+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | November 8th, 2002 Volume 3, Number 45a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for log2mail, apache, luxman, wmaker, squirrelmail, IPFilter, perl-MailTools, glibc, kerberos, heartbeat, dvips, krb5, gv, tar/unzip, ypserv, and linuxconf. The distributors include Conectiva, Debian, Gentoo, NetBSD, Red Hat, and SuSE. Concerned about the next threat? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 FEATURE: Security - Physical and Service The first installation of a 3 part article covering everything from physical security and service security to LAMP security (Linux Apache MySQL PHP). http://www.linuxsecurity.com/feature_stories/feature_story-128.html FEATURE: Remote Syslogging - A Primer The syslog daemon is a very versatile tool that should never be overlooked under any circumstances. The facility itself provides a wealth of information regarding the local system that it monitors. http://www.linuxsecurity.com/feature_stories/feature_story-123.html +---------------------------------+ | Package: log2mail | ----------------------------// | Date: 11-05-2002 | +---------------------------------+ Description: Enrico Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles and sending lines with matching patterns via mail. The log2mail daemon is started upon system boot and runs as root. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/l/log2mail/ log2mail_0.2.5.1_i386.deb Size/MD5 checksum: 38532 ca7b3f97063ee1de06eb2ec97c3c4f52 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2525.html +---------------------------------+ | Package: apache | ----------------------------// | Date: 11-04-2002 | +---------------------------------+ Description: According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/a/apache/ apache_1.3.9-14.3_i386.deb Size/MD5 checksum: 359946 aae786f44f00d4c62b09ccd33fbef609 http://security.debian.org/pool/updates/main/a/apache/ apache-common_1.3.9-14.3_i386.deb Size/MD5 checksum: 718786 33046433f742f4bf5628d82afad4c18e http://security.debian.org/pool/updates/main/a/apache/ apache-dev_1.3.9-14.3_i386.deb Size/MD5 checksum: 548902 86fd170a541de8c70d5abff2fca8d544 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2526.html Debian Vendor Advisory: (apache-ssl) http://www.linuxsecurity.com/advisories/debian_advisory-2527.html Conectiva: Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2531.html +---------------------------------+ | Package: luxman | ----------------------------// | Date: 11-06-2002 | +---------------------------------+ Description: iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/l/ luxman/luxman_0.41-17.1_i386.deb Size/MD5 checksum: 290680 e9aa37d421068e828307ef5c816ad72d Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2538.html +---------------------------------+ | Package: wmaker | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. Vendor Alerts: Debian: PLEASE SEE VENDOR ADVISORY FOR UPDATE Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2541.html +---------------------------------+ | Package: squirrelmail | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/s/ squirrelmail/squirrelmail_1.2.6-1.1_all.deb Size/MD5 checksum: 1839498 9e9c7ff1f5b42aaea021af563b76deaa Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2543.html +---------------------------------+ | Package: IPFilter (FTP) | ----------------------------// | Date: 11-05-2002 | +---------------------------------+ Description: FTP proxy module in IPFilter package may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. Vendor Alerts: NetBSD: PLEASE SEE VENDOR ADVISORY FOR UPDATE NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-2528.html +---------------------------------+ | Package: perl-MailTools | ----------------------------// | Date: 11-05-2002 | +---------------------------------+ Description: This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vendor Alerts: SuSE: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/ perl-MailTools-1.47-29.i586.rpm d41d8cd98f00b204e9800998ecf8427e SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2529.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2530.html +---------------------------------+ | Package: glibc | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2542.html Conectiva: Contectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2537.html +---------------------------------+ | Package: kerberos | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: A remotely exploitable stack buffer overflow has been found in the Kerberos v4 compatibility administration daemon distributed with the Red Hat Linux krb5 packages. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2544.html +---------------------------------+ | Package: heartbeat | ----------------------------// | Date: 11-03-2002 | +---------------------------------+ Description: Nathan Wallwork reported several format string vulnerabilities[2] in heartbeat that could possibly be used by a remote attacker to execute arbitrary code with root privileges. Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ heartbeat-0.4.9.1-2U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ heartbeat-ldirectord-0.4.9.1-2U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ heartbeat-stonith-0.4.9.1-2U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2532.html +---------------------------------+ | Package: dvips | ----------------------------// | Date: 11-03-2002 | +---------------------------------+ Description: Olaf Kirch from SuSE discovered a vulnerability in the dvips utility, which is used to convert .dvi files to PostScript. dvips is calling the system() function in an insecure way when handling font names. An attacker can exploit this by creating a carefully crafted dvi file which, when opened by dvips, will cause the execution of arbitrary commands. Vendor Alerts: Conectiva: PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2533.html +---------------------------------+ | Package: krb5 | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: There is a buffer overflow vulnerability[2][3] in the Kerberos 4 remote administration service (kadmind4) that could be used by a remote attacker to execute arbitrary commands on the server with root privileges. Vendor Alerts: Conectiva: PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2534.html +---------------------------------+ | Package: gv | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: Zen Parse found[1] a buffer overflow vulnerability in gv version 3.5.8 and earlier. kghostview (from kdegraphics versions prior to 3.0.4) is also affected, since it has some code derived from the same project. An attacker can exploit this vulnerability by creating a carefully crafted pdf file that, when opened by gv or kghostview, causes the execution of arbitrary code. Vendor Alerts: Conectiva: PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2535.html +---------------------------------+ | Package: tar/unzip | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: Both tar and unzip have directory transversal vulnerabilities in the way they extract filenames containning ".." or "/" characteres at the beginning. By exploiting these vulnerabilities, a malicious user can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so. Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ tar-1.13.25-2U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ unzip-5.50-1U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2536.html +---------------------------------+ | Package: ypserv | ----------------------------// | Date: 11-07-2002 | +---------------------------------+ Description: Thorsten Kukuk identified and fixed a memory leak vulnerability[2] in the ypserv daemon. Requests for non-existing maps would cause the ypserv daemon to consume more and more memory. An attacker in the local network could flood the service with such requests until the memory is exhausted, characterizing a DoS condition. Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ ypserv-1.3.12-4U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2539.html +---------------------------------+ | Package: linuxconf | ----------------------------// | Date: 11-06-2002 | +---------------------------------+ Description: There is a problem[1] in the sendmail.cf file generated by the mailconf module that allows sendmail to be used as an open relay. By exploiting this vulnerability, a malicious user could send SPAM through the sendmail server without being in its served network. In order to do that, the recipient address of the messages must be in the format "user%domain@". Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ linuxconf-mailconf-1.25r3-39U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2540.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 04:58:53 PST