[ISN] Linux Advisory Watch - November 8th 2002

From: InfoSec News (isnat_private)
Date: Mon Nov 11 2002 - 01:48:34 PST

  • Next message: InfoSec News: "[ISN] VeriSign expects big things from AOL deal"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  November 8th, 2002                       Volume 3, Number 45a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for log2mail, apache, luxman, wmaker,
    squirrelmail, IPFilter, perl-MailTools, glibc, kerberos, heartbeat, dvips,
    krb5, gv, tar/unzip, ypserv, and linuxconf.  The distributors include
    Conectiva, Debian, Gentoo, NetBSD, Red Hat, and SuSE.
    
    Concerned about the next threat? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    
    FEATURE: Security - Physical and Service
    The first installation of a 3 part article covering everything from
    physical security and service security to LAMP security (Linux Apache
    MySQL PHP).
    
     http://www.linuxsecurity.com/feature_stories/feature_story-128.html
    
    
    FEATURE: Remote Syslogging - A Primer
    The syslog daemon is a very versatile tool that should never be overlooked
    under any circumstances. The facility itself provides a wealth of
    information regarding the local system that it monitors.
    
     http://www.linuxsecurity.com/feature_stories/feature_story-123.html
    
    
    +---------------------------------+
    |  Package: log2mail              | ----------------------------//
    |  Date: 11-05-2002               |
    +---------------------------------+
    
    Description:
    Enrico Zini discovered a buffer overflow in log2mail, a daemon for
    watching logfiles and sending lines with matching patterns via mail.
    The log2mail daemon is started upon system boot and runs as root.  A
    specially crafted (remote) log message could overflow a static
    buffer, potentially leaving log2mail to execute arbitrary code as
    root.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/l/log2mail/
      log2mail_0.2.5.1_i386.deb
      Size/MD5 checksum:	38532 ca7b3f97063ee1de06eb2ec97c3c4f52
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2525.html
    
    
    
    +---------------------------------+
    |  Package: apache                | ----------------------------//
    |  Date: 11-04-2002               |
    +---------------------------------+
    
    Description:
    According to David Wagner, iDEFENSE and the Apache HTTP Server Project,
    several remotely exploitable vulnerabilities have been found in the Apache
    package, a commonly used webserver.  These vulnerabilities could allow an
    attacker to enact a denial of service against a server or execute a cross
    scripting attack.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/a/apache/
      apache_1.3.9-14.3_i386.deb
      Size/MD5 checksum:   359946 aae786f44f00d4c62b09ccd33fbef609
    
      http://security.debian.org/pool/updates/main/a/apache/
      apache-common_1.3.9-14.3_i386.deb
      Size/MD5 checksum:   718786 33046433f742f4bf5628d82afad4c18e
    
      http://security.debian.org/pool/updates/main/a/apache/
      apache-dev_1.3.9-14.3_i386.deb
      Size/MD5 checksum:   548902 86fd170a541de8c70d5abff2fca8d544
    
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2526.html
    
      Debian Vendor Advisory: (apache-ssl)
      http://www.linuxsecurity.com/advisories/debian_advisory-2527.html
    
    
     Conectiva:
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2531.html
    
    
    
    
    +---------------------------------+
    |  Package: luxman                | ----------------------------//
    |  Date: 11-06-2002               |
    +---------------------------------+
    
    Description:
    iDEFENSE reported about a vulnerability in LuxMan, a maze game for
    GNU/Linux, similar to the PacMan arcade game.  When successfully exploited
    it a local attacker with read write access to the Memory, leading to a
    local root compromise in many ways, examples of which include scanning the
    file for fragments of the master password file and modifying kernel memory
    to re-map system calls.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/l/
      luxman/luxman_0.41-17.1_i386.deb
      Size/MD5 checksum:   290680 e9aa37d421068e828307ef5c816ad72d
    
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2538.html
    
    
    
    +---------------------------------+
    |  Package: wmaker                | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    iDEFENSE reported about a vulnerability in LuxMan, a maze game for
    GNU/Linux, similar to the PacMan arcade game.  When successfully exploited
    it a local attacker with read write access to the Memory, leading to a
    local root compromise in many ways, examples of which include scanning the
    file for fragments of the master password file and modifying kernel memory
    to re-map system calls.
    
    Vendor Alerts:
    
     Debian:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2541.html
    
    
    
    
    
    +---------------------------------+
    |  Package: squirrelmail          | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    Several cross site scripting vulnerabilities have been found in
    squirrelmail, a feature-rich webmail package written in PHP4.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/s/
      squirrelmail/squirrelmail_1.2.6-1.1_all.deb
      Size/MD5 checksum:  1839498 9e9c7ff1f5b42aaea021af563b76deaa
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2543.html
    
    
    
    
    +---------------------------------+
    |  Package: IPFilter (FTP)        | ----------------------------//
    |  Date: 11-05-2002               |
    +---------------------------------+
    
    Description:
    FTP proxy module in IPFilter package may not adequately maintain the state
    of FTP commands and responses. As a result, an attacker could establish
    arbitrary TCP connections to FTP servers or clients located behind a
    vulnerable firewall.
    
