|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 14 Jun 2001 17:11:25
To : All
Subject : URL: http://lwn.net/2001/0614/security.php3
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Sections:
[3]Main page
Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
See also: [14]last week's Security page.
Security
News and Editorials
Non-executable stack and heap for Linux. Discussion regarding the
security value and cost of implementing non-executable stack and heap
for Linux was revived this week with the announcement of [15]RSC, a
non-executable stack and heap kernel module for Linux by author Paul
Starzetz. Other projects with similar goals were discussed, such as
[16]PAX, announced back in October. Non-executable data areas, of
course, are interesting to some because they can block certain types
of buffer overflow attacks.
During the discussion, Crispin Cowan posted [17]this message which
provides links to prior discussions on this topic, related papers and
more. We recommend perusing it if you are interested in the topic. He
summed up the argument for non-executable heap and stack fairly
succintly, presuming, of course, that the implementation costs are not
too high.
Summary of my personal view only:
* non-executable segments do add some security value
* non-executable segments is arguably an obscurity defense, because
attacks exploiting overflow vulnerabilities that are stopped by
non-executable segments can always be re-worked to be "return into
libc" style attacks that bypass the non-executable segment by
pointing directly at code in the code segment
* this obscurity defense arguably has value, because writing
return-into-libc exploits is hard, and hard to make scriptable,
because the offsets are fussy
That is, of course, not the end of the conversation - not everybody
thinks that the "security through obscurity" approach of
non-executable data segments is worth the trouble.
Open source to the rescue (ZDNet UK). This article in ZDNet UK
[18]looks at the European Parliament's stand on open source. "I
thought this particularly interesting since it was among the
resolutions voted for by the European Parliament, and must surely be
the first time any parliament has come out and said that open source
software is intrinsically more secure than closed source software.
Microsoft take note.
More interesting still was the European Parliament's resolution to
urge member states to devise ''measures to promote, develop and
manufacture European encryption technology and software and, above
all, to support projects aimed at developing user-friendly open-source
encryption software.''
"
Pittsburgh Company Helps Write Code for European Privacy Standards on
Web (Pittsburgh Post-Gazette). Bright Plaza, Inc., a Pittsburgh, USA
based technology firm, will be working with the European Commission as
they look at [19]developing a prototype for new software to protect
privacy on the Web. "The EC initiative is driven by a widespread
European belief that life in the Information Age makes personal
information far too accessible, said [Carnegie Mellon University
scientist Robert] Thibadeau. 'The Europeans are ahead of the U.S.,' he
said. 'They regard privacy as if it's part of you as a human being.
And they say the state has an obligation to protect your privacy, just
as it has an obligation to protect your life'".
Fluffy Bunny speaks on IRC. The cracker behind the SourceForge,
Themes.org and Apache break-ins has apparently done an [20]IRC
interview, the summary of which has been posted to SecurityFocus. "The
cracker also explained how all the recent compromises were related.
The common link: a packet sniffer Fluffy Bunny put in place on Exodus.
"There was a sniffer on exodus yes, but there are sniffers
everywhere," Bunny wrote." The identity of the interviewee has not
been confirmed, however. (Thanks to Joe Barr)
Security Reports
LPRng supplemental group membership vulnerability.
LPRng fails to drop membership in supplemental groups at the same time
it drops setuid and setgid privileges. As a result, such supplemental
groups may provide access to enhanced privileges. This bug was not
referenced on the [21]LPRng home page, but Red Hat has issued updated
packages with a fix for the problem.
* [22]Red Hat
XFree86 X font server (xfs) denial-of-service vulnerability.
The X font server xfs, part of XFree86, has been reported to contain a
[23]denial-of-service vulnerability. When connected to "numerous"
times and given random data, xfs may crash, which can, in turn, cause
the X server to crash as well. This is only applicable to font servers
that are listening to TCP/IP, which is likely only the case for a
machine that is serving X terminals. No workaround or fix for the
problem has been reported so far.
gdm cookie vulnerability.
