The SANS Institute in cooperation with the FBI's National Infrastructure Protection Center just published its listing of the most common IT security exploits for Linux/Unix systems. Leading the pack: BIND (Berkeley Internet Name Domain) exploits, which succeed because administrators fail to upgrade BIND to more secure versions or are running the BIND daemon ("named"). Here are the most recent 10 Windows exploits...
Wednesday, November 24, 2004
Sunday, November 21, 2004
Linux Phishing Attack Circulates on Net
A fake security bulletin purporting to be from Red Hat resurfaced, warning Linux users of a "critical-critical" security hole.
A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users.According to the fake security bulletin, the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.
A security bulletin circulated on the Internet late Friday and warned Linux users of a "critical-critical" security hole that could compromise systems and allow root access to a remote attacker. The message and its "patch" were the return of a phishing hoax aimed at Linux users.According to the fake security bulletin, the vulnerability was found in fileutils, the package of essential system utilities that manipulate files on a system. It warned of problem distributions including Red Hat versions 7.2 through 9.0, and Fedora Core 1 and Core 2 as well as others. However, the warning said BSD and Solaris platforms were unaffected by the vulnerability.
Saturday, November 20, 2004
Linux security alert!
-Linux iptables:
Linux is vulnerable to an integer underflow in the iptables code that handles firewall rules, which can be exploited by a remote attacker to crash the server. To exploit this vulnerability, the attacker would construct a packet that, when processed by the firewall, would crash the server. Machines without the firewall enabled are not vulnerable to this attack.
All affected users should upgrade to a repaired version of the Linux kernel or should watch their vendors for a patched version of the kernel for their distribution.
-OpenSSL 0.9.7e:
The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking code and bug fixes in code dealing with S/MIME.
The OpenSSL project team strongly recommends all users of OpenSSL upgrade to version 0.9.7e or newer as soon as possible.
-PuTTY:
PuTTY is a free version of telnet, SSH, and a Xterm emulator for Windows and Unix machines. A buffer overflow in the code that handles SSH2_MSG_DEBUG packets during a SSH2 connection can be exploited by a remote attacker to execute arbitrary code on the server with the permissions of the user account running PuTTY.
Linux is vulnerable to an integer underflow in the iptables code that handles firewall rules, which can be exploited by a remote attacker to crash the server. To exploit this vulnerability, the attacker would construct a packet that, when processed by the firewall, would crash the server. Machines without the firewall enabled are not vulnerable to this attack.
All affected users should upgrade to a repaired version of the Linux kernel or should watch their vendors for a patched version of the kernel for their distribution.
-OpenSSL 0.9.7e:
The OpenSSL project team has released version 0.9.7e of OpenSSL, the open source toolkit for SSL/TLS. This new version repairs a race condition in the CRL-checking code and bug fixes in code dealing with S/MIME.
The OpenSSL project team strongly recommends all users of OpenSSL upgrade to version 0.9.7e or newer as soon as possible.
-PuTTY:
PuTTY is a free version of telnet, SSH, and a Xterm emulator for Windows and Unix machines. A buffer overflow in the code that handles SSH2_MSG_DEBUG packets during a SSH2 connection can be exploited by a remote attacker to execute arbitrary code on the server with the permissions of the user account running PuTTY.
Thursday, November 18, 2004
What's the Unix RPC and how we have to do protection?
Like any network resources, applications need to have a way to talk to each other over the network.RPC is one of the most popular protocols for doing it.It employes a service called the Portmapper(in most of Unix's OS known as rpcbind) to arbitrate between client requests and ports that it dynamically assigns to listening applications.The attackers using some tools such as "rpcinfo" to enumerate the services (which are based on RPC) such as rwhod or rusersd.
