[ISN] Linux Advisory Watch - February 1st 2002

From: InfoSec News (isnat_private)
Date: Sun Feb 03 2002 - 22:24:02 PST

  • Next message: InfoSec News: "Re: [ISN] The May Report: 01/31/2002: Calling all hackers..."

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  February 1st, 2002                       Volume 3, Number  5a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for rsync, k5su, enscript, gzip,
    ptrace, sudo, x-chat, sane-backends, pine, at, uucp, mutt, openldap,
    squid, and xinetd.  The vendors include Caldera, Conectiva, Debian,
    EnGarde, FreeBSD, Mandrake, FreeBSD, Red Hat, Slackware, SuSE, TurboLinux,
    and YellowDog.
     
    LinuxSecurity.com Feature: Approaches to choosing the strength of your
    security measures - Anton Chuvakin discusses the known approaches to
    choosing the level of security for your organization, risk assessment, and
    finding the balance between effective security practices and the existing
    budget.
    
     http://www.linuxsecurity.com/feature_stories/feature_story-98.html 
    
    
    *** FREE Apache SSL Guide from Thawte - Are you worried about your web
    server security?  Click here to get a FREE Thawte Apache SSL Guide and
    find the answers to all your Apache SSL security needs.
     
      http://www.gothawte.com/rd178.html  
      
    Why be vulnerable? Its your choice. - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
     
     http://store.guardiandigital.com
     
    
    +---------------------------------+
    | rsync                           | ----------------------------//
    +---------------------------------+
    
    Sebastian Krahmer found several places in rsync (a popular tool to
    synchronise files between machines) where signed and unsigned numbers were
    mixed which resulted in insecure code. This could be abused by remote
    users to write 0-bytes in rsync's memory and trick rsync into executing
    arbitrary code.
      
     Debian Intel IA-32 architecture: 
     http://security.debian.org/dists/stable/updates/ 
     main/binary-i386/rsync_2.3.2-1.3_i386.deb 
     MD5 checksum: c1e9d2e9d1ed014dd2a3992902a66477 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1857.html 
      
    
     Mandrake Linux 8.1: 
     8.1/RPMS/rsync-2.4.6-3.1mdk.i586.rpm 
     048f479dbf9be95eb7e1bf59790d0b22 
     http://www.mandrakesecure.net/en/ftp.php 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1862.html 
    
      
    
     EnGarde Binary Packages: 
     i386/rsync-2.4.6-1.0.3.i386.rpm 
     MD5 Sum: 130608e7f4d1600d8ceb47ad7fe7c4ce 
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
      
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1853.html  
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1856.html 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1860.html 
    
     Red Hat Vendor Advisory (UPDATE): 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1875.html 
    
     Slackware Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/slackware_advisory-1858.html
    
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1855.html
    
     
    
    
    +---------------------------------+
    |   k5su                          | ----------------------------//
    +---------------------------------+
    
    The setlogin system call, the use of which is restricted to the superuser,
    is used to associate a user name with a login session.  The getlogin
    system call is used to retrieve that user name.  The setlogin system call
    is typically used by applications such as login and sshd.
    
     [i386] 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/security/heimdal-0.4e_2.tgz 
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1849.html 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1865.html
    
    
      
    
    +---------------------------------+
    |   enscrypt                      | ----------------------------//
    +---------------------------------+
    
    The enscript program does not create temporary files in a secure fashion
    and as such could be abused if enscript is run as root.
    
     Mandrake Linux 8.1: 
     8.1/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 
     f30e305cd6b7050ab2088098a4ac0997 
     http://www.mandrakesecure.net/en/ftp.php 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1863.html 
    
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1867.html
    
    
      
    
    +---------------------------------+
    |  gzip                           | ----------------------------//
    +---------------------------------+
    
    There are two problems with the gzip archiving program; the first is a
    crash when an input file name is over 1020 characters, and the second is a
    buffer overflow that could be exploited if gzip is run on a server such as
    an FTP server.  The patch applied is from the gzip developers and the
    problems have been fixed in the latest beta.
    
     Mandrake Linux 8.1: 
     8.1/RPMS/gzip-1.2.4a-9.1mdk.i586.rpm 
     0c4bd47c8314d2df3b5dd98476a75c80 
     http://www.mandrakesecure.net/en/ftp.php 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1876.html
    
      
    
    
    +---------------------------------+
    |  ptrace                         | ----------------------------//
    +---------------------------------+
    
    A process could exec a setuid binary, while gaining ptrace control
    over it for a short period before the process was activated. The 
    ptrace controller process could then modify the address space of the
    controlled process and abuse its elevated privileges. 
    