[24]gdm 2.2.2.1 has been released and, according to the changelog,
contains a fix for a security problem under which an attacker could
log in, save his cookie and then have that cookie used by the next
person to log in.
* [25]Slackware (from the Changelog)
xinetd buffer overflow.
A [26]buffer overflow has been reported in xinetd which may be
exploitable either to gain elevated privileges or to cause a
denial-of-service. The buffer overflow is in the ident logging portion
of xinetd, so one workaround to the problem is to disable ident
logging.
Linux FPF kernel module denial of service vulnerability.
FPF is a Linux kernel module which can be used to alter the Linux
TCP/IP stack in order to emulate other operating systems when the
system is probed by tools such as nmap or Queso. With the patch
applied, it is possible to cause the kernel to panic by sending it
multiple fragmented packets. A [27]fix for the problem has been
released. Nonetheless, the authors still state that the module has
some problems and they recommend against using it on servers.
exim format string vulnerability.
A [28]locally-exploitable format string vulnerability has been
reported in [29]exim, a GPL-d Mail Transfer Agent. Root access may be
gained if the 'syntax checking' mode is turned on (not the default).
Workarounds and an unofficial patch are available. The patch will be
rolled into exim 3.30, which is expected to be released "soon".
* [30]Debian
* [31]Conectiva
man-db nested calls vulnerability.
The man-db vulnerability of the week involves the manner in which
calls to drop_effective_privs and regain_effective_privs are handled.
Nested versions of such calls can be used to cause man-db to regain
privileges too early, which could result in a user being able to
create files as user man.
* [32]Debian
su-wrapper buffer overflow.
[33]su-wrapper is used to execute processes under different uids.
[34]A buffer overflow has been reported in su-wrapper 1.1.1. No
official patch or upgrade has been released, but an unofficial,
untested patch has been posted.
Fcron symbolic link vulnerability.
[35]fcron is a periodic command scheduler which implements the
functionality of vixie cron but does not assume that your system runs
all the time or regularly. [36]A symbolic link vulnerability has been
reported in fcron 1.0. Versions 1.0.1, 1.0.2 and 1.0.3 have been
reported not vulnerable, so presumably an upgrade to one of these
versions will resolve the problem. No information on whether or not
the latest development version, 1.1.0, is affected has been posted.
TIAtunnel remote access vulnerability.
[37]TIAtunnel is a simple IRC bouncer, released under the GPL. [38]A
vulnerability has been reported in TIAtunnel that can be exploited by
a remote attacker to gain a local shell under the TIAtunnel account.
This was found in PKCrew TIAtunnel 0.9alpha2 and has been fixed in
TIAtunnel 0.9alpha3. Note that a stable version of the software has
not yet been released.
Proprietary products.
The following proprietary products were reported to contain
vulnerabilities:
* Security upgrades have been applied to both the client and server
potions of [39]Caldera's Volution network management software.
Upgrading both components is recommended. This is also covered in
BugTraq ID [40]2850.
* [41]BestCrypt version 0.7, a data encryption product, can be
exploited locally to [42]run arbitrary commands as root. An
upgrade to BestCrypt 0.8 will fix the problem.
* SpearHead Security has [43]acknowledged the URL encoding
vulnerability in the NetGap devices reported in [44]last week's
Security Summary. They report that the problem has been resolved
in build 78 of the NetGap software.
* The [45]Anonymizer.com anonymous web service has been reported to
contain a [46]vulnerability in which Javascript code commented out
by Anonymizer gets executed anyway. No warning messages are
posted. This has been tested only on the free/trial version of
Anonymizer. No vendor response has been seen so far.
* A Java-filtering vulnerability has been reported in [47]gmx.net, a
European-based free web-mail community. GMX AG has [48]responded,
acknowledging the problem and promising an immediate workaround
would be put into place.
Updates
ispell symbolic link vulnerabilities.
Check the [49]June 7th LWN Security Summary for the original report.
