LXer Feature: 30-Sept-2007

Big stories this week include the “Give one, get one” OLPC promotion, an LXer Feature by Paul Ferris entitled, Linux Education in America: Inspiration from Russia?, The 7 Most Influential GNU/Linux Distributions, The Top 21 Linux Games Of 2007, GPLv2 and GPLv3 for beginners, Slackware: the classic distro an article you shouldn’t read.

continue reading.....

iDefense Security Advisory 09.27.07 – Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.’s (CA) BrightStor HSM allows attackers to execute arbitrary code with SYSTEM privileges. These problems specifically exist within various command handlers in the CsAgent service. There are eleven command handlers that contain one or more stack based buffer overflow vulnerabilities each. All of these vulnerabilities are simple sprintf() calls that overflow fixed size stack buffers with attacker supplied data. Additionally, there are five command handlers that are vulnerable to integer overflow vulnerabilities. In addition to this, the function responsible for reading in and dispatching a request to the appropriate handler also contains an integer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in Computer Associates BrightStor HSM version r11.5. Previous versions may also be affected.

continue reading.....

Mandriva Linux Security Advisory – A buffer overflow vulnerability was discovered in t1lib due to improper bounds checking. An attacker could send specially crafted input to an application linked against t1lib which could lead to a denial of service or the execution of arbitrary code.

continue reading.....

Debian Security Advisory 1378-1 – Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process’ umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.

continue reading.....

Gentoo Linux Security Advisory GLSA 200709-17 – Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable. Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf. Versions less than 3.0_p1-r4 are affected.

continue reading.....

Gentoo Linux Security Advisory GLSA 200709-16 – Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c when processing overly long HTTP headers. Versions less than 1.4.18 are affected.

continue reading.....

A vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.

continue reading.....

Ubuntu Security Notice 521-1 – Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.

continue reading.....

Mandriva Linux Security Advisory – A vulnerability was discovered in KDM by Kees Huijgen where under certain circumstances and in particular configurations, KDM could be tricked into allowing users to login without a password.

continue reading.....

Debian Security Advisory 1378-2 – Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

continue reading.....

Ubuntu Security Notice 522-1 – It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user’s OpenSSL processes. Moritz Jodeit discovered that OpenSSL’s SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application’s cipher list buffer, possibly leading to arbitrary code execution or a denial of service.

continue reading.....

(Posted 28 Sep 2007 by Ray)

continue reading.....

(Posted 28 Sep 2007 by Ray)

continue reading.....

(Posted 28 Sep 2007 by falko)

continue reading.....

(Posted 30 Sep 2007 by Boris Derzhavets)

continue reading.....

(Posted 30 Sep 2007 by Ida Momtaheni)

continue reading.....

(Posted 30 Sep 2007 by falko)

continue reading.....

How To Set Up VMware Tools On Various Linux Distributions

This document explains how to set up the VMware Tools in the
following guest operating systems: Ubuntu 7.04, Fedora 7, PCLinuxOS
2007 and Debian Etch. Installing VMware Tools in your guest operating
systems will help maximize performance, provide mouse synchronization
and copy & paste functionality. This article also shows a way of
making VMware Tools start automatically when you start a guest
operating system.

Read more…

continue reading.....

Filed under: misc hacks, peripherals hacks, xbox hacks

If you are curious about reading all the bits on a DVD, [tmbinc] has devised a hardware hack that uses a Pioneer DVD drive with leads soldered onto it and a Cypress FX2 microcontroller board to grab the flow of bits and push them over USB2.0. My favorite part of this tutorial is when you slow the spinning DVD down very slightly with your finger with a scope hooked up over what you believe to be the raw data stream from the disk. If the data rate slows when you physically slow down the disk, you probably are grabbing data from the correct pin. [tmbinc] even put together a software tool to process the resulting raw DVD data.

Read | Permalink | Email this | Linking Blogs | Comments

continue reading.....

