[ISN] Linux Advisory Watch - May 3rd 2002

From: InfoSec News (isnat_private)
Date: Sat May 04 2002 - 04:20:17 PDT

  • Next message: InfoSec News: "[ISN] Gartner: Attacks exploit user security indifference"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  May 3rd, 2002                            Volume 3, Number 18a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    
    This week, advisories were released for fileutils, imlib, sudo, webalizer,
    openssh, squid, docbook, modpython, nautilis, and radiusd-cistron.  The
    vendors include Caldera, Conectiva, EnGarde, Red Hat, SuSE, and Trustix.
    
    * FREE Apache SSL Guide from Thawte *
    
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     --> http://www.gothawte.com/rd248.html 
    
      
    ** Build Complete Internet Presence Quickly and Securely! **
    
    EnGarde Secure Linux has everything necessary to create thousands of
    virtual Web sites, manage e-mail, DNS, firewalling, and database functions
    for an entire organization, all using a secure Web-based front-end.
    Engineered to be secure and easy to use! Don't jeopardize your
    organization with an off-the shelf Linux!
    
      --> http://www.guardiandigital.com/promo/ls150402.html 
    
    
    
    +---------------------------------+
    |  fileutils                      | ----------------------------//
    +---------------------------------+  
    
    A race condition in various utilities from the GNU fileutils package may
    cause a root user to delete the whole filesystem.
    
     Caldera: 
     ftp://ftp.caldera.com/pub/updates/OpenLinux/ 
     3.1.1/Server/current/RPMS 
    
     fileutils-4.1-4.i386.rpm 
     f10c905587b4221fc794cefaf262e9ee 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-2045.html
    
    
      
    
    +---------------------------------+
    |  imlib                          | ----------------------------//
    +---------------------------------+  
    
    Imlib versions prior to 1.9.13 would fall back to loading images via the
    NetPBM package. NetPBM has various problems itself that make it unsuitable
    for loading untrusted images. This may allow attackers to construct images
    that, when loaded by a viewer using Imlib, could cause crashes or
    potentially, the execution of arbitrary code.
    
     Caldera: 
     ftp://ftp.caldera.com/pub/updates/OpenLinux/ 
     3.1.1/Server/current/RPMS 
     imlib-1.9.14-1.i386.rpm 
     56ed4f4cdf53abc39ba462021496314b 
    
     imlib-devel-1.9.14-1.i386.rpm 
     743951ea75a12121f6696a57a6a4d091 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-2047.html
    
    
      
    
    +---------------------------------+
    |   sudo                          | ----------------------------//
    +---------------------------------+  
    
    Global InterSec published[3] an advisory about a memory heap corruption
    vulnerability[2] in sudo. This vulnerability could possibly be used by
    local attackers to obtain root privileges. Sudo allows users to specify
    the password prompt they receive. This prompt can contain macros (such as
    %h) that will be expanded by sudo. Sudo can be tricked into allocating the
    wrong ammount of memory for this prompt.
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
     sudo-1.6.6-1U8_1cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
     sudo-doc-1.6.6-1U8_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2037.html 
      
    
     EnGarde: 
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
     i386/sudo-1.6.4-1.0.7.i386.rpm 
     MD5 Sum: 0ecafa8dd05315772afa7e77f7089d69 
    
     i686/sudo-1.6.4-1.0.7.i686.rpm 
     MD5 Sum: a267c880a9e0093e4e13d140898756cc 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2040.html 
      
    
     Trustix: 
     ftp://ftp.trustix.net/pub/Trustix/updates/ 
     /1.5/RPMS/sudo-1.6.6-1tr.i586.rpm 
     0bb2e55703b06a958ff2016c8f639636 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2042.html 
      
    
     Slackware 8.0: 
     ftp://ftp.slackware.com/pub/slackware/slackware-8.0/ 
     patches/packages/sudo.tgz 
     d0598233fefeb9d37450eec10a087e07 
    
     Slackware Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/slackware_advisory-2036.html
    
    
     SuSE-8.0: 
     ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/ 
     sudo-1.6.5p2-79.i386.rpm 
     b54f68ff4b32f9d920f2f1ff887d1ddc 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-2046.html
    
      
      
    
    +---------------------------------+
    |  webalizer                      | ----------------------------//
    +---------------------------------+  
    
    Spybreak reported[2] a buffer overflow vulnerability[3] in the DNS
    resolver code. This flaw could possibly be exploited by a remote attacker
    in control of a DNS server which would be queried by the webalizer
    program. Webalizer in Conectiva Linux is not executed by default, it is
    necessary for the user to configure and enable a cron job for it to run.
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     webalizer-2.01.10-4U70_1cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     webalizer-doc-2.01.10-4U70_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2038.html
    
    
      
      
    +---------------------------------+
    |   openssh                       | ----------------------------//
    +---------------------------------+  
    
    Buffer overflow in OpenSSH's sshd if AFS has been configured on the system
    or if KerberosTgtPassing or AFSTokenPassing has been enabled in the
    sshd_config file.  Ticket and token passing is not enabled by default.
    
