[ISN] Linux Advisory Watch - August 9th 2002

From: InfoSec News (isnat_private)
Date: Mon Aug 12 2002 - 00:26:04 PDT

  • Next message: InfoSec News: "[ISN] No Security"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  August 9th, 2002                         Volume 3, Number 32a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week. It
    includes pointers to updated packages and descriptions of each
    vulnerability.
     
    This week, advisories were released for openssl, bind/glibc, libpng,
    openafs, kerberos 5, wwwofle, tinyproxy, dietlibc, kqueue, ffs, kfs,
    sendmail, secureweb, and gaim. The vendors include Caldera, Conectiva,
    Debian, EnGarde, FreeBSD, Mandrake, and Red Hat.
    
    FEATURE: Best Practices guide for securing the Linux Workstation 
    There is no silver bullet in security; rather, due diligence and knowledge
    are the best foundations for solid management of risk. The focus of this
    document is distinctively on workstations: those located in a corporate
    environment, those situated at the house, and the myriad of situations
    that fall somewhere in-between.
    
      http://www.linuxsecurity.com/feature_stories/feature_story-115.html
    
    
    * Act Now!  Deadline August 10th! *
    Guardian Digital Combats Proprietary Software Licensing Deadline Guardian
    Digital, Inc., the first full-service open source Internet server security
    company, has announced a special incentive program designed to provide
    companies with an alternative to Windows-based servers and applications as
    the July 31st deadline for Microsoft's new licensing program approaches.
    
     http://www.guardiandigital.com/company/press/
     EnGarde-Licensing-Promotion.pdf
    
     Save Now:
     http://store.guardiandigital.com/html/eng/493-AA.shtml
    
     
    Find technical and managerial positions available worldwide.  Visit the
    LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
     
    +---------------------------------+
    |  Package: openssl               | ----------------------------//
    |  Date: 08-02-2002               |
    +---------------------------------+
    
    Description: 
    There are four remotely exploitable buffer overflows that affect various
    OpenSSL client and server implementations. There are also encoding
    problems in the ASN.1 library used by OpenSSL. Several of these
    vulnerabilities could be used by a remote attacker to execute arbitrary
    code on the target system. All could be used to create denial of service.
    
    Vendor Alerts: 
     Caldera: 
    
     ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
     Server/CSSA-2002-033.1/RPMS  
     openssl-0.9.6-19.i386.rpm  
     22df8bff398b736e1b38ba1aaa5bbaef   
     
     openssl-devel-0.9.6-19.i386.rpm  
     68c37446be713e85419f723b139cb64c  
    
     openssl-devel-static-0.9.6-19.i386.rpm  
     3d103c874131c41839326e8add1cc683  
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-2259.html 
     
    
    FreeBSD: 
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-2246.html
    
     Mandrake: 
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-2260.html
    
    
    Conectiva: 
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2265.html 
     
    EnGarde: 
     i386/openssl-0.9.6-1.0.17.i386.rpm 
     MD5 Sum: 2be3d62740d8d95469470acb8ad868b3 
     i386/openssl-misc-0.9.6-1.0.17.i386.rpm 
     MD5 Sum: 0803e7486e837176ee791d4b26b78ffa 
    
     i386/openssl-devel-0.9.6-1.0.17.i386.rpm 
     MD5 Sum: 61f7354bd49c106f4171bb34da821ac5 
    
     i686/openssl-0.9.6-1.0.17.i686.rpm 
     MD5 Sum: 5500f9acea0513f8d00df85dd432d20e 
    
     i686/openssl-misc-0.9.6-1.0.17.i686.rpm 
     MD5 Sum: 33fb2323346f834a114265e527762f11 
    
     i686/openssl-devel-0.9.6-1.0.17.i686.rpm 
     MD5 Sum: deb6d48417fc34b8b5cabaca3f82a0cf 
    
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/  
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2263.html 
     
