+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 9th, 2002 Volume 3, Number 32a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for openssl, bind/glibc, libpng,
openafs, kerberos 5, wwwofle, tinyproxy, dietlibc, kqueue, ffs, kfs,
sendmail, secureweb, and gaim. The vendors include Caldera, Conectiva,
Debian, EnGarde, FreeBSD, Mandrake, and Red Hat.
FEATURE: Best Practices guide for securing the Linux Workstation
There is no silver bullet in security; rather, due diligence and knowledge
are the best foundations for solid management of risk. The focus of this
document is distinctively on workstations: those located in a corporate
environment, those situated at the house, and the myriad of situations
that fall somewhere in-between.
http://www.linuxsecurity.com/feature_stories/feature_story-115.html
* Act Now! Deadline August 10th! *
Guardian Digital Combats Proprietary Software Licensing Deadline Guardian
Digital, Inc., the first full-service open source Internet server security
company, has announced a special incentive program designed to provide
companies with an alternative to Windows-based servers and applications as
the July 31st deadline for Microsoft's new licensing program approaches.
http://www.guardiandigital.com/company/press/
EnGarde-Licensing-Promotion.pdf
Save Now:
http://store.guardiandigital.com/html/eng/493-AA.shtml
Find technical and managerial positions available worldwide. Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 08-02-2002 |
+---------------------------------+
Description:
There are four remotely exploitable buffer overflows that affect various
OpenSSL client and server implementations. There are also encoding
problems in the ASN.1 library used by OpenSSL. Several of these
vulnerabilities could be used by a remote attacker to execute arbitrary
code on the target system. All could be used to create denial of service.
Vendor Alerts:
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2002-033.1/RPMS
openssl-0.9.6-19.i386.rpm
22df8bff398b736e1b38ba1aaa5bbaef
openssl-devel-0.9.6-19.i386.rpm
68c37446be713e85419f723b139cb64c
openssl-devel-static-0.9.6-19.i386.rpm
3d103c874131c41839326e8add1cc683
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2259.html
FreeBSD:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2246.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2260.html
Conectiva:
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2265.html
EnGarde:
i386/openssl-0.9.6-1.0.17.i386.rpm
MD5 Sum: 2be3d62740d8d95469470acb8ad868b3
i386/openssl-misc-0.9.6-1.0.17.i386.rpm
MD5 Sum: 0803e7486e837176ee791d4b26b78ffa
i386/openssl-devel-0.9.6-1.0.17.i386.rpm
MD5 Sum: 61f7354bd49c106f4171bb34da821ac5
i686/openssl-0.9.6-1.0.17.i686.rpm
MD5 Sum: 5500f9acea0513f8d00df85dd432d20e
i686/openssl-misc-0.9.6-1.0.17.i686.rpm
MD5 Sum: 33fb2323346f834a114265e527762f11
i686/openssl-devel-0.9.6-1.0.17.i686.rpm
MD5 Sum: deb6d48417fc34b8b5cabaca3f82a0cf
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2263.html
Red Hat i386:
ftp://updates.redhat.com/7.3/en/os/i386/
openssl095a-0.9.5a-18.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
openssl096-0.9.6-13.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
openssl-0.9.6b-28.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
openssl-devel-0.9.6b-28.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/
openssl-perl-0.9.6b-28.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2254.html
+---------------------------------+
| Package: bind/glibc | ----------------------------//
| Date: 08-02-2002 |
+---------------------------------+
Description:
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Operating systems and applications that utilize
vulnerable DNS resolver libraries may be affected. A remote attacker who
is able to send malicious DNS responses could potentially exploit this
vulnerability to execute arbitrary code or cause a denial of service on a
vulnerable system.
Vendor Alerts:
Caldera:
PLEASE SEE VENDOR ADVISORY UPDATES
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2256.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
In addition to the advisory DSA 140-1 the packages below fix another
potential buffer overflow. The PNG libraries implement a safety
margin which is also included in a newer upstream release. Thanks to
Glenn Randers-Pehrson for informing us.
