+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| February 15th, 2002 Volume 3, Number 7a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for rsync, mutt, OpenLDAP, uccp,
faqomatic, cupsys, ucd-snmp, and at. The vendors include Caldera,
Conectiva, Debian, FreeBSD, and Red Hat.
Also this week, there is a great deal of news surrounding the SNMP
vulnerabilities. The CERT advisory states "Numerous vulnerabilities have
been reported in multiple vendors' SNMP implementations. These
vulnerabilities may allow unauthorized privileged access,
denial-of-service attacks, or cause unstable behavior. "
The full CERT Advisory text can be found here:
http://www.linuxsecurity.com/articles/
network_security_article-4431.html
A SNMP Advisory FAQ can be found here:
http://www.linuxsecurity.com/articles/
security_sources_article-4433.html
Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
http://store.guardiandigital.com
+---------------------------------+
| rsync | ----------------------------//
+---------------------------------+
Sebastian Krahmer of SuSE discovered a vulnerability in rsync that allows
an attacker to modify memory of the rsync server process. There is no know
exploit yet, but this vulernability could be used against servers
providing downloads via anonymous rsync. Note that the problem can also be
exploited by a rogue server, attacking a client who uses rsync.
ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS
319f52b332937a9ec9b6b3a84a1a2818
RPMS/rsync-2.5.0-2.i386.rpm
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1887.html
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1889.html
+---------------------------------+
| mutt | ----------------------------//
+---------------------------------+
The mail user agent mutt is susceptible to a remote attack. By sending a
message with an overlong email address, the attacker is able to overwrite
a single memory location with a zero byte, which can be exploited to
execute arbitary code within the account of the email recipient.
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
700b96d068e212e9f68bff794b60acc1
RPMS/mutt-1.2.5-12OL.i386.rpm
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1886.html
+---------------------------------+
| OpenLDAP | ----------------------------//
+---------------------------------+
Recently a security flaw was discovered in OpenLDAP 2.0.19 slapd(8)
regarding application of access controls upon modify operations issued by
authenticated users. Specifically, slapd(8) did not disallow a replace
with no values from deleting the attribute which was protected by ACLs (if
such was allowed by checked schema rules). That is, this flaw allowed any
authenticated user to delete any non-mandatory attribute of an object. In
2.0 versions prior to 2.0.8, this flaw is NOT restricted to authenticated
users (that is, anonymous users can abuse the flaw as well).
ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS
b333cf77ecde92a6c3b6e4c313361e09
RPMS/openldap-2.0.11-11S.i386.rpm
360db3b5a0f9d0321b00ff0f87b82597
RPMS/openldap-devel-2.0.11-11S.i386.rpm
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1885.html
+---------------------------------+
| UUCP | ----------------------------//
+---------------------------------+
Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It
permits a local user to copy any file to anywhere which is writable by the
uucp uid, which effectively means that a local user can completely subvert
the UUCP subsystem, including stealing mail, etc.
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1882.html
+---------------------------------+
| faqomatic | ----------------------------//
+---------------------------------+
Due to unescaped HTML code Faq-O-Matic returned unverified scripting code
to the browser. With some tweaking this enables an attacker to steal
cookies from one of the Faq-O-Matic moderators or the admin.
http://security.debian.org/dists/stable/updates/main/
binary-all/faqomatic_2.603-1.2_all.deb
MD5 checksum: cd2dfe85ed8fb844dad23e61f15e07f3
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1892.html
+---------------------------------+
| cupsys | ----------------------------//
+---------------------------------+
The authors of CUPS, the Common UNIX Printing System, have found a
potential buffer overflow bug in the code of the CUPS daemon where it
reads the names of attributes. This affects all versions of CUPS.
