[ISN] Linux Advisory Watch - September 14th 2001

From: InfoSec News (isnat_private)
Date: Mon Sep 17 2001 - 01:59:55 PDT
Next message: InfoSec News: "Re: [ISN] New York Red Cross Needs Tech assistance!"
Previous message: InfoSec News: "Re: [ISN] New York Red Cross Needs Tech assistance!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com			  Linux Advisory Watch	 |
|  September 14th, 2001 		  Volume 2, Number 37a	 |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski	         Benjamin Thomas
               daveat_private    benat_private
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for fetchmail, sendmail, xinetd,
bugzilla, apache-contrib, uucp, and xloadimage.  The vendors include
Caldera, Conectiva, Red Hat, and SuSE.

It has been a tragic week.  Our own Dave Wreski writes, "Today's events
mark more than a display of courage by Americans, an effort to exact
retribution on those who committed this senseless act, and how this
country will be changed as a result. It directly impacts us all on an
international scale as individual architects of the global Internet."

 Special: International Security, Privacy and Solidarity 
 http://www.linuxsecurity.com/feature_stories/feature_story-92.html 
  

Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-requestat_private with "subscribe"
as the subject.

Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
  

+---------------------------------+
|  fetchmail			  | ----------------------------//
+---------------------------------+

Fetchmail versions up to 5.8.9 are susceptible to remote attacks from
malicious servers.  When fetchmail attempts to create an index of messages
in the remote mailbox being polled, it uses index numbers sent by the
server as an index into an internal array. If a server sends fetchmail a
negative number, fetchmail will attempt to write data outside the bounds
of the array.

  Red Hat 7.1: i386: 

  ftp://updates.redhat.com/7.1/en/os/i386/ 
  fetchmail-5.9.0-0.7.1.i386.rpm 
  50d7a9d1276701fc425a6bc42d9e4e95 

  ftp://updates.redhat.com/7.1/en/os/i386/ 
  fetchmailconf-5.9.0-0.7.1.i386.rpm 
  77e22d5c9d02d26ba9013df9e25ee71d 

  Red Hat Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/redhat_advisory-1601.html


  
+---------------------------------+
|  sendmail			  | ----------------------------//
+---------------------------------+

An input validation error in the debugging functionality of all currently
released versions of sendmail can enable a local user to gain root access.  
New packages that fix this problem are available for Red Hat Linux 5.2,
6.2, 7.0, and 7.1.

  i386: 
  ftp://updates.redhat.com/7.1/en/os/i386/ 
  sendmail-8.11.6-1.7.1.i386.rpm 
  15237d7b23d9108f8dd1c42e3091d37a 

  ftp://updates.redhat.com/7.1/en/os/i386/ 
  sendmail-cf-8.11.6-1.7.1.i386.rpm 
  8768f3d21e52716dfb6af035fe0760ff 

  ftp://updates.redhat.com/7.1/en/os/i386/ 
  sendmail-doc-8.11.6-1.7.1.i386.rpm 
  2e167dfbeade1d2cb6641ce3a901ed43 

  Red Hat Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/redhat_advisory-1602.html


  
+---------------------------------+
|  xinetd			  | ----------------------------//
+---------------------------------+

A security audit has been done by Solar Designer on xinetd, and the
results are now being made available as a preemptive measure. Also,
memsetting too much memory to 0 would eventually lead to segfaults when
executing services. This internal bug was fixed.

  Red Hat 7.1: i386: 

  ftp://updates.redhat.com/7.1/en/os/i386/ 
  xinetd-2.3.3-1.i386.rpm 
  548a0c82a06b69d1c24ed6f23dfd14f3 

  Red Hat Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/redhat_advisory-1603.html


  
+---------------------------------+
|  bugzilla			  | ----------------------------//
+---------------------------------+

The updated bugzilla package fixes numerous security issues which were
present in previous releases of bugzilla.

  Red Hat 7.1  i386: 
  ftp://updates.redhat.com/7.1/en/powertools/i386/ 
  perl-Chart-0.99c.pre3-1.i386.rpm 
  90dd575efe9bb5fa967b78be84f2bcd9 

  ftp://updates.redhat.com/7.1/en/powertools/i386/ 
  perl-GD-1.33-1.i386.rpm 
  1e1babf666f35b529dd4831e8d4f49a6 

  ftp://updates.redhat.com/7.1/en/powertools/i386/ 
  perl-DBD-MySQL-1.2215-1.i386.rpm 
  2867be3dbdc4c2fdc3d026578d55b4aa 

  Red Hat Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/redhat_advisory-1604.html


  
+---------------------------------+
|  apache-contrib		  | ----------------------------//
+---------------------------------+

The Apache module mod_auth_mysql 1.4,which is shipped since SuSE Linux
7.1, was found vulnerable to possible bypass authentication by MySQL
command injection.  An adversary could insert MySQL commands along with a
password and these commands will be interpreted by MySQL while
mod_auth_mysql is doing the password lookup in the database. A positive
authentication could be returned.

  SuSE-7.2 

  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/ 
  apache-contrib-1.0.9-94.i386.rpm 
  7c84f6c3f8aaf2b96a312fea4d36abce 

  SuSE Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/suse_advisory-1605.html

  
  
+---------------------------------+
|  uucp 			  | ----------------------------//
+---------------------------------+

There is a argument handling problem which allows a local attacker to gain
access to the uucp group. Using this access the attacker could use badly
written scripts to gain access to the root account.

  PLEASE SEE VENDOR ADVISORY 

  Caldera Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/caldera_advisory-1606.html 

  Conectiva Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-1608.html



+---------------------------------+
|  xloadimage			  | ----------------------------//
+---------------------------------+

A buffer overflow exists in xli due to missing boundary checks.  This
could be triggered by an external attacker to execute commands on the
victim's machine.  An exploit is publically available. xli is an image
viewer that is used by Netscape's plugger to display TIFF, PNG, and
Sun-Raster images.

  Mandrake Linux 8.0: 

  8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm 
  f1eff4c239eaebb0ff41f169de8ccd3e 
  http://www.linux-mandrake.com/en/ftp.php3 

  Mandrake Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/mandrake_advisory-1609.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
Next message: InfoSec News: "Re: [ISN] New York Red Cross Needs Tech assistance!"
Previous message: InfoSec News: "Re: [ISN] New York Red Cross Needs Tech assistance!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 06:13:48 PDT