Filed under: misc hacks, peripherals hacks, xbox hacks

If you are curious about reading all the bits on a DVD, [tmbinc] has devised a hardware hack that uses a Pioneer DVD drive with leads soldered onto it and a Cypress FX2 microcontroller board to grab the flow of bits and push them over USB2.0. My favorite part of this tutorial is when you slow the spinning DVD down very slightly with your finger with a scope hooked up over what you believe to be the raw data stream from the disk. If the data rate slows when you physically slow down the disk, you probably are grabbing data from the correct pin. [tmbinc] even put together a software tool to process the resulting raw DVD data.

Read | Permalink | Email this | Linking Blogs | Comments

continue reading.....

One of the most important recent events in the world of free software has been the release of version 3 of the GNU GPL. There were fierce arguments about its utility while it was being drawn up, and although the rhetoric has abated somewhat, there is still a big question mark over its eventual success. Some evidence suggests that GPLv3 uptake is coming along nicely, while other reports indicate a reluctance to adopt it (but note also Matt Asay’s neat reconciliation of these contradictory messages). To see what’s likely to happen in the long term, it’s useful to look back at the past history of licence adoption.

continue reading.....

In this article I will show how to install and configure BlockHosts on a Debian Etch system. BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables.

continue reading.....

One of the most important recent events in the world of free software has been the release of version 3 of the GNU GPL. There were fierce arguments about its utility while it was being drawn up, and although the rhetoric has abated somewhat, there is still a big question mark over its eventual success. Some evidence suggests that GPLv3 uptake is coming along nicely, while other reports indicate a reluctance to adopt it (but note also Matt Asay’s neat reconciliation of these contradictory messages). To see what’s likely to happen in the long term, it’s useful to look back at the past history of licence adoption.

continue reading.....

“The fact that we continue to expose internal data structures via sysfs is a gaping open pit [and] is far more likely to cause any kind of problems than changing an error return,” Theodore Ts’o noted, responding to a thread discussing a patch to fix an error return code. Andrew Morton agreed, “I was staring in astonishment at the pending sysfs patch pile last night. Forty syfs patches and twenty-odd patches against driver core and the kobject layer.” He continued, “that’s a huge amount of churn for a core piece of kernel infrastructure which has been there for four or five years. Not a good sign.” Andrew then added a humorous quip, “I mean, it’s not as if, say, the CPU scheduler guys keep on rewriting all their junk. oh, wait..”

continue reading.....

Computer Associates BrightStor Hierarchical Storage Manager (HSM) is an application used to create a tiered storage solution for enterprises that require on demand access to large quantities of data. The HSM caches frequently used files on hard drives for fast access, and stores seldom used files on tape. Access to files stored on tape is transparent to the client applications. The CsAgent process (CsAgent.exe) is a component of the HSM suite, and listens on TCP port 2000.

continue reading.....

o3 magazine were at Ohio LinuxFest 2007, live coverage from the event as well as a full round up is available on the o3 @ Ohio LinuxFest blog. Some photos from the event, along with the more Enterprise related happens from the event.

continue reading.....

Novell ( makers of SUSE Linux ) had a great 243 percent increase in business due to their new partnership with Microsoft of Redman Washington. Now I can see maybe a small percentage of profit but 243 percent! That’s huge!

continue reading.....

Rubinius is important. A whole lot of folks agree.Ola Bini wrote up a whole post abouthow important he thinks it is. In it, he writes:

continue reading.....

2,500 years ago, the Chinese philosopher Confucius asked Lao-tzu, the founder of Taoism, “What is Tao?” Lao-tzu opened his mouth but said nothing. Confucius left with a smile, but his students were puzzled. Confucius explained, “Lao-tzu has passed us the Tao. In his mouth, there are no teeth but only a tongue. The hard ones (teeth) died, but the soft one (the tongue) lives; the soft power is stronger than the hard power. That’s the Tao!”

continue reading.....

Wendy Seltzer asks, Which is more open: the Nokia N95 or the iPhone? Regardless of the answer, I’m wondering if there’s an objective way to score openness… perhaps a kind of in-the-wild folksonomic list of deal-makers and deal-killers.

Rather than bias the list, I thought I’d just put the idea out there to start with, and see what variables ya’ll would like to see on the list.

continue reading.....