Skip to content

Entries tagged "security".

CVE-2010-3081

CVE-2010-3081 is one ugly son of a b*tch.
If you are running x86_64 Linux kernel make sure to check if you have been pwned.
Details here.
Exploit and diagnostic tool here.

Colin Percival no longer Security Officer for FreeBSD

Because I still don't have a proper RSS reading system in place I almost missed this. Here goes:

On the 21st of June Colin Percival, FreeBSD's security office for the past 7 years has announced on this blog that he is stepping down from this position due to time constraints involving his day job.

From this dark, cold and forgotten corner of the Internet galaxy I wish Colin all the best with his business and thanks for all the fish[1]!



[1] - Thanks to Colin we have had a pretty secure FreeBSD over the years, a great ports management utility - portsnap, a very secure backup service - Tarsnap and of course scrypt! Also, people enjoying FreeBSD on Amazon's cloud thingy also have Colin to thank.

10 years of SELinux

Apparently the EL and Fedora world has been using SELinux for 10 years now. It also made it in Debian.
Here's a very nice article about it:
 We are celebrating the SELinux 10th year anversary this year. Hard to believe it.
 SELinux was first introduced in Fedora Core 3 and later in Red Hat Enterprise Linux 4. 
 For those who have never used SELinux, or would like an explanation...

 SElinux is a labeling system. Every process has a label. 
Every file/directory object in the operating system has a label.
Even network ports, devices, and potentially hostnames have labels assigned to them. 
 We write rules to control the access of a process label to an a object label like a file. We call this policy. The kernel enforces the rules.
Sometimes this enforcement is called Mandatory Access Control (MAC). 

 The owner of an object does not have discretion over the security attributes of a object.
Standard Linux access control, owner/group + permission flags like rwx, is often called Discretionary Access Control (DAC).
SELinux has no concept of UID or ownership of files. Everything is controlled by the labels. Meaning an SELinux system can be setup without an all powerful root process.
Read more ...

The poodle bites the web

Heartbleed is not even cold in its grave and here comes another SSL vulnerability: Poodle.
You can read more about it here and there, tl;dr it exploits a weakness in SSLv3 to allow MITM attacks:
https://www.imperialviolet.org/2014/10/14/poodle.html (local copy)
http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

To fix this in Apache HTTPD edit your ssl configuration file (eg /etc/httpd/conf.d/ssl.conf in CentOS) to have this SSLProtocol line:
SSLProtocol all -SSLv2 -SSLv3
If you're running CPanel there's more you need to do:
- go in "Home » Service Configuration » cPanel Web Services Configuration" and add ":-SSLv3"
- go in "Home »Service Configuration »Apache Configuration»Include Editor", add the following in "Pre Main Include":
SSLProtocol All -SSLv2 -SSLv3
- be warned than on older CPanel installations (CentOS 5), removing SSLv3 (:-SSLV3) from the cipher list might cause Apache not to start at all.


- If you are running Webmin/Virtualmin:
echo ssl_version=10 >> /etc/webmin/miniserv.conf
service webmin restart
- also be warned that these changes may affect some older browsers, such as IE6, test before you change.