+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | November 9th, 2001 Volume 2, Number 45a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlinesthe security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for procmail, lpd, webalizer, sendmail, w3m, htdig, iptables, and the Linux kernel. The vendors include Caldera, Conectiva, EnGarde, Red Hat, and SuSE. Setup a Rock-Solid Server in Minutes! The EnGarde Linux distribution was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. http://www.engardelinux.org ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd90.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------------------+ | procmail | ----------------------------// +---------------------------------+ Procmail is an incoming mail processor, typically used to implement mail filters as well as sorting incoming mail into folders. There are several signal handling race conditions in procmail that could be used by a local attacker to gain root privileges. Conectiva: 7.0 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ procmail-3.22-1U70_2cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1685.html +---------------------------------+ | lpd | ----------------------------// +---------------------------------+ There are multiple vulnerabilities in several implementations of the line printer daemon (lpd). The line printer daemon enables various clients to share printers over a network. Review your configuration to be sure you have applied all relevant patches. We also encourage you to restrict access to the lpd service to only authorized users. PLEASE SEE LPD ADVISORY LDP Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1686.html +---------------------------------+ | webalizer | ----------------------------// +---------------------------------+ An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place. This is possible due to missing sanity checks on untrusted data - hostnames and search keywords in this case - that are received by webalizer. This kind of attack is also known as "Cross-Site Scripting Vulnerability". i386 Intel Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ webalizer-2.01.06-140.i386.rpm 3525fd6ab9c27be34edad9bef05ff061 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1687.html +---------------------------------+ | sendmail | ----------------------------// +---------------------------------+ An input validation error exists in Sendmail's debugging functionality. This could be used by an unauthorized user to gain privilege. Caldera: ftp://stage.caldera.com/pub/security/openunix/ CSSA-2001-SCO.31/sendmail.Z d6fbe6e6ab98a0170c2d5029b4ade1bf Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1688.html +---------------------------------+ | w3m | ----------------------------// +---------------------------------+ Ogasawara Satoshi and Kobayashi Shigehiro discovered a vulnerability[1] in a MIME header parsing routine. A malicious web server administrator could execute arbitrary code in the client machine by sending malformed MIME headers inside the server HTTP responses. Conectiva: ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ w3m-0.2.1-4U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1690.html +---------------------------------+ | htdig | ----------------------------// +---------------------------------+ In the previous version, the htsearch CGI script used to accept the -c switch remotely--asking htdig to use a different configuration file. The update removes this potential exploit. Red Hat 7.2 i386: ftp://updates.redhat.com/7.2/en/os/i386/ htdig-3.2.0-1.b4.0.72.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/ htdig-web-3.2.0-1.b4.0.72.i386.rpm Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1691.html +---------------------------------+ | iptables | ----------------------------// +---------------------------------+ A new version of iptables fixing various minor security problems and some other bugs is available. Red Hat i386: ftp://updates.redhat.com/7.2/en/os/i386/iptables-1.2.4-2.i386.rpm 6434f2a021ac8ca30b04d3f560f7a76a ftp://updates.redhat.com/7.2/en/os/i386/i ptables-ipv6-1.2.4-2.i386.rpm b8abccb90b6a019a8c0ca5f4c43da8b5 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1689.html +---------------------------------+ | kernels | ----------------------------// +---------------------------------+ There are is a vulnerability in the kernel's syncookie code which can allow a remote attacker to potentially guess the cookie and bypass firewall rules. Some firewall systems implement rules based on the TCP flags set. They may drop or reject incoming packets that have the SYN bit set, which normally indicates the start of a new connection. It is possible for an attacker to flood the server with SYN packets, causing a DoS attack. To protect against this DoS the kernel implements something called "syncookies". PLEASE SEE VENDOR ADVISORY SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1680.html Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1681.html Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1682.html EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1683.html Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1684.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 07:12:12 PST