+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| December 6th, 2002 Volume 3, Number 49a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for RPC XDR, ypserv, pine, freeswan,
im, smb2www, xinetd, webalizer, kde, kdelibs, and windowmaker. The
distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, and Red
Hat.
Concerned about the next threat? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice
award thanks to the depth of its security strategy..." Find out what the
other Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
Network Security Audit - "Information for the right people at right time
and from anywhere" has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.
http://www.linuxsecurity.com/feature_stories/feature_story-131.html
Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following
guidelines.
http://www.linuxsecurity.com/feature_stories/feature_story-130.html
+---------------------------------+
| Package: RPC XDR | ----------------------------//
| Date: 12-04-2002 |
+---------------------------------+
Description:
The implementation of xdr_array can be tricked into writing beyond the
buffers it allocated when deserializing the XDR stream.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/
CSSA-2002-055.0/RPMS
glibc-2.2.4-25.i386.rpm
0c879b13edf9d0ad38421432184b7749
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2637.html
+---------------------------------+
| Package: ypserv | ----------------------------//
| Date: 12-04-2002 |
+---------------------------------+
Description:
Requesting a map that doesn't exist will cause a memory leak in the
server.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/
CSSA-2002-054.0/RPMS
nis-client-2.0-23.i386.rpm
f416f2e39a29d419832f3b18c04491a2
nis-server-2.0-23.i386.rpm
b86300ae67587b447262d31f123bc12e
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2638.html
+---------------------------------+
| Package: pine | ----------------------------//
| Date: 12-04-2002 |
+---------------------------------+
Description:
By exploiting this, an attacker can prevent the pine user of starting the
program to manage his/her mailbox. It was not confirmed if it is possible
to execute arbitrary code by exploiting this vulnerability, but such a
possibility exists.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
pico-4.50L-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
pilot-4.50L-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
pine-4.50L-1U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2639.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2618.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2631.html
+---------------------------------+
| Package: freeswan | ----------------------------//
| Date: 12-02-2002 |
+---------------------------------+
Description:
Bindview discovered a problem in several IPSEC implementations that do not
properly handle certain very short packets. IPSEC is a set of security
extensions to IP which provide authentication and encryption. Free/SWan in
Debain is affected by this and is said to cause a kernel panic.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/f/freeswan/
kernel-patch-freeswan_1.96-1.4_all.deb
Size/MD5 checksum: 889918 30c73e274e84b62125136ec96160d23a
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2628.html
+---------------------------------+
| Package: im | ----------------------------//
| Date: 12-03-2002 |
+---------------------------------+
Description:
The impwagent program creates a temporary directory in an insecure manner
in /tmp using predictable directory names without checking the return code
of mkdir, so it's possible to seize a permission of the temporary
directory by local access as another user.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/i/im/
im_141-18.1_all.deb
Size/MD5 checksum: 217416 41a6ad3bc0b0591ba180dd5d646387f9
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2630.html
+---------------------------------+
| Package: smb2www | ----------------------------//
| Date: 12-04-2002 |
+---------------------------------+
Description:
Robert Luberda found a security problem in smb2www, a Windows Network
client that is accessible through a web browser. This could lead a remote
attacker to execute arbitrary programs under the user id www-data on the
host where smb2www is running.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/s/smb2www/
smb2www_980804-16.1_all.deb
Size/MD5 checksum: 79050 6d443251ebe2389c26ac163e739ee80e
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2636.html
+---------------------------------+
| Package: kdelibs | ----------------------------//
| Date: 12-05-2002 |
+---------------------------------+
Description:
The KDE team has discovered a vulnerability in the support for various
network protocols via the KIO The implementation of the rlogin and
protocol allows a carefully crafted URL in an HTML page, HTML email or
other KIO-enabled application to execute arbitrary commands on the system
using the victim's account on the vulnerable machine.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2640.html
+---------------------------------+
| Package: windowmaker | ----------------------------//
| Date: 12-05-2002 |
+---------------------------------+
Description:
Al Viro discovered a vulnerability in the WindowMaker window manager. A
function used to load images, for example when configuring a new
background image or previewing themes, contains a buffer overflow. The
function calculates the amount of memory necessary to load the image by
doing some multiplication but does not check the results of this
multiplication, which may not fit into the destination variable, resulting
in a buffer overflow when the image is loaded.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2632.html
+---------------------------------+
| Package: xinetd | ----------------------------//
| Date: 12-05-2002 |
+---------------------------------+
Description:
Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal
pipe to services that are launched by xinetd. This could allow an attacker
to execute a DoS attack via the pipe. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2002-0871 to this issue.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/xinetd-2.3.7-5.i386.rpm
26e6f6faec33503f3538a4ac80c82ce2
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2629.html
+---------------------------------+
| Package: webalizer | ----------------------------//
| Date: 12-02-2002 |
+---------------------------------+
Description:
A buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute
arbitrary code by connecting to the monitored Web server from an IP
address that resolves to a long hostname.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/7.2/en/os/i386/
webalizer-2.01_09-1.72.i386.rpm
f3d16a9fa3c202031a6cda1da2944e3d
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2634.html
+---------------------------------+
| Package: kdelibs | ----------------------------//
| Date: 12-02-2002 |
+---------------------------------+
Description:
A number of vulnerabilities have been found that affect various versions
of KDE. This errata provides updates which resolve these issues.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2635.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 09 2002 - 04:15:56 PST