[ISN] Linux Advisory Watch - March 1st 2002

From: InfoSec News (isn@c4i.org)
Date: Mon Mar 04 2002 - 01:56:01 PST
Next message: InfoSec News: "[ISN] Curious employees are biggest security risk"
Previous message: InfoSec News: "Re: [ISN] [TSCM-L] Security? Huh!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  March 1st, 2002                          Volume 3, Number  9a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for ucd-snmp, cups, cyrus-sasl,
squid-cron, Listar, php, mod_ssl, and the Red Hat Kernel.  The vendors
include Conectiva, EnGarde, Debian, Mandrake, Red Hat, SuSE, and Trustix.

FEATURE: Building a VPN Using Yavipin - Yavipin is a package that can be
used to build a VPN between two hosts using some of the most advanced and
sophisticated cryptography available. Learn more about the VPN that
focuses on network efficiency, usability, and is highly secure.

http://www.linuxsecurity.com/feature_stories/yavipin-vpn.html 


Security & Simplicity, Finally! - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!

  --> http://store.guardiandigital.com 

  
FEATURE: Building a Virtual Honeynet - Hisham shares his experiences with
building a virtual honeynet on his existing Linux box. He describes data
capture and control techniques, the types of honeynets, and configuration
changes to get one running on your system.

http://www.linuxsecurity.com/feature_stories/feature_story-100.html 


+---------------------------------+
|  ucd-snmp                       | ----------------------------//
+---------------------------------+

Some of the changes made in the DSA-111-1 security fix for SNMP changed
the API and ABI for the SNMP library which broke some other applications.

 Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb 
 MD5 checksum: 63572db96270c729ea883bfef1ada86c 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb 
 MD5 checksum: b6282ebba72681ff8b2fe58995831df8 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/snmp_4.1.1-2.2_i386.deb 
 MD5 checksum: 77233f5bc593a94488a92cb19d4bede2 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/snmpd_4.1.1-2.2_i386.deb 
 MD5 checksum: f7f9847bac6be03e19fb5fef39166859 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1920.html


  

+---------------------------------+
|   cups                          | ----------------------------//
+---------------------------------+

The well known Common Unix Printing System (CUPS) was found vulnerable to
a buffer overflow in the Internet Printing Protocol (IPP) handling code.
The buffer overflow could be exploited by a remote attacker as long as
their IP address is allowed to connect to the CUPS server.

 i386 Intel Platform: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d3/ 
 cups-devel-1.1.10-83.i386.rpm 
 8d5053ad177a11625184d0758487fc44 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
 cups-1.1.10-83.i386.rpm 
 d13c2a15aec1e32d33e67e3c5dfbfcbe 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
 cups-client-1.1.10-83.i386.rpm 
 f6869afd7a3ca8d25094e8beb685be69 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
 cups-libs-1.1.10-83.i386.rpm 
 cabe0639064f8d8f4e0966b52f11d879 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1916.html


  
+---------------------------------+
|  cyrus-sasl                     | ----------------------------//
+---------------------------------+

Kari Hurtta discovered that a format bug exists in the Cyrus SASL library,
which is used to provide an authentication API for mail clients and
servers, as well as other services such as LDAP.  The format bug was found
in one of the logging functions which could be used by an attacker to
obtain acces to a machine or to possibly acquire elevated privileges.  
Thanks to the SuSE security team for providing the fix.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1921.html


  
+---------------------------------+
|  squid-cron                     | ----------------------------//
+---------------------------------+

A memory leak in the optional SNMP interface to Squid, allowing an
malicious user who can send packets to the Squid SNMP port to possibly
perform an denial of service attack on the Squid proxy service if the SNMP
interface has been enabled (disabled by default).


 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1908.html 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1913.html 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1911.html


  

+---------------------------------+
| Listar                          | ----------------------------//
+---------------------------------+  

The Ecartis Core Team has been made aware of of a potential security issue
that affects all versions of Listar, and all but the most recent snapshots
of Ecartis.  The issue involves the use of sprintf's in mystring.c which
could cause user-input buffers to be overflowed.  With a properly
configured Ecartis/Listar install, it would be contained within the
setuid/setgid.

 Binary (i386) RPM: 
 ftp://ftp.ecartis.org/pub/ecartis/snapshots/ 
 rpm/ecartis-1.0.0-snap20020125.i386.rpm 

 Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1909.html


  

+---------------------------------+
|  php                            | ----------------------------//
+---------------------------------+

PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.

 PHP Users, Please see advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1914.html 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1918.html 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1917.html 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1922.html

 EnGarde Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-1924.html
  

+---------------------------------+
|  mod_ssl                        | ----------------------------//
+---------------------------------+

mod_ssl (www.modssl.org) is a commonly used Apache module that provides
strong cryptography for the Apache web server.  The module utilizes
OpenSSL (formerly SSLeay) for the SSL implementation. modssl versions
prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL
routines in a manner which could overflow a buffer within the
implementation.  This situation appears difficult to exploit in a
production environment, however, for reasons detailed below.

 Mod_SSL Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1915.html 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1919.html

 EnGarde Linux Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-1923.html

  

+---------------------------------+
|  Red Hat Kernel                 | ----------------------------//
+---------------------------------+

The Linux Netfilter team has found a problem in the "IRC connection
tracking" component of the firewall within the linux kernel. This problem
affects Red Hat Linux versions 7.1 and 7.2.

 i386: Red Hats 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 kernel-2.4.9-31.i386.rpm 
 64705698f9f5eaf1e79185863382f941 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 kernel-source-2.4.9-31.i386.rpm 
 cba833ad4e2b45392e4de085ca0e920f 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 kernel-BOOT-2.4.9-31.i386.rpm 
 b239ceebf5b5c28a348cd960d3195f03 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 kernel-headers-2.4.9-31.i386.rpm 
 dae89931407ae5832e374e49d8347234 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 kernel-doc-2.4.9-31.i386.rpm 
 6883d71ffe17dff75514ac38228cd5f0 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1912.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Next message: InfoSec News: "[ISN] Curious employees are biggest security risk"
Previous message: InfoSec News: "Re: [ISN] [TSCM-L] Security? Huh!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 05:26:55 PST