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     OpenSSH Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2039.html 
      
    
     Trustix: 
     http://www.trustix.net/errata/trustix-1.5/ 
     /1.5/RPMS/openssh-server-3.1.0p1-3tr.i586.rpm 
     f00b0fa1bf6f52826cf8623893501781 
    
     /1.5/RPMS/openssh-clients-3.1.0p1-3tr.i586.rpm 
     20a431fd990edfb51f62cf80c7298d82 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2043.html
    
    
      
    
    +---------------------------------+
    |   squid                         | ----------------------------//
    +---------------------------------+  
    
    A security issue was recently found and fixed by the squid team. The bug
    exists in the Squid-2.X releases up to and including 2.4.STABLE4. Error
    and boundary conditions were not checked when handling compressed DNS
    answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS
    server could craft a DNS reply that causes Squid to exit with a SIGSEGV.
    
     Trustix: 
     ftp://ftp.trustix.net/pub/Trustix/updates/ 
     /1.5/RPMS/squid-2.4.STABLE6-1tr.i586.rpm 
     69369be4888324c1b2e2eeb38018f97e 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2041.html
    
    
      
    
    +---------------------------------+
    |   docbook                       | ----------------------------//
    +---------------------------------+  
    
    The default stylesheet used when converting a DocBook document to multiple
    HTML files allows an untrusted document to write files outside of the
    current directory. This is because element identifiers (specified in the
    document) are used to form the names of the output files.
    
     Red Hat Linux 7.2: 
     noarch: 
     ftp://updates.redhat.com/7.2/en/os/noarch/ 
     docbook-utils-0.6.9-2.1.noarch.rpm 
     e6b43a27e4712ee6a91871605092acab 
    
     ftp://updates.redhat.com/7.2/en/os/noarch/ 
     docbook-utils-pdf-0.6.9-2.1.noarch.rpm 
     a45e3dddc9f3269c3db77bd153697df3 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-2048.html
    
    
    
    +---------------------------------+
    |  modpython                      | ----------------------------//
    +---------------------------------+  
    
    Updated mod_python packages have been made available for Red Hat Linux
    7.2. These updates close a security issue in mod_python which allows the
    publisher handler to use modules which have only been indirectly imported.
    
     Red Hat 7.2 i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     mod_python-2.7.8-1.i386.rpm 
     9b9e4a43002cd22f9a8df7fd9784e925 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-2049.html
    
    
      
    +---------------------------------+
    |   Nautilus                      | ----------------------------//
    +---------------------------------+  
    
    The Nautilus file manager (used by default in the GNOME desktop
    environment) writes metadata files containing information about files and
    directories that have been visited in the file manager. The metadata file
    code in Red Hat Linux 7.2 can be tricked into chasing a symlink and
    overwriting the symlink target.
    
     Red Hat: i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     nautilus-1.0.4-46.i386.rpm 
     f91c1cb8fb30034c8ea8aefa184c5589 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     nautilus-devel-1.0.4-46.i386.rpm 
     af4c6accb8c0e4ec60921e0938ad925d 
    
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     nautilus-mozilla-1.0.4-46.i386.rpm 
     84ffe4f70577e6d235086a8a7cd86a4d 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-2050.html
    
    
    
    +---------------------------------+
    |  radiusd-cistron                | ----------------------------//
    +---------------------------------+  
    
    ZARAZA reported security releated bugs in various radius server and client
    software. The list of vulnerable servers includes the cistron radius
    package. Within the cistron package, a buffer overflow in the digest
    calculation function and miscalculations of attribute lengths have been
    fixed which could allow remote attackers to execute arbitrary commands on
    the system running the radius server.
    
     SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/ 
     radiusd-cistron-1.6.4-168.i386.rpm 
     8215e7113e8937844ab5d2deba8bbb13 
     
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-2044.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat May 04 2002 - 07:28:19 PDT