[ISN] Linux Advisory Watch - September 28th 2001

From: InfoSec News (isnat_private)
Date: Sun Sep 30 2001 - 03:20:01 PDT

  • Next message: InfoSec News: "[ISN] Kournikova virus kiddie gets 150 hours community service" 

    +----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  September 28th, 2001                     Volume 2, Number 39a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               daveat_private     benat_private
 

This week, advisories were released for uucp, man, openssh, squid, and
setserial. The vendors include Conectiva, Mandrake, and Red Hat. It has
been another slow advisory week.  Again, we recommend taking time to make
sure that no previous advisories have been missed.  Our archive is
available:  http://www.linuxsecurity.com/advisories/

  Why deal with Code Red, Nimda, and other worms?

  * Download EnGarde! *

  The EnGarde distribution was designed from the ground up as a
  secure solution, starting with the principle of least privilege,
  and carrying it through every aspect of its implementation.

http://www.engardelinux.org 
  
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-requestat_private with "subscribe"
as the subject.

Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
 

+---------------------------------+
|  uucp                           | ----------------------------//
+---------------------------------+

Zen Parse discovered that an argument handling problem that exists in the
uucp package can allow a local attacker to gain access to the uucp user or
group.

 Mandrake Linux 8.0: 
 http://www.linux-mandrake.com/en/ftp.php3 
 8.0/RPMS/uucp-1.06.1-18.1mdk.i586.rpm 
 1d285f9a496ae17aac3a43faaf93046a 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1613.html




+---------------------------------+
| man                             | ----------------------------//
+---------------------------------+

Updated man packages fixing a local GID man exploit and a potential GID
man to root exploit, as well as a problem with the man paths of Red Hat
Linux 5.x and 6.x.

 Red Hat 7.1 i386: 
 ftp://updates.redhat.com/7.1/en/os/i386/man-1.5i2-0.7x.5.i386.rpm 
 99245cb9189b9e7c91b2241b308ee488 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1614.html




+---------------------------------+
|  openssh                        | ----------------------------//
+---------------------------------+

Users can circumvent the system policy and login from disallowed source IP
addresses. Depending on the order of the user keys in
~/.ssh/authorized_keys2 sshd might fail to apply the source IP based
access control restriction (e.g. from="10.0.0.1") to the correct key: If a
source IP restricted key (e.g. DSA key) is immediately followed by a key
of a different type (e.g. RSA key), then key options for the second key
are applied to both keys, which includes 'from='.'

 Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1617.html





+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+

Vladimir Ivaschenko found a bug[1] which allows a remote attacker to cause
a DoS on the squid proxy service by sending mkdir ftp requests.. Takashi
Taniguchi found a bug[2] that allows malicious users to do portscanning
and other suspect activities using the proxy when it's configured in "http
accelerator mode".

 Conectiva 7.0 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 squid-2.4.1-4U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 squid-auth-2.4.1- 4U70_1cl.i386.rpm  

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 squid-doc-2.4.1-4U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 squid-templates-2.4.1-4U70_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1615.html





+---------------------------------+
|  setserial                      | ----------------------------//
+---------------------------------+
  
The initscript distributed with the setserial package (which is not
installed or enabled by default) uses predictable temporary file names,
and should not be used. setserial-2.17-4 and earlier versions are
affected.  The setserial package comes with an initscript in the
documentation directory.  If this initscript is manually copied into the
init.d directory structure and enabled, and the kernel is recompiled to
have modular serial port support, then the initscript will use a
predictable temporary file name.

 PLEASE SEE ADVISORY FOR UPDATE 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1616.html



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

    This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 05:18:33 PDT