[ISN] Linux Advisory Watch - November 9th 2001

From: InfoSec News (isnat_private)
Date: Mon Nov 12 2001 - 01:42:23 PST

  • Next message: InfoSec News: "Re: [ISN] Hacker watchdog group in the works"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  November 9th, 2001                       Volume 2, Number 45a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlinesthe
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for procmail, lpd, webalizer,
    sendmail, w3m, htdig, iptables, and the Linux kernel.  The vendors include
    Caldera, Conectiva, EnGarde, Red Hat, and SuSE.
     
    Setup a Rock-Solid Server in Minutes!  The EnGarde Linux distribution was
    designed from the ground up as a secure solution, starting with the
    principle of least privilege, and carrying it through every aspect of its
    implementation.
    
    http://www.engardelinux.org 
       
    
     ** FREE Apache SSL Guide from Thawte **
     
     Planning Web Server Security? Find out how to implement SSL!
     Get the free Thawte Apache SSL Guide and find the answers to all 
     your Apache SSL security issues and more at: 
     
     http://www.gothawte.com/rd90.html 
     
     
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    
    
    
    +---------------------------------+
    |  procmail                       | ----------------------------//
    +---------------------------------+
    
    Procmail is an incoming mail processor, typically used to implement mail
    filters as well as sorting incoming mail into folders. There are several
    signal handling race conditions in procmail that could be used by a local
    attacker to gain root privileges.
    
     Conectiva: 7.0 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     procmail-3.22-1U70_2cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1685.html
    
    
      
    +---------------------------------+
    |  lpd                            | ----------------------------//
    +---------------------------------+
    
    There are multiple vulnerabilities in several implementations of the line
    printer daemon (lpd).  The line printer daemon enables various clients to
    share printers over a network. Review your configuration to be sure you
    have applied all relevant patches. We also encourage you to restrict
    access to the lpd service to only authorized users.
    
     PLEASE SEE LPD ADVISORY 
     LDP Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1686.html
    
    
      
    +---------------------------------+
    |  webalizer                      | ----------------------------//
    +---------------------------------+
    
    An exploitable bug was found in webalizer which allows a remote attacker
    to execute commands on other client machines or revealing sensitive
    information by placing HTML tags in the right place. This is possible due
    to missing sanity checks on untrusted data - hostnames and search keywords
    in this case - that are received by webalizer. This kind of attack is also
    known as "Cross-Site Scripting Vulnerability".
    
     i386 Intel Platform: SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
     webalizer-2.01.06-140.i386.rpm 
     3525fd6ab9c27be34edad9bef05ff061 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1687.html
    
      
      
    +---------------------------------+
    |  sendmail                       | ----------------------------//
    +---------------------------------+
    
    An input validation error exists in Sendmail's debugging functionality.
    This could be used by an unauthorized user to gain privilege.
    
     Caldera: 
     ftp://stage.caldera.com/pub/security/openunix/ 
     CSSA-2001-SCO.31/sendmail.Z 
     d6fbe6e6ab98a0170c2d5029b4ade1bf 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1688.html
    
    
    
    +---------------------------------+
    |  w3m                            | ----------------------------//
    +---------------------------------+
    
    Ogasawara Satoshi and Kobayashi Shigehiro discovered a vulnerability[1] in
    a MIME header parsing routine. A malicious web server administrator could
    execute arbitrary code in the client machine by sending malformed MIME
    headers inside the server HTTP responses.
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ 
     w3m-0.2.1-4U70_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1690.html
    
    
    
    +---------------------------------+
    |  htdig                          | ----------------------------//
    +---------------------------------+
    
    In the previous version, the htsearch CGI script used to accept the -c
    switch remotely--asking htdig to use a different configuration file. The
    update removes this potential exploit.
    
     Red Hat 7.2 i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     htdig-3.2.0-1.b4.0.72.i386.rpm 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     htdig-web-3.2.0-1.b4.0.72.i386.rpm  
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1691.html
    
    
      
       
    +---------------------------------+
    |  iptables                       | ----------------------------//
    +---------------------------------+
    
    A new version of iptables fixing various minor security problems and some
    other bugs is available.
    
     Red Hat i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/iptables-1.2.4-2.i386.rpm 
     6434f2a021ac8ca30b04d3f560f7a76a 
    
     ftp://updates.redhat.com/7.2/en/os/i386/i 
     ptables-ipv6-1.2.4-2.i386.rpm 
     b8abccb90b6a019a8c0ca5f4c43da8b5 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1689.html 
     
    
    
      
      
    +---------------------------------+
    |  kernels                        | ----------------------------//
    +---------------------------------+
    
    There are is a vulnerability in the kernel's syncookie code which can
    allow a remote attacker to potentially guess the cookie and bypass
    firewall rules. Some firewall systems implement rules based on the TCP
    flags set. They may drop or reject incoming packets that have the SYN bit
    set, which normally indicates the start of a new connection.  It is
    possible for an attacker to flood the server with SYN packets, causing a
    DoS attack.  To protect against this DoS the kernel implements something
    called "syncookies".
    
     PLEASE SEE VENDOR ADVISORY 
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1680.html 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1681.html 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1682.html 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1683.html 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1684.html
    
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 07:12:12 PST