[ISN] Linux Advisory Watch - September 14th 2001

From: InfoSec News (isnat_private)
Date: Mon Sep 17 2001 - 01:59:55 PDT

  • Next message: InfoSec News: "Re: [ISN] New York Red Cross Needs Tech assistance!"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com			  Linux Advisory Watch	 |
    |  September 14th, 2001 		  Volume 2, Number 37a	 |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski	         Benjamin Thomas
                   daveat_private    benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for fetchmail, sendmail, xinetd,
    bugzilla, apache-contrib, uucp, and xloadimage.  The vendors include
    Caldera, Conectiva, Red Hat, and SuSE.
    
    It has been a tragic week.  Our own Dave Wreski writes, "Today's events
    mark more than a display of courage by Americans, an effort to exact
    retribution on those who committed this senseless act, and how this
    country will be changed as a result. It directly impacts us all on an
    international scale as individual architects of the global Internet."
    
     Special: International Security, Privacy and Solidarity 
     http://www.linuxsecurity.com/feature_stories/feature_story-92.html 
      
    
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    
    Linux Advisory Watch is a comprehensive newsletter that outlinesthe
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
      
    
    +---------------------------------+
    |  fetchmail			  | ----------------------------//
    +---------------------------------+
    
    Fetchmail versions up to 5.8.9 are susceptible to remote attacks from
    malicious servers.  When fetchmail attempts to create an index of messages
    in the remote mailbox being polled, it uses index numbers sent by the
    server as an index into an internal array. If a server sends fetchmail a
    negative number, fetchmail will attempt to write data outside the bounds
    of the array.
    
      Red Hat 7.1: i386: 
    
      ftp://updates.redhat.com/7.1/en/os/i386/ 
      fetchmail-5.9.0-0.7.1.i386.rpm 
      50d7a9d1276701fc425a6bc42d9e4e95 
    
      ftp://updates.redhat.com/7.1/en/os/i386/ 
      fetchmailconf-5.9.0-0.7.1.i386.rpm 
      77e22d5c9d02d26ba9013df9e25ee71d 
    
      Red Hat Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/redhat_advisory-1601.html
    
    
      
    +---------------------------------+
    |  sendmail			  | ----------------------------//
    +---------------------------------+
    
    An input validation error in the debugging functionality of all currently
    released versions of sendmail can enable a local user to gain root access.  
    New packages that fix this problem are available for Red Hat Linux 5.2,
    6.2, 7.0, and 7.1.
    
      i386: 
      ftp://updates.redhat.com/7.1/en/os/i386/ 
      sendmail-8.11.6-1.7.1.i386.rpm 
      15237d7b23d9108f8dd1c42e3091d37a 
    
      ftp://updates.redhat.com/7.1/en/os/i386/ 
      sendmail-cf-8.11.6-1.7.1.i386.rpm 
      8768f3d21e52716dfb6af035fe0760ff 
    
      ftp://updates.redhat.com/7.1/en/os/i386/ 
      sendmail-doc-8.11.6-1.7.1.i386.rpm 
      2e167dfbeade1d2cb6641ce3a901ed43 
    
      Red Hat Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/redhat_advisory-1602.html
    
    
      
    +---------------------------------+
    |  xinetd			  | ----------------------------//
    +---------------------------------+
    
    A security audit has been done by Solar Designer on xinetd, and the
    results are now being made available as a preemptive measure. Also,
    memsetting too much memory to 0 would eventually lead to segfaults when
    executing services. This internal bug was fixed.
    
      Red Hat 7.1: i386: 
    
      ftp://updates.redhat.com/7.1/en/os/i386/ 
      xinetd-2.3.3-1.i386.rpm 
      548a0c82a06b69d1c24ed6f23dfd14f3 
    
      Red Hat Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/redhat_advisory-1603.html
    
    
      
    +---------------------------------+
    |  bugzilla			  | ----------------------------//
    +---------------------------------+
    
    The updated bugzilla package fixes numerous security issues which were
    present in previous releases of bugzilla.
    
      Red Hat 7.1  i386: 
      ftp://updates.redhat.com/7.1/en/powertools/i386/ 
      perl-Chart-0.99c.pre3-1.i386.rpm 
      90dd575efe9bb5fa967b78be84f2bcd9 
    
      ftp://updates.redhat.com/7.1/en/powertools/i386/ 
      perl-GD-1.33-1.i386.rpm 
      1e1babf666f35b529dd4831e8d4f49a6 
    
      ftp://updates.redhat.com/7.1/en/powertools/i386/ 
      perl-DBD-MySQL-1.2215-1.i386.rpm 
      2867be3dbdc4c2fdc3d026578d55b4aa 
    
      Red Hat Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/redhat_advisory-1604.html
    
    
      
    +---------------------------------+
    |  apache-contrib		  | ----------------------------//
    +---------------------------------+
    
    The Apache module mod_auth_mysql 1.4,which is shipped since SuSE Linux
    7.1, was found vulnerable to possible bypass authentication by MySQL
    command injection.  An adversary could insert MySQL commands along with a
    password and these commands will be interpreted by MySQL while
    mod_auth_mysql is doing the password lookup in the database. A positive
    authentication could be returned.
    
      SuSE-7.2 
    
      ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/ 
      apache-contrib-1.0.9-94.i386.rpm 
      7c84f6c3f8aaf2b96a312fea4d36abce 
    
      SuSE Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/suse_advisory-1605.html
    
      
      
    +---------------------------------+
    |  uucp 			  | ----------------------------//
    +---------------------------------+
    
    There is a argument handling problem which allows a local attacker to gain
    access to the uucp group. Using this access the attacker could use badly
    written scripts to gain access to the root account.
    
      PLEASE SEE VENDOR ADVISORY 
    
      Caldera Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/caldera_advisory-1606.html 
    
      Conectiva Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/other_advisory-1608.html
    
    
    
    +---------------------------------+
    |  xloadimage			  | ----------------------------//
    +---------------------------------+
    
    A buffer overflow exists in xli due to missing boundary checks.  This
    could be triggered by an external attacker to execute commands on the
    victim's machine.  An exploit is publically available. xli is an image
    viewer that is used by Netscape's plugger to display TIFF, PNG, and
    Sun-Raster images.
    
      Mandrake Linux 8.0: 
    
      8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm 
      f1eff4c239eaebb0ff41f169de8ccd3e 
      http://www.linux-mandrake.com/en/ftp.php3 
    
      Mandrake Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/mandrake_advisory-1609.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 06:13:48 PDT