linux-security.1-8.txt

+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|    June 19, 2000                           Volume 1, Number 8       |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@linuxsecurity.com    |
|                   Benjamin Thomas         ben@linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines and system
advisories. It is distributed each Monday by Guardian Digital, Inc.

After two weeks of constant advisories, it's comforting to see the amount
of activity die down. This week, updates are available for the Document
Template package, BRU Backup Utility, Kerberos 5, and a bug on
FreeBSD/Alpha systems that weakens its encryption.

In the news, OpenBSD announces its release of version 2.7, Mimestar
"Shoots Down Intruders" by releasing Version 3.0.7 of SecureNet PRO, and
the U.S. House gives its "OK" to the digital signature bill.

This week a number of interesting papers were posted. The article "Open
Sources, Security by Default" discusses actions taken by the OpenBSD team,
and Theo De Raadt, the founder of OpenBSD. With the release of OpenBSD
2.7, the goal was to "remove most of the extraneous, unnecessary, and
insecure protocols from the OS, tightened up the default configuration,
and then hunt for bugs ruthlessly." Sound advice for all users.

The historical paper, "Security Controls for Computer Systems" was
referenced on our site this week. It is regarded as "The Paper that
Launched Computer Security." The paper discusses intrusions, physical
security, threats, policy considerations, and gives recommendations.
Anyone interested in computer security and its history should definitly
take a look at this.  A majority of this paper is applicable to situations
we face today.

We've recently learned that Red Hat has released a development build of
the 2.2.16 kernel which fixes several security issues discovered last
week. Information on this rawhide (development) version is available at
http://www.linuxsecurity.com/articles/host_security_article-909.html.
We'll post their formal announcement as soon as it's made.

Our sponsor this week is WebTrends.  Thier Security Analyzer has the most
vulnerability tests available for Red Hat & VA Linux. It uses advanced
agent-based technology, enabling you to scan your Linux servers from your
Windows NT/2000 console and protect them against potential threats. Now
with over 1,000 tests available.

http://www.webtrends.com/redirect/linuxsecurity1.htm


HTML Version Available: 
http://www.linuxsecurity.com/articles/forums_article-910.html

Advisories this Week:
---------------------

Conectiva: Zope problems in DocumentTemplate - 06/16/2000 - The issue
involves an inadequately protected method in one of the base classes in
the DocumentTemplate package that could allow the contents of
+DTMLDocuments or DTMLMethods to be changed remotely or through DTML code
without forcing proper user authorization.

http://www.linuxsecurity.com/advisories/advisory_documents/other_advisory-490.html


RedHat 6.2: Kerberos 5 vulnerability - 06/15/2000 - Security
vulnerabilities have been found in the Kerberos 5 implementation shipped
with Red Hat Linux 6.2. A number of possible buffer overruns were found in
libraries included in the affected packages. A denial-of-service
vulnerability was also found in the ksu program.

http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-489.html


RedHat: New emacs packages available - 06/15/2000 - With emacs < 20.7,
unprivileged local users can eavesdrop the communication between Emacs and
its subprocesses. Red Hat offers an update for this package.

http://www.linuxsecurity.com/advisories/advisory_documents/redhat_advisory-487.html


Zope: Fixed version available - 06/15/2000 - The issue involves an
inadequately protected method in one of the base classes in the
DocumentTemplate package that could allow the contents of DTMLDocuments or
DTMLMethods to be changed remotely or through DTML code without forcing
proper user authorization.

http://www.linuxsecurity.com/advisories/advisory_documents/other_advisory-488.html


Caldera: local ROOT exploit in BRU - 06/14/2000 - There is a serious
vulnerability in the commandline option and logfile handling of the BRU
Backup Utility which can be exploited by a local attacker to gain root
access to the machine.

http://www.linuxsecurity.com/advisories/advisory_documents/caldera_advisory-486.html


FreeBSD: Alpha port vulnerability - 06/12/2000 - Cryptographic secrets
(such as OpenSSH public/private keys) generated on FreeBSD/Alpha systems
may be much weaker than their "advertised" strength, and may lead to data
compromise to a dedicated and knowledgeable attacker.

http://www.linuxsecurity.com/advisories/advisory_documents/freebsd_advisory-485.html


