[ISN] Linux Advisory Watch - March 1st 2002

From: InfoSec News (isnat_private)
Date: Mon Mar 04 2002 - 01:56:01 PST

  • Next message: InfoSec News: "[ISN] Curious employees are biggest security risk"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  March 1st, 2002                          Volume 3, Number  9a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for ucd-snmp, cups, cyrus-sasl,
    squid-cron, Listar, php, mod_ssl, and the Red Hat Kernel.  The vendors
    include Conectiva, EnGarde, Debian, Mandrake, Red Hat, SuSE, and Trustix.
    
    FEATURE: Building a VPN Using Yavipin - Yavipin is a package that can be
    used to build a VPN between two hosts using some of the most advanced and
    sophisticated cryptography available. Learn more about the VPN that
    focuses on network efficiency, usability, and is highly secure.
    
    http://www.linuxsecurity.com/feature_stories/yavipin-vpn.html 
    
    
    Security & Simplicity, Finally! - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
    
      --> http://store.guardiandigital.com 
    
      
    FEATURE: Building a Virtual Honeynet - Hisham shares his experiences with
    building a virtual honeynet on his existing Linux box. He describes data
    capture and control techniques, the types of honeynets, and configuration
    changes to get one running on your system.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-100.html 
    
    
    +---------------------------------+
    |  ucd-snmp                       | ----------------------------//
    +---------------------------------+
    
    Some of the changes made in the DSA-111-1 security fix for SNMP changed
    the API and ABI for the SNMP library which broke some other applications.
    
     Intel IA-32 architecture: 
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb 
     MD5 checksum: 63572db96270c729ea883bfef1ada86c 
    
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb 
     MD5 checksum: b6282ebba72681ff8b2fe58995831df8 
    
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/snmp_4.1.1-2.2_i386.deb 
     MD5 checksum: 77233f5bc593a94488a92cb19d4bede2 
    
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/snmpd_4.1.1-2.2_i386.deb 
     MD5 checksum: f7f9847bac6be03e19fb5fef39166859 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1920.html
    
    
      
    
    +---------------------------------+
    |   cups                          | ----------------------------//
    +---------------------------------+
    
    The well known Common Unix Printing System (CUPS) was found vulnerable to
    a buffer overflow in the Internet Printing Protocol (IPP) handling code.
    The buffer overflow could be exploited by a remote attacker as long as
    their IP address is allowed to connect to the CUPS server.
    
     i386 Intel Platform: SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/d3/ 
     cups-devel-1.1.10-83.i386.rpm 
     8d5053ad177a11625184d0758487fc44 
    
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
     cups-1.1.10-83.i386.rpm 
     d13c2a15aec1e32d33e67e3c5dfbfcbe 
    
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
     cups-client-1.1.10-83.i386.rpm 
     f6869afd7a3ca8d25094e8beb685be69 
    
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ 
     cups-libs-1.1.10-83.i386.rpm 
     cabe0639064f8d8f4e0966b52f11d879 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1916.html
    
    
      
    +---------------------------------+
    |  cyrus-sasl                     | ----------------------------//
    +---------------------------------+
    
    Kari Hurtta discovered that a format bug exists in the Cyrus SASL library,
    which is used to provide an authentication API for mail clients and
    servers, as well as other services such as LDAP.  The format bug was found
    in one of the logging functions which could be used by an attacker to
    obtain acces to a machine or to possibly acquire elevated privileges.  
    Thanks to the SuSE security team for providing the fix.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1921.html
    
    
      
    +---------------------------------+
    |  squid-cron                     | ----------------------------//
    +---------------------------------+
    
    A memory leak in the optional SNMP interface to Squid, allowing an
    malicious user who can send packets to the Squid SNMP port to possibly
    perform an denial of service attack on the Squid proxy service if the SNMP
    interface has been enabled (disabled by default).
    
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1908.html 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1913.html 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1911.html
    
    
      
    
    +---------------------------------+
    | Listar                          | ----------------------------//
    +---------------------------------+  
    
    The Ecartis Core Team has been made aware of of a potential security issue
    that affects all versions of Listar, and all but the most recent snapshots
    of Ecartis.  The issue involves the use of sprintf's in mystring.c which
    could cause user-input buffers to be overflowed.  With a properly
    configured Ecartis/Listar install, it would be contained within the
    setuid/setgid.
    
     Binary (i386) RPM: 
     ftp://ftp.ecartis.org/pub/ecartis/snapshots/ 
     rpm/ecartis-1.0.0-snap20020125.i386.rpm 
    
     Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1909.html
    
    
      
    
    +---------------------------------+
    |  php                            | ----------------------------//
    +---------------------------------+
    
    PHP supports multipart/form-data POST requests (as described in RFC1867)
    known as POST fileuploads. Unfourtunately there are several flaws in the
    php_mime_split function that could be used by an attacker to execute
    arbitrary code. During our research we found out that not only PHP4 but
    also older versions from the PHP3 tree are vulnerable.
    
     PHP Users, Please see advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1914.html 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1918.html 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1917.html 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1922.html
    
     EnGarde Vendor Advisory:
     http://www.linuxsecurity.com/advisories/other_advisory-1924.html
      
    
    +---------------------------------+
    |  mod_ssl                        | ----------------------------//
    +---------------------------------+
    
    mod_ssl (www.modssl.org) is a commonly used Apache module that provides
    strong cryptography for the Apache web server.  The module utilizes
    OpenSSL (formerly SSLeay) for the SSL implementation. modssl versions
    prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL
    routines in a manner which could overflow a buffer within the
    implementation.  This situation appears difficult to exploit in a
    production environment, however, for reasons detailed below.
    
     Mod_SSL Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1915.html 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1919.html
    
     EnGarde Linux Vendor Advisory:
     http://www.linuxsecurity.com/advisories/other_advisory-1923.html
    
      
    
    +---------------------------------+
    |  Red Hat Kernel                 | ----------------------------//
    +---------------------------------+
    
    The Linux Netfilter team has found a problem in the "IRC connection
    tracking" component of the firewall within the linux kernel. This problem
    affects Red Hat Linux versions 7.1 and 7.2.
    
     i386: Red Hats 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     kernel-2.4.9-31.i386.rpm 
     64705698f9f5eaf1e79185863382f941 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     kernel-source-2.4.9-31.i386.rpm 
     cba833ad4e2b45392e4de085ca0e920f 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     kernel-BOOT-2.4.9-31.i386.rpm 
     b239ceebf5b5c28a348cd960d3195f03 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     kernel-headers-2.4.9-31.i386.rpm 
     dae89931407ae5832e374e49d8347234 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     kernel-doc-2.4.9-31.i386.rpm 
     6883d71ffe17dff75514ac38228cd5f0 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1912.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 05:26:55 PST