+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| June 7th, 2002 Volume 3, Number 23a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for tcpdump, uucp, ethereal, dhcp,
bind, mailman, Conectiva's kernel, imap, nss_ldap, ghostscript, and xchat.
The vendors include Caldera, Conecitva, Debian, EnGarde, Mandrake, Red
Hat, SuSE, Trustix, and Yellow Dog.
FEATURE: Flying Pigs: Snorting Next Generation Secure Remote Log Servers
over TCP:
A Comprehensive Guide to Building Encrypted, Secure Remote Syslog-ng
Servers with the Snort Intrusion Detection System.
http://www.linuxsecurity.com/feature_stories/snortlog-part1.html
** Build Complete Internet Presence Quickly and Securely! **
EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use!
--> http://www.guardiandigital.com/promo/ls230502.html
+---------------------------------+
| tcpdump | ----------------------------//
+---------------------------------+
The tcpdump program is vulnerable to several buffer overflows, the most
serious of which are problems with the decoding of AFS RPC packets and the
handling of malformed NFS packets. These may allow a remote attacker to
cause arbitrary instructions to be executed with the privileges of the
tcpdump process (usually root).
Caldera OpenLinux 3.1.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/current/RPMS/
tcpdump-3.6.2-2.i386.rpm
86ebdc7304a9474350d6347de67cd801
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2114.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
tcpdump-3.6.2-3U8_2cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2113.html
Trustix:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2116.html
Yellow Dog:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2123.html
+---------------------------------+
| uucp | ----------------------------//
+---------------------------------+
We have received reports that in.uucpd, an authentication agent in the
uucp package, does not properly terminate certain long input strings. This
has been corrected in uucp package version 1.06.1-11potato3 for Debian 2.2
(potato) and in version 1.06.1-18 for the upcoming (woody) release.
Debian: Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
uucp_1.06.1-11potato3_i386.deb
MD5 checksum: 26f22db0eeed4cabad46861112d94d47
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2104.html
+---------------------------------+
| ethereal | ----------------------------//
+---------------------------------+
Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in
the ASN.1 parser. This can be triggered when analyzing traffic using the
SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability
was announced in the ethereal security advisory.
Debian: Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
ethereal_0.8.0-3potato_i386.deb
MD5 checksum: cf6925bce3de49332f93105ac801be31
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2105.html
Yellow Dog Linux:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2127.html
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
ethereal-0.9.4-0.7.3.0.i386.rpm
52a3074dea1e4e9563558e523a659bc5
ftp://updates.redhat.com/7.3/en/os/i386/
ethereal-gnome-0.9.4-0.7.3.0.i386.rpm
1650416f14b9f6a7cb15aa2f38f20bf4
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2119.html
+---------------------------------+
| dhcp | ----------------------------//
+---------------------------------+
Fermin J. Serna discovered a problem in the dhcp server and client package
from versions 3.0 to 3.0.1rc8, which are affected by a format string
vulnerability that can be exploited remotely. By default, these versions
of DHCP are compiled with the dns update feature enabled, which allows
DHCP to update DNS records. The code that logs this update has an
exploitable format string vulnerability; the update message can contain
data provided by the attacker, such as a hostname.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2110.html
+---------------------------------+
| bind | ----------------------------//
+---------------------------------+
A vulnerability was discovered in the BIND9 DNS server in versions prior
to 9.2.1. An error condition will trigger the shutdown of the server when
the rdataset parameter to the dns_message_findtype() function in message.c
is not NULL as expected. This condition causes the server to assert an
error message and shutdown the BIND server. The error condition can be
remotely exploited by a special DNS packet.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2112.html
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2126.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2109.html
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2115.html
+---------------------------------+
| mailman | ----------------------------//
+---------------------------------+
Barry A. Warsaw announced[2] a new version of mailman that fixes two cross
site scripting vulnerabilities. According to this announcement, "office"
reported such a vulnerability in the login page, and Tristan Roddis
reported one in the Pipermail index summaries.
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
mailman-2.0.11-1U8_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2111.html
+---------------------------------+
| Conectiva kernel | ----------------------------//
+---------------------------------+
It is recommended that all users upgrade the kernel.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2117.html
+---------------------------------+
| imap | ----------------------------//
+---------------------------------+
There is a buffer overflow vulnerability in imap which can allow a remote,
authenticated user to execute commands as the user under which imapd is
running.
EnGarde:
i386/imap-2000c-1.0.23.i386.rpm
MD5 Sum: abb2189c4168ef80dc7a1884af3bac05
i386/imap-2000c-1.0.23.i686.rpm
MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2120.html
Yellow Dog Linux:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2121.html
+---------------------------------+
| nss_ldap | ----------------------------//
+---------------------------------+
The pam_ldap module provides authentication for user access to a system by
consulting a directory using LDAP. Versions of pam_ldap prior to version
144 include a format string bug in the logging function. The packages
included in this erratum update pam_ldap to version 144, fixing this bug.
Yellow Dog Linux:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/
updates/yellowdog-2.2/ppc/
ppc/authconfig-4.1.19.2-1.ppc.rpm
bcc6a0ebe130c633592ee0dcd4c356df
ppc/nss_ldap-189-2.ppc.rpm
79268cb16005e49a206e4bea975ba890
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2122.html
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
nss_ldap-189-2.i386.rpm
d2b2402e6c59f886556872d6b2bc2f16
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2106.html
+---------------------------------+
| ghostscript | ----------------------------//
+---------------------------------+
"Ghostscript is a program for displaying PostScript files or printing them
to non-PostScript printers. An untrusted PostScript file can cause
ghostscript to execute arbitrary commands due to insufficient checking.
Since ghostscript is often used during the course of printing a document
(and is run as user 'lp'), all users should install these fixed packages.
Yellow Dog Linux:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/
updates/yellowdog-2.2/ppc/
ppc/printconf-0.3.61-4.1.ppc.rpm
ddc5d90a8b44b383ae7f25493823eee6
ppc/printconf-gui-0.3.61-4.1.ppc.rpm
984c9d6813af85e8b124e0f9f709ec4f
ppc/ghostscript-6.51-16.2a.ppc.rpm
ba63816e522739225663943ef901705b
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2124.html
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
ghostscript-6.52-9.4.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2108.html
+---------------------------------+
| xchat | ----------------------------//
+---------------------------------+
Versions of XChat prior to 1.8.9 do not filter the response from an IRC
server when a /dns query is executed. Because XChat resolves hostnames by
passing the configured resolver and hostname to a shell, an IRC server may
return a maliciously formatted response that executes arbitrary commands
with the privileges of the user running XChat.
Yellow Dog Linux:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/
updates/yellowdog-2.2/ppc/
ppc/xchat-1.8.9-2a.ppc.rpm
d3d8742b3eb43b9a39f0c439b1f7b560
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2125.html
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
xchat-1.8.9-1.73.0.i386.rpm
bc85e6662044a386ce35b472635444fa
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2107.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 06:33:37 PDT