This week's updates:
* [50]Debian, fixed in ispell-3.1.20-8, updated January 26, 2000.
Previous updates:
* [51]Red Hat (June 7th)
xinetd default umask vulnerability.
Check the [52]June 7th LWN Security Summary for the original report.
Fixing the problem simply requires that the default umask for xinetd
be set to 022 instead of 000. This is also covered in BugTraq ID
[53]2826.
This week's updates:
* [54]Linux-Mandrake
* [55]Immunix
Previous updates:
* [56]Red Hat (June 7th)
gnupg format string vulnerability.
Check the [57]May 31st LWN Security Summary for the initial report.
gnupg 1.0.5 and earlier are vulnerable; gnupg 1.0.6 contains a fix for
this problem and an upgrade is recommended. Werner Koch also sent out
[58]a note warning of minor build problems with gnupg 1.0.6 when
compiled without gcc.
This week's updates:
* [59]Conectiva
* [60]Red Hat
* [61]Turbolinux
* [62]Caldera
* [63]Debian, unstable upgrade to 1.0.6 on May 29th.
Previous updates:
* [64]Engarde (May 31st)
* [65]Progeny (May 31st)
* [66]Linux-Mandrake (June 7th)
* [67]Immunix (June 7th)
* [68]Trustix (June 7th)
* [69]SuSE (June 7th)
multiple imapd buffer overflows.
Check the [70]March 15th LWN Security Summary for the original report.
This week's updates:
* [71]Linux-Mandrake
Previous updates:
* [72]Caldera (March 15th)
* [73]Conectiva (March 22nd)
* [74]SuSE (March 29th)
GTK+ module use in setgid/setuid programs.
Check the [75]January 4th, 2001 Security Summary for the original
discussion of this issue. The official position of the GTK+ team is
that setuid and setgid programs are a bad idea for GUI toolkits and
are not supported by the GTK+ toolkit.
This week's advisories:
* [76]Turbolinux
* [77]Havoc Pennington, response to patch issued by Caldera.
Multiple buffer overflows in tcpdump.
[78]Multiple buffer overflows in tcpdump were reported in our November
2nd, 2000 edition. Check also BugTraq ID [79]1870
This week's updates:
* [80]Turbolinux
* [81]Linux-Mandrake
Previous updates:
* [82]FreeBSD (November 2nd, 2000
* [83]SuSE (November 16th, 2000
* [84]Debian (November 23rd, 2000)
* [85]SuSE (November 23rd, 2000)
Resources
IBM Whitepaper: The Linux Security 'State of the Union'. Dated May 11,
2001, nonetheless it was this week that [86]this IBM whitepaper first
came our way. It contains a nice description of Linux security
efforts, such as LIDS, Snort, RSBAC, NSA Security Enhanced Linux,
StackGuard, packet filtering, LOMAC, PortSentry and TCS.
New Security Portal moderated security discussion list.
[87]SecurityPortal has started [88]a new, moderated discussion list
for security issues, seeded with a few SecurityPortal people to make
sure that an effort is made to answer questions posed to the list.
Events
Upcoming Security Events.
Date Event Location
June 17 - 22, 2001 [89]13th Annual Computer Security Incident Handling
Conference (FIRST 2001) Toulouse, France
June 18 - 20, 2001 [90]NetSec Network Security Conference(NetSec '01)
New Orleans, Louisiana, USA.
June 19 - 20, 2001 [91]The Biometrics Symposium Chicago, Illinois,
USA.
June 19 - 21, 2001 [92]PKI Forum Members Meeting (Kempinski Hotel
Airport Munchen)Munich, Germany
July 11 - 12, 2001 [93]Black Hat Briefings USA '01 Las Vegas, Nevada,
USA.
July 17, 2001 [94]The Open Group Security Forum briefing Austin, Texas
August 6 - 10, 2001 [95]CERT Conference 2001 Omaha, NE, USA.
August 7, 2001 [96]CIBC World Markets First Annual Security & Privacy
Conference New York, NY, USA.
