[ISN] Linux Advisory Watch - February 21st 2003

From: InfoSec News (isnat_private)
Date: Mon Feb 24 2003 - 03:16:25 PST

  • Next message: InfoSec News: "[ISN] Jurors acquit man of hacking system at district clerk's office"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  February 21st, 2002                       Volume 4, Number 8a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for mod_dav, w3m, cups, php, mysql,
    openssl, mailman, syslinux, nethack, bitchx, util-linux, apcupdb, pam,
    shadow-utils, and imp.  The distributors include Caldera, Debian, Guardian
    Digital's EnGarde Secure Linux, Gentoo, Mandrake, Red Hat, and SuSE.
    
    --> Free SSL guide from Thawte <--
    Security is of the utmost importance when doing business on the Web. Using
    a Thawte SSL Web Server Certificate demonstrates a commitment to security
    and will provide your business with a competitive advantage by
    establishing a relationship of trust with your customers. Download your
    Free SSL Guide from Thawte now!
    
      http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte12
    
    Remote Syslog with MySQL and PHP
    Msyslog has the ability to log syslog messages to a database. This allows
    for easier monitoring of multiple servers and the ability to be display
    and search for syslog messages using PHP or any other programming language
    that can communicate with the database.by that, too.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-138.html
    
    
    ---------------------------------------------------------------------
    
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    ---------------------------------------------------------------------
    
    
    Review: Mastering Network Security, Second Edition - The introduction
    states that this book is aimed at systems administrators who are not
    security experts, but have some responsibility for ensuring the integrity
    of their systems. That would seem to cover most sysadmins.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-137.html
    
    
    +---------------------------------+
    |  Package:  mod_dav              | ----------------------------//
    |  Date: 02-17-2003               |
    +---------------------------------+
    
    Description:
    The Apache mod_dav module contains a format string vulnerability in the
    "ap_log_rerror()" function.
    
    Vendor Alerts:
    
     Caldera:
      mod_dav-1.0.2_1.3.6-3.i386.rpm
      bcb45e6cffe4b274dd2363b6880a9164
    
      ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
      Server/CSSA-2003-007.0/RPMS
    
    
      Caldera Vendor Advisory:
      http://www.linuxsecurity.com/advisories/caldera_advisory-2859.html
    
    
    
    +---------------------------------+
    |  Package:  w3m                  | ----------------------------//
    |  Date: 02-17-2003               |
    +---------------------------------+
    
    Description:
    The w3m browser does not properly escape HTML tags in frame contents and
    img alt attributes.  A malicious HTML frame or img alt attribute may
    deceive a user to send his local cookies which are used for configuration.
    The information is not leaked automatically, though.
    
    
    Vendor Alerts:
    
     Debian:
    
      http://security.debian.org/pool/updates/
      main/w/w3m/w3m_0.3-2.4_i386.deb
      Size/MD5 checksum:   536546 403d4d66e4a35b72fde1ca2648477eee
    
      http://security.debian.org/pool/updates/
      main/w/w3m/w3m-img_0.3-2.4_i386.deb
      Size/MD5 checksum:	44696 2dea9365153597340338fa6cb3d26a73
    
      http://security.debian.org/pool/updates/
      main/w/w3m-ssl/w3m-ssl_0.3-2.4_i386.deb
      Size/MD5 checksum:   378256 f678a241934a5cd884dc08a19602670a
    
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2855.html
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2858.html
    
    
    
    
    +---------------------------------+
    |  Package:  cups                 | ----------------------------//
    |  Date: 02-20-2003               |
    +---------------------------------+
    
    Description:
    This update corrects a library dependency for the libcupsys2 package which
    sneaked in with the last security update to CUPS for the stable
    distribution.
    
    Vendor Alerts:
    
     Debian:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-2860.html
    
    
    
    
    +---------------------------------+
    |  Package:  php                  | ----------------------------//
    |  Date: 02-19-2003               |
    +---------------------------------+
    
    Description:
    A heap-based buffer overflow vulnerability has been found in the
    wordwrap() function of PHP.  This vulnerability may cause a denial of
    service attack or arbitrary code execution if wordwrap() is used on
    untrusted input.
    