     Mandrake: 
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/netbsd_advisory-1826.html
    
    
      
      
    +---------------------------------+
    |  sudo                           | ----------------------------//
    +---------------------------------+
    
    Sudo is a program designed to allow a sysadmin to give limited root
    privileges to users and log root activity.
    
     NetBSD [i386] 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-4-stable/security/sudo-1.6.4.1.tgz 
    
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/security/sudo-1.6.4.1.tgz 
    
     NetBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/netbsd_advisory-1827.html 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1869.html
    
    
      
    
    +---------------------------------+
    |   xchat                         | ----------------------------//
    +---------------------------------+
    
    Versions of xchat prior to version 1.8.7 contain a vulnerability which
    allows an attacker to cause a vulnerable client to execute arbitrary IRC
    server commands as if the vulnerable user had typed them.
    
     ftp://ftp.yellowdoglinux.com/pub/yellowdog/ 
     updates/yellowdog-2.1/ppc/ 
     xchat-1.8.7-1.72.0.ppc.rpm 
     75a3959a60589c2b06464a4afdc84150 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1864.html
    
    
      
    
    +---------------------------------+
    |  sane-backends                  | ----------------------------//
    +---------------------------------+
    
    XSane is an X-based interface providing access to scanners, digital
    cameras, and other capture devices. When XSane creates temporary files, it
    does so with predictable filenames in a manner that would follow symbolic
    links. This could allow a local user to overwrite files written by the
    user running XSane.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1868.html 
     
    
    
    
    +---------------------------------+
    |  pine                           | ----------------------------//
    +---------------------------------+
    
    The purpose of this release is to fix a security bug with the treatment of
    quotes in the URL-handling code. The bug allows a malicious sender to
    embed commands in a URL. This bug is present in all versions of UNIX Pine
    4.43 or earlier.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1870.html
    
    
    
    +---------------------------------+
    |  at                             | ----------------------------//
    +---------------------------------+
    
    A server running the latest version of at could have commands that depend
    on the current environment (for example, the PATH) which would then fail
    or run incorrectly because the environment would not be accessible when
    the command was executed at a later time.
     
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1871.html
    
    
    
    +---------------------------------+
    |  uucp                           | ----------------------------//
    +---------------------------------+
    
    uuxqt in Taylor UUCP package does not properly remove dangerous long
    options, which allows local users to gain uid and gid uucp privileges by
    calling uux and specifying an alternate configuration file with the
    --config option
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1872.html
    
    
    
    +---------------------------------+
    |  mutt                           | ----------------------------//
    +---------------------------------+
    
    An overflow exists in mutt's RFC822 address parser. A remote attacker
    could send a carefully crafted email message which when read by mutt would
    be able to overwrite arbitrary bytes in memory. The updated mutt-1.2.5.1
    release fixes the problem. Thanks go to Joost Pol for discovering the bug
    and the Mutt team for the fixed release.
     
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1866.html
    
      
    
    +---------------------------------+
    | openldap                        | ----------------------------//
    +---------------------------------+
    
    Authenticated users (in openldap versions 2.0.8 up to 2.0.19) could issue
    a REPLACE command for an attribute where the new value is an empty one,
    thus effectively removing the attribute if allowed by the current schema,
    that is, if the attribute in question is not mandatory. In versions prior
    to 2.0.8, anonymous users could do this as well, regardless of ACLs
    protecting this attribute.
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1861.html
    
    
    
    
    +---------------------------------+
    |  squid                          | ----------------------------//
    +---------------------------------+
    
    Squid has a flaw in the code to handle FTP PUT commands: when a mkdir-only
    request was done squid would detect an internal error and exit.  Squid
    script cannot use the restart command. Because when stop command isn't
    finished, start command is started.
    
     TurboLinux Vendor Advisory: 
     ftp://ftp.turbolinux.com/pub/updates/6.0/security/ 
     squid-2.4.STABLE2-3.i386.rpm 
     8d163dfdb90a42c46a5c169b2dc0d4f4 
    
     TurboLinux Vendor Advisory: 
    
    http://www.linuxsecurity.com/advisories/turbolinux_advisory-1851.html
    
    
    
      
      
    +---------------------------------+
    |   xinetd                        | ----------------------------//
    +---------------------------------+
    
    Exploitation of the conditions discovered during the audit could lead to a
    denial of service or remote root compromise.
    
     TurboLinux Vendor Advisory: 
     ftp://ftp.turbolinux.com/pub/updates/6.0/security/ 
     xinetd-2.3.3-3.i386.rpm 
     00c15d36ce412917672826c7d9ffd69e  
    
     TurboLinux Vendor Advisory: 
    
    http://www.linuxsecurity.com/advisories/turbolinux_advisory-1852.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 02:26:31 PST