August 13 - 17, 2001 [97]10th USENIX Security Symposium 2001
Conference Washington, D.C.
August 13 - 17, 2001 [98]HAL2001 Enschede, The Netherlands
For additional security-related events, included training courses
(which we don't list above) and events further in the future, check
out Security Focus' [99]calendar, one of the primary resources we use
for building the above list. To submit an event directly to us, please
send a plain-text message to [100]lwn@lwn.net.
Section Editor: [101]Liz Coolbaugh
June 14, 2001
[102]Click Here
Secured Distributions:
[103]Engarde Secure Linux
[104]Immunix
[105]Kaladix
[106]Nexus
[107]NSA Security Enhanced
[108]Openwall GNU/Linux
[109]SLinux
[110]Trustix
Security Projects
[111]Bastille
[112]Linux Security Audit Project
[113]Linux Security Module
[114]OpenSSH
Security List Archives
[115]Bugtraq Archive
[116]Firewall Wizards Archive
[117]ISN Archive
Distribution-specific links
[118]Caldera Advisories
[119]Conectiva Updates
[120]Debian Alerts
[121]Kondara Advisories
[122]Esware Alerts
[123]LinuxPPC Security Updates
[124]Mandrake Updates
[125]Red Hat Errata
[126]SuSE Announcements
[127]Yellow Dog Errata
BSD-specific links
[128]BSDi
[129]FreeBSD
[130]NetBSD
[131]OpenBSD
Security mailing lists [132]Caldera
[133]Cobalt
[134]Conectiva
[135]Debian
[136]Esware
[137]FreeBSD
[138]Kondara
[139]LASER5
[140]Linux From Scratch
[141]Linux-Mandrake
[142]NetBSD
[143]OpenBSD
[144]Red Hat
[145]Slackware
[146]Stampede
[147]SuSE
[148]Trustix
[149]turboLinux
[150]Yellow Dog
Security Software Archives
[151]munitions
[152]ZedZ.net (formerly replay.com)
Miscellaneous Resources
[153]CERT
[154]CIAC
[155]Comp Sec News Daily
[156]Crypto-GRAM
[157]LinuxLock.org
[158]LinuxSecurity.com
[159]OpenSEC
[160]Security Focus
[161]SecurityPortal
[162]Next: Kernel
[163]Eklektix, Inc. Linux powered! Copyright Л 2001 [164]Eklektix,
Inc., all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-002-000-000-012
3. http://lwn.net/2001/0614/
4. http://lwn.net/2001/0614/kernel.php3
5. http://lwn.net/2001/0614/dists.php3
6. http://lwn.net/2001/0614/desktop.php3
7. http://lwn.net/2001/0614/devel.php3
8. http://lwn.net/2001/0614/commerce.php3
9. http://lwn.net/2001/0614/press.php3
10. http://lwn.net/2001/0614/announce.php3
11. http://lwn.net/2001/0614/history.php3
12. http://lwn.net/2001/0614/letters.php3
13. http://lwn.net/2001/0614/bigpage.php3
14. http://lwn.net/2001/0607/security.php3
15.
http://securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26en
d%3D2001-06-16%26fromthread%3D0%26tid%3D190947%26threads%3D1%26start%3D2001-06-1
0%26
16. http://www.securityfocus.com/archive/1/141901
17. http://www.securityfocus.com/archive/1/189139
18.
