+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 1st, 2002 Volume 3, Number 9a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for ucd-snmp, cups, cyrus-sasl,
squid-cron, Listar, php, mod_ssl, and the Red Hat Kernel. The vendors
include Conectiva, EnGarde, Debian, Mandrake, Red Hat, SuSE, and Trustix.
FEATURE: Building a VPN Using Yavipin - Yavipin is a package that can be
used to build a VPN between two hosts using some of the most advanced and
sophisticated cryptography available. Learn more about the VPN that
focuses on network efficiency, usability, and is highly secure.
http://www.linuxsecurity.com/feature_stories/yavipin-vpn.html
Security & Simplicity, Finally! - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
--> http://store.guardiandigital.com
FEATURE: Building a Virtual Honeynet - Hisham shares his experiences with
building a virtual honeynet on his existing Linux box. He describes data
capture and control techniques, the types of honeynets, and configuration
changes to get one running on your system.
http://www.linuxsecurity.com/feature_stories/feature_story-100.html
+---------------------------------+
| ucd-snmp | ----------------------------//
+---------------------------------+
Some of the changes made in the DSA-111-1 security fix for SNMP changed
the API and ABI for the SNMP library which broke some other applications.
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/
binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb
MD5 checksum: 63572db96270c729ea883bfef1ada86c
http://security.debian.org/dists/stable/updates/main/
binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb
MD5 checksum: b6282ebba72681ff8b2fe58995831df8
http://security.debian.org/dists/stable/updates/main/
binary-i386/snmp_4.1.1-2.2_i386.deb
MD5 checksum: 77233f5bc593a94488a92cb19d4bede2
http://security.debian.org/dists/stable/updates/main/
binary-i386/snmpd_4.1.1-2.2_i386.deb
MD5 checksum: f7f9847bac6be03e19fb5fef39166859
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1920.html
+---------------------------------+
| cups | ----------------------------//
+---------------------------------+
The well known Common Unix Printing System (CUPS) was found vulnerable to
a buffer overflow in the Internet Printing Protocol (IPP) handling code.
The buffer overflow could be exploited by a remote attacker as long as
their IP address is allowed to connect to the CUPS server.
i386 Intel Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d3/
cups-devel-1.1.10-83.i386.rpm
8d5053ad177a11625184d0758487fc44
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/
cups-1.1.10-83.i386.rpm
d13c2a15aec1e32d33e67e3c5dfbfcbe
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/
cups-client-1.1.10-83.i386.rpm
f6869afd7a3ca8d25094e8beb685be69
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/
cups-libs-1.1.10-83.i386.rpm
cabe0639064f8d8f4e0966b52f11d879
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1916.html
+---------------------------------+
| cyrus-sasl | ----------------------------//
+---------------------------------+
Kari Hurtta discovered that a format bug exists in the Cyrus SASL library,
which is used to provide an authentication API for mail clients and
servers, as well as other services such as LDAP. The format bug was found
in one of the logging functions which could be used by an attacker to
obtain acces to a machine or to possibly acquire elevated privileges.
Thanks to the SuSE security team for providing the fix.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1921.html
+---------------------------------+
| squid-cron | ----------------------------//
+---------------------------------+
A memory leak in the optional SNMP interface to Squid, allowing an
malicious user who can send packets to the Squid SNMP port to possibly
perform an denial of service attack on the Squid proxy service if the SNMP
interface has been enabled (disabled by default).
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1908.html
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1913.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1911.html
+---------------------------------+
| Listar | ----------------------------//
+---------------------------------+
The Ecartis Core Team has been made aware of of a potential security issue
that affects all versions of Listar, and all but the most recent snapshots
of Ecartis. The issue involves the use of sprintf's in mystring.c which
could cause user-input buffers to be overflowed. With a properly
configured Ecartis/Listar install, it would be contained within the
setuid/setgid.
Binary (i386) RPM:
ftp://ftp.ecartis.org/pub/ecartis/snapshots/
rpm/ecartis-1.0.0-snap20020125.i386.rpm
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1909.html
+---------------------------------+
| php | ----------------------------//
+---------------------------------+
PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
PHP Users, Please see advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1914.html
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1918.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1917.html
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1922.html
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1924.html
+---------------------------------+
| mod_ssl | ----------------------------//
+---------------------------------+
mod_ssl (www.modssl.org) is a commonly used Apache module that provides
strong cryptography for the Apache web server. The module utilizes
OpenSSL (formerly SSLeay) for the SSL implementation. modssl versions
prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL
routines in a manner which could overflow a buffer within the
implementation. This situation appears difficult to exploit in a
production environment, however, for reasons detailed below.
Mod_SSL Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1915.html
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1919.html
EnGarde Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1923.html
+---------------------------------+
| Red Hat Kernel | ----------------------------//
+---------------------------------+
The Linux Netfilter team has found a problem in the "IRC connection
tracking" component of the firewall within the linux kernel. This problem
affects Red Hat Linux versions 7.1 and 7.2.
i386: Red Hats
ftp://updates.redhat.com/7.2/en/os/i386/
kernel-2.4.9-31.i386.rpm
64705698f9f5eaf1e79185863382f941
ftp://updates.redhat.com/7.2/en/os/i386/
kernel-source-2.4.9-31.i386.rpm
cba833ad4e2b45392e4de085ca0e920f
ftp://updates.redhat.com/7.2/en/os/i386/
kernel-BOOT-2.4.9-31.i386.rpm
b239ceebf5b5c28a348cd960d3195f03
ftp://updates.redhat.com/7.2/en/os/i386/
kernel-headers-2.4.9-31.i386.rpm
dae89931407ae5832e374e49d8347234
ftp://updates.redhat.com/7.2/en/os/i386/
kernel-doc-2.4.9-31.i386.rpm
6883d71ffe17dff75514ac38228cd5f0
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1912.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 05:26:55 PST