+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| January 3rd, 2002 Volume 4, Number 1a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for typespeed, cyrus-imapd, openldap,
bugzilla, dhcpd, fetchmail, cups, xpdf, leafnode, squirrelmail, and mysql.
The distributors include Conectiva, Debian, Gentoo and SuSE.
No 'A' Word In Time - Maintaining accurate time is required for security.
Many tools and devices exist to ensure that accurate time is maintained on
an organization's system. It makes the job of analysis and system
administration much easier to deal with, as well.
http://www.linuxsecurity.com/feature_stories/feature_story-133.html
---------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
---------------------------------------------------------------------
If It Ain't Broke See If It's Fixed - Attackers are still compromising
servers with well-known attacks. General awareness can assist the busy
administrators and users to protect their systems from these kinds of
attacks. SANS provides a list of the Top 20 most common security
vulnerabilities, how to identify each, and what can be done to protect
against these vulnerabilities.
http://www.linuxsecurity.com/feature_stories/feature_story-132.html
+---------------------------------+
| Package: typespeed | ----------------------------//
| Date: 12-27-2002 |
+---------------------------------+
Description:
A problem has been discovered in the typespeed, a game that lets you
measure your typematic speed. By overflowing a buffer a local attacker
could execute arbitrary commands under the group id games.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/t/typespeed/
typespeed_0.4.0-5.1_i386.deb
Size/MD5 checksum: 34326 b5bc6881676b8a102afcad03de4c4eb7
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2700.html
+---------------------------------+
| Package: cyrus-imapd | ----------------------------//
| Date: 12-27-2002 |
+---------------------------------+
Description:
Timo Sirainen discovered[1] a remotely exploitable pre-login buffer
overflow in cyrus imapd. The problem resides in the way memory is managed
(an integer overflow can cause less memory than needed to be allocated).
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
cyrus-imapd-2.0.17-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
cyrus-imapd-devel-2.0.17-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
cyrus-imapd-devel-static-2.0.17-1U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2701.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2702.html
http://www.linuxsecurity.com/advisories/gentoo_advisory-2703.html
+---------------------------------+
| Package: openldap | ----------------------------//
| Date: 12-28-2002 |
+---------------------------------+
Description:
The SuSE Security Team reviewed critical parts of that package and found
several buffer overflows and other bugs remote attackers could exploit to
gain access on systems running vulnerable LDAP servers. In addition to
these bugs, various local exploitable bugs within the OpenLDAP2 libraries
(openldap2-devel package) have been fixed.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2704.html
+---------------------------------+
| Package: bugzilla | ----------------------------//
| Date: 12-28-2002 |
+---------------------------------+
Description:
A cross site scripting vulnerability has been reported for Bugzilla, a
web-based bug tracking system. Bugzilla does not properly sanitize any
input submitted by users. As a result, it is possible for a remote
attacker to create a malicious link containing script code which will be
executed in the browser of a legitimate user, in the context of the
website running Bugzilla. This issue may be exploited to steal
cookie-based authentication credentials from legitimate users of the
website running the vulnerable software.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/b/bugzilla/
bugzilla-doc_2.14.2-0woody3_all.deb
Size/MD5 checksum: 489566 6575c255a98a0bcea4b55b24c064215e
http://security.debian.org/pool/updates/main/b/bugzilla/
bugzilla_2.14.2-0woody3_all.deb
Size/MD5 checksum: 274178 79345c65df4c9ede183089f0d5601fd7
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2706.html
+---------------------------------+
| Package: dhcpd | ----------------------------//
| Date: 12-31-2002 |
+---------------------------------+
Description:
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541
compliant DHCP client daemon, that runs with root privileges on client
machines. A malicious administrator of the regular or an untrusted DHCP
server may execute any command with root privileges on the DHCP client
machine by sending the command enclosed in shell metacharacters in one of
the options provided by the DHCP server.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/d/
dhcpcd/dhcpcd_1.3.17pl2-8.1_i386.deb
Size/MD5 checksum: 37422 2217cc83b78e829037faebf2c66cf1c5
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2707.html
+---------------------------------+
| Package: fetchmail | ----------------------------//
| Date: 01-02-2003 |
+---------------------------------+
Description:
An attacker can send a malicious formatted mail header to exhaust the
memory allocated by fetchmail to overwrite parts of the heap. This can be
exploited to execute arbitrary code.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/
i586/fetchmail-5.9.13-54.i586.rpm
9a8a8d20e57dd5552fc35c1d17d8f5b2
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2708.html
+---------------------------------+
| Package: cups | ----------------------------//
| Date: 01-02-2003 |
+---------------------------------+
Description:
CUPS is a well known and widely used printing system for unix-like
systems. iDFENSE reported several security issues with CUPS that can lead
to local and remote root compromise.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
cups-1.1.15-69.i586.rpm
2531f8cf2c7ffbc45f5bdabbad31b312
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2709.html
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2705.html
+---------------------------------+
| Package: xpdf | ----------------------------//
| Date: 01-02-2003 |
+---------------------------------+
Description:
The pdftops filter in the Xpdf and CUPS packages contains an integer
overflow that can be exploited to gain the privileges of the target user
or in some cases the increased privileges of the 'lp' user if installed
setuid. There are multiple ways of exploiting this vulnerability.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2710.html
+---------------------------------+
| Package: leafnode | ----------------------------//
| Date: 01-02-2003 |
+---------------------------------+
Description:
"This vulnerability can make leafnode's nntpd server, named leafnode, go
into an unterminated loop when a particular article is requested. The
connection becomes irresponsive, and the server hogs the CPU. The client
will have to terminate the connection and connect again, and may fall prey
to the same problem; ultimately, there may be so many leafnode processes
hogging the CPU that no serious work is possible any more and the super
user has to kill all running leafnode processes."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2711.html
+---------------------------------+
| Package: squirrelmai | ----------------------------//
| Date: 01-02-2003 |
+---------------------------------+
Description:
A cross site scripting vulnerability has been discovered in squirrelmail,
a feature-rich webmail package written in PHP4. Squirrelmail doesn't
sanitize user provided variables in all places, leaving it vulnerable to a
cross site scripting attack.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/s/squirrelmail/
squirrelmail_1.2.6-1.3_all.deb
Size/MD5 checksum: 1839686 8daaac2603c171b94bf5def5942f451a
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2712.html
+---------------------------------+
| Package: mysql | ----------------------------//
| Date: 01-02-2003 |
+---------------------------------+
Description:
Stefan Esser from e-matters reported various bugs in MySQL. Within the
MySQL server the password checking and a signedness issue has been fixed.
These could lead to a remote compromise of the system running an unpatched
MySQL server. In order to exploit this bug, the remote attacker needs a
valid MySQL account.
Vendor Alerts:
Debian:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
mysql-3.23.52-44.i586.rpm
3d6ede325e9abb155ec043c7b3406963
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2713.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 08:36:27 PST