    
    Red Hat i386:  
    
     ftp://updates.redhat.com/7.3/en/os/i386/ 
     openssl095a-0.9.5a-18.i386.rpm  
    
     ftp://updates.redhat.com/7.3/en/os/i386/ 
     openssl096-0.9.6-13.i386.rpm  
    
     ftp://updates.redhat.com/7.3/en/os/i386/ 
     openssl-0.9.6b-28.i386.rpm  
    
     ftp://updates.redhat.com/7.3/en/os/i386/ 
     openssl-devel-0.9.6b-28.i386.rpm  
    
     ftp://updates.redhat.com/7.3/en/os/i386/ 
     openssl-perl-0.9.6b-28.i386.rpm 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-2254.html
    
    
    +---------------------------------+
    |  Package: bind/glibc            | ----------------------------//
    |  Date: 08-02-2002               |
    +---------------------------------+
    
    Description: 
    A buffer overflow vulnerability exists in multiple implementations of DNS
    resolver libraries. Operating systems and applications that utilize
    vulnerable DNS resolver libraries may be affected. A remote attacker who
    is able to send malicious DNS responses could potentially exploit this
    vulnerability to execute arbitrary code or cause a denial of service on a
    vulnerable system.
    
    Vendor Alerts: 
    
     Caldera: 
     PLEASE SEE VENDOR ADVISORY UPDATES 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-2256.html
     
    
      
      
    +---------------------------------+
    |  Package: libpng                | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    In addition to the advisory DSA 140-1 the packages below fix another
    potential buffer overflow.  The PNG libraries implement a safety
    margin which is also included in a newer upstream release.  Thanks to
    Glenn Randers-Pehrson for informing us. 
    
    Vendor Alerts: 
    
     Debian: 
     Intel IA-32 architecture: 
     http://security.debian.org/pool/updates/main/libp/libpng3/ 
     libpng-dev_1.2.1-1.1.woody.2_i386.deb 
     Size/MD5 checksum:   233094 f9889af54e78f47eebe1fa5a60ef33cb 
    
     http://security.debian.org/pool/updates/main/libp/libpng/ 
     libpng2_1.0.12-3.woody.2_i386.deb 
     Size/MD5 checksum:   106636 c9369f9eb9ae747365cdccf40acc3c2d 
    
     http://security.debian.org/pool/updates/main/libp/libpng/ 
     libpng2-dev_1.0.12-3.woody.2_i386.deb 
     Size/MD5 checksum:   227308 4c452324c7308dcd268128fbe4b6439f 
    
     http://security.debian.org/pool/updates/main/libp/libpng3/ 
     libpng3_1.2.1-1.1.woody.2_i386.deb 
     Size/MD5 checksum:   109802 8694e5afdb6f0c0c9e13b9f24aac8f63 
     
    
    Mandrake: 
    
     Mandrake Vendor Advisory:  
     http://www.linuxsecurity.com/advisories/debian_advisory-2242.html 
      
     
    Caldera: 
    
     PLEASE SEE VENDOR ADVISORY UPDATES 
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-2256.html
     
    
      
    +---------------------------------+
    |  Package: openafs               | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    An integer overflow bug has been discovered in the RPC library used
    by the OpenAFS database server, which is derived from the SunRPC
    library. This bug could be exploited to crash certain OpenAFS servers
    (volserver, vlserver, ptserver, buserver) or to obtain unauthorized
    root access to a host running one of these processes.  No exploits
    are known to exist yet. 
    
