. http://lwn.net/2001/1011/a/phpnuke.php3
17. http://lwn.net/2001/0927/a/phpnuke-fix.php3
18. http://www.postnuke.com/
19. http://lwn.net/2001/1011/a/best-practices.php3
20. http://lwn.net/2001/1011/a/devfs-race.php3
21. http://lwn.net/alerts/Mandrake/MDKSA-2001:079.php3
22. http://lwn.net/2001/1011/a/netfilter-mac.php3
23. http://lwn.net/2001/1011/a/htdig.php3
24. http://lwn.net/alerts/Caldera/CSSA-2001-035.0.php3
25. http://lwn.net/alerts/Caldera/CSSA-2001-034.0.php3
26. http://lwn.net/2001/1011/a/phpbb.php3
27. http://lwn.net/2001/1011/a/cisco-pix.php3
28. http://lwn.net/2001/0906/a/lpr.php3
29. http://lwn.net/2001/0906/security.php3#lpr
30. http://lwn.net/alerts/SuSE/SuSE-SA:2001:033.php3
31. http://lwn.net/2001/0920/security.php3#most
32. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-34.php3
33. http://lwn.net/alerts/Debian/DSA-076-1.php3
34. http://lwn.net/2001/0927/security.php3#slrn
35. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-35.php3
36. http://lwn.net/alerts/Debian/DSA-078-1.php3
37. http://lwn.net/2001/0913/security.php3#uucp
38. http://lwn.net/alerts/Progeny/PROGENY-SA-2001-36.php3
39. http://lwn.net/alerts/Caldera/CSSA-2001-033.0.php3
40. http://lwn.net/alerts/Conectiva/CLA-2001:425.php3
41. http://lwn.net/alerts/Debian/DSA-079-1.php3
42. http://lwn.net/alerts/Mandrake/MDKSA-2001:078.php3
43. http://www.cnn.com/2001/TECH/ptech/10/04/nsa.linux.idg/index.html
44. http://www.wired.com/news/technology/0,1282,47244,00.html
45. http://lwn.net/2001/1011/a/security-week.php3
46. http://lwn.net/2001/1011/a/wlan-security.php3
47. http://www.cert.org/tech_tips/AUSCERT_checklist2.0.html
48. http://www.raid-symposium.org/Raid2001
49. http://www.bell-labs.com/user/reiter/ccs8/
50. http://homex.coolconnect.com/member2/icisa/icics2001.html
51. http://www.blackhat.com/
52. http://www.sympinfowarfare.ch/
53. http://www.seguridad2001.unam.mx/
54. http://www.nipli.org/isse/events/2001/cryptography
55. http://www.usenix.org/events/lisa2001/
56. http://www.infosecurityevent.com/
57. http://www.acsac.org/
58. http://securityfocus.com/calendar
59. mailto:lwn@lwn.net
60. mailto:lwn@lwn.net
61. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
62. http://lwn.net/alerts/
63. http://www.astaro.com/products/index.html
64. http://bluelinux.sourceforge.net/
65. http://castle.altlinux.ru/
66. http://www.engardelinux.org/
67. http://www.immunix.org/
68. http://www.kaladix.org/
69. http://www.nsa.gov/selinux/
70. http://www.openwall.com/Owl/
71. http://www.trustix.com/
72. http://www.bastille-linux.org/
73. http://lsap.org/
74. http://lsm.immunix.org/
75. http://www.openssh.com/
76. http://www.securityfocus.com/bugtraq/archive/
77. http://www.nfr.net/firewall-wizards/
78. http://www.jammed.com/Lists/ISN/
79. http://www.calderasystems.com/support/security/
80. http://www.conectiva.com.br/atualizacoes/
81. http://www.debian.org/security/
82. http://www.kondara.org/errata/k12-security.html
83. http://www.esware.com/actualizaciones.html
84. http://linuxppc.org/security/advisories/
85. http://www.linux-mandrake.com/en/fupdates.php3
86. http://www.redhat.com/support/errata/index.html
87. http://www.suse.de/security/index.html
88. http://www.yellowdoglinux.com/resources/errata.shtml
89. http://www.BSDI.COM/services/support/patches/
90. http://www.freebsd.org/security/security.html
91. http://www.NetBSD.ORG/Security/
92. http://www.openbsd.org/security.html
93. http://www.calderasystems.com/support/forums/announce.html
94. http://www.cobalt.com/support/resources/usergroups.html
95. http://distro.conectiva.com.br/atualizacoes/
96. http://www.debian.org/MailingLists/subscribe
97. http://www.esware.com/lista_correo.html
98. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
99. http://www.kondara.org/mailinglist.html.en
100. http://l5web.laser5.co.jp/ml/ml.html
101. http://www.linuxfromscratch.org/services/mailinglistinfo.php
102. http://www.linux-mandrake.com/en/flists.php3
103. http://www.netbsd.org/MailingLists/
104. http://www.openbsd.org/mail.html
105. http://www.redhat.com/mailing-lists/
106. http://www.slackware.com/lists/
107. http://www.stampede.org/mailinglists.php3
108. http://www.suse.com/en/support/mailinglists/index.html
109. http://www.trustix.net/support/
110. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
111. http://lists.yellowdoglinux.com/ydl_updates.shtml
112. http://munitions.vipul.net/
113. http://www.zedz.net/
114. http://www.cert.org/nav/alerts.html
115. http://ciac.llnl.gov/ciac/
116. http://www.MountainWave.com/
117. http://www.counterpane.com/crypto-gram.html
118. http://linuxlock.org/
119. http://linuxsecurity.com/
120. http://www.opensec.net/
121. http://www.securityfocus.com/
122. http://www.securityportal.com/
123. http://lwn.net/2001/1011/kernel.php3
124. http://www.eklektix.com/
125. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/1011/security.php3 |
Sergey Lentsov |
14 Oct 2001 14:16:35 |
|
|
