[ISN] Linux Advisory Watch - December 14th 2001

From: InfoSec News (isnat_private)
Date: Sun Dec 16 2001 - 23:04:19 PST

  • Next message: InfoSec News: "[ISN] Defense inks deal to train more cybercrime fighters"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  December 14th, 2001                      Volume 2, Number 50a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
     
    This week, advisories were released for secureweb, OpenSSH, passwd, sasl,
    libgtop server, thhttpd, mailman, and postfix.  The vendors include
    Caldera, Conectiva, Debian, FreeBSD, Mandrake, and Red Hat.
     
     LinuxSecurity.com Feature: Know Your Enemy: Honeynets 
    
     Over the past several years the Honeynet Project has been dedicated
     to  learning the tools, tactics, and motives of the blackhat
     community and sharing the lessons learned. The primary tool used to
     gather this information is the Honeynet. The purpose of this paper is
     to discuss what a Honeynet is, its value, how it works, and the
     risks/issues involved. 
    
     http://www.linuxsecurity.com/feature_stories/feature_story-95.html 
      
    
    ** Why be vulnerable? Its your choice. 
    
    Are you looking for a solution that provides the applications necessary to
    easily create thousands of virtual Web sites, manage e-mail, DNS,
    firewalling database functions for an entire organization, and supports
    high-speed broadband connections all using a Web-based front-end? EnGarde
    Secure Professional provides those features and more!
    
     Be Secure with EnGarde Secure Professional: 
     http://store.guardiandigital.com/html/eng/493-AA.shtml
    
    
    
    +---------------------------------+
    |  secureweb                      | ----------------------------//
    +---------------------------------+
    
    Updated packages are now available for Red Hat Secure Web Server 3.2
    (U.S.).  These updates close a potential security hole which would present
    clients with a listing of the contents of a directory instead of the
    contents of an index file or the proper error message.
    
     Red Hat Secure Web Server 3.2:  i386: 
     ftp://updates.redhat.com/3.2/en/secureweb/i386/ 
     secureweb-3.2.4-1.i386.rpm.rhmask 
     3097ba872708a54b64354a54a3e38771 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1739.html
    
    
      
    
    +---------------------------------+
    |  OpenSSH                        | ----------------------------//
    +---------------------------------+
    
    OpenSSH includes a feature by which a user can arrange for environmental
    variables to be set depending upon the key used for authentication.  
    These environmental variables are specified in the`authorized_keys'
    (SSHv1) or `authorized_keys2' (SSHv2) files in the user's home directory
    on the server.  This is normally safe, as this environment is passed only
    to the user's shell, which is invoked with user privileges.
    
     PLEASE SEE ADVISORY FOR UPDATE 
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1740.html 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1746.html 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1747.html
    
    
      
    +---------------------------------+
    |  passwd                         | ----------------------------//
    +---------------------------------+
    
    The default pam files for the passwd program did not include support for
    md5 passwords, thus any password changes or post-install added users would
    not have md5 passwords.
    
     Mandrake Linux 8.1: 
     8.1/RPMS/passwd-0.64.1-9.1mdk.i586.rpm 
     244f21e02057cd03a28de7d3d684fc55 
     http://www.linux-mandrake.com/en/ftp.php3 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1748.html
    
    
      
      
    +---------------------------------+
    |  sasl                           | ----------------------------//
    +---------------------------------+
    
    Cyrus-SASL is an open-source implementation of SASL, the "Simple
    Authentication and Security Layer", which is an useful API for adding
    authentication, authorization, and security to network protocols. Examples
    of applications linked to sasl include sendmail, OpenLDAP and several mail
    clients.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1741.html 
     
    
    
    
    +---------------------------------+
    |  libgtop server                 | ----------------------------//
    +---------------------------------+
    
    A successful exploit of this stack buffer overflow would allow an attacker
    arbitrary access to kernel memory, possibly acquiring information allowing
    further increases in privileges.
    
     [i386] 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ 
     devel/libgtop-1.0.12_1.tar.gz 
    
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ 
     devel/libgtop-1.0.12_1.tar.gz 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1742.html
    
    
      
    
    +---------------------------------+
    |  thhttpd                        | ----------------------------//
    +---------------------------------+
    
    Due to the location of the affected buffer on the stack, this bug can be
    exploited using ``The poisoned NUL byte'' technique (see references).  A
    remote attacker can hijack the thttpd process, obtaining whatever
    privileges it has.  By default, the thttpd process runs as user `nobody'.
    
     [i386] 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-4-stable/www/thttpd-2.22.tgz 
    
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/www/thttpd-2.22.tgz 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1743.html
    
    
      
      
    +---------------------------------+
    |  Mailman                        | ----------------------------//
    +---------------------------------+
    
    Cgisecurity.com released an advisory[1] related to a cross-site scripting
    vulnerability[2] in mailman. By exploiting this vulnerability, an attacker
    could collect information about a web user or possibly gain access to
    cookie-based authentication credentials.
    
     Conectiva: i386 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     mailman-2.0.8-2U70_1cl.i386.rpm 
     
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1744.html
    
    
      
    +---------------------------------+
    |  postfix                        | ----------------------------//
    +---------------------------------+
    
    Wietse Venema reported he found a denial of service vulnerability in
    postfix. The SMTP session log that postfix keeps for debugging purposes
    could grow to an unreasonable size.
    
     Debian Intel IA-32 architecture: 
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     postfix_0.0.19991231pl11-2_i386.deb 
     MD5 checksum: abe5ae7acbd0decde71c79f3bfaac6e7 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1745.html
    
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 12:29:02 PST