    Vendor Alerts: 
    
    Debian: 
    
     Intel IA-32 architecture: 
     http://security.debian.org/pool/updates/main/o/openafs/ 
     libopenafs-dev_1.2.3final2-6_i386.deb 
     Size/MD5 checksum:  1026278 010b72ad1e6611536d8d7af69c37f931 
    
     http://security.debian.org/pool/updates/main/o/openafs/ 
     openafs-client_1.2.3final2-6_i386.deb 
     Size/MD5 checksum:  1345484 fead4fb0df392ca7b092d4d53ff96c49 
    
     http://security.debian.org/pool/updates/main/o/openafs/ 
     openafs-dbserver_1.2.3final2-6_i386.deb 
     Size/MD5 checksum:   365466 c13358838819b019afc6c3de20678d3e 
    
     http://security.debian.org/pool/updates/main/o/openafs/ 
     openafs-fileserver_1.2.3final2-6_i386.deb 
     Size/MD5 checksum:   442334 426ab449fee8b0de03b310ba24e4100e 
    
     http://security.debian.org/pool/updates/main/o/openafs/ 
     openafs-kpasswd_1.2.3final2-6_i386.deb 
     Size/MD5 checksum:   185150 58d88fcef9f9cbf6a54cdfb849dd7229 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-2243.html
     
    
      
    
    +---------------------------------+
    |  Package: Kerberos 5            | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    An integer overflow bug has been discovered in the RPC library used
    by the Kerberos 5 administration system, which is derived from the
    SunRPC library.  This bug could be exploited to gain unauthorized
    root access to a KDC host.  It is believed that the attacker needs to
    be able to authenticate to the kadmin daemon for this attack to be
    successful. No exploits are known to exist yet. 
    
    Vendor Alerts: 
    
    Debian: 
     PLEASE SEE VENDOR ADVISORY FOR UPDATE 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-2247.html 
     
    
    Conectiva: 
     
     PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2262.html 
    
      
      
    +---------------------------------+
    |  Package: wwwoffle              | ----------------------------//
    |  Date: 08-06-2002               |
    +---------------------------------+
    
    Description: 
    A problem with wwwoffle has been discovered.  The web proxy didn't
    handle input data with negative Content-Length settings properly
    which causes the processing child to crash.  It is at this time not
    obvious how this can lead to an exploitable vulnerability; however,
    it's better to be safe than sorry, so here's an update. 
    
    Vendor Alerts: 
    
    Debian: 
     Intel IA-32 architecture: 
     http://security.debian.org/pool/updates/main/w/wwwoffle 
     /wwwoffle_2.5c-10.4_i386.deb 
     Size/MD5 checksum:   514316 9130724c8fe2d8af0f55acc1876c06a0 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-2251.html
     
    
      
      
    +---------------------------------+
    |  Package: tinyproxy             | ----------------------------//
    |  Date: 08-07-2002               |
    +---------------------------------+
    
    Description: 
    The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug
    in the handling of some invalid proxy requests.  Under some
    circumstances, an invalid request may result in a allocated memory
    being freed twice.  This can potentially result in the execution of
    arbitrary code. 
    
     Vendor Alerts: 
    
    Debian: 
     Intel IA-32 architecture: 
     http://security.debian.org/pool/updates/main/t/tinyproxy/ 
     tinyproxy_1.4.3-2woody2_i386.deb 
     Size/MD5 checksum:    38758 591c6aa83eb191bd53f4f76caea330a4 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-2261.html
     
    
      
    +---------------------------------+
    |  Package: Dietlibc              | ----------------------------//
    |  Date: 08-08-2002               |
    +---------------------------------+
    
    Description: 
    An integer overflow bug has been discovered in the RPC library used
    by dietlibc, a libc optimized for small size, which is derived from
    the SunRPC library.  This bug could be exploited to gain unauthorized
    root 
    access to software linking to this code.  The packages below also fix
    integer overflows in the calloc, fread and fwrite code.  They are
    also more strict regarding hostile DNS packets that could lead to a
    vulnerability otherwise. 
    
