+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 14th, 2002 Volume 4, Number 11a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for zlib, sendmail, qpopper, file, snort, mysqlcc, netscape-flash, ethereal, usermode, tcpdump, and lprold. The distributors include Caldera, Debian, Guardian Digital's EnGarde Secure Linux, Gentoo, Mandrake, NetBSD, Red Hat, and SuSE. * Comprehensive SPAM Protection! - Guardian Digial's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail2 ----------------------- LINUX SECURITY ARTICLES: ------------------------ Get out of a BIND - install DJBDNS - DJBDNS eases DNS management and improves security over BIND alternatives by taking a different approach to serving and caching DNS answers. http://www.linuxsecurity.com/articles/documentation_article-6857.html Remote Syslog with MySQL and PHP Msyslog has the ability to log syslog messages to a database. This allows for easier monitoring of multiple servers and the ability to be display and search for syslog messages using PHP or any other programming language that can communicate with the database.by that, too. http://www.linuxsecurity.com/feature_stories/feature_story-138.html +---------------------------------+ | Package: zlib | ----------------------------// | Date: 03-10-2003 | +---------------------------------+ Description: There is a buffer overflow in the gzprintf function in zlib that can enable attackers to cause a denial of service or possibly execute arbitrary code. Vendor Alerts: Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-011.0/RPMS libz-1.1.4-2.i386.rpm 54e3d653907b2aa8111939d208b1f48b Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2952.html +---------------------------------+ | Package: sendmail | ----------------------------// | Date: 03-10-2003 | +---------------------------------+ Description: From CA-2003-07: Researchers at Internet Security Systems (ISS) have discovered a remotely exploitable vulnerability in sendmail. This vulnerability could allow an intruder to gain control of a vulnerable sendmail server. Vendor Alerts: Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-011.0/RPMS sendmail-8.11.6-13.i386.rpm 3750ebb1d4260068deab033eabfa605c Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2953.html +---------------------------------+ | Package: qpopper | ----------------------------// | Date: 03-13-2003 | +---------------------------------+ Description: The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/q/ qpopper/qpopper_4.0.4-2.woody.3_i386.deb Size/MD5 checksum: 423226 6a00f3aacf1a94586fc83e92894e0f3a http://security.debian.org/pool/updates/main/q/ qpopper/qpopper-drac_4.0.4-2.woody.3_i386.deb Size/MD5 checksum: 424134 b80a81713471f455c6753e8282f1171d Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2956.html +---------------------------------+ | Package: file | ----------------------------// | Date: 03-13-2003 | +---------------------------------+ Description: iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. Vendor Alerts: Debian: http://security.debian.org/pool/updates/ main/f/file/file_3.28-1.potato.1_i386.deb Size/MD5 checksum: 88164 9a1945e7449e5bc243fd22af2cfb15a2 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2957.html EnGarde: EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/engarde_advisory-2945.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2947.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2951.html NetBSD: NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-2954.html Red Hat: Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2943.html +---------------------------------+ | Package: snort | ----------------------------// | Date: 03-07-2003 | +---------------------------------+ Description: Recently ISS X-Force discovered a buffer overflow vulnerability in the RPC preprocessor of the snort IDS system. A remote attacker could send fragmented RPC records and cause snort to execute arbitrary code as the snort user. Vendor Alerts: EnGarde: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ i386/snort-1.9.1-1.0.9.i386.rpm MD5 Sum: 5aa3f13b4f79cb27021517056a6c2f7c i686/snort-1.9.1-1.0.9.i686.rpm MD5 Sum: f379ae963718c32e46aacbf65941c404 EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2941.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2950.html Package: mysqlcc Date: 03-07-2003 Description: Versions prior to 0.8.9 had all configuration and connection files world readable. Vendor Alerts: Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2942.html Package: netscape-flash Date: 03-09-2003 Description: The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer. Vendor Alerts: Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2948.html +---------------------------------+ | Package: ethereal | ----------------------------// | Date: 03-09-2003 | +---------------------------------+ Description: The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow. This vulnerability has been present in Ethereal since the SOCKS dissector was introduced in version 0.8.7. It was discovered by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a heap overflow. All users of Ethereal 0.9.9 and below are encouraged to upgrade. Vendor Alerts: Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html +---------------------------------+ | Package: usermode | ----------------------------// | Date: 03-12-2003 | +---------------------------------+ Description: The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion. Vendor Alerts: Mandrake: 9.0/RPMS/usermode-1.55-8.1mdk.i586.rpm 6b3efb01bca77c598bfed862df7a10fe 9.0/RPMS/usermode-consoleonly-1.55-8.1mdk.i586.rpm eda24e3cdb96a6171e5b6ed7e6b1da2b http://www.mandrakesecure.net/en/ftp.php Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2955.html +---------------------------------+ | Package: tcpdump | ----------------------------// | Date: 03-12-2003 | +---------------------------------+ Description: The network traffic analyzer tool tcpdump is vulnerable to a denial-of-service condition while parsing ISAKMP or BGP packets. This bug can be exploited remotely by an attacker to stop the use of tcpdump for analyzing network traffic for signs of security breaches or alike. Another bug may lead to system compromise due to the handling of malformed NFS packets send by an attacker. Vendor Alerts: SuSE: ftp://ftp.suse.com/pub/suse/i386/update/8.1/ rpm/i586/tcpdump-3.7.1-198.i586.rpm 524015d3f9517311ee46eb63bc3ed42f ftp://ftp.suse.com/pub/suse/i386/update/8.1/ rpm/i586/tcpdump-3.7.1-198.i586.patch.rpm 2e1d2db971cf2693e5acca0da7e3bb39 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2959.html +---------------------------------+ | Package: lprold | ----------------------------// | Date: 03-12-2003 | +---------------------------------+ Description: The lprm command of the printing package lprold shipped till SuSE 7.3 contains a buffer overflow. This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root privileges. lprold is installed as default package and has the setuid bit set. Vendor Alerts: SuSE: PLEASE SEE VENDOR ADVISORY FOR UPDATE SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2958.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Mar 15 2003 - 01:14:21 PST