+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 6th, 2002 Volume 3, Number 36a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for pxe, ethereal, scrollkeeper,
mailman, mantis, amavis, and glibc. The vendors include Conectiva,
Debian, Gentoo, Red Hat, and SuSE.
** Build Complete Internet Presence Quickly and Securely! **
EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use!
Don't jeopardize your organization with an off-the-shelf Linux!
-> http://www.guardiandigital.com/promo/ls150402.html
FEATURE: PHP Secure Installation
As we know that the vulnerabilities in PHP are increasing day by day
there comes the need to secure the PHP installation to the highest
level. Due to its popularity and its wide usage most of the
developers and the administrators will be in trouble if they don't
take appropriate steps on security issues during the installation.
http://www.linuxsecurity.com/feature_stories/feature_story-117.html
+---------------------------------+
| Package: pxe | ----------------------------//
| Date: 08-30-2002 |
+---------------------------------+
Description:
It was found that the PXE server could be crashed using DHCP packets
from some Voice Over IP (VOIP) phones. This bug could be used to
cause a denial of service attack on remote systems by using malicious
packets.
Vendor Alerts:
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm
391d65eb419642d2e5d57507b1b8546e
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2320.html
+---------------------------------+
| Package: ethereal | ----------------------------//
| Date: 09-02-2002 |
+---------------------------------+
Description:
It may be possible to make Ethereal crash or hang by injecting a
purposefully malformed packet onto the wire, or by convincing someone
to read a malformed packet trace file. It may be possible to make
Ethereal run arbitrary code by exploiting the buffer and pointer
problems.
Vendor Alerts:
Gentoo
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2321.html
+---------------------------------+
| Package: scrollkeeper | ----------------------------//
| Date: 09-02-2002 |
+---------------------------------+
Description:
The scrollkeeper-get-cl command generates temporary files in the /tmp
directory. These files are named scrollkeeper-tempfile.[0-4], and
while creating these files scrollkeeper-get-cl follows symbolic links.
These files are created when a user logs in to a GNOME session and
are created as the user who logged in. This means an attacker with
local access can easily create and overwrite files as another user.
Vendor Alerts:
Red Hat 7.3:
ftp://updates.redhat.com/7.3/en/os/i386/scrollkeeper-0.3.4-5.i386.rpm
392a5149a4b0e8abce9c350c88ee827a
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2323.html
Debian:
http://security.debian.org/pool/updates/main/s/scrollkeeper/
scrollkeeper_0.3.6-3.1_i386.deb
Size/MD5 checksum:
78818 a7e536042ebad89ed21fb27dcf41fc8f
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2324.html
Gentoo
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2326.html
+---------------------------------+
| Package: mailman | ----------------------------//
| Date: 09-03-2002 |
+---------------------------------+
Description:
Using these vulnerabilities a remote attacker could obtain sensitive
information, such as authentication cookies or even the
administrative password of a specific mailing list, by crafting a
special URL with javascript in it and somehow having a list
administrator click on it.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
mailman-2.0.13-1U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2325.html
+---------------------------------+
| Package: mantis | ----------------------------//
| Date: 09-04-2002 |
+---------------------------------+
Description:
A problem with user privileges has been discovered in the Mantis
package, a PHP based bug tracking system. The Mantis system didn't
check whether a user is permitted to view a bug, but displays it
right away if the user entered a valid bug id.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/m/mantis/
mantis_0.17.1-2.5_all.deb
Size/MD5 checksum:
250066 e1b6b6240c18fcdd943a85407a494779
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2327.html
+---------------------------------+
| Package: amavis | ----------------------------//
| Date: 09-04-2002 |
+---------------------------------+
Description:
The AMaViS shell script version (AMaViS 0.1.x / 0.2.x) uses securetar
securetar removes the pathes of files in a tar archive and makes each
file name a unique name. Links, character devices, block devices and
named pipes will be removed from the archive. A special-crafted TAR
file may hung securetar forever, using up to 100% CPU time.
Vendor Alerts:
Gentoo:
http://security.debian.org/pool/updates/main/m/mantis/
mantis_0.17.1-2.5_all.deb
Size/MD5 checksum:
250066 e1b6b6240c18fcdd943a85407a494779
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2328.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 09-05-2002 |
+---------------------------------+
Description:
An integer overflow has been discovered in the xdr_array() function,
contained in the Sun Microsystems RPC/XDR library, which is part of
the glibc library package on all SuSE products. This overflow allows
a remote attacker to overflow a buffer, leading to remote execution
of arbitrary code supplied by the attacker.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/
glibc-2.2.5-123.i386.rpm
57bb8eb5e4355539f01ee9dc2e1b790e
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/
glibc-devel-2.2.5-123.i386.rpm
cf1a18510a8e78914500c10cc9b79bf0
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/
glibc-profile-2.2.5-123.i386.rpm
a03333bb8a0bd77def78b633d790fdb2
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2329.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Sep 09 2002 - 01:35:18 PDT