[ISN] Linux Advisory Watch - January 31st 2003

From: InfoSec News (isnat_private)
Date: Sun Feb 02 2003 - 22:23:02 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "PC Fear Factor", Alan Luber"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  January 31st, 2002                        Volume 4, Number 5a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for kdeutils, noffle, dhcp3, tomcat3,
    courier, mysql, fetchmail, vim, webalizer, postgresql, and cvs. The
    distributors include Debian, Guardian Digital's EnGarde Secure Linux,
    Mandrake, and Yellow Dog.
    
    ENCRYPTION + AUTHENTICATION = TRUST
    You may think people will regard your business as trustworthy because
    you.ve got a 128-bit encryption certificate, but encryption does not
    guarantee trust.  Thawte believes in rigorous authentication - Download
    our FREE Authentication Guide
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte7
    
    Patching It Up - Patching and upgrading software requires more than
    running a few commands. Having a patch recovery plan, communicating with
    developers on that server, and knowing who to contact in case of a botched
    patch job is critical.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-135.html
    
    ---------------------------------------------------------------------
    
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    ---------------------------------------------------------------------
    
    LINUXSECURITY.COM FEATURE: Newest Members of the Team Just to give
    everyone an idea about who writes these articles and feature stories that
    we spend so much of our time reading each day, I have decided to ask Brian
    Hatch and Duane Dunston, the newest members of the LinuxSecurity.com team,
    a few questions.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-134.html
    
    
    
    +---------------------------------+
    |  Package:  kdeutils             | ----------------------------//
    |  Date: 01-24-2003               |
    +---------------------------------+
    
    Description:
    The KDE team discovered several vulnerabilities in the K Desktop
    Environment.  In some instances KDE fails to properly quote parameters of
    instructions passed to a command shell for execution. These parameters may
    incorporate data such as URLs, filenames and e-mail addresses, and this
    data may be provided remotely to a victim in an e-mail, a webpage or files
    on a network filesystem or other untrusted source.
    
    Vendor Alerts:
    
      Debian:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2809.html
      http://www.linuxsecurity.com/advisories/debian_advisory-2810.html
      http://www.linuxsecurity.com/advisories/debian_advisory-2811.html
    
    
    
    
    +---------------------------------+
    |  Package:  noffle               | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    Dan Jacobson noticed a problem in noffle, an offline news server, that
    leads to a segmentation fault.  It is not yet clear whether this problem
    is exploitable.  However, if it is, a remote attacker could trigger
    arbitrary code execution under the user that calls noffle, probably news.
    
    Vendor Alerts:
    
     Debian:
     http://security.debian.org/pool/updates/main/n/noffle/
     noffle_1.0.1-1.1_i386.deb
     Size/MD5 checksum:    76410 2363f56a8ec52a321cb963771135271e
    
     Debian Vendor Advisory:
     http://www.linuxsecurity.com/advisories/debian_advisory-2816.html
    
    
    
    
    
    +---------------------------------+
    |  Package:  dhcp3                | ----------------------------//
    |  Date: 01-28-2003               |
    +---------------------------------+
    
    Description:
    Florian Lohoff discovered a bug in the dhcrelay causing it to send a
    continuing packet storm towards the configured DHCP server(s) in case of a
    malicious BOOTP packet, such as sent from buggy Cisco switches.
    
    
    Vendor Alerts:
    
     Debian:
     PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
     Debian Vendor Advisory:
     http://www.linuxsecurity.com/advisories/debian_advisory-2820.html
    
    
    +---------------------------------+
    |  Package: topcat3               | ----------------------------//
    |  Date: 01-28-2003               |
    +---------------------------------+
    
    Description:
    A maliciously crafted request could return a directory listing even when
    an index.html, index.jsp, or other welcome file is present. File contents
    can be returned as well.
    
    Vendor Alerts:
    
     Debian:
     http://security.debian.org/pool/updates/contrib/t/tomcat/
     libapache-mod-jk_3.3a-4woody1_i386.deb
     Size/MD5 checksum:    51522 1e11d6a43654fc6d921c8bc90ad15b4b
    
     Debian Vendor Advisory:
     http://www.linuxsecurity.com/advisories/debian_advisory-2823.html
    
    
    +---------------------------------+
    |  Package:  courier              | ----------------------------//
    |  Date: 01-30-2003               |
    +---------------------------------+
    
    Description:
    The developers of courier, an integrated user side mail server, discovered
    a problem in the PostgreSQL auth module.  Not all potentially malicious
    characters were sanitized before the username was passed to the PostgreSQL
    engine.  An attacker could inject arbitrary SQL commands and queries
    exploiting this vulnerability. The MySQL auth module is not affected.
    