    Vendor Alerts: 
    Debian: 
     Intel IA-32 architecture: 
     http://security.debian.org/pool/updates/main/d/ 
     dietlibc/dietlibc-dev_0.12-2.2_i386.deb 
     Size/MD5 checksum:   230532 f671532aae3e1d70726ebd9109e7a1a4 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-2264.html 
    
     Debian Vendor Advisory Update: 
     http://www.linuxsecurity.com/advisories/debian_advisory-2266.html
     
    
    
    +---------------------------------+
    |  Package: kqueue                | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    If a pipe was created with the pipe(2) system call, and one end of
    the pipe was closed, registering an EVFILT_WRITE filter on the other
    end would cause a kernel panic. A common scenario in which this could
    occur is when a process uses a pipe to communicate with a child and
    uses kqueue to monitor the pipe, and the child dies shortly after the
    fork(2) call, before the parent has had time to register the filter. 
    
    
    Vendor Alerts: 
    
    FreeBSD: 
     PLEASE SEE VENDOR ADIVSORY FOR UPDATE
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-2248.html 
    
      
    
    +---------------------------------+
    |  Package: ffs                   | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    A bug in the calculation of the maximum permitted FFS file size
    allows users to create files that are larger than FreeBSD's virtual
    memory system can handle. The integer overflows that result when such
    files are accessed may map filesystem metadata into the user file,
    permitting access to arbitrary filesystem blocks. 
    
    Vendor Alerts: 
    
    FreeBSD: 
     PLEASE SEE VENDOR ADIVSORY FOR UPDATE
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-2249.html 
    
    
    
    +---------------------------------+
    |  Package: nfs                   | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    Certain Linux implementations of NFS produce zero-length RPC messages
    in some cases. A FreeBSD system running an NFS server may lock up
    when such clients connect. An attacker in a position to send RPC
    messages to an affected FreeBSD system can construct a sequence of
    malicious RPC messages that cause the target system to lock up. 
    
    Vendor Alerts: 
    
    FreeBSD: 
     PLEASE SEE VENDOR ADIVSORY FOR UPDATE
    
     FreeBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/freebsd_advisory-2250.html 
    
      
    
    +---------------------------------+
    |  Package: sendmail              | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    As publicized[1] by lumpy  and reported in the sendmail website, a
    local user can stop the mail service (in the sense of "freezing" some
    operations) by holding an exclusive reading lock on some specific
    sendmail files (using a system call like flock()). In order to do
    that, the user must have permission to read the file. One example of
    such a file is /var/log/sendmail.st, which is world readable by
    default. 
    
    Vendor Alerts: 
    
    Conectiva: 
     PLEASE SEE VENDOR ADIVSORY FOR UPDATE
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-2245.html 
    
      
    
    +---------------------------------+
    |  Package: secureweb             | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    The MM library provides an abstraction layer which allows related
    processes to easily share data.  On systems where shared memory or
    other inter-process communication mechanisms are not available, the
    MM library will emulate them using temporary files.  MM is used in
    Red Hat Secure Web Server to provide shared memory pools to Apache
    modules. 
    
    Vendor Alerts: 
    Red Hat: 
     i386: 
     ftp://updates.redhat.com/other_prod/secureweb/3.2/i386/ 
     secureweb-3.2.8-1.i386.rpm.rhmask  
     313617c2625c6e3e585d15869b8cefa6 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-2255.html
     
    
    
    +---------------------------------+
    |  Package: gaim                  | ----------------------------//
    |  Date: 08-05-2002               |
    +---------------------------------+
    
    Description: 
    Gaim is an instant messaging client based on the published TOC
    protocol from AOL.  Versions of gaim prior to 0.58 contain a buffer
    overflow in the Jabber plug-in module. Users of gaim should update to
    these errata packages containing gaim 0.59 which is not vulnerable to
    this issue. 
      
    Vendor Alerts: 
    Red Hat: i386: 
     ftp://updates.redhat.com/7.3/en/os/i386/gaim-0.59-0.7.3.i386.rpm 
     27d0b02251407982ee2b0c9affac5a93 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-2253.html
     
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 02:56:53 PDT