    Vendor Alerts:
    
     EnGarde:
      ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    
      i386/mod_php-4.2.3-1.0.22.i386.rpm
      MD5 Sum: 4fb941c9d2d96b448df72e158b1fdb92
    
      i386/php-4.2.3-1.0.22.i386.rpm
      MD5 Sum: 54b33db7d2bd6203392f7aec91c20aaf
    
      i686/mod_php-4.2.3-1.0.22.i686.rpm
      MD5 Sum: 722a305a2848f1840c92a61c204d932d
    
      i686/php-4.2.3-1.0.22.i686.rpm
      MD5 Sum: aec6f8b625f03b6fff8fa3ebd544dd67
    
      EnGarde Vendor Advisory:
      http://www.linuxsecurity.com/advisories/engarde_advisory-2870.html
    
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2867.html
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2877.html
    
    
      SuSE Vendor Advisory:
      http://www.linuxsecurity.com/advisories/suse_advisory-2863.html
    
    
    
    
    +---------------------------------+
    |  Package:  mysql                | ----------------------------//
    |  Date: 02-19-2003               |
    +---------------------------------+
    
    Description:
    This update fixes a double free() bug in the MySQL daemon that could allow
    an attacker, with a specially crafted MySQL client, to crash the server.
    The attacker also requires a valid user account.
    
    Vendor Alerts:
    
     EnGarde:
      ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    
      i386/MySQL-3.23.36-1.0.22.i386.rpm
      MD5 Sum: 5326e9561a5fa3a4fe141f85eaf952cc
    
      i386/MySQL-client-3.23.36-1.0.22.i386.rpm
      MD5 Sum: d85c85c2e0aaddab775e616208ce81c6
    
      i386/MySQL-shared-3.23.36-1.0.22.i386.rpm
      MD5 Sum: 0226c8ee2d6d196130f730ce3fed3568
    
      i686/MySQL-3.23.36-1.0.22.i686.rpm
      MD5 Sum: 8346d78f2a51c24372e0561be75896ce
    
      i686/MySQL-client-3.23.36-1.0.22.i686.rpm
      MD5 Sum: 4a955ebf6e116a5df38653bd9f27d6cd
    
      i686/MySQL-shared-3.23.36-1.0.22.i686.rpm
      MD5 Sum: 2a5a37357c64bb067be740f95aa1b93a
    
    
      EnGarde Vendor Advisory:
      http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
    
    
    
    
    +---------------------------------+
    |  Package:  openssl              | ----------------------------//
    |  Date: 02-20-2003               |
    +---------------------------------+
    
    Description:
    In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge
    Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and
    demonstrate a timing-based attack on CBC cipher suites used in SSL and
    TLS. OpenSSL has been found to vulnerable to this attack.  This update
    fixes these vulnerabilities.
    
    Vendor Alerts:
    
     EnGarde:
      ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    
      i386/openssl-0.9.6-1.0.18.i386.rpm
      MD5 Sum: df7657e406732b3abc7b7b3414bf07b2
    
      i386/openssl-misc-0.9.6-1.0.18.i386.rpm
      MD5 Sum: d251465a15f7167dee9a0929af23edd9
    
      i686/openssl-0.9.6-1.0.18.i686.rpm
      MD5 Sum: 707774a9ad3d06e6596b7389745ee89e
    
      i686/openssl-misc-0.9.6-1.0.18.i686.rpm
      MD5 Sum: e09d2a7e893f12247475a8821abee3da
    
    
      EnGarde Vendor Advisory:
      http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
    
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2875.html
    
    
    
    
    +---------------------------------+
    |  Package:  mailman              | ----------------------------//
    |  Date: 02-17-2003               |
    +---------------------------------+
    
    Description:
    The email variable and the default error page in mailmain 2.1 contains
    cross site scripting vulnerabilities.
    
    Vendor Alerts:
    
     Gentoo:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2856.html
    
    
    
    +---------------------------------+
    |  Package:  syslinux             | ----------------------------//
    |  Date: 02-17-2003               |
    +---------------------------------+
    
    Description:
    Security flaws have been found in the SYSLINUX installer when running
    setuid root. Rewrite the SYSLINUX installer so it uses mtools instead. It
    therefore now requires mtools (specifically mcopy and mattrib) to exist on
    your system, but it will not require root privileges and SHOULD NOT be
    setuid.
    
    Vendor Alerts:
    
     Gentoo:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
     Gentoo Vendor Advisory:
     http://www.linuxsecurity.com/advisories/gentoo_advisory-2857.html
    
    
    
    
    +---------------------------------+
    |  Package:  nethack              | ----------------------------//
    |  Date: 02-18-2003               |
    +---------------------------------+
    
    Description:
    Overflowing a buffer in nethack may lead to privelige escalation to games
    uid.
    
    Vendor Alerts:
    
     Gentoo:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-2861.html
    
    
    
    
    +---------------------------------+
    |  Package:  bitchx               | ----------------------------//
    |  Date: 02-20-2003               |
    +---------------------------------+
    
    Description:
    A denial of service vulnerability exists in BitchX. Sending a malformed
    RPL_NAMREPLY numeric 353 causes BitchX to segfault.
    