Linux Host Security:
--------------------

Network Intrusion Detection, An Analyst's Handbook - 6/17/2000 - Here is
an interesting book review for "Network Intrusion Detection, An Analyst's
Handbook" It gives chapter by chapter summaries throughout the book. "This
book is far-and-away one of the more relevant and well-written books on
security issues, and should be required reading for every system
administrator and network professional."

http://www.linuxsecurity.com/articles/intrusion_detection_article-904.html


Linux Kernel Bug prompts Security Alert - 6/15/2000 - The perceived
security of Linux has suffered a setback after the discovery of a serious
bug in the Linux kernel which allows attackers to gain root access through
a variety of programs, including Sendmail. The kernel bug affects versions
2.2.15 and earlier, as well as some 2.4.0 versions, and Linux users are
advised to upgrade to 2.2.16. The problem is all the more serious because
code that exploits the flaw has been posted widely on the internet,
including on a number of well-known security sites.

http://www.linuxsecurity.com/articles/host_security_article-887.html


Detecting Signs of Intrusion - 6/14/2000 - This paper discusses various
ways on how to detect intrusions. Intruders are always looking for new
ways to break into systems. "They may attempt to breach your network's
perimeter defenses from remote locations, or physically infiltrate your
organization to gain direct access to its information resources."

http://www.linuxsecurity.com/articles/intrusion_detection_article-882.html


An Overview of TCP and IP Spoofing - 6/12/2000 - To understand the
spoofing process, I will begin by explaining the TCP and IP authentication
process. Then I will discuss how an attacker can spoof your network.

http://www.linuxsecurity.com/articles/network_security_article-862.html


Linux Server Security:
----------------------

Building a Secure Gateway System - 6/15/2000 - This article explains how
to secure a Linux gateway. If you do not have a gateway already setup, it
suggest that you read this article. The author assumes that you are
already familiar with Linux and currently have a constant connection to
the internet.

http://www.linuxsecurity.com/articles/network_security_article-886.html


Sub7 vid Trojan can launch distributed attacks - 6/17/2000 - As it turns
out, the most recent build of Sub7 contains an undocumented feature which
can indeed be used to ping the living hell out of Web servers, from
numerous infected clients simultaneously, according to research just
completed by security outfit iDefense.

http://www.linuxsecurity.com/articles/network_security_article-903.html


BIND 8.2.x Overflow Vulnerability - 6/16/2000 - This paper covers a BIND
buffer overflow that exists in 8.2, 8.2.1 and 8.2.2. Here CIAC explains
how the exploit works, "The exploit requires two systems to be successful.
The first is a DNS server that will have an altered DNS table. The second
machine is where the attack will take place."

http://www.linuxsecurity.com/articles/server_security_article-900.html


The Secrets of Snoop - 6/15/2000 - Lance writes, "Sniffers have exploded
in popularity over the past several years, from Network Generals Netxray
and Microsofts Network Monitor, to public domain tools such as Etherman
and Curry Sniffer. These tools are used for various reasons, including
network troubleshooting, traffic analysis, node discovery, etc. We will be
covering one of the most common, yet effective sniffers, snoop.

http://www.linuxsecurity.com/articles/intrusion_detection_article-889.html


Cracked! part 5: Rebuilding - 6/12/2000 - This is the fifth part of the
story of a community network that was cracked and what was done to recover
from it. By this point we have realized that we must get the cracker off
of our machines before it is to late. It is only a matter of time before
he trashes our system to clean up his tracks, gets a sniffer running under
a different architecture or uses us to launch some denial of service
attack.

http://www.linuxsecurity.com/articles/intrusion_detection_article-861.html


Cryptography:
-------------

Bruce Schneier's Crypto-Gram - 6/16/2000 - In this month's issue of Bruce
Schneier's Crypto-Gram, he discusses SOAP, Crypto-Gram Reprints, News,
Counterpane Internet Security News, Java and Viruses The Doghouse:
Infraworks, The Data Encryption Standard (DES), and Comments from eaders.
Always an excellent read.

http://www.linuxsecurity.com/articles/cryptography_article-898.html


The Death of Unencrypted Connections? - 6/14/2000 - Over the last few
years "hacker" tools have become much more widespread and available to
...