[ISN] Linux Advisory Watch - August 17th 2001

From: InfoSec News (isnat_private)
Date: Sat Aug 18 2001 - 01:29:23 PDT
Next message: InfoSec News: "[ISN] FBI Investigating Missing Briefcase"
Previous message: InfoSec News: "[ISN] The Code Red worm can cause minor Mac problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux  Advisory Watch  |
|  August 10th, 2001                        Volume 2, Number 33a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                  Benjamin Thomas
               daveat_private       benat_private
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for fetchmail, telnet, groff, imp,
windowmaker, and openldap.  The vendors include Caldera, Conectiva,
Debian, EnGarde, and Mandrake.  As always, it is important to maintain an
updated system. Many of the vulnerabilities discussed this week are fixes
for remote root exploits.

Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-requestat_private with "subscribe"
as the subject.

PacketStorm Security named EnGardeLinux.com, the Official Site for the
Engarde Secure Linux distribution, "Site of The Week". PacketStorm
Security is known as one of the largest and highly regarded security sites
on the Internet, offering the latest security exploits, articles and
tools. We would like to thank our friends at PacketStorm for the
prestigious honor.

http://www.linuxsecurity.com/articles/projects_article-3478.html 
  

HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html
 
+---------------------------------+
|  fetchmail                      | ----------------------------//
+---------------------------------+
  
Salvatore Sanfilippo found two remotely exploitable problems in fetchmail
while doing a security audit. In both the imap and pop3 code the input is
not verified and used to store a number in an array. Since no bounds
checking is done this can be used by an attacker to write arbitrary data
in memory. An attacker can use this if we can get a user to transfer mail
from a custom imap or pop3 server he controls.

 Debian  Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/fetchmail_5.3.3-3_i386.deb 
 MD5 checksum: 1d9e300f957b35486e2aefcff87e43c7 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1546.html

 EnGarde Binary Packages: 
 i386/fetchmail-ssl-5.8.17-1.0.3.i386.rpm 
 MD5 Sum:  244840700bfbb09078ff246791ae49a3 

 i686/fetchmail-ssl-5.8.17-1.0.3.i686.rpm 
 MD5 Sum:  03e5c25d5ba62f4370c1e234f1b3b5dd 

 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1555.html



+---------------------------------+
|  net-kit / AYT telnet           | ----------------------------//
+---------------------------------+ 
 

The telnet daemon contained in the netkit-telnet_0.16-4potato1 package in
the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an
exploitable overflow in its output handling.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 telnet_0.16-4potato.2_i386.deb 
 MD5 checksum: 9bdc63c4b0dee55a5ded30203edfd619 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1545.html 

 Updated Debian Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1554.html 
  
  
 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1551.html 
  
 Mandrake Linux 8.0: 
 8.0/RPMS/telnet-0.17-7.1mdk.i586.rpm 
 77cb8c2f140eb51ff0e303b228585213 

 8.0/RPMS/telnet-server-0.17-7.1mdk.i586.rpm 
 9bcd5a4bb716f6ae25beb0460996665f 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1552.html 

  

+---------------------------------+
|  groff                          | ----------------------------//
+---------------------------------+ 
 
Zenith Parse found a security problem in groff (the GNU version of troff).
The pic command was vulnerable to a printf format attack which made it
possible to circumvent the -S option and execute arbitrary code.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/groff_1.15.2-2_i386.deb 
 MD5 checksum: cec3f02dd9c9fc020dd93e0437368a25 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1547.html


+---------------------------------+
|  imp                            | ----------------------------//
+---------------------------------+ 
 
A PHPLIB vulnerability allowed an attacker to provide a value for the
array element $_PHPLIB[libdir], and thus to get scripts from another
server to load and execute.  This vulnerability is remotely exploitable.  
(Horde 1.2.x ships with its own customized version of PHPLIB, which has
now been patched to prevent this problem

 Debian Architecture independent archives: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-all/horde_1.2.6-0.potato.1_all.deb 
 MD5 checksum: 397e13b5242dda2fe381cd1b8dd43140 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-all/imp_2.2.6-0.potato.1_all.deb 
 MD5 checksum: 22ceec9831933491ce0af72f6f437a9c 

 Debian Vendor Advisory: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-all/imp_2.2.6-0.potato.1_all.deb



+---------------------------------+
|  windowmaker                    | ----------------------------//
+---------------------------------+ 
 
Alban Hertroys found a buffer overflow in Window Maker (a popular window
manager for X). The code that handles titles in the window list menu did
not check the length of the title when copying it to a buffer. Since
applications will set the title using untrusted data (for example web
browsers will set the title of their window to the title of the web-page
being shown) this could be exploited remotely.


 Debian: PLEASE SEE VENDOR ADVISORY 
 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1549.html 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1550.html 
  
 


+---------------------------------+
|  openldap                       | ----------------------------//
+---------------------------------+ 
 
CERT released an advisory that details a number of vulnerabilities as
found in a variety of different LDAP implementations.  The results of
these tests showed one vulnerability in OpenLDAP with slapd not handling
packets with certain invalid fields.  A malicious attacker could craft
such invalid packets, resulting in a denial of service attack on the
affected server.

 Mandrake: PLEASE SEE VENDOR ADVISORY 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1553.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
Next message: InfoSec News: "[ISN] FBI Investigating Missing Briefcase"
Previous message: InfoSec News: "[ISN] The Code Red worm can cause minor Mac problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Sat Aug 18 2001 - 06:59:20 PDT