Forwarded by: vuln-newsletter-adminsat_private +----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 27th, 2001 Volume 2, Number 30a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability This week, advisories were released for sugid-exec, telnet, ssh, procmail, squid, sendmsg, xil, imp, elm, and phplib. The vendors include Calera, Conectiva, FreeBSD, Mandrake, NetBSD, Red Hat, SuSE, Trustix. EnGarde Secure Linux v1.0.1 - EnGarde is a secure distribution of Linux engineered from the ground-up to provide organizations with the level of security required to create a corporate Web presence or even conduct e-business on the Web. It can be used as a Web, DNS, e-mail, database, e-commerce, and general Internet server where security is a primary concern. --> Download: http://www.engardelinux.org/download.html HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | sugid-exec | ----------------------------// +---------------------------------+ A race condition between the setuid/setgid handling in the execve(2) system call and the ptrace(2) system call can allow a local user to cause a setuid-root executable to execute arbitrary code as the superuser. NetBSD ftp://ftp.netbsd.org/pub/NetBSD/security/patches/ SA2001-009-ptrace-1.5.patch NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-1514.html +---------------------------------+ | telnet | ----------------------------// +---------------------------------+ A vulnerability in all BSD derived implementations of the TELNET server daemon was published during the weekend that allows attackers to gain root privilege on the attacked machine. OpenLinux 2.3: ftp://ftp.caldera.com/pub/openlinux/updates/2.3/022/ RPMS/netkit-telnet-0.16-1.i386.rpm Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1513.html FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/ SA-01:49/telnetd.patch FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1512.html +---------------------------------+ | ssh 3.0 | ----------------------------// +---------------------------------+ A potential remote root exploit has been discovered in SSH Secure Shell 3.0.0, for Unix only, concerning accounts with password fields consisting of two or fewer characters. Unauthorized users could potentially log in to these accounts using any password, including an empty password. This affects SSH Secure Shell 3.0.0 for Unix only. This is a problem with password authentication to the sshd2 daemon. The SSH Secure Shell client binaries (located by default in /usr/local/bin) are not affected. SSH Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1511.html NetBSD Users Please see vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-1515.html +---------------------------------+ | Procmail | ----------------------------// +---------------------------------+ Procmail, an autonomous mail processor, as shipped in Red Hat Linux 5.2, 6.2, 7, and 7.1, handles signals unsafely. i386: Linux 7.1 ftp://updates.redhat.com/7.1/en/os/i386/ procmail-3.21-0.71.i386.rpm 51ad4ad3241887e2eb631e1799c94972 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1509.html +---------------------------------+ | squid | ----------------------------// +---------------------------------+ New squid packages are available for Red Hat Linux 7.0 that fix a possible security problem with Squid's HTTP accelerator eature. If Squid was configured in accelerator-only mode, it was possible for remote users to portscan machines through the Squid proxy, potentially allowing for access to machines not otherwise available. Red Hat 7.0 ftp://updates.redhat.com/7.0/en/os/i386/ squid-2.3.STABLE4-9.7.i386.rpm adad3217cd16346eb5dcfa13a46d6289 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1510.html Mandrake Linux 8.0: 8.0/RPMS/squid-2.3.STABLE5-1.1mdk.i586.rpm 14153011ab7acbd47931cf9132668c66 http://www.linux-mandrake.com/en/ftp.php3 Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1520.html +---------------------------------+ | sendmsg | ----------------------------// +---------------------------------+ Due to insufficient length checking in the kernel, sendmsg(2) can be used by a local user to cause a kernel trap, or an 'out of space in kmem_map' panic. NetBSD ftp://ftp.netbsd.org/pub/NetBSD/security/patches/ SA2001-011-sendmsg-current.patch NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-1516.html +---------------------------------+ | xil | ----------------------------// +---------------------------------+ xli, aka xloadimage, a image viewer for X11 is used by Netscape's plugger to display TIFF-, PNG- and Sun-Raster-images. The plugger configuration file is /etc/pluggerrc. Due to missing boundary checks in the xli code a buffer overflow could be triggered by an external attacker to execute commands on the victim's system. An exploit is publically available. i386 Intel Platform: SuSE-7.2 ftp://ftp.suse.com/pub/suse/i386/update/7.2/gra2/ xli-1.16-351.i386.rpm d35b3ee5b02bfb1bf4f9d8ccefdfa889 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1517.html +---------------------------------+ | imp | ----------------------------// +---------------------------------+ A remote attacker could trick the server into fetching scripts from another host and then execute them. This could be used to get access to the server running this webmail system. An attacker might also execute malicious javascript code in the browser of an user who is reading an email sent by the attacker with special "javascript:" encodings. Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1519.html +---------------------------------+ | elm | ----------------------------// +---------------------------------+ A buffer overflow exists in the elm email client when handling very long message-ids. This would overwrite other header fields and could potentially cause further damage. Mandrake Linux 8.0: 8.0/RPMS/elm-2.5.5-1.1mdk.i586.rpm 19ea620f1635928c679ccd8a6a1c7d93 http://www.linux-mandrake.com/en/ftp.php3 Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1521.html +---------------------------------+ | phplib | ----------------------------// +---------------------------------+ By providind a value for the the array element $_PHPLIB[libdir], an intruder can force a script to load and execute scripts from another server. This is because the value of $_PHPLIB[libdir] gets initalized *only* if not already set. http://www.trustix.net/errata/trustix-1.5/ 9d3f0706c8c91d5e25a2477b2e764bdd Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1522.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 07:39:59 PDT