+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 26th, 2002 Volume 3, Number 30a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for glibc, php, and bind. The vendors
include EnGarde and Red Hat. Although not many advisories were released
this week, it is important to ensure that your systems are up to date.
If you are unsure about the packages installed on your system(s), browse
the listing of advisories for each distribution that you use:
http://www.linuxsecurity.com/advisories/index.html
FEATURE: Assessing Internet Security Risk, Part Two: an Internet
Assessment Methodology
This article is the second in a series that is designed to help readers to
assess the risk that their Internet-connected systems are exposed to. In
the first installment, we established the reasons for doing a technical
risk assessment. In this installment, we'll start discussing the
methodology that we follow in performing this kind of assessment.
http://www.linuxsecurity.com/feature_stories/feature_story-114.html
>> Guardian Digital Combats Proprietary Software Licensing Deadline <<
Guardian Digital, Inc., the first full-service open source Internet server
security company, has announced a special incentive program designed to
provide companies with an alternative to Windows-based servers and
applications as the July 31st deadline for Microsoft's new licensing
program approaches.
Press Release:
http://www.guardiandigital.com/company/press/
EnGarde-Licensing-Promotion.pdf
Save Now:
http://store.guardiandigital.com/html/eng/493-AA.shtml
+---------------------------------+
| Package: bind | ----------------------------//
| Date: 07-24-2002 |
+---------------------------------+
Description:
There is a buffer overflow vulnerability in BIND4-derived resolver
libraries which may be triggered by a malicious DNS server sending
multiple CNAME records in a response. This may lead to arbitrary code
execution or a denial of service attack.
Vendor Alerts:
EnGarde: i386:
i386/bind-chroot-8.2.6-1.0.27.i386.rpm
MD5 Sum: 9e8a8d144d8e251dfa3d44b4281b1600
i386/bind-chroot-utils-8.2.6-1.0.27.i386.rpm
MD5 Sum: 8411aabd49c431c42307bfaebd836d88
i386/glibc-2.1.3-1.0.5.i386.rpm
MD5 Sum: 83b18d442d62c7d2586ce42e0659759e
EnGarde i686:
i686/bind-chroot-8.2.6-1.0.27.i686.rpm
MD5 Sum: dab84baddfc8c7b12c378019faacf802
i686/bind-chroot-utils-8.2.6-1.0.27.i686.rpm
MD5 Sum: ee355b60a8b0cf77bdabc243140cbd45
Packages:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2207.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 07-22-2002 |
+---------------------------------+
Description:
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via
DNS (as per Internet RFC 1011). Version 2.2.5 of glibc and earlier
versions are affected. A system would be vulnerable to this issue if
the "networks" database in /etc/nsswitch.conf includes the "dns"
entry.
Vendor Alerts:
Red Hat: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-2.2.5-37.i386.rpm
b3e14c27d1f337107662cffe8111ffb4
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-common-2.2.5-37.i386.rpm
318a0e614f31b4ea63ea122ffc9b0abc
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-debug-2.2.5-37.i386.rpm
c11c152ffb7b98e3ada86ef89b21060b
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-debug-static-2.2.5-37.i386.rpm
8f7403eb789e624a91a5728c752ffb7e
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-devel-2.2.5-37.i386.rpm
1364e6e500af53789f94a845d7201745
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-profile-2.2.5-37.i386.rpm
977f0364e31ef240375d5dc3abce27c9
ftp://updates.redhat.com/7.3/en/os/i386/
glibc-utils-2.2.5-37.i386.rpm
702c9e2f376d9d10829961b29d1e3fd3
ftp://updates.redhat.com/7.3/en/os/i386/
nscd-2.2.5-37.i386.rpm
aa3e2f88f60ca8e8566d45a8e8bf6218
i686:
ftp://updates.redhat.com/7.3/en/os/i686/
glibc-2.2.5-37.i686.rpm
854b21baba0b4b32963bc322fe59ffc
ftp://updates.redhat.com/7.3/en/os/i686/
glibc-debug-2.2.5-37.i686.rpm
0d488fae1d4248bbd1727c402143d5f6
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2208.html
+---------------------------------+
| Package: php | ----------------------------//
| Date: 07-22-2002 |
+---------------------------------+
Description:
A malformed POST request can trigger an error condition, that is not
correctly handled. Due to this bug it could happen that an
uninitialised struct gets appended to the linked list of mime
headers.
When the lists gets cleaned or destroyed PHP tries to free the pointers
that are expected in the struct. Because of the lack of initialisation
those pointers contain stuff that was left on the stack by previous
function calls.
On the IA32 architecture (aka. x86) it is not possible to control what
will end up in the uninitialised struct because of the stack layout. All
possible code paths leave illegal addresses within the struct and PHP will
crash when it tries to free them.
Unfortunately the situation is absolutely different if you look on a
solaris sparc installation. Here it is possible for an attacker to free
chunks of memory that are full under his control. This is most probably
the case for several more non IA32 architectures.
Vendor Alerts:
PHP Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2206.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 04:05:22 PDT