    Vendor Alerts:
    
     NetBSD:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      NetBSD Vendor Advisory:
      http://www.linuxsecurity.com/advisories/netbsd_advisory-2528.html
    
    
    
    +---------------------------------+
    |  Package: perl-MailTools        | ----------------------------//
    |  Date: 11-05-2002               |
    +---------------------------------+
    
    Description:
    This package contains a security hole which allows remote attackers to
    execute arbitrary commands in certain circumstances. This is due to the
    usage of mailx as default mailer which allows commands to be embedded in
    the mail body.
    
    Vendor Alerts:
    
     SuSE:
      ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
      perl-MailTools-1.47-29.i586.rpm
      d41d8cd98f00b204e9800998ecf8427e
    
      SuSE Vendor Advisory:
      http://www.linuxsecurity.com/advisories/suse_advisory-2529.html
    
    
     Gentoo:
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2530.html
    
    
    
    
    +---------------------------------+
    |  Package: glibc                 | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    A read buffer overflow vulnerability exists in the glibc resolver code in
    versions of glibc up to and including 2.2.5.  The vulnerability is
    triggered by DNS packets larger than 1024 bytes and can cause applications
    to crash.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2542.html
    
    
     Conectiva:
    
      Contectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2537.html
    
    
    
    
    +---------------------------------+
    |  Package: kerberos              | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    A remotely exploitable stack buffer overflow has been found in the
    Kerberos v4 compatibility administration daemon distributed with the Red
    Hat Linux krb5 packages.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2544.html
    
    
    
    
    
    +---------------------------------+
    |  Package: heartbeat             | ----------------------------//
    |  Date: 11-03-2002               |
    +---------------------------------+
    
    Description:
    Nathan Wallwork reported several format string vulnerabilities[2] in
    heartbeat that could possibly be used by a remote attacker to execute
    arbitrary code with root privileges.
    
    Vendor Alerts:
    
     Conectiva:
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      heartbeat-0.4.9.1-2U80_1cl.i386.rpm
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      heartbeat-ldirectord-0.4.9.1-2U80_1cl.i386.rpm
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      heartbeat-stonith-0.4.9.1-2U80_1cl.i386.rpm
    
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2532.html
    
    
    
    
    
    +---------------------------------+
    |  Package: dvips                 | ----------------------------//
    |  Date: 11-03-2002               |
    +---------------------------------+
    
    Description:
    Olaf Kirch from SuSE discovered a vulnerability in the dvips utility,
    which is used to convert .dvi files to PostScript. dvips is calling the
    system() function in an insecure way when handling font names. An attacker
    can exploit this by creating a carefully crafted dvi file which, when
    opened by dvips, will cause the execution of arbitrary commands.
    
    Vendor Alerts:
    
     Conectiva:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2533.html
    
    
    
    +---------------------------------+
    |  Package: krb5                  | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    There is a buffer overflow vulnerability[2][3] in the Kerberos 4 remote
    administration service (kadmind4) that could be used by a remote attacker
    to execute arbitrary commands on the server with root privileges.
    
    Vendor Alerts:
    
     Conectiva:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2534.html
    
    
    
    +---------------------------------+
    |  Package: gv                    | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    Zen Parse found[1] a buffer overflow vulnerability in gv version 3.5.8 and
    earlier. kghostview (from kdegraphics versions prior to 3.0.4) is also
    affected, since it has some code derived from the same project. An
    attacker can exploit this vulnerability by creating a carefully crafted
    pdf file that, when opened by gv or kghostview, causes the execution of
    arbitrary code.
    
    Vendor Alerts:
    
     Conectiva:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2535.html
    
    
    
    
    +---------------------------------+
    |  Package: tar/unzip             | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    Both tar and unzip have directory transversal vulnerabilities in the way
    they extract filenames containning ".." or "/" characteres at the
    beginning. By exploiting these vulnerabilities, a malicious user can
    overwrite arbitrary files if the user unpacking such an archive has
    sufficient filesystem permissions to do so.
    
    Vendor Alerts:
    
     Conectiva:
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      tar-1.13.25-2U80_1cl.i386.rpm
    
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      unzip-5.50-1U80_1cl.i386.rpm
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2536.html
    
    
    
    
    +---------------------------------+
    |  Package: ypserv                | ----------------------------//
    |  Date: 11-07-2002               |
    +---------------------------------+
    
    Description:
    Thorsten Kukuk identified and fixed a memory leak vulnerability[2] in the
    ypserv daemon. Requests for non-existing maps would cause the ypserv
    daemon to consume more and more memory. An attacker in the local network
    could flood the service with such requests until the memory is exhausted,
    characterizing a DoS condition.
    
    Vendor Alerts:
    
     Conectiva:
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      ypserv-1.3.12-4U80_1cl.i386.rpm
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2539.html
    
    
    
    
    +---------------------------------+
    |  Package: linuxconf             | ----------------------------//
    |  Date: 11-06-2002               |
    +---------------------------------+
    
    Description:
    There is a problem[1] in the sendmail.cf file generated by the mailconf
    module that allows sendmail to be used as an open relay. By exploiting
    this vulnerability, a malicious user could send SPAM through the sendmail
    server without being in its served network. In order to do that, the
    recipient address of the messages must be in the format "user%domain@".
    
    Vendor Alerts:
    
     Conectiva:
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      linuxconf-mailconf-1.25r3-39U80_1cl.i386.rpm
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2540.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 04:58:53 PST