[ISN] Linux Advisory Watch - October 12th 2001

From: InfoSec News (isnat_private)
Date: Mon Oct 15 2001 - 01:03:52 PDT

  • Next message: InfoSec News: "Re: [ISN] Info Security 'Teachers' Need More Learning"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  October 12th, 2001                       Volume 2, Number 41a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
    
    Linux Advisory Watch is a comprehensive newsletter that outlinesthe
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for slrn, most, uucp, squid, Mandrake
    8.1 kernel, sendmail, lprold, and zope.  The Vendors include Caldera,
    FreeBSD, Mandrake, Progeny, Red Hat, and SuSE.
     
    Lock down your network! The EnGarde Linux distribution was designed from
    the ground up as a secure solution, starting with the principle of least
    privilege, and carrying it through every aspect of its
    implementation.http://www.engardelinux.org
      
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments.
     
     To subscribe send an e-mail to:
     security-discuss-requestat_private 
    
    The EnGarde distribution was designed from the ground up as a secure
    solution, starting with the principle of least privilege, and carrying it
    through every aspect of its implementation.
     
    * http://www.engardelinux.org 
     
    
    +---------------------------------+
    |  slrn                           | ----------------------------//
    +---------------------------------+
     
    The slrn package, a threaded news reader, is susceptible to remote command
    invocation in Progeny versions prior to 0.9.6.2-9potato2.
    
     Progeny: i386 
     http://archive.progeny.com/progeny/updates/newton/ 
     5efc319eb969c761dda2a26bfaf87110 
     slrn_0.9.6.2-9potato2_i386.deb 
     1b72b7ac4a8c495cc9c74b2f7b52e471 
     slrnpull_0.9.6.2-9potato2_i386.deb 
    
     Progeny Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1625.html
    
    
    
    +---------------------------------+
    |  most                           | ----------------------------//
    +---------------------------------+
     
    Pavel Machek found a buffer overflow in the "most" pager program.  The
    problem is part of most's tab expansion where the program would write
    beyond the bounds two array variables when viewing a malicious file.  
    This could lead into other data structures being overwritten, which in
    turn could enable "most" to execute arbitrary code being able to
    compromise the user's environment.
    
     Progeny: i386 
     http://archive.progeny.com/progeny/updates/newton/ 
     most_4.9.2-1progeny1_i386.deb 
     8e26b5b97cf2654bbfd2027afdd25e88 
    
     Progeny Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1626.html
    
    
    +---------------------------------+
    |  uucp                           | ----------------------------//
    +---------------------------------+
     
    zen-parse found a problem with Taylor UUCP as distributed with many Linux
    distributions.  Due to incorrect argument handling in a component of the
    Taylor UUCP package, it is possible for local users to gain uid/gid uucp.
    
     Progeny: i386 
     http://archive.progeny.com/progeny/updates/newton/ 
     7f474134296bfeb6d03579f16843bd82 
    
     uucp_1.06.1-11potato1progeny2_i386.deb 
     Progeny Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1627.html 
      
    
     FreeBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/ 
     patches/SA-01:62/uucp.patch 
    
     FreeBSD Vendor Advisory:  
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1629.html
    
    
      
    +---------------------------------+
    |  squid                          | ----------------------------//
    +---------------------------------+
     
    A remote attacker may use the squid server in order to issue requests to
    hosts that are otherwise inaccessible.  Because the squid server processes
    these requests as HTTP requests, the attacker cannot send or retrieve
    arbitrary data.  However, the attacker could use squid's response to
    determine if a particular port is open on a victim host. Therefore, the
    squid server may be used to conduct a port scan.
    
     FreeBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/www/squid-2.3_1.tgz 
    
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/www/squid-2.4_5.tgz 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1628.html
    
    
      
    +---------------------------------+
    |  Kernel: Mandrake 8.1           | ----------------------------//
    +---------------------------------+
     
    Alexander Viro discovered a vulnerability in the devfs implementation that
    is shipped with Mandrake Linux 8.1.  We are aware of the problem and are
    currently working on a solution.  As a workaround, until an update becomes
    available, please boot with the devfs=nomount option.
    
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1630.html
    
    
    
    +---------------------------------+
    |  htdig                          | ----------------------------//
    +---------------------------------+
     
    The htsearch CGI runs as both the CGI and as a command-line program.  The
    command-line program accepts the -c [filename] to read in an alternate
    configuration file. On the other hand, no filtering is done to stop the
    CGI program from taking command-line arguments, so a remote user can force
    the CGI to stall until it times out (resulting in a DOS) or read in a
    different configuration file.
    
     PLEASE SEE VENDOR ADVISORY 
     htdig Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1631.html 
      
    
     Caldera: i386 
     ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/ 
     Server/current/RPMS 
     33b12c381170e69267ffff170b5e7cdc 
     RPMS/htdig-3.1.5-8.i386.rpm 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1632.html
    
    
      
    +---------------------------------+
    |  sendmail                       | ----------------------------//
    +---------------------------------+
     
    There is a permission problem in the default setup of sendmail in all
    OpenLinux versions, which allows a local attacker to cause a denial of
    service attack effectively stopping delivery of all mails from the current
    system.
    
     Caldera: 
     PLEASE SEE VENDOR ADVISORY 
     Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1633.html
    
    
      
      
    +---------------------------------+
    |  prold                          | ----------------------------//
    +---------------------------------+
      
    ISS X-Force reported an overflow in BSD's lineprinter daemon shipped with
    the lprold package in SuSE Linux. Due to missing bounds checks in the
    lockfile processing function, internal buffers may overflow. Bounds checks
    have been added to fix that problem.  Additionally the SuSE Security Team
    uncovered other security releated bugs in lpd while analyzing lpd source
    after receiving the X-Force advisory.
    
    These bugs allows users on machines listed in /etc/hosts.lpd or
    /etc/hosts.equiv to chown any file on the system running lpd to any user.
    In order to trigger any of the fixed bugs (including the overflow) the
    attackers machine must be listed in one of these two access-files and the
    attacker usually needs root on these machines due to the privileged-port
    requirement.
    
     i386 Intel Platform:  SuSE-7.2 
     ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/l 
     prold-3.0.48-272.i386.rpm 
     23b8251411a557563cb314102f405d31 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1634.html
    
    
      
    
    
    +---------------------------------+
    |  zope                           | ----------------------------//
    +---------------------------------+
     
    The updated packages include a "hotfix" product which addresses a security
    problem with DTML scripting, as described in the Hotfix_2001-09-28
    README.txt file: "The issue involves the fmt attribute of dtml-var tags.
    Without this correction, Zope does not check security access to methods
    invoked through fmt.  This issue could allow partially trusted users with
    enough knowledge of Zope to call, in a limited way, methods they would not
    otherwise be allowed to access."
    
     Red Hat: 
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1635.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 03:15:46 PDT