ep's blog

The How and Why of User Private Groups in Unix

The first time I heard about User Private Groups (UPG) is when I was installing one of my first Red Hat Linux systems when I was in college.  As a seasoned Solaris administrator, I thought it was very odd that Red Hat didn't put my users into a default group of staff.  And then they wanted to change my umask from 022 to 002?  What the heck, that doesn't sound secure?

Network World: The 5 essential patches of 2009

http://www.networkworld.com/news/2009/122309-the-5-essential-patches-of....

This is an interesting article by Network World which reviews the top patches of 2009.  The list was compiled by Qualys' chief technology officer, Wolfgang Kandek and a panel of patch and vulnerability experts to find the five security fixes everyone should deploy from the last 12 months".

[DSA-1975-1] Security Support for Debian 4.0 to be discontinued on February 15th

http://seclists.org/fulldisclosure/2010/Jan/397

For anyone still on Debian 4.0, now is a good time to work on a
migration plan to Debian 5.0. Debian will stop releasing security
updates after February 15th for 4.0.

This is also a good time for Ubuntu users to check their distribution
for similar announcements. Ubuntu is based on Debian.

Thanks,
Brian

RHEL5 kernel security and bug fix update

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Here is a new kernel update, unrelated to the last update sent out 9
days ago. It fixes a myriad of new problems including Denial of
Service, Privilege Escalation, kernel panic, file rewrite, and
information leaks to name a few.

It is recommended that RHEL5 systems be updated and rebooted to mitigate
the risk from these issues.

Thanks,
Brian

Adobe Shockwave Player Four Integer Overflow Vulnerabilities

http://secunia.com/secunia_research/2009-63/

"Affected: Adobe Shockwave Player 11.5.2.602"

"Secunia Research has discovered four vulnerabilities in Adobe
Shockwave Player, which can be exploited by malicious people to
compromise a user's system.

The vulnerabilities are caused by four integer overflow errors
when processing a certain block type. These can be exploited to cause
heap-based buffer overflows via specially crafted Shockwave files.

Cisco IOS XR Software SSH Denial of Service Vulnerability

http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml

"The SSH server implementation in Cisco IOS XR Software contains a
vulnerability that an unauthenticated, remote user could exploit to
cause a denial of service condition."

"Products Confirmed Not Vulnerable

SSH server implementations in Cisco IOS Software and Cisco IOS XE
Software are not affected by this vulnerability."

Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack (affects Windows NT through 7)

http://seclists.org/fulldisclosure/2010/Jan/341

"CVE-2010-0232

In order to support BIOS service routines in legacy 16bit applications,
the Windows NT Kernel supports the concept of BIOS calls in the
Virtual-8086 mode monitor code."

"Upon successful exploitation, the kernel stack is switched to an attacker
specified address." This would allow arbitrary code execution with
escalated privileges.

Pages