In-Depth

Alerts: Linux Vulnerabilities, Security Spending, Symantec's List of Top Threats in November

From Linux synchronization and denial of service attacks to some good news about spending on security—a quick look at this week's other security news.

• By Mathew Schwartz
• 12/17/2003

Linux Buffer Overflow Vulnerability

Versions of Linux rsync from 2.x—prior to 2.5.7w—are vulnerable to buffer overflow attacks, reports security information provider Secunia.

Rsync is used to keep files and directories on different Linux computers synchronized.

To fix the problem, upgrade to 2.5.7. Until that’s possible, Secunia recommends users “filter traffic to the rsync service (port 873/tcp) allowing only trusted systems to connect.” Time is of the essence, as “this vulnerability has already been exploited to compromise servers on the Internet in combination with a Linux privilege escalation vulnerability.” A successful attack, in conjunction with attacks on other known vulnerabilities, could give an attacker root access.

For more information: http://www.secunia.com/advisories/10353

Red Hat Update Against Denial of Service Attack

Red Hat—maker of the popular Linux distribution—released a free update to FreeRADIUS 0.9.3 to mitigate denial-of-service and remote system access attacks. Affected operating systems are RedHat Enterprise Linux AS 3 and RedHat Enterprise Linux ES 3.

Secunia warns the vulnerability is “highly critical,” especially since code to attack the vulnerability is already publicly available.

FreeRADIUS, notes Red Hat, is “an Internet authentication daemon, which implements the RADIUS protocol. It allows Network Access Servers (NAS boxes) to performauthentication for dial-up users.” A malformed string attribute can be used to create a denial of service or possibly access a system remotely.

Visit the Red Hat site to get the update. The company also notes an easy way to update is via the Red Hat Network—“launch the Red Hat Update Agent with the following command: up2date”—which will load appropriate files.Link: http://rhn.redhat.com/errata/RHSA-2003-386.html

META Group Says Security Spending on the Rise

How’s this for security spending increases: 3.2 percent in 2001, 7.6 percent in 2002, and a predicted 8.2 percent for 2003. In short, security spending is on the rise, and security is lucky; 66 percent of companies say other IT programs have seen no similar increase.

Those numbers come from META Group’s 2004 Worldwide IT Benchmark Report.

Analyzing the findings, Howard Rubin of META notes, "Aside from security spending, we also saw an increase in development activity.” In addition, “because of tightened budgets, more emphasis was placed on integrating and extending existing applications rather than implementing new packaged applications."

Expect future security spending especially in the insurance and manufacturing industries, says Rubin, since they’ve been most nimble on restructuring during these lean years.

Microsoft Leads Symantec’s “New Vulnerability” List

Symantec released its list of the top 10 malicious threats and vulnerabilities affecting North America for November 2003.

For threats, W32.Bugbear.B@mm led the pack with over eight percent of reports, followed by Downloader.MSCache and W32.Mimail.I@mm, each with over four percent.

Symantec also noted the top newly discovered vulnerabilities for the same timeframe. They include an SAP database privilege escalation attack, the Apple MacOS X DHCP response root compromise vulnerability, and a GnuPG key compromise. The other seven vulnerabilities cover Microsoft products, ranging from a Windows Workstation remote buffer overflow vulnerability, to Microsoft FrontPage server extensions remote debug buffer overrun, to an Excel XLM macro security level bypass vulnerability, as well as numerous Internet Explorer threats.