Vendor Alerts:
Debian:
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libp/libpng3/
libpng-dev_1.2.1-1.1.woody.2_i386.deb
Size/MD5 checksum: 233094 f9889af54e78f47eebe1fa5a60ef33cb
http://security.debian.org/pool/updates/main/libp/libpng/
libpng2_1.0.12-3.woody.2_i386.deb
Size/MD5 checksum: 106636 c9369f9eb9ae747365cdccf40acc3c2d
http://security.debian.org/pool/updates/main/libp/libpng/
libpng2-dev_1.0.12-3.woody.2_i386.deb
Size/MD5 checksum: 227308 4c452324c7308dcd268128fbe4b6439f
http://security.debian.org/pool/updates/main/libp/libpng3/
libpng3_1.2.1-1.1.woody.2_i386.deb
Size/MD5 checksum: 109802 8694e5afdb6f0c0c9e13b9f24aac8f63
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2242.html
Caldera:
PLEASE SEE VENDOR ADVISORY UPDATES
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2256.html
+---------------------------------+
| Package: openafs | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
An integer overflow bug has been discovered in the RPC library used
by the OpenAFS database server, which is derived from the SunRPC
library. This bug could be exploited to crash certain OpenAFS servers
(volserver, vlserver, ptserver, buserver) or to obtain unauthorized
root access to a host running one of these processes. No exploits
are known to exist yet.
Vendor Alerts:
Debian:
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openafs/
libopenafs-dev_1.2.3final2-6_i386.deb
Size/MD5 checksum: 1026278 010b72ad1e6611536d8d7af69c37f931
http://security.debian.org/pool/updates/main/o/openafs/
openafs-client_1.2.3final2-6_i386.deb
Size/MD5 checksum: 1345484 fead4fb0df392ca7b092d4d53ff96c49
http://security.debian.org/pool/updates/main/o/openafs/
openafs-dbserver_1.2.3final2-6_i386.deb
Size/MD5 checksum: 365466 c13358838819b019afc6c3de20678d3e
http://security.debian.org/pool/updates/main/o/openafs/
openafs-fileserver_1.2.3final2-6_i386.deb
Size/MD5 checksum: 442334 426ab449fee8b0de03b310ba24e4100e
http://security.debian.org/pool/updates/main/o/openafs/
openafs-kpasswd_1.2.3final2-6_i386.deb
Size/MD5 checksum: 185150 58d88fcef9f9cbf6a54cdfb849dd7229
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2243.html
+---------------------------------+
| Package: Kerberos 5 | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
An integer overflow bug has been discovered in the RPC library used
by the Kerberos 5 administration system, which is derived from the
SunRPC library. This bug could be exploited to gain unauthorized
root access to a KDC host. It is believed that the attacker needs to
be able to authenticate to the kadmin daemon for this attack to be
successful. No exploits are known to exist yet.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2247.html
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2262.html
+---------------------------------+
| Package: wwwoffle | ----------------------------//
| Date: 08-06-2002 |
+---------------------------------+
Description:
A problem with wwwoffle has been discovered. The web proxy didn't
handle input data with negative Content-Length settings properly
which causes the processing child to crash. It is at this time not
obvious how this can lead to an exploitable vulnerability; however,
it's better to be safe than sorry, so here's an update.
Vendor Alerts:
Debian:
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/w/wwwoffle
/wwwoffle_2.5c-10.4_i386.deb
Size/MD5 checksum: 514316 9130724c8fe2d8af0f55acc1876c06a0
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2251.html
+---------------------------------+
| Package: tinyproxy | ----------------------------//
| Date: 08-07-2002 |
+---------------------------------+
Description:
The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug
in the handling of some invalid proxy requests. Under some
circumstances, an invalid request may result in a allocated memory
being freed twice. This can potentially result in the execution of
arbitrary code.
