---

VNU Net: Red Hat Plans Automated Security Updates

By John Leyden, VNU Net

Linux vendor Red Hat has revealed that it plans to include a
service with its distribution of Linux that will automatically
update systems with the latest security patches.

The move comes after a warning from security advisory group Cert
last weekend of widespread attacks on internet servers that target
security vulnerabilities for which fixes are readily available. A
large number of hosts, many of them running Red Hat Linux, have
been affected, according to Cert.

Colin Tenwick, European general manager at Red Hat, said that,
alongside other vendors, it had issued patches to correct the
problems but said more was needed to make the updating process
easier for end users.

“We do everything we can to make people aware of the
availability of updated software,” said Tenwick, adding that this
process needs to become more effective.

“Over the next few months we’ll be making announcements about
the automatic distribution of software. Automatic services and new
ways to update software will take away the burden on administrators
of keeping up to date.”

However, Malcolm Skinner, product marketing manager at security
firm Axent, said that many companies would balk at having
unsolicited software entering their networks, which might itself be
a security risk. Email alerts of security notices are far from
perfect, said Skinner, but they are the best mechanism for updates
we have at present.

“In theory, automatic updates are a good idea but many companies
like to exercise change control,” he said, adding that systems
managers have a responsibility to make sure software is up to
date.

The Cert alert warned that hackers are using automated tools to
probe for and exploit vulnerable internet hosts on a widespread
scale.

These searches are targeting systems that have versions of
either the rpc.statd program or versions of the wu-ftpd file
transfer protocol package, which have not been patched with
security fixes. This is proving a potent attack technique because
vendors have issued fixes for input validation error in these
packages but these have not been applied in many cases – leaving
the door open for hackers.

Once vulnerable hosts are discovered, attackers are installing
Trojan horse and denial of service tools on victims’ machines – a
process which closely resembles that which happened prior to the
distributed denial of service attacks that paralysed many internet
sites in February.

In a security notice, Cert warned: “The combination of
widespread, automated exploitation of two common vulnerabilities
and an associated increase in distributed denial of service tool
installation poses a significant threat to internet sites and the
internet infrastructure.”

Cert has recorded more than 560 hosts at 220 internet sites,
being part of a Tribe Flood Network 2000 distributed denial of
service network.