http://www.anchordesk.co.uk/anchordesk/commentary/columns/0,2415,7110137,00.html
19. http://www.newsalert.com/bin/story?StoryId=CoX78qaicueCTtKvulvbssvzbq1K
20. http://www.securityfocus.com/templates/article.html?id=215
21. http://www.astart.com/LPRng/LPRng.html
22. http://lwn.net/2001/0614/a/rh-lprng.php3
23. http://www.securityfocus.com/bid/2848
24. http://cvs.gnome.org/lxr/source/gdm2/NEWS
25. http://www.slackware.com/changelog/current.php?cpu=i386
26. http://www.securityfocus.com/bid/2840
27. http://www.pkcrew.org/tools/fpffix.tar.gz
28. http://www.securityfocus.com/bid/2828
29. http://www.exim.org/
30. http://lwn.net/2001/0614/a/deb-exim.php3
31. http://lwn.net/2001/0614/a/con-exim.php3
32. http://lwn.net/2001/0614/a/deb-mandb.php3
33. http://sourceforge.net/projects/su-wrapper/
34. http://www.securityfocus.com/bid/2837
35. http://fcron.free.fr/
36. http://www.securityfocus.com/bid/2835
37. http://tiatunnel.pkcrew.org/
38. http://www.securityfocus.com/bid/2831
39. http://lwn.net/2001/0614/a/caldera-volution.php3
40. http://www.securityfocus.com/bid/2850
41. http://www.jetico.com/index.htm#/download.htm
42. http://www.securityfocus.com/bid/2820
43. http://lwn.net/2001/0614/a/netgap.php3
44. http://lwn.net/2001/0607/security.php3#proprietary
45. http://www.anonymizer.com/
46. http://lwn.net/2001/0614/a/anonymizer.php3
47. http://lwn.net/2001/0614/a/gmx.net.php3
48. http://lwn.net/2001/0614/a/gmxresp.php3
49. http://lwn.net/2001/0607/security.php3#ispell
50. http://lwn.net/2001/0614/a/db-ispell.php3
51. http://lwn.net/2001/0607/a/rh-ispell.php3
52. http://lwn.net/2001/0607/security.php3#xinetd
53. http://www.securityfocus.com/bid/2826
54. http://lwn.net/2001/0614/a/lm-xinetd.php3
55. http://lwn.net/2001/0614/a/im-xinetd.php3
56. http://lwn.net/2001/0607/a/rh-xinetd.php3
57. http://lwn.net/2001/0531/security.php3#gnupgformatstring
58. http://lwn.net/2001/0607/a/gnupggcc.php3
59. http://lwn.net/2001/0614/a/conectiva-gnupg.php3
60. http://lwn.net/2001/0614/a/rh-gnupg.php3
61. http://lwn.net/2001/0614/a/tl-gnupg.php3
62. http://lwn.net/2001/0614/a/cald-gnupg.php3
63. http://lwn.net/2001/0614/a/db-gnupg.php3
64. http://lwn.net/2001/0531/a/esl-gnupg.php3
65. http://lwn.net/2001/0531/a/pr-gnupg.php3
66. http://lwn.net/2001/0607/a/lm-gnupg.php3
67. http://lwn.net/2001/0607/a/im-gnupg.php3
68. http://lwn.net/2001/0607/a/trustix-gnupg.php3
69. http://lwn.net/2001/0607/a/suse-gnupg.php3
70. http://lwn.net/2001/0315/security.php3#imap
71. http://lwn.net/2001/0614/a/lm-imap.php3
72. http://lwn.net/2001/0315/a/cald-imap.php3
73. http://lwn.net/2001/0322/a/con-imap.php3
74. http://lwn.net/2001/0329/a/suse-pop.php3
75. http://lwn.net/2001/0104/security.php3
76. http://lwn.net/2001/0614/a/tl-gtk.php3
77. http://lwn.net/2001/0614/a/havoc-gtk.php3
78. http://lwn.net/2000/1102/security.php3#tcpdump
79. http://www.securityfocus.com/bid/1870
80. http://lwn.net/2001/0614/a/tl-tcpdump28.php3
81. http://lwn.net/2001/0614/a/lm-tcpdump.php3
82. http://lwn.net/2000/1102/a/sec-freebsd-tcpdump.php3
83. http://lwn.net/2000/1116/a/sec-suse-misc.php3
84. http://lwn.net/2000/1123/a/deb-tcpdump.php3
85. http://lwn.net/2000/1123/a/sec-suse-tcpdump.php3
86. http://www-1.ibm.com/linux/news/LTCWhitepaper.shtml
87. http://www.securityportal.com/
88. http://lwn.net/2001/0614/a/secmail.php3
89. http://www.first.org/conference/2001/
90. http://www.gocsi.com/netsec01
91.
