[ISN] Linux Advisory Watch - May 17th 2002

From: InfoSec News (isnat_private)
Date: Mon May 20 2002 - 03:23:06 PDT
Next message: InfoSec News: "[ISN] 13,000 Credit Reports Stolen by Hackers"
Previous message: InfoSec News: "[ISN] Are you the Klez monster?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  May 17th, 2002                           Volume 3, Number 20a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               daveat_private     benat_private
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for icecast, shareutils, fileutils,
imapd, shadow/pam modules, lukemftp, openssh, tcpdump, and mpg123.  The
Vendors include Caldera, Mandrake, Red Hat, and SuSE.

* SECURE YOUR APACHE SERVERS WITH 128-BIT SSL ENCRYPTION *
Guarantee transmitted data integrity, secure all communication
sessions and more with SSL encryption from Thawte- a leading global
certificate provider for the Open Source community. Learn more in our
FREE GUIDE--click here to get it now: 

    http://www.gothawte.com/rd250.html 

FTP Attack Case Study Part I: The Analysis 
This article presents a case study of a company network server compromise.
The attack and other intruder's actions are analyzed. Computer forensics
investigation is undertaken and results are presented. The article
provides an opportunity to follow the trail of incident response for the
real case.
 
http://www.linuxsecurity.com/feature_stories/ftp-analysis-part1.html 
 
 
+---------------------------------+
|  icecast                        | ----------------------------//
+---------------------------------+  

Buffer overflows in the icecast server allow remote attackers to execute
arbitrary code via a long HTTP GET request, as well as allowing denial of
service attacks.

 Caldera:  
 ftp://ftp.caldera.com/pub/updates/OpenLinux/
 3.1.1/Server/current/RPMS 
 icecast-1.3.12-1.i386.rpm 
 83407efa0c40a9ceac02606ae37237f2 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2067.html


+---------------------------------+
|  shareutils                     | ----------------------------//
+---------------------------------+  

The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format. The uudecode utility would
create an output file without checking to see if t was about to write to a
symlink or a pipe.  If a user uses uudecode to extract data into open
shared directories, such as /tmp, this vulnerability could be used by a
local attacker to overwrite files or lead to privilege escalation.

 Red Hat i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/
 sharutils-4.2.1-8.7.x.i386.rpm 
 38d89d89bb513d216b1a2a954be6d07b 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2069.html



+---------------------------------+
|  fileutils                      | ----------------------------//
+---------------------------------+  

A race condition in various utilities from the GNU fileutils package may
cause a root user to delete the whole filesystem. This updates resolves a
problem in the original fix that would cause an attempt to recursively
remove a directory with trailing slashes to memory fault.

 Caldera: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
 Server/current/RPMS/fileutils-4.1-5.i386.rpm 
 d01d42d41800d0b9c1d02c4fec07a79d 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2070.html 
  

 Mandrake Linux 8.1: 
 http://www.mandrakesecure.net/en/ftp.php 
 8.1/RPMS/fileutils-4.1-4.1mdk.i586.rpm 
 593e200c8b2f2c83e7a6bb90a54cd853 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2075.html

  
  
+---------------------------------+
|  imapd                          | ----------------------------//
+---------------------------------+  

A malicious user may construct a malformed request that will cause a
buffer overflow, allowing the user to run code on the server with the uid
and gid of the e-mail owner.

 Caldera: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
 Server/current/RPMS/imap-2000-14.i386.rpm 
 3d4c39ed407a122f963f9f508f908c92 
 imap-devel-2000-14.i386.rpm 
 5c49edd5001471188ed6da5a20413f42 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2071.html



+---------------------------------+
|  shadow/pam modules             | ----------------------------//
+---------------------------------+  

The shadow package contains several useful programs to maintain the
entries in the /etc/passwd and /etc/shadow files.The SuSE Security Team
discovered a vulnerability that allows local attackers to destroy the
contents of these files or to extend the group privileges of certain
users. This is possible by setting evil filesize limits before invoking
one of the programs modifying the system files. Depening on the
permissions of the system binaries this allows a local attacker to gain
root privileges in the worst case. This however is not possible in a
default installation.

 SuSE i386 Intel Platform: 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/
 shadow-4.0.2-88.i386.rpm 
 a4e0d03ecf7707eb7ca1f0422cae89f1 

 ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/
 pam-modules-2002.3.9- 31.i386.rpm 
 70322584f014ac3e2dc2dad0beecdefb 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2072.html



+---------------------------------+
|  lukemftp                       | ----------------------------//
+---------------------------------+  

A buffer overflow could be triggered by an malicious ftp server while the
client parses the PASV ftp command. An attacker who control an ftp server
to which a client using lukemftp is connected can gain remote access to
the clients machine with the privileges of the user running lukeftp.

 SuSE i386 Intel Platform: 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/
 lukemftp-1.5-249.i386.rpm 
 0ae28f7ca49157bfa5783626d3e82cef 
 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2073.html



+---------------------------------+
|   openssh                       | ----------------------------//
+---------------------------------+  

A buffer overflow exists in OpenSSH if KerberosTgtPassing or
AFSTokenPassing has been enabled in the sshd_config file. A malicious
user, possibly remote, could use this vulnerability to gain privileged
access to the system.

 Caldera: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/
 3.1.1/Server/current/RPMS/openssh-2.9p2-6.i386.rpm 
 f9a494af5e0e6a8eec419f8f94087f7e 

 openssh-askpass-2.9p2-6.i386.rpm 
 b9fcc6352bc4c65f63cda1b0caa2b89c 

 openssh-server-2.9p2-6.i386.rpm 
 ff4a5bc7e7b1d4fd3f79c647d11d9162 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2074.html



+---------------------------------+
|   tcpdump                       | ----------------------------//
+---------------------------------+  

Several buffer overflows were found in the tcpdump package by FreeBSD
developers during a code audit, in versions prior to 3.5.  However, newer
versions of tcpdump, including 3.6.2, are also vulnerable to another
buffer overflow in the AFS RPC decoding functions, which was discovered by
Nick Cleaton.  These vulnerabilities could be used by a remote attacker to
crash the the tcpdump process or possibly even be exploited to execute
arbitrary code as the user running tcpdump, which is usually root.

 Mandrake Linux 8.2: 
 http://www.mandrakesecure.net/en/ftp.php 
 8.2/RPMS/tcpdump-3.6.2-2.1mdk.i586.rpm 
 8c36a78c9a086c2d582d70d431533650 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2076.html



+---------------------------------+
|  mpg123                         | ----------------------------//
+---------------------------------+  

It is possible for mpg321 before version 0.2.9 to segfault if given
certain specifically crafted data. In the case of network streaming, this
data would be remotely supplied, which could lead to remote code
execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0272 to this issue. It is
recommended that users of mpg321 upgrade to these errata packages
containing mpg321 version 0.2.10, which is not vulnerable to this issue.

 Red Hat i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/
 mpg321-0.2.9-2.5.i386.rpm 
 303336e4e07e4df3e4d5eaec1411471a 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 libmad-0.14.2b-3.i386.rpm 
 77ea28f34a20a0aa98287bc018240bab 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2077.html



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
Next message: InfoSec News: "[ISN] 13,000 Credit Reports Stolen by Hackers"
Previous message: InfoSec News: "[ISN] Are you the Klez monster?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 06:10:01 PDT