[ISN] Linux Advisory Watch - January 11th 2002

From: InfoSec News (isnat_private)
Date: Mon Jan 14 2002 - 01:04:02 PST

  • Next message: InfoSec News: "[ISN] MoD 'loses 600 laptops'"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  January 11th, 2002                       Volume 3, Number  2a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for exim, libgtop, mutt, pkg_install,
    pw, pine, mod_auth_pgsql, bind, proftpd, LIDS, stunnel, and namazu.  The
    vendors include Conectiva, Debian, FreeBSD, Mandrake, Red Hat, SuSE, and
    Trustix.
    
     ** FREE  SSL Guide from Thawte - Are you planning your Web Server
     Security? Click here to get a FREE Thawte  SSL guide and find the
     answers to all your  SSL security issues. 
    
     http://www.gothawte.com/rd175.html
      
    Why be vulnerable? Its your choice. - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
    
     Want to learn more?   
     http://store.guardiandigital.com/html/eng/493-AA.shtml
    
    
      
    +---------------------------------+
    | exim                            | ----------------------------//
    +---------------------------------+
    
    This problem has been fixed in Exim version 3.12-10.2 for the stable
    distribution Debian GNU/Linux 2.2 and 3.33-1.1 for the testing and
    unstable distribution. We recommend that you upgrade your exim package.
    
     Debian  Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/exim_3.12-10.2_i386.deb 
     MD5 checksum: d5a2fc41c32504d9982416fbabc53629 
    
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/eximon_3.12-10.2_i386.deb 
     MD5 checksum: 02ed4af9505089b21ccbe2d3391c4e51 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1776.html 
    
     Red Hat: PLEASE SEE VENDOR ADVISORY 
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1792.html
    
    
      
    +---------------------------------+
    |   libgtop                       | ----------------------------//
    +---------------------------------+
    
    The laboratory intexxia found a format string problem in the logging code
    from libgtop_daemon. There were two logging functions which are called
    when authorizing a client which could be exploited by a remote user.
    
     Debian Intel IA-32 architecture: 
     http://security.debian.org/dists/stable/updates/main/binary-i386 
     /libgtop-daemon_1.0.6-1.1_i386.deb 
     MD5 checksum: 169c014d0fff9d24045ed733fb26aacc 
    
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     libgtop-dev_1.0.6-1.1_i386.deb 
     MD5 checksum: 9ed2aea64be71cf4c4e5dc6274d9c774 
    
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     libgtop1_1.0.6-1.1_i386.deb 
     MD5 checksum: 321badb855ed000452f0180a2e557388 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1787.html 
    
     Trustix: 
     http://www.trustix.net/pub/Trustix/updates/ 
     ./1.5/RPMS/mutt-1.2.5i.1-1tr.i586.rpm 
     a0181fdebd24a64cec3ab62949a8cdc4 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1784.html
    
    
      
      
    +---------------------------------+
    |  pkg_install                    | ----------------------------//
    +---------------------------------+
    
    A local attacker may be able to modify the package contents and
    potentially elevate privileges or otherwise compromise the system. There
    are no known exploits as of the date of this advisory.
    
     FreeBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/ 
     pkg_add.patch 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1778.html
    
    
      
      
    +---------------------------------+
    |  pw                             | ----------------------------//
    +---------------------------------+
    
    A local attacker can read the temporary file created by pw(8) and use the
    encrypted passwords to conduct an off-line dictionary attack. A successful
    attack would result in the recovery of one or more passwords.  Because the
    temporary file is short-lived (it is removed almost immediately after
    creation), this can be difficult to exploit: an attacker must `race' to
    read the file before it is removed.
    
     FreeBSD: 
     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1779.html
    
    
      
    
    +---------------------------------+
    |   mutt                          | ----------------------------//
    +---------------------------------+
    
    An attacker may send an email message with a specially crafted email
    address in any of several message headers to the victim.  When the victim
    reads the message using mutt and encounters that email address, the buffer
    overflow is triggered and may result in arbitrary code being executed with
    the privileges of the victim.
    
     FreeBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ 
     mail/mutt-1.2.5_1.tgz 
    
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ 
     mail/mutt-devel-1.3.24_2.tgz 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1780.html 
    
     Updated FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1781.html 
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     mutt-doc-1.3.17-8U70_1cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     mutt-help-1.3.17-8U70_1cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     mutt-1.3.17-8U70_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1786.html 
      
    
     Red Hat 7.2: i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/mutt-1.2.5.1-1.i386.rpm 
     d362ea15a13e305e1e9a360715c55fee 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1790.html 
      
    
     Slackware: 
     Slackware Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/slackware_advisory-1788.html
    
    
     SuSE: 
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1785.html 
      
    
     Debian Sun Sparc architecture: 
     http://security.debian.org/dists/stable/updates/main/ 
     binary-sparc/mutt_1.2.5-5_sparc.deb 
     MD5 checksum: 8bb33cd0efac0aeb345e87d58188e905 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1777.html 
      
      
     
    
    +---------------------------------+
    |  pine                           | ----------------------------//
    +---------------------------------+
    
    An attacker can supply commands enclosed in single quotes ('') in a URL
    embedded in a message sent to the victim.  If the user then decides to
    view the URL, PINE will launch a command shell which will then execute the
    attacker's commands with the victim's privileges.  It is possible to
    obfuscate the URL so that it will not necessarily seem dangerous to the
    victim.
    
     FreeBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/mail/pine-4.43.tgz 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1782.html 
    
     FreeBSD Advisory Update: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1797.html 
      
      
      
     
    
    +---------------------------------+
    |  mod_auth_pgsql                 | ----------------------------//
    +---------------------------------+
    
    A remote user may insert arbitrary SQL code into the username during
    authentication, leading to several exploit opportunities.  In particular,
    the attacker may cause mod_auth_pgsql to use a known fixed password hash
    for user verification, allowing him to authenticate as any user and obtain
    unauthorized access to web server data.
    
     FreeBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current 
     /www/mod_auth_pgsql-0.9.9.tgz 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1783.html
    
    
      
    
    +---------------------------------+
    |  bind                           | ----------------------------//
    +---------------------------------+
    
    There are some insecure permissions on configuration files and executables
    with the bind 9.x packages shipped with Mandrake Linux 8.0 and 8.1.  This
    update provides stricter permissions by making the /etc/rndc.conf and
    /etc/rndc.key files read/write by the named user and by making
    /sbin/rndc-confgen and /sbin/rndc read/write/executable only by root.
      
    
     Mandrake Linux 8.0: 
     http://www.mandrakesecure.net/en/ftp.php 
     8.0/RPMS/bind-9.1.1-1.1mdk.i586.rpm 
     a086335b56151269c252428df794e154 
    
     8.0/RPMS/bind-devel-9.1.1-1.1mdk.i586.rpm 
     080d61511f43ecbfc07809221e0e70b7 
    
     8.0/RPMS/bind-utils-9.1.1-1.1mdk.i586.rpm 
     05ba599912dd98bdc328c715c4ebdf81 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1794.html
    
    
      
      
    +---------------------------------+
    |   proftpd                       | ----------------------------//
    +---------------------------------+
    
    ProFTPD was not forward resolving reverse-resolved hostnames. A remote
    attacker could explore this vulnerability[1] to bypass ProFTPD access
    control lists or have false information (client hostname) logged. It was
    discovered by Matthew S. Hallacy
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     proftpd-1.2.5rc1-1U70_1cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     proftpd-doc-1.2.5rc1-1U70_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1793.html
    
    
      
    
    +---------------------------------+
    |   LIDS                          | ----------------------------//
    +---------------------------------+
    
    The use of LD_PRELOAD can make a program with privileges given by LIDS
    execute attackers code. This mean that a root intruder can get every
    capability or fs access you configured LIDS to grant. Moreover, if you
    granted CAP_SYS_RAWIO or CAP_SYS_MODULE to a program, an attacker could
    deactivate LIDS and thus, access any file.
    
     PLEASE SEE LIDS ADVISORY 
     LIDS Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1795.html
    
    
      
    +---------------------------------+
    |  stunnel                        | ----------------------------//
    +---------------------------------+
    
    Updated stunnel packages are now available for Red Hat Linux 7.2.  These
    updates close a format-string vulnerability which is present in some
    earlier versions of stunnel.
    
     Red Hat 7.2: i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/stunnel-3.22-1.i386.rpm 
     b62a3f6c4418550873602147697213b0 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1791.html
    
    
      
      
    +---------------------------------+
    |  namazu                         | ----------------------------//
    +---------------------------------+
    
    Namazu is a full-text search engine. Namazu 2.0.9 and earlier may
    inadvertently include malicious HTML tags or scripts in a dynamically
    generated page, based on unvalidated input from untrustworthy sources.
    Also, a buffer overflow vulnerability exists in the buffer size of an
    environment variable.
    
     Red Hat 7.0J i386: 
     ftp://updates.redhat.com/7.0/ja/os/i386 
     /namazu-2.0.10-0j1.i386.rpm 
    
     ftp://updates.redhat.com/7.0/ja/os/i386/ 
     namazu-devel-2.0.10-0j1.i386.rpm 
    
     ftp://updates.redhat.com/7.0/ja/os/i386/ 
     namazu-cgi-2.0.10-0j1.i386.rpm 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1796.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 06:48:14 PST