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
cupsys-bsd_1.0.4-10_i386.deb
MD5 checksum: 05400bb194af07b79287a6390125b3ee
http://security.debian.org/dists/stable/updates/main/binary-i386/
cupsys_1.0.4-10_i386.deb
MD5 checksum: cc857d9a2a629dd14074d4d6469fbcd3
http://security.debian.org/dists/stable/updates/main/binary-i386/
libcupsys1-dev_1.0.4-10_i386.deb
MD5 checksum: ef741829699442ddc5b754ac693cfd39
http://security.debian.org/dists/stable/updates/main/binary-i386/
libcupsys1_1.0.4-10_i386.deb
MD5 checksum: dfeafd588730f20b3b0426722e9f0ba0
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1893.html
+---------------------------------+
| ucd-snmp | ----------------------------//
+---------------------------------+
The Secure Programming Group of the Oulu University did a study on SNMP
implementations and uncovered multiple problems which can cause problems
ranging from Denial of Service attacks to remote exploits.
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/libsnmp4.1-dev_4.1.1-2.1_i386.deb
MD5 checksum: 5addf966bc067f943b4ca6c7d604a48f
http://security.debian.org/dists/stable/updates/
main/binary-i386/libsnmp4.1_4.1.1-2.1_i386.deb
MD5 checksum: e1ebaeaee18859d1e58aae658e4b1564
http://security.debian.org/dists/stable/updates/
main/binary-i386/snmp_4.1.1-2.1_i386.deb
MD5 checksum: 7d13633a4e8a922eb36d6bfe8a04f0f3
http://security.debian.org/dists/stable/updates/
main/binary-i386/snmpd_4.1.1-2.1_i386.deb
MD5 checksum: bb63f353a4e3bba6d0bd3acc54f6a138
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1896.html
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1890.html
Yellow-Dog Linux Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1894.html
Conectiva Linux Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1895.html
Red Hat 7.2 i386:
ftp://updates.redhat.com/7.2/en/os/i386/
ucd-snmp-4.2.3-1.7.2.3.i386.rpm
0b124baa0ad9d6dfff163bedefbd2cf8
ftp://updates.redhat.com/7.2/en/os/i386/
ucd-snmp-utils-4.2.3-1.7.2.3.i386.rpm
2111e9ba725167a3f6d87db056a8bda2
ftp://updates.redhat.com/7.2/en/os/i386/
ucd-snmp-devel-4.2.3-1.7.2.3.i386.rpm
c2bd228d204ee3c7668209d8e26e02c1
ftp://updates.redhat.com/7.2/en/os/i386/
ethereal-0.8.18-10.7.2.1.i386.rpm
0e5cb05d81426fbee44e4c5fc4b2d176
ftp://updates.redhat.com/7.2/en/os/i386/
ethereal-gnome-0.8.18-10.7.2.1.i386.rpm
bc176a2fba2fa979f2aa28a82570c6cf
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1891.html
+---------------------------------+
| groff | ----------------------------//
+---------------------------------+
zen-parse discovered an exploitable buffer overflow in groff's
preprocessor. If groff is invoked using the LPRng printing system, an
attacker can gain rights as the "lp" user. Likewise, this may be remotely
exploitable if lpd is running and remotely accessible and the attacker
knows the name of the printer and it's spool file.
Mandrake Linux 8.1:
6cc7c8c5936c4a15dca519219c4f078a
8.1/RPMS/groff-1.17.2-3.3mdk.i586.rpm
c8a8ae0e7848c60b922c8d8326afe01e
8.1/RPMS/groff-for-man-1.17.2-3.3mdk.i586.rpm
3dd6a64b3007bcd6bc3f807f5373462
8.1/RPMS/groff-gxditview-1.17.2-3.3mdk.i586.rpm
a92f47ab6a6d3a46509f3dd0d76ea9e3
8.1/RPMS/groff-perl-1.17.2-3.3mdk.i586.rpm
fdae065cd64b4527919d44dbcf126497
8.1/SRPMS/groff-1.17.2-3.3mdk.src.rpm
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1883.html
+---------------------------------+
| at | ----------------------------//
+---------------------------------+
This updated at package fixes two minor problems and one major problem
where the environment can get wiped out prior to the execution of a
scheduled command. For versions of Red Hat Linux prior to 7.2, this
package also fixes a potential security vulnerability which can result in
heap corruption (Red Hat Linux 7.2 is not vulnerable to this security
exploit).
Red Hat Linux 7.2: i386:
ftp://updates.redhat.com/7.2/en/os/i386/at-3.1.8-23.i386.rpm
ea793fd803f10c8fa66abb8191fefb9b
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1884.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 02:19:32 PST