+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 14th, 2002 Volume 4, Number 11a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for zlib, sendmail, qpopper, file,
snort, mysqlcc, netscape-flash, ethereal, usermode, tcpdump, and lprold.
The distributors include Caldera, Debian, Guardian Digital's EnGarde
Secure Linux, Gentoo, Mandrake, NetBSD, Red Hat, and SuSE.
* Comprehensive SPAM Protection! - Guardian Digial's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail2
-----------------------
LINUX SECURITY ARTICLES:
------------------------
Get out of a BIND - install DJBDNS - DJBDNS eases DNS management and
improves security over BIND alternatives by taking a different approach to
serving and caching DNS answers.
http://www.linuxsecurity.com/articles/documentation_article-6857.html
Remote Syslog with MySQL and PHP
Msyslog has the ability to log syslog messages to a database. This allows
for easier monitoring of multiple servers and the ability to be display
and search for syslog messages using PHP or any other programming language
that can communicate with the database.by that, too.
http://www.linuxsecurity.com/feature_stories/feature_story-138.html
+---------------------------------+
| Package: zlib | ----------------------------//
| Date: 03-10-2003 |
+---------------------------------+
Description:
There is a buffer overflow in the gzprintf function in zlib that can
enable attackers to cause a denial of service or possibly execute
arbitrary code.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-011.0/RPMS
libz-1.1.4-2.i386.rpm
54e3d653907b2aa8111939d208b1f48b
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2952.html
+---------------------------------+
| Package: sendmail | ----------------------------//
| Date: 03-10-2003 |
+---------------------------------+
Description:
From CA-2003-07: Researchers at Internet Security Systems (ISS) have
discovered a remotely exploitable vulnerability in sendmail. This
vulnerability could allow an intruder to gain control of a vulnerable
sendmail server.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-011.0/RPMS
sendmail-8.11.6-13.i386.rpm
3750ebb1d4260068deab033eabfa605c
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2953.html
+---------------------------------+
| Package: qpopper | ----------------------------//
| Date: 03-13-2003 |
+---------------------------------+
Description:
The sample exploit requires a valid user account and password, and
overflows a string in the pop_msg() function to give the user "mail"
group privileges and a shell on the system. Since the Qvsnprintf
function is used elsewhere in
qpopper, additional exploits may be possible.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/q/
qpopper/qpopper_4.0.4-2.woody.3_i386.deb
Size/MD5 checksum: 423226 6a00f3aacf1a94586fc83e92894e0f3a
http://security.debian.org/pool/updates/main/q/
qpopper/qpopper-drac_4.0.4-2.woody.3_i386.deb
Size/MD5 checksum: 424134 b80a81713471f455c6753e8282f1171d
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2956.html
+---------------------------------+
| Package: file | ----------------------------//
| Date: 03-13-2003 |
+---------------------------------+
Description:
iDEFENSE discovered a buffer overflow vulnerability in the ELF format
parsing of the "file" command, one which can be used to execute
arbitrary code with the privileges of the user running the command.
The vulnerability can be exploited by crafting a special ELF binary
which is then input to file. This could be accomplished by leaving
the binary on the file system and waiting for someone to use file to
identify it, or by passing it to a service that uses file to classify
input.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/
main/f/file/file_3.28-1.potato.1_i386.deb
Size/MD5 checksum: 88164 9a1945e7449e5bc243fd22af2cfb15a2
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2957.html
EnGarde:
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2945.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2947.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2951.html
NetBSD:
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-2954.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2943.html
+---------------------------------+
| Package: snort | ----------------------------//
| Date: 03-07-2003 |
+---------------------------------+
Description:
Recently ISS X-Force discovered a buffer overflow vulnerability in
the RPC preprocessor of the snort IDS system. A remote attacker
could send fragmented RPC records and cause snort to execute
arbitrary code as the snort user.
Vendor Alerts:
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/snort-1.9.1-1.0.9.i386.rpm
MD5 Sum: 5aa3f13b4f79cb27021517056a6c2f7c
i686/snort-1.9.1-1.0.9.i686.rpm
MD5 Sum: f379ae963718c32e46aacbf65941c404
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2941.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2950.html
Package: mysqlcc
Date: 03-07-2003
Description:
Versions prior to 0.8.9 had all configuration and connection files
world readable.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2942.html
Package: netscape-flash
Date: 03-09-2003
Description:
The cumulative security patch is available today and addresses the
potential for exploits surrounding buffer overflows (read/write) and
sandbox integrity within the player, which might allow malicious
users to gain access to a user's computer.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2948.html
+---------------------------------+
| Package: ethereal | ----------------------------//
| Date: 03-09-2003 |
+---------------------------------+
Description:
The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format
string overflow. This vulnerability has been present in Ethereal
since the SOCKS dissector was introduced in version 0.8.7. It was
discovered by Georgi Guninski. Additionally, the NTLMSSP code is
susceptible to a heap overflow. All users of Ethereal 0.9.9 and below
are encouraged to upgrade.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
+---------------------------------+
| Package: usermode | ----------------------------//
| Date: 03-12-2003 |
+---------------------------------+
Description:
The /usr/bin/shutdown command that comes with the usermode package
can be executed by local users to shutdown all running processes and
drop into a root shell. This command is not really needed to
shutdown a system, so it has been removed and all users are
encouraged to upgrade. Please note that the user must have local
console access in order to obtain a root shell in this fashion.
Vendor Alerts:
Mandrake:
9.0/RPMS/usermode-1.55-8.1mdk.i586.rpm
6b3efb01bca77c598bfed862df7a10fe
9.0/RPMS/usermode-consoleonly-1.55-8.1mdk.i586.rpm
eda24e3cdb96a6171e5b6ed7e6b1da2b
http://www.mandrakesecure.net/en/ftp.php
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2955.html
+---------------------------------+
| Package: tcpdump | ----------------------------//
| Date: 03-12-2003 |
+---------------------------------+
Description:
The network traffic analyzer tool tcpdump is vulnerable to a
denial-of-service condition while parsing ISAKMP or BGP packets. This
bug can be exploited remotely by an attacker to stop the use of
tcpdump for analyzing network traffic for signs of security breaches
or alike. Another bug may lead to system compromise due to the
handling of malformed NFS packets send by an attacker.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/tcpdump-3.7.1-198.i586.rpm
524015d3f9517311ee46eb63bc3ed42f
ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/tcpdump-3.7.1-198.i586.patch.rpm
2e1d2db971cf2693e5acca0da7e3bb39
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2959.html
+---------------------------------+
| Package: lprold | ----------------------------//
| Date: 03-12-2003 |
+---------------------------------+
Description:
The lprm command of the printing package lprold shipped till SuSE 7.3
contains a buffer overflow. This buffer overflow can be exploited by
a local user, if the printer system is set up correctly, to gain root
privileges. lprold is installed as default package and has the setuid
bit set.
Vendor Alerts:
SuSE:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2958.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Mar 15 2003 - 01:14:21 PST