RPC Portmappers typically run on TCP/UDP 111 and TCP/UDP 32771 on some Sun boxes, then you should do at least the following items:
1. Filter TCP/UDP 111 and TCP/UDP 32771 on the firewall.
2. Disable RPC based services from /etc/rc* or /etc/init.d on your Unix/Linux machine.
3. Check with your RPC vendor to learn which options are available to protect youe services.
4. Using Sun's Secure RPC that authenticates based on public-key cryptographic mechanisms.
RPC Portmappers typically run on TCP/UDP 111 and TCP/UDP 32771 on some Sun boxes, then you should do at least the following items:
1. Filter TCP/UDP 111 and TCP/UDP 32771 on the firewall.
2. Disable RPC based services from /etc/rc* or /etc/init.d on your Unix/Linux machine.
3. Check with your RPC vendor to learn which options are available to protect youe services.
4. Using Sun's Secure RPC that authenticates based on public-key cryptographic mechanisms.
Wednesday, November 17, 2004
Nokia Demonstrates IPv6 Phone
Nokia Corp. on Tuesday demonstrated the use of IPv6, the next generation Internet protocol, on a handset.
The Finnish company demonstrated what it called the industry's "first Mobile IPv6 call." Mobile IPv6 is the mobility protocol for IPv6 enabled handsets.
The demonstration at the 3G World Congress Convention and Exhibition in Hong Kong showed real-time streaming video with seamless handoff between two CDMA access networks using Mobile IPv6.
The next generation protocol advances the Internet's current IPv4 protocol by enabling terminals to maintain their IP connectivity as they move across networks and different access technologies. In addition, Mobile IPv6 provides route optimization techniques to reduce handoff latencies.
"IPv6 is the next-generation of the Internet protocol and has many advantages over IPv4 both for the network operators and the end-users," Adam Gould, vice president of technology management and planning for Nokia CDMA. "IPv6 allows the deployment of millions of always-on, IP enabled devices, each with it's own unique IP address."
The Finnish company demonstrated what it called the industry's "first Mobile IPv6 call." Mobile IPv6 is the mobility protocol for IPv6 enabled handsets.
The demonstration at the 3G World Congress Convention and Exhibition in Hong Kong showed real-time streaming video with seamless handoff between two CDMA access networks using Mobile IPv6.
The next generation protocol advances the Internet's current IPv4 protocol by enabling terminals to maintain their IP connectivity as they move across networks and different access technologies. In addition, Mobile IPv6 provides route optimization techniques to reduce handoff latencies.
"IPv6 is the next-generation of the Internet protocol and has many advantages over IPv4 both for the network operators and the end-users," Adam Gould, vice president of technology management and planning for Nokia CDMA. "IPv6 allows the deployment of millions of always-on, IP enabled devices, each with it's own unique IP address."
Voice Over IP Brings Potential for New Type of Spam!
Spam over Internet telephony not prevalent yet, experts sayAs reported in recent news, those who send unsolicited sales pitches for everything from free money and tropical vacations to discounted prescription medicine are beginning to use the power of the Internet and the interconnectedness of cell phones to send unsolicited text and voice messages to users of short messaging services (SMS) and voice over IP (VoIP) telephones.Experts at the anti-virus company Sophos recently discovered, Troj/Delf-HA, a Trojan horse that attempts to send text messages en masse to SMS-equipped mobile phones. Troj/Delf-HA installs itself in the Windows system folder and inserts a command in the registry that ensures the virus runs when the computer is started up. Then it connects to a Russian Web site and downloads a text file containing the details of the SMS message the virus attempts to send using forms found on many Russian cellular service providers' Web sites which allow users to send text messages to SMS-equipped cell phones. Sophos lists the Trojan's prevalence as low on it Web site where the company also provides a
Monday, November 15, 2004
Sun to Introduce Newest Version of Solaris Today
Sun Microsystems plans to unveil the latest version of its flagship Solaris operating system and offer a free version of the program to make it more attractive to corporate and academic computer users.
Subscribe to:
Posts (Atom)