    Vendor Alerts:
    
    Gentoo:
     PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
     Gentoo Vendor Advisory:
     http://www.linuxsecurity.com/advisories/gentoo_advisory-2876.html
    
    
    
    +---------------------------------+
    |  Package:  util-linux           | ----------------------------//
    |  Date: 02-13-2003               |
    +---------------------------------+
    
    Description:
    The util-linux package provides the mcookie utility, a tool for generating
    random cookies that can be used for X authentication.  The util-linux
    packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch
    that made it use /dev/urandom instead of /dev/random, which resulted in
    the mcookie being more predictable than it would otherwise be.  This patch
    has been removed in these updates, giving mcookie a better source of
    entropy and making the generated cookies less predictable.  Thanks to Dirk
    Mueller for pointing this out.
    
    Vendor Alerts:
    
     Mandrake:
      http://www.mandrakesecure.net/en/ftp.php
    
      9.0/RPMS/losetup-2.11u-1.1mdk.i586.rpm
      09586a3e81b2212b8044445fc4559fc5
    
      9.0/RPMS/mount-2.11u-1.1mdk.i586.rpm
      be9751b84f20ec4bc1ced03c4004dcb4
    
      9.0/RPMS/util-linux-2.11u-1.1mdk.i586.rpm
      613661ae3c324580e653330814f74756
    
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2854.html
    
    
    +---------------------------------+
    |  Package:  apcupsd              | ----------------------------//
    |  Date: 02-13-2003               |
    +---------------------------------+
    
    Description:
    A remote root vulnerability in slave setups and some buffer overflows in
    the network information server code were discovered by the apcupsd
    developers.  They have been fixed in the latest unstable version, 3.10.5
    which contains additional enhancements like USB support, and the latest
    stable version, 3.8.6.
    
    Vendor Alerts:
    
     Mandrake:
      http://www.mandrakesecure.net/en/ftp.php
    
      9.0/RPMS/apcupsd-3.10.5-1.1mdk.i586.rpm
      9031edab8f3e692b6c5dbc8717819d8b
    
      9.0/SRPMS/apcupsd-3.10.5-1.1mdk.src.rpm
      cf73f9b746b808c17d55dacb44a2efaa
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2869.html
    
    
    
    
    +---------------------------------+
    |  Package:  pam                  | ----------------------------//
    |  Date: 02-18-2003               |
    +---------------------------------+
    
    Description:
    Andreas Beck discovered that the pam_xauth module would forward
    authorization information from the root account to unprivileged users.
    This can be exploited by a local attacker to gain access to the root
    user's X session.  In order for it to be successfully exploited, the
    attacker would have to somehow get the root user to su to the account
    belonging to the attacker.
    
    Vendor Alerts:
    
     Mandrake:
      http://www.mandrakesecure.net/en/ftp.php
    
      9.0/RPMS/pam-0.75-25.1mdk.i586.rpm
      dc82d88d63dafc3668e7ab4f1d09d404
    
      9.0/RPMS/pam-devel-0.75-25.1mdk.i586.rpm
      ca86fc0f07855ced3f9ed7793608d376
    
      9.0/RPMS/pam-doc-0.75-25.1mdk.i586.rpm
      65545ca4597990fb5ccf0218a2b6c922
    
      9.0/RPMS/pam_ldap-156-1.1mdk.i586.rpm
      b70c25f7b8a3b5f86149dd199003a4ff
    
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2869.html
    
    
    +---------------------------------+
    |  Package:  shadow-utils         | ----------------------------//
    |  Date: 02-18-2003               |
    +---------------------------------+
    
    Description:
    Updated shadow-utils packages correct a bug that caused the useradd tool
    to create mail spools with incorrect permissions.
    
    Vendor Alerts:
    
     Red Hat:
      ftp://updates.redhat.com/8.0/en/os/i386/
      shadow-utils-20000902-12.8.i386.rpm
      6dd61ab968afbc537e25faea914788bc
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2878.html
    
    
    
    +---------------------------------+
    |  Package:  imp                  | ----------------------------//
    |  Date: 02-18-2003               |
    +---------------------------------+
    
    Description:
    An attacker can gain access to protected information or, in conjunction
    with PostgreSQL, execute shell commands remotely.
    
    Vendor Alerts:
    
      SuSE:
      ftp://ftp.suse.com/pub/suse/i386/update/8.1/
      rpm/i586/imp-2.2.6-248.i586.rpm
      17b26d9e48a75cc499b6d4da0c1067c3
    
      SuSE Vendor Advisory:
      http://www.linuxsecurity.com/advisories/suse_advisory-2862.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 06:04:56 PST