Vendor Alerts:
Debian:
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tinyproxy/
tinyproxy_1.4.3-2woody2_i386.deb
Size/MD5 checksum: 38758 591c6aa83eb191bd53f4f76caea330a4
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2261.html
+---------------------------------+
| Package: Dietlibc | ----------------------------//
| Date: 08-08-2002 |
+---------------------------------+
Description:
An integer overflow bug has been discovered in the RPC library used
by dietlibc, a libc optimized for small size, which is derived from
the SunRPC library. This bug could be exploited to gain unauthorized
root
access to software linking to this code. The packages below also fix
integer overflows in the calloc, fread and fwrite code. They are
also more strict regarding hostile DNS packets that could lead to a
vulnerability otherwise.
Vendor Alerts:
Debian:
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/d/
dietlibc/dietlibc-dev_0.12-2.2_i386.deb
Size/MD5 checksum: 230532 f671532aae3e1d70726ebd9109e7a1a4
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2264.html
Debian Vendor Advisory Update:
http://www.linuxsecurity.com/advisories/debian_advisory-2266.html
+---------------------------------+
| Package: kqueue | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
If a pipe was created with the pipe(2) system call, and one end of
the pipe was closed, registering an EVFILT_WRITE filter on the other
end would cause a kernel panic. A common scenario in which this could
occur is when a process uses a pipe to communicate with a child and
uses kqueue to monitor the pipe, and the child dies shortly after the
fork(2) call, before the parent has had time to register the filter.
Vendor Alerts:
FreeBSD:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2248.html
+---------------------------------+
| Package: ffs | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
A bug in the calculation of the maximum permitted FFS file size
allows users to create files that are larger than FreeBSD's virtual
memory system can handle. The integer overflows that result when such
files are accessed may map filesystem metadata into the user file,
permitting access to arbitrary filesystem blocks.
Vendor Alerts:
FreeBSD:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2249.html
+---------------------------------+
| Package: nfs | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
Certain Linux implementations of NFS produce zero-length RPC messages
in some cases. A FreeBSD system running an NFS server may lock up
when such clients connect. An attacker in a position to send RPC
messages to an affected FreeBSD system can construct a sequence of
malicious RPC messages that cause the target system to lock up.
Vendor Alerts:
FreeBSD:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2250.html
+---------------------------------+
| Package: sendmail | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
As publicized[1] by lumpy and reported in the sendmail website, a
local user can stop the mail service (in the sense of "freezing" some
operations) by holding an exclusive reading lock on some specific
sendmail files (using a system call like flock()). In order to do
that, the user must have permission to read the file. One example of
such a file is /var/log/sendmail.st, which is world readable by
default.
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2245.html
+---------------------------------+
| Package: secureweb | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
The MM library provides an abstraction layer which allows related
processes to easily share data. On systems where shared memory or
other inter-process communication mechanisms are not available, the
MM library will emulate them using temporary files. MM is used in
Red Hat Secure Web Server to provide shared memory pools to Apache
modules.
Vendor Alerts:
Red Hat:
i386:
ftp://updates.redhat.com/other_prod/secureweb/3.2/i386/
secureweb-3.2.8-1.i386.rpm.rhmask
313617c2625c6e3e585d15869b8cefa6
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2255.html
+---------------------------------+
| Package: gaim | ----------------------------//
| Date: 08-05-2002 |
+---------------------------------+
Description:
Gaim is an instant messaging client based on the published TOC
protocol from AOL. Versions of gaim prior to 0.58 contain a buffer
overflow in the Jabber plug-in module. Users of gaim should update to
these errata packages containing gaim 0.59 which is not vulnerable to
this issue.
Vendor Alerts:
Red Hat: i386:
ftp://updates.redhat.com/7.3/en/os/i386/gaim-0.59-0.7.3.i386.rpm
27d0b02251407982ee2b0c9affac5a93
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2253.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 02:56:53 PDT