    Vendor Alerts:
    
     Debian:
     PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
     Debian Vendor Advisory:
     http://www.linuxsecurity.com/advisories/debian_advisory-2824.html
    
    
    
    +---------------------------------+
    |  Package:  mysql                | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    Update for the COM_TABLE_DUMP vulnerability.
    
    Vendor Alerts:
    
     EnGarde:
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
     i386/MySQL-3.23.36-1.0.21.i386.rpm
     MD5 Sum: 36113d7995b6ebf09aabbb1970e9a203
    
     i386/MySQL-client-3.23.36-1.0.21.i386.rpm
     MD5 Sum: 4a765f412de0ae0f9f5abfb58812c4fe
    
     i386/MySQL-shared-3.23.36-1.0.21.i386.rpm
     MD5 Sum: 7b5b90da33569f3be8be9bb5d2134533
    
     EnGarde Vendor Advisory:
     http://www.linuxsecurity.com/advisories/engarde_advisory-2817.html
    
    
    
    +---------------------------------+
    |  Package:  fetchmail            | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    Stefan Esser of e-matters, while re-auditing the Fetchmail package, found
    another vulnerability.  This heap overflow vulnerability allows a
    malicious remote attacker to crash Fetchmail or potentially execute
    arbitrary code as the user under which Fetchmail is being run.
    
    Vendor Alerts:
    
     EnGarde:
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
     i386/fetchmail-ssl-6.1.0-1.0.6.i386.rpm
     MD5 Sum: a28aa248c0b262ec8745a7c776b8584b
    
     EnGarde Vendor Advisory:
     http://www.linuxsecurity.com/advisories/engarde_advisory-2818.html
    
    
     Mandrake Vendor Advisory:
     http://www.linuxsecurity.com/advisories/mandrake_advisory-2819.html
    
    
    
    +---------------------------------+
    |  Package:  vim                  | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    VIM allows a user to set the modeline differently for each edited text
    file by placing special comments in the files. Georgi Guninski found that
    these comments can be carefully crafted in order to call external
    programs. This could allow an attacker to create a text file such that
    when it is opened arbitrary commands are executed.
    
    Vendor Alerts:
    
     Yellow Dog:
     ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
    
     ppc/vim-common-6.1-18.7x.2a.ppc.rpm
     b286bd901010634b69a8fd09e7dfb785
    
     ppc/vim-enhanced-6.1-18.7x.2a.ppc.rpm
     804e3f6b21255656acaa07b48bff276e
    
     ppc/vim-minimal-6.1-18.7x.2a.ppc.rpm
     d525f6f668095b93f4d7cfa9194fff5c
    
     ppc/vim-X11-6.1-18.7x.2a.ppc.rpm
     f9da0f1d03ece2214b80b6558bb7cc8f
    
    
     Yellow Dog Vendor Advisory:
     http://www.linuxsecurity.com/advisories/yellowdog_advisory-2812.html
    
    
    
    +---------------------------------+
    |  Package:  webalizer            | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    A buffer overflow in Webalizer versions prior to 2.01-10, when configured
    to use reverse DNS lookups, may allow remote attackers to execute
    arbitrary code by connecting to the monitored Web server from an IP
    address that resolves to a long hostname.
    
    Vendor Alerts:
    
     Yellow Dog:
     ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
    
     ppc/webalizer-2.01_09-1.72.ppc.rpm
     c15f69de408b21dbb01075c449e7d2a7
    
    
     Yellow Dog Vendor Advisory:
     http://www.linuxsecurity.com/advisories/yellowdog_advisory-2813.html
    
    
    
    +---------------------------------+
    |  Package:  postgresql           | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of
    service and possibly execute arbitrary code via long arguments to the lpad
    or rpad functions. CAN-2002-0972
    
    Vendor Alerts:
    
     Yellow Dog:
     ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
     PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
     Yellow Dog Vendor Advisory:
     http://www.linuxsecurity.com/advisories/yellowdog_advisory-2814.html
    
    
    
    +---------------------------------+
    |  Package:  cvs                  | ----------------------------//
    |  Date: 01-27-2003               |
    +---------------------------------+
    
    Description:
    On servers which are configured to allow anonymous read-only access, this
    bug could be used by anonymous users to gain write privileges. Users with
    CVS write privileges can then use the Update-prog and Checkin-prog
    features to execute arbitrary commands on the server.
    
    Vendor Alerts:
    
     Yellow Dog:
     ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
     ppc/cvs-1.11.1p1-8.7.ppc.rpm
     9652be9c12995d3873d20b7ce24ff3d6
    
     Yellow Dog Vendor Advisory:
     http://www.linuxsecurity.com/advisories/yellowdog_advisory-2815.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 01:30:05 PST