http://www.iqpc.com/cgi-bin/templates/98485262029583740234300003/genevent.html?e
vent=1504&topic=
92. http://www.pkiforum.org/meetings/20010619/index.html
93. http://www.blackhat.com/
94. http://www.opengroup.org/austin2001/security_outline.htm
95. http://www.certconf.org/
96. http://www.cibcwm.com/eq/conference/security/
97. http://www.usenix.org/events/sec2001
98. http://www.hal2001.org/hal/01Home/index.html
99. http://securityfocus.com/calendar
100. mailto:lwn@lwn.net
101. mailto:lwn@lwn.net
102. http://ads.tucows.com/click.ng/buttonpos=lwnbuttonsecurity
103. http://www.engardelinux.org/
104. http://www.immunix.org/
105. http://www.maganation.com/~kaladix/
106. http://Nexus-Project.net/
107. http://www.nsa.gov/selinux/
108. http://www.openwall.com/Owl/
109. http://www.slinux.org/
110. http://www.trustix.com/
111. http://www.bastille-linux.org/
112. http://lsap.org/
113. http://lsm.immunix.org/
114. http://www.openssh.com/
115. http://www.securityfocus.com/bugtraq/archive/
116. http://www.nfr.net/firewall-wizards/
117. http://www.jammed.com/Lists/ISN/
118. http://www.calderasystems.com/support/security/
119. http://www.conectiva.com.br/atualizacoes/
120. http://www.debian.org/security/
121. http://www.kondara.org/errata/k12-security.html
122. http://www.esware.com/actualizaciones.html
123. http://linuxppc.org/security/advisories/
124. http://www.linux-mandrake.com/en/fupdates.php3
125. http://www.redhat.com/support/errata/index.html
126. http://www.suse.de/security/index.html
127. http://www.yellowdoglinux.com/resources/errata.shtml
128. http://www.BSDI.COM/services/support/patches/
129. http://www.freebsd.org/security/security.html
130. http://www.NetBSD.ORG/Security/
131. http://www.openbsd.org/security.html
132. http://www.calderasystems.com/support/forums/announce.html
133. http://www.cobalt.com/support/resources/usergroups.html
134. http://distro.conectiva.com.br/atualizacoes/
135. http://www.debian.org/MailingLists/subscribe
136. http://www.esware.com/lista_correo.html
137. http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL
138. http://www.kondara.org/mailinglist.html.en
139. http://l5web.laser5.co.jp/ml/ml.html
140. http://www.linuxfromscratch.org/services/mailinglistinfo.php
141. http://www.linux-mandrake.com/en/flists.php3
142. http://www.netbsd.org/MailingLists/
143. http://www.openbsd.org/mail.html
144. http://www.redhat.com/mailing-lists/
145. http://www.slackware.com/lists/
146. http://www.stampede.org/mailinglists.php3
147. http://www.suse.com/en/support/mailinglists/index.html
148. http://www.trustix.net/support/
149. http://www.turbolinux.com/mailman/listinfo/tl-security-announce
150. http://lists.yellowdoglinux.com/ydl_updates.shtml
151. http://munitions.vipul.net/
152. http://www.zedz.net/
153. http://www.cert.org/nav/alerts.html
154. http://ciac.llnl.gov/ciac/
155. http://www.MountainWave.com/
156. http://www.counterpane.com/crypto-gram.html
157. http://linuxlock.org/
158. http://linuxsecurity.com/
159. http://www.opensec.net/
160. http://www.securityfocus.com/
161. http://www.securityportal.com/
162. http://lwn.net/2001/0614/kernel.php3
163. http://www.eklektix.com/
164. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0614/security.php3 |
Sergey Lentsov |
14 Jun 2001 17:11:25 |
|
|
