[ISN] Linux Advisory Watch - December 14th 2001

From: InfoSec News (isnat_private)
Date: Sun Dec 16 2001 - 23:04:19 PST

  • Next message: InfoSec News: "[ISN] Microsoft, Terrorism, and Computer Security" 

    +----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  December 14th, 2001                      Volume 2, Number 50a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               daveat_private     benat_private
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
 
This week, advisories were released for secureweb, OpenSSH, passwd, sasl,
libgtop server, thhttpd, mailman, and postfix.  The vendors include
Caldera, Conectiva, Debian, FreeBSD, Mandrake, and Red Hat.
 
 LinuxSecurity.com Feature: Know Your Enemy: Honeynets 

 Over the past several years the Honeynet Project has been dedicated
 to  learning the tools, tactics, and motives of the blackhat
 community and sharing the lessons learned. The primary tool used to
 gather this information is the Honeynet. The purpose of this paper is
 to discuss what a Honeynet is, its value, how it works, and the
 risks/issues involved. 

 http://www.linuxsecurity.com/feature_stories/feature_story-95.html 
  

** Why be vulnerable? Its your choice. 

Are you looking for a solution that provides the applications necessary to
easily create thousands of virtual Web sites, manage e-mail, DNS,
firewalling database functions for an entire organization, and supports
high-speed broadband connections all using a Web-based front-end? EnGarde
Secure Professional provides those features and more!

 Be Secure with EnGarde Secure Professional: 
 http://store.guardiandigital.com/html/eng/493-AA.shtml



+---------------------------------+
|  secureweb                      | ----------------------------//
+---------------------------------+

Updated packages are now available for Red Hat Secure Web Server 3.2
(U.S.).  These updates close a potential security hole which would present
clients with a listing of the contents of a directory instead of the
contents of an index file or the proper error message.

 Red Hat Secure Web Server 3.2:  i386: 
 ftp://updates.redhat.com/3.2/en/secureweb/i386/ 
 secureweb-3.2.4-1.i386.rpm.rhmask 
 3097ba872708a54b64354a54a3e38771 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1739.html


  

+---------------------------------+
|  OpenSSH                        | ----------------------------//
+---------------------------------+

OpenSSH includes a feature by which a user can arrange for environmental
variables to be set depending upon the key used for authentication.  
These environmental variables are specified in the`authorized_keys'
(SSHv1) or `authorized_keys2' (SSHv2) files in the user's home directory
on the server.  This is normally safe, as this environment is passed only
to the user's shell, which is invoked with user privileges.

 PLEASE SEE ADVISORY FOR UPDATE 
 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1740.html 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1746.html 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1747.html


  
+---------------------------------+
|  passwd                         | ----------------------------//
+---------------------------------+

The default pam files for the passwd program did not include support for
md5 passwords, thus any password changes or post-install added users would
not have md5 passwords.

 Mandrake Linux 8.1: 
 8.1/RPMS/passwd-0.64.1-9.1mdk.i586.rpm 
 244f21e02057cd03a28de7d3d684fc55 
 http://www.linux-mandrake.com/en/ftp.php3 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1748.html


  
  
+---------------------------------+
|  sasl                           | ----------------------------//
+---------------------------------+

Cyrus-SASL is an open-source implementation of SASL, the "Simple
Authentication and Security Layer", which is an useful API for adding
authentication, authorization, and security to network protocols. Examples
of applications linked to sasl include sendmail, OpenLDAP and several mail
clients.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 
 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1741.html 
 



+---------------------------------+
|  libgtop server                 | ----------------------------//
+---------------------------------+

A successful exploit of this stack buffer overflow would allow an attacker
arbitrary access to kernel memory, possibly acquiring information allowing
further increases in privileges.

 [i386] 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ 
 devel/libgtop-1.0.12_1.tar.gz 

 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ 
 devel/libgtop-1.0.12_1.tar.gz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1742.html


  

+---------------------------------+
|  thhttpd                        | ----------------------------//
+---------------------------------+

Due to the location of the affected buffer on the stack, this bug can be
exploited using ``The poisoned NUL byte'' technique (see references).  A
remote attacker can hijack the thttpd process, obtaining whatever
privileges it has.  By default, the thttpd process runs as user `nobody'.

 [i386] 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-4-stable/www/thttpd-2.22.tgz 

 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/www/thttpd-2.22.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1743.html


  
  
+---------------------------------+
|  Mailman                        | ----------------------------//
+---------------------------------+

Cgisecurity.com released an advisory[1] related to a cross-site scripting
vulnerability[2] in mailman. By exploiting this vulnerability, an attacker
could collect information about a web user or possibly gain access to
cookie-based authentication credentials.

 Conectiva: i386 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 mailman-2.0.8-2U70_1cl.i386.rpm 
 
 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1744.html


  
+---------------------------------+
|  postfix                        | ----------------------------//
+---------------------------------+

Wietse Venema reported he found a denial of service vulnerability in
postfix. The SMTP session log that postfix keeps for debugging purposes
could grow to an unreasonable size.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 postfix_0.0.19991231pl11-2_i386.deb 
 MD5 checksum: abe5ae7acbd0decde71c79f3bfaac6e7 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1745.html



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 04:06:53 PST