[ISN] Linux Advisory Watch - October 12th 2001

From: InfoSec News (isn@c4i.org)
Date: Mon Oct 15 2001 - 01:03:52 PDT
Next message: InfoSec News: "Re: [ISN] Info Security 'Teachers' Need More Learning"
Previous message: InfoSec News: "[ISN] Keeping track of changes vital for cyber crime cell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  October 12th, 2001                       Volume 2, Number 41a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 

Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for slrn, most, uucp, squid, Mandrake
8.1 kernel, sendmail, lprold, and zope.  The Vendors include Caldera,
FreeBSD, Mandrake, Progeny, Red Hat, and SuSE.
 
Lock down your network! The EnGarde Linux distribution was designed from
the ground up as a secure solution, starting with the principle of least
privilege, and carrying it through every aspect of its
implementation.http://www.engardelinux.org
  
Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments.
 
 To subscribe send an e-mail to:
 security-discuss-request@linuxsecurity.com 

The EnGarde distribution was designed from the ground up as a secure
solution, starting with the principle of least privilege, and carrying it
through every aspect of its implementation.
 
* http://www.engardelinux.org 
 

+---------------------------------+
|  slrn                           | ----------------------------//
+---------------------------------+
 
The slrn package, a threaded news reader, is susceptible to remote command
invocation in Progeny versions prior to 0.9.6.2-9potato2.

 Progeny: i386 
 http://archive.progeny.com/progeny/updates/newton/ 
 5efc319eb969c761dda2a26bfaf87110 
 slrn_0.9.6.2-9potato2_i386.deb 
 1b72b7ac4a8c495cc9c74b2f7b52e471 
 slrnpull_0.9.6.2-9potato2_i386.deb 

 Progeny Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1625.html



+---------------------------------+
|  most                           | ----------------------------//
+---------------------------------+
 
Pavel Machek found a buffer overflow in the "most" pager program.  The
problem is part of most's tab expansion where the program would write
beyond the bounds two array variables when viewing a malicious file.  
This could lead into other data structures being overwritten, which in
turn could enable "most" to execute arbitrary code being able to
compromise the user's environment.

 Progeny: i386 
 http://archive.progeny.com/progeny/updates/newton/ 
 most_4.9.2-1progeny1_i386.deb 
 8e26b5b97cf2654bbfd2027afdd25e88 

 Progeny Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1626.html


+---------------------------------+
|  uucp                           | ----------------------------//
+---------------------------------+
 
zen-parse found a problem with Taylor UUCP as distributed with many Linux
distributions.  Due to incorrect argument handling in a component of the
Taylor UUCP package, it is possible for local users to gain uid/gid uucp.

 Progeny: i386 
 http://archive.progeny.com/progeny/updates/newton/ 
 7f474134296bfeb6d03579f16843bd82 

 uucp_1.06.1-11potato1progeny2_i386.deb 
 Progeny Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1627.html 
  

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/ 
 patches/SA-01:62/uucp.patch 

 FreeBSD Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1629.html


  
+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+
 
A remote attacker may use the squid server in order to issue requests to
hosts that are otherwise inaccessible.  Because the squid server processes
these requests as HTTP requests, the attacker cannot send or retrieve
arbitrary data.  However, the attacker could use squid's response to
determine if a particular port is open on a victim host. Therefore, the
squid server may be used to conduct a port scan.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/www/squid-2.3_1.tgz 

 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/www/squid-2.4_5.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1628.html


  
+---------------------------------+
|  Kernel: Mandrake 8.1           | ----------------------------//
+---------------------------------+
 
Alexander Viro discovered a vulnerability in the devfs implementation that
is shipped with Mandrake Linux 8.1.  We are aware of the problem and are
currently working on a solution.  As a workaround, until an update becomes
available, please boot with the devfs=nomount option.


 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1630.html



+---------------------------------+
|  htdig                          | ----------------------------//
+---------------------------------+
 
The htsearch CGI runs as both the CGI and as a command-line program.  The
command-line program accepts the -c [filename] to read in an alternate
configuration file. On the other hand, no filtering is done to stop the
CGI program from taking command-line arguments, so a remote user can force
the CGI to stall until it times out (resulting in a DOS) or read in a
different configuration file.

 PLEASE SEE VENDOR ADVISORY 
 htdig Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1631.html 
  

 Caldera: i386 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/ 
 Server/current/RPMS 
 33b12c381170e69267ffff170b5e7cdc 
 RPMS/htdig-3.1.5-8.i386.rpm 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1632.html


  
+---------------------------------+
|  sendmail                       | ----------------------------//
+---------------------------------+
 
There is a permission problem in the default setup of sendmail in all
OpenLinux versions, which allows a local attacker to cause a denial of
service attack effectively stopping delivery of all mails from the current
system.

 Caldera: 
 PLEASE SEE VENDOR ADVISORY 
 Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1633.html


  
  
+---------------------------------+
|  prold                          | ----------------------------//
+---------------------------------+
  
ISS X-Force reported an overflow in BSD's lineprinter daemon shipped with
the lprold package in SuSE Linux. Due to missing bounds checks in the
lockfile processing function, internal buffers may overflow. Bounds checks
have been added to fix that problem.  Additionally the SuSE Security Team
uncovered other security releated bugs in lpd while analyzing lpd source
after receiving the X-Force advisory.

These bugs allows users on machines listed in /etc/hosts.lpd or
/etc/hosts.equiv to chown any file on the system running lpd to any user.
In order to trigger any of the fixed bugs (including the overflow) the
attackers machine must be listed in one of these two access-files and the
attacker usually needs root on these machines due to the privileged-port
requirement.

 i386 Intel Platform:  SuSE-7.2 
 ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/l 
 prold-3.0.48-272.i386.rpm 
 23b8251411a557563cb314102f405d31 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1634.html


  


+---------------------------------+
|  zope                           | ----------------------------//
+---------------------------------+
 
The updated packages include a "hotfix" product which addresses a security
problem with DTML scripting, as described in the Hotfix_2001-09-28
README.txt file: "The issue involves the fmt attribute of dtml-var tags.
Without this correction, Zope does not check security access to methods
invoked through fmt.  This issue could allow partially trusted users with
enough knowledge of Zope to call, in a limited way, methods they would not
otherwise be allowed to access."

 Red Hat: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1635.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Next message: InfoSec News: "Re: [ISN] Info Security 'Teachers' Need More Learning"
Previous message: InfoSec News: "[ISN] Keeping track of changes vital for cyber crime cell"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 15:36:24 PDT