Linux Advisory Roundup

Unless people object, I'm going to start posting these here.

The information about the advisories themselves follow a tip, which in
this case is about kerberos.


+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter
|
| July 16, 2004 Volume 5, Number 28a
|
+---------------------------------------------------------------------+

Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for kernel, Ethereal, MoinMoin and
rsync. The distributors include EnGarde, Fedora, Gentoo and Mandrake.

-----

>> Need to Secure Multiple Domain or Host Names? <<
Securing multiple domain or host names need not burden you with
unwanted administrative hassles. Learn more about how the
cost-effective Thawte Starter PKI program can streamline management of
your digital certificates. Click here to download our Free guide:

http://ads.linuxsecurity.com/cgi-bin...pl?id=thawte07

-----

How Does Kerberos Actually Work?

Kerberos uses secret-key cryptography to distribute tickets used
for authentication of users to network services. The ticket is
generated using a password that the user supplies, unequivocally
linking it to the user. The services available for use with
Kerberos also have tickets, but are not generated using a
password. The user presents his ticket given to him by the
Kerberos authentication server. The ticket is stored on the
authentication server, which is configured to permit the user
to access a particular service on a particular server on the
network. The server uses this to verify the user's identity,
and grants or denies access to a particular network service.

Once the user has requested of the AS the use of a particular
service, a session key (a random string of bits) is generated
which is used to encrypt future communications between the client
and AS. This key and the service name requested are encrypted
together using the user's ticket.

Another copy of the random session key generated by the AS and
the username are encrypted together using the service's key.

Both keys are then returned to the user. The user decrypts the
first message using his ticket and reveals the server name from
which he was requesting service and the session key generated by
the AS.

The second message passed to the user cannot be decrypted because
it was encrypted using the service key, which the user does not
have.

The user then uses that session key to encrypt a message
containing the current time. This message, and the second
message still encrypted, are both passed to the service for which
the user requests access.

The service opens the first message (the one the client could not
open) using its own key, extracting the session key and the user
name requesting the use of the service.

The service then opens the second message using the session key
from the previous message to extract the message with the
timestamp on it. This then serves to authenticate the user.
This message may also contain an encryption key that is used to
provide privacy in future communications between the user and the
service.

Security Tip Written by Dave Wreski (dave@guardiandigital.com)
Additional tips are available at the following URL:
http://www.linuxsecurity.com/tips/

-----

Catching up with Wietse Venema, creator of Postfix and TCP Wrapper

Duane Dunston speaks at length with Wietse Venema on his current
research projects at the Thomas J. Watson Research Center, including
his forensics efforts with The Coroner's Toolkit. Wietse Venema is
best
known for the software TCP Wrapper, which is still widely used today
and is included with almost all unix systems. Wietse is also the
author of the Postfix mail system and the co-author of the very
cool suite of utilities called The Coroner's Toolkit or "TCT".

http://www.linuxsecurity.com/feature...story-169.html

-------------------------------------------------------------------

Open Source Leaving Microsoft Sitting on the Fence?

The open source model, with special regard to Linux, has no doubt
become a formidable competitor to the once sole giant of the software
industry, Microsoft. It is expected when the market share of an
industry leader becomes threatened, retaliation with new product or
service offerings and marketing campaigns refuting the claims of the
new found competition are inevitable. However, in the case of
Microsoft,
it seems they have not taken a solid or plausible position on the use
of open source applications as an alternative to Windows.

http://www.linuxsecurity.com/feature...story-168.html

------

--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+

7/13/2004 - kernel
Multiple vulnerabilities

This update fixes several security vulnerabilities in the Linux
Kernel shipped with EnGarde Secure Linux, most notably the
"fsave/frstor" vulnerability and an information leak in the e1000
driver.
http://www.linuxsecurity.com/advisor...sory-4555.html

+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+

7/9/2004 - im-sdk Insecure temporary file vulnerability
Multiple vulnerabilities

The im-switch that is included in the Fedora Core iiimf-x package
has been fixed to take appropriate precautions when generating
temporary files.
http://www.linuxsecurity.com/advisor...sory-4551.html

+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+

7/9/2004 - Ethereal
Multiple vulnerabilities

Multiple vulnerabilities including one buffer overflow exist in
Ethereal, which may allow an attacker to run arbitrary code or
crash the program.
http://www.linuxsecurity.com/advisor...sory-4550.html

7/12/2004 - MoinMoin
ACL bypass vulnerability

MoinMoin contains a bug allowing a user to bypass group ACLs
(Access Control Lists).
http://www.linuxsecurity.com/advisor...sory-4553.html

7/12/2004 - rsync
Directory traversal vulnerability

Under specific conditions, the rsync daemon is vulnerable to a
directory traversal allowing to write files outside a sync module.
http://www.linuxsecurity.com/advisor...sory-4554.html

+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+

7/9/2004 - ethereal
Multiple vulnerabilities

It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet into the wire or by
convincing someone to read a malformed packet trace file.
http://www.linuxsecurity.com/advisor...sory-4552.html

junktarget@yahoo.com (DaveAI) writes:

> Unless people object, I'm going to start posting these here.

I can see that a regular vulnerability-roundup would make sense, but can
you do it with less waffle?

Note that "The posting of commercial information to this group is permitted
only if the information is directly relevant to security and the Linux
Operating System", from our charter - so linux vulnerabilities, good;
adverts for:

| >> Need to Secure Multiple Domain or Host Names? <<
| Securing multiple domain or host names need not burden you with
| unwanted administrative hassles. Learn more about how the
| cost-effective Thawte Starter PKI program can streamline management of
| your digital certificates. Click here to download our Free guide:
|
| http://ads.linuxsecurity.com/cgi-bin...pl?id=thawte07

are somewhat dubious. They certainly detract from my time reading a useful
check-list of vulnerabilities.

If you want advertisements, use short summaries of each vulnerability with
`read more about this specific booboo over here:
<URL:http://www.linuxsecurity.com/specificbooboo>' and who knows, maybe
they'll get followed and more ad-impressions occur on your own site.

> How Does Kerberos Actually Work?

[snip]

Holy Crap, that was uncalled-for. Why not just say "hey folks, we've got a
nice couple of articles for you"? Or "while we were busy talking about
these vulnerabilities, we wrote essays about Kerberos (<URL:http://.....>)
and bar and quux"?

In short, make your article appear like "this week's roundup of
vulnerabilities" and I, for one, will see it as a community service and
follow occasional links from it, but I certainly won't be digging through a
long spiel for either vulnerabilty details nor essays.

~Tim
--
It's enough that I can see the morning |piglet@stirfried.vegetable.org.uk
In miracles much more than I can say |http://spodzone.org.uk/cesspit

On 2004-07-22, Tim Haynes wrote:
> junktarget@yahoo.com (DaveAI) writes:
>
>> Unless people object, I'm going to start posting these here.
>
> I can see that a regular vulnerability-roundup would make sense, but can
> you do it with less waffle?

And without posting the same thing 3 times.

And the full articles (as have just appeared) are unnecessary.

DaveAI is teetering on the brink of my killfile.

--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
================================================== =================
My code (if any) in this post is copyright 2004, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.misc DaveAI <junktarget@yahoo.com> suggested:
> Unless people object, I'm going to start posting these here.

Please stop spamming us.

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBABBrAkPEju3Se5QRAto9AJwKt4e7RS2KOBfP7Hk1WW Dva8cWTACgr4l0
vI2tFEW8WoT0RJyUUBwCX+w=
=cD71
-----END PGP SIGNATURE-----