[ISN] Linux Advisory Watch - July 19th 2002

From: InfoSec News (isnat_private)
Date: Mon Jul 22 2002 - 00:30:08 PDT

  • Next message: InfoSec News: "Re: [ISN] 'Hacker' security biz built on FBI snitches"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  July  19th, 2002                         Volume 3, Number 29a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week. It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were relased for tcpdump, ktrace, bind, squid,
    modssl, openssh, and libpng.  The vendors include Caldera, Conectiva,
    FreeBSD, Mandrake, Red Hat, and Trustix.
    
     NEW HTML VERSION OF NEWSLETTER AVAILABLE:
     http://www.linuxsecurity.com/vuln-newsletter.html
    
    
    - Guardian Digital Combats Proprietary Software Licensing Deadline -
    
    Guardian Digital, Inc., the first full-service open source Internet server
    security company, has announced a special incentive program designed to
    provide companies with an alternative to Windows-based servers and
    applications as the July 31st deadline for Microsoft's new licensing
    program approaches.
    
     Press Release:
     http://www.guardiandigital.com/company/press/
     EnGarde-Licensing-Promotion.pdf
    
     Save Now:
     http://store.guardiandigital.com/html/eng/493-AA.shtml
     
    
    Threat Becomes Vulnerability Becomes Exploit - The recent situation
    regarding the Apache Chunk Encoding Vulnerability has caused plenty of
    controversy in the security industry. It initially began with the
    community dislike of the release of information.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-113.html 
     
    +---------------------------------+
    |  Package: tcpdump               | ----------------------------//
    |  Date: 07-12-2002               |
    +---------------------------------+
    
    Description: 
    
    It is not currently known whether this buffer overflow is exploitable. If
    it were, an attacker could inject specially crafted packets into the
    network which, when processed by tcpdump, could lead to arbitrary code
    execution with the privileges of the user running tcpdump (typically
    `root').
    
    Vendor Alerts: 
      FreeBSD Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2195.html 
    
    
      
    +---------------------------------+
    |  Package: ktrace                | ----------------------------//
    |  Date: 07-12-2002               |
    +---------------------------------+
    
    Description:
    In theory, local users on systems where ktrace is enabled through the
    KTRACE kernel option might obtain sensitive information, such as password
    files or authentication keys. No specific utility is currently known to be
    vulnerable to this particular problem.
    
    Vendor Alerts: 
      FreeBSD Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2196.html 
    
    
      
    +---------------------------------+
    |  Package: bind                  | ----------------------------//
    |  Date: 07-15-2002               |
    +---------------------------------+
    
    Description: 
    "A buffer overflow vulnerability exists in multiple implementations of DNS
    resolver libraries. Operating systems and applications that utilize
    vulnerable DNS resolver libraries may be affected. A remote attacker who
    is able to send malicious DNS responses could potentially exploit this
    vulnerability to execute arbitrary code or cause a denial of service on a
    vulnerable system."
    
    Vendor Alerts: 
      Trustix: 
      http://www.trustix.net/pub/Trustix/updates/ 
    
      ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm  
      d00de9cc58d179d1aea5a2a76f1f3369 
    
      ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm  
      646eabafe4c77ed3b60ebb1d2e3e0292  
    
      ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm 
      25ab9b38033cdff4b4236340dd9dbb8e  
    
      Trustix Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/other_advisory-2197.html 
     
    
      Mandrake 7.2: 
      http://www.mandrakesecure.net/en/ftp.php  
    
      7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm 
      85334842b02275f9ebea86821a9f4300  
      7.2/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm 
      47e4c8afba3147f8035d8579d98764a1  
    
      7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm  
      9f0803a609e9a734182850f966085ba3  
    
      Mandrake Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2200.html
    
    
      
    +---------------------------------+
    |  Package: squid                 | ----------------------------//
    |  Date: 07-15-2002               |
    +---------------------------------+
    
    Description: 
    Numerous security problems were fixed in squid-2.4.STABLE7.  This releases
    has several bugfixes to the Gopher client to correct some security issues.  
    Security fixes to how squid parses FTP directory listings into HTML have
    been implemented.  A security fix to how squid forwards proxy
    authentication credentials has been applied, as well as the MSNT auth
    helper has been updated to fix buffer overflows in the helper. Finally,
    FTP data channels are now sanity checked to match the address of the
    requested FTP server, which prevents injection of data or theft.
    
    Vendor Alerts: 
      Mandrake Linux 8.2: 
      http://www.mandrakesecure.net/en/ftp.php  
    
      8.2/RPMS/squid-2.4.STABLE7-1.1mdk.i586.rpm 
      56c4827d13017f984833825912ebe937  
    
      Mandrake Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2204.html
    
      Trustix: 
      http://www.trustix.net/pub/Trustix/updates/ 
      ./1.5/RPMS/squid-2.4.STABLE7-1tr.i586.rpm 
      a0c9828ccb33c5a41b39a21174eaa02b  
    
      Trustix Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/other_advisory-2198.html
     
    
      
      
    +---------------------------------+
    |  Package: modssl                | ----------------------------//
    |  Date: 07-16-2002               |
    +---------------------------------+
    
    Description: 
    The mod_ssl module provides strong cryptography for the Apache Web server
    via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
    protocols.  Versions of mod_ssl prior to 2.8.10 are subject to a single
    NULL overflow that can cause arbitrary code execution.
    
    In order to exploit this vulnerability, the Apache Web server has to be
    configured to allow overriding of configuration settings on a
    per-directory basis, and untrusted local users must be able to modify a
    directory in which the server is configured to allow overriding.  The
    local attacker maythen become the user that Apache is running as (usually
    'www' or 'nobody').
     
    Vendor Alerts: 
      Red Hat Linux 7.3: i386:  
      ftp://updates.redhat.com/7.3/en/os/i386/
      mod_ssl-2.8.7-6.i386.rpm 
      8c9e4f55866bd16df07bc945766bc680 
    
      Red Hat Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/redhat_advisory-2201.html
    
      Caldera: 
      PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
      Caldera Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/caldera_advisory-2202.html 
    
    
      
    +---------------------------------+
    |  Package: openssh               | ----------------------------//
    |  Date: 07-15-2002               |
    +---------------------------------+
    
    Description: 
    An remote attacker using an SSH client modified to send carefully crafted
    SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain superuser
    privileges on the server.
    
    Vendor Alerts: 
      FreeBSD Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2199.html 
    
    
      
    +---------------------------------+
    |  Package: libpng                | ----------------------------//
    |  Date: 07-17-2002               |
    +---------------------------------+
    
    Description: 
    The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow
    vulnerability[1] in some functions related to progressive image loading.
    Programs such as mozilla and various others use these functions. An
    attacker could exploit this to remotely run arbitrary code or crash an
    application by using a specially crafted png image.
    
    
    Vendor Alerts: 
      Conectiva: 
      ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
      libpng-1.0.14-1U8_1cl.i386.rpm 
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
      libpng3-1.2.4-1U8_1cl.i386.rpm 
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
      libpng-devel-1.2.4-1U8_1cl.i386.rpm 
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
      libpng-devel-static-1.2.4-1U8_1cl.i386.rpm 
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
      libpng-doc-1.2.4-1U8_1cl.i386.rpm 
    
      Conectiva Vendor Advisory: 
      http://www.linuxsecurity.com/advisories/other_advisory-2203.html
     
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 03:35:16 PDT