[ISN] Linux Advisory Watch - March 8th 2002

From: InfoSec News (isnat_private)
Date: Sat Mar 09 2002 - 01:39:59 PST

  • Next message: InfoSec News: "[ISN] Classified discs found in alley no threat to security, says DND"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  March 8th, 2002                          Volume 3, Number 10a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for php, cfs, cvs, xsane, openssh,
    apache, ntop, squid, and radiud-cistron.  The vendors include Conectiva,
    Debian, EnGarde, FreeBSD, Red Hat, Slackware, SuSE, and Yellow Dog.
    
    Security and Simplicity - Are you looking for a solution that provides the
    applications necessary to easily create thousands of virtual Web sites,
    manage e-mail, DNS, firewalling database functions for an entire
    organization, and supports high-speed broadband connections all using a
    Web-based front-end? EnGarde Secure Professional provides those features
    and more!
    
    
      http://store.guardiandigital.com/html/eng/493-AA.shtml 
    
    FEATURE: Fingerprinting Web Server Attacks - In this article, zenomorph
    discusses multiple ways attackers attempt to exploit port 80 to gain
    control of a web server. Using this information, an administrator can
    learn to detect potential attacks and steps that are necessary to protect
    a server from them.
    
     
    http://www.linuxsecurity.com/feature_stories/fingerprinting-http.html
    
    
    FEATURE: Linux 802.11b and wireless (in)security - In this article,
    Michael talks about Linux and background on wireless security, utilities
    to interrogate wireless networks, and the top tips you should know to
    improve wireless security of your network.
    
      http://www.linuxsecurity.com/feature_stories/wireless-kismet.html 
    
      
    
    +---------------------------------+
    |   php                           | ----------------------------//
    +---------------------------------+
    
    Stefan Esser, who is also a member of the PHP team, found several flaws in
    the way PHP handles multipart/form-data POST requests (as described in
    RFC1867) known as POST fileuploads.  Each of the flaws could allow an
    attacker to execute arbitrary code on the victim's system. For PHP3 flaws
    contain a broken boundary check and an arbitrary heap overflow.  For PHP4
    they consist of a broken boundary check and a heap off by one error.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1925.html 
    
     Yellow Dog Linux Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1934.html 
    
     Slackware Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/slackware_advisory-1927.html
    
    
    
      
    +---------------------------------+
    |  cfs                            | ----------------------------//
    +---------------------------------+ 
    
    Zorgon found several buffer overflows in cfsd, a daemon that pushes
    encryption services into the Unix(tm) file system.  We are not yet sure if
    these overflows can successfully be exploited to gain root access to the
    machine running the CFS daemon.  However, since cfsd can easily be forced
    to die, a malicious user can easily perform a denial of service attack to
    it.
    
     Debian Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/main/
     binary-i386/cfs_1.3.3- 8.1_i386.deb 
     MD5 checksum: 33651b606e1fa0dc15c9d7256580df84 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1926.html
    
    
      
    
    +---------------------------------+
    |  cvs                            | ----------------------------//
    +---------------------------------+
    
    Kim Nielsen recently found an internal problem with the CVS server and
    reported it to the vuln-dev mailing list.  The problem is triggered by an
    improperly initialized global variable.  A user exploiting this can crash
    the CVS server, which may be accessed through the pserver service and
    running under a remote user id.  It is not yet clear if the remote account
    can be exposed, through.
    
     Debian Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/
     main/binary-i386/cvs_1.10.7-9_i386.deb 
     MD5 checksum: af8331fa78feee3029ebdde3e743adf5 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1931.html
    
    
      
    
    +---------------------------------+
    |  xsane                          | ----------------------------//
    +---------------------------------+
    
    Tim Waugh found several insecure uses of temporary files in the xsane
    program, which is used for scanning.  This was fixed for Debian/stable by
    moving those files into a securely created directory within the /tmp
    directory.
    
     Debian Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/
     main/binary-i386/xsane_0.50-5.1_i386.deb 
     MD5 checksum: 069983f5340d5524a78b4bd896c6edb5 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1933.html
    
    
      
    
    +---------------------------------+
    |   openssh                       | ----------------------------//
    +---------------------------------+
    
    An authorized remote user (i.e. a user that can successfully authenticate
    on the target system) may be able to cause sshd to execute arbitrary code
    with superuser privileges. A malicious server may be able to cause a
    connecting ssh client to execute arbitrary code with the privileges of the
    client user.
    
     PLEASE SEE ADVISORY FOR UPDATE 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-1938.html 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1937.html 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1940.html 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1939.html 
      
      
     
    
    +---------------------------------+
    |   apache                        | ----------------------------//
    +---------------------------------+
    
    A remote attacker could exploit this vulnerability and execute arbitrary
    commands on the server running apache with this module enabled. A probable
    way to explore this is via client certificate authentication, where the
    attacker would use a specially crafted certificate to overflow this
    buffer. Since this vulnerability happens only after the client certificate
    has been checked, this means that it would have to be signed by a CA
    accepted by the apache server.
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
     apache-1.3.22-1U70_3cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
     apache-devel-1.3.22- 1U70_3cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
     apache-doc-1.3.22-1U70_3cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1928.html
    
    
      
    
    +---------------------------------+
    |   ntop                          | ----------------------------//
    +---------------------------------+
    
    ntop is a UNIX tool that shows the network usage, similar to what the
    popular top UNIX command does on the system level. A format string
    vulnerability has been discovered on the programmatic level and is
    currently known to affect the UNIX version, however, the Windows port of
    the program remains untested. The vulnerability allows for remote
    arbitrary code execution.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     ntop Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1932.html
    
    
      
    
    +---------------------------------+
    |  squid                          | ----------------------------//
    +---------------------------------+
    
    "Squid is a high-performance proxy caching server.  Various security
    issues have been found in Squid up to and including version 2.4.STABLE2.  
    These were:  1. a memory leak in the SNMP code 2. a crash on
    specially-formatted data in FTP URL parsing 3. HTCP would still be active,
    even if it was disabled in the config file.
    
     Yellow Dog Linux: 
     ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/ 
     yellowdog-2.1/ppc/squid-2.4.STABLE3-1.7.0.ppc.rpm 
     6f8f7c0c790de090b1a33ad08834f489 
    
     YellowDog Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1935.html 
    
     SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
     squid-2.3.STABLE4-155.i386.rpm 
     4b1cff53fddcaf8930ec6738c6763a94 
    
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
     squid-beta-2.4.STABLE2-94.i386.rpm 
     4ca7f3594ec82b703c6c36c08fb46ecb 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1929.html
    
    
      
    
    +---------------------------------+
    |   radiusd-cistron               | ----------------------------//
    +---------------------------------+
    
    The radiusd-cistron package contains a server daemon for the Remote
    Authentication Dial-In User Server (RADIUS) client/server security
    protocol.  Various vulnerabilities have been found in Cistron RADIUS as
    well as other RADIUS servers and clients.
    
     Red Hat: i386: 
     ftp://updates.redhat.com/7.1/en/powertools/ 
     i386/radiusd-cistron-1.6.6-2.i386.rpm 
     b5c937f5e48d4d3484b64e20f8785b4a 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1930.html 
      
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/7.0/RPMS/ 
     radiusd-cistron-1.6.6-1U70_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1936.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Mar 09 2002 - 04:51:17 PST