Welcome to Security Alerts, an overview of recent Unix and open source security advisories. In this column, we look at a denial-of-service attack against Tux and the Linux kernel; buffer overflows in Solaris' xntpd, the DCE SPC library, Rational ClearCase, and Red Hat's lpd; and problems in IMP, Cisco Secure Intrusion Detection System, OS X 10.1, Novell GroupWise, nvi, 6tunnel, Ikonboard, Viralator, w3m, and Procmail.
Source: Linux Today
Package: ssh-nonfree, ssh-socks
Vulnerability: remote root exploit
Debian-specific: no
We have received reports that the "SSH CRC-32 compensation attack
detector vulnerability" is being actively exploited. This is the same
integer type error previously corrected for OpenSSH in DSA-027-1.
OpenSSH (the Debian ssh package) was fixed at that time, but
ssh-nonfree and ssh-socks were not.
Source: ZDNet
Software packages that allow clients to share printers over a network may be leaving enterprises open to attack
Security experts are warning that many system and network administrators may have overlooked multiple vulnerabilities in several implementations of line printer systems software. Researchers at security organisation Cert said the problems relate to buffer overflow issues that let remote users gain root access to servers.
Unix Review brings us: Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses.
Source: Linux Security
On October 6, 2001, intruders originating from network blocks in the Netherlands used an exploit for the crc32 compensation attack detector vulnerability to remotely compromise a Red Hat Linux system on the UW network running OpenSSH 2.1.1. David Dittrich thoroughly analizes the attack as it happened on a network for which he is responsible.
Source: NY Times.
LONDON (Reuters) - Two graduate students have found a way to hack into security systems that protect many banking and e-commerce transactions, Cambridge University said on Thursday.
Michael Bond and Richard Clayton, computer science Ph.D. students, developed programs allowing them to hack into an IBM (news/quote) security computer that was previously thought to be impregnable, it said.
Source: CNN
There is a high probability that the U.S. critical computer infrastructure, such as the Web site of the U.S. Department of Defense, is being targeted for Distributed Denial of Service attacks by cyberprotestors, according to a warning issued Friday by the National Infrastructure Protection Center (NIPC). The center is the U.S. Federal Bureau of Investigation's cybersecurity arm.
Source: CERT.org
The CERT/CC has received multiple reports of systems being compromised via the CRC-32 compensation attack detector vulnerability described in VU#945216. We are also receiving reports of increased scanning activity for the SSH service (22/tcp).
This primarily applies to SSH Communications implementation of the SSH protocol. Systems using OpenSSH 2.3.0 or greater are not affected. Nonetheless, it contains information on how to reduce your susceptibility to SSH vulnerabilities in general.
Source: OS Opinion
DoS attackers are relying more on automated tools, which lower the level of technical knowledge necessary to launch a successful attack.
Experts are warning that crippling denial of service (DoS) attacks have become easier to launch, with automated tools and newer methods that tie up more computer and Internet resources than ever.
NIST has been working with SANS to provide an enhanced top 20 vulnerability list. The original list produced by SANS and the FBI contained 20 important vulnerability areas with reference to over 140 specific vulnerabilities.
