[ISN] Linux Advisory Watch - April 4th 2003

From: InfoSec News (isnat_private)
Date: Mon Apr 07 2003 - 01:42:50 PDT

  • Next message: InfoSec News: "[ISN] Texan charged with breaching Yale computer system"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  April 4th, 2002                          Volume 4, Number 14a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week advisories were released for sendmail, dietlibc, krb4, mutt,
    lpr, kernel, apcupsd, samba, eterm, evolution, dhcp, openssl, vsftp,
    kerberos, eog, enetbpm, and mysql.  The distributors include Caldera,
    Conectiva, Gentoo, Immunix, Red Hat, SuSE, Slackware, Trustix, and Yellow
    Dog.
    
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
    
      --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    
    
     -----------------------------
     LinuxSecurity Feature Extras:
     -----------------------------
    
    Making It Big: Large Scale Network Forensics (Part 2 of 2) - Proper
    methodology for computer forensics would involve a laundry-list of actions
    and thought processes that an investigator needs to consider in order to
    have the basics covered.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-140.html
    
    Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer
    forensics have hit the big time. A previously superniche technology,
    forensics have moved into the collective consciousness of IT sys. admins.
    and Corporate CSOs.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-139.html
    
    
    +---------------------------------+
    |  Package:  sendmail             | ----------------------------//
    |  Date: 03-28-2003               |
    +---------------------------------+
    
    
    Description:
    >From CERT CA-2003-12: There is a vulnerability in sendmail that can be
    exploited to cause a denial-of-service condition and could allow a remote
    attacker to execute arbitrary code with the privileges of the sendmail
    daemon, typically root.
    
    Vendor Alerts:
    
     Caldera:
      ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
      Server/CSSA-2003-016.0/RPMS/
      sendmail-8.11.6-14.i386.rpm
    
      Caldera Vendor Advisory:
      http://www.linuxsecurity.com/advisories/caldera_advisory-3109.html
    
    
    
     Conectiva:
      ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
      sendmail-8.11.6-1U60_3cl.i386.rpm
    
      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/connectiva_advisory-2913.html
    
    
     Gentoo:
      Gentoo Vendot Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-3088.html
    
     Immunix:
      Immunix Vendor Advisory:
      http://www.linuxsecurity.com/advisories/immunix_advisory-3093.html
    
    
     Red Hat:
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3097.html
    
     SuSE:
      SuSE Vendor Advisory:
      http://www.linuxsecurity.com/advisories/suse_advisory-3095.html
    
     Slackware:
      Slackware Vendor Advisory:
      http://www.linuxsecurity.com/advisories/slackware_advisory-3086.html
    
    
     Turbo Linux:
      TurboLinux Vendor Advisory:
      http://www.linuxsecurity.com/advisories/turbolinux_advisory-3094.html
    
    
     Yellow Dog:
      Yellow Dog Linux:
    
    http://www.linuxsecurity.com/advisories/yellowdog_advisory-2935.html
    
    
    
    
    +---------------------------------+
    |  Package:  dietlibc             | ----------------------------//
    |  Date: 03-28-2003               |
    +---------------------------------+
    
    Description:
    eEye Digital Security discovered an integer overflow in the
    xdrmem_getbytes() function of glibc, that is also present in dietlibc, a
    small libc useful especially for small and embedded systems.  This
    function is part of the XDR coder/decoder derived from Sun's RPC
    implementation. Depending upon the application, this vulnerability can
    cause buffer overflows and could possibly be exploited to execute arbitray
    code.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/d/
      dietlibc/dietlibc-dev_0.12-2.5_i386.deb
      Size/MD5 checksum:   230736 d6766661ce15e7d0bb981dd4283af35c
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-3077.html
    
    
     Gentoo:
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-3090.html
    
    
    
    +---------------------------------+
    |  Package:  krb4                 | ----------------------------//
    |  Date: 03-28-2003               |
    +---------------------------------+
    
    Description:
    A cryptographic weakness in version 4 of the Kerberos protocol allows
    an attacker to use a chosen-plaintext attack to impersonate
    anyprincipal in a realm.  Additional cryptographic weaknesses in the
    krb4 implementation permit the use of cut-and-paste attacks to
    fabricate krb4 tickets for unauthorized client principals if
    triple-DES keys are used to key krb4 services.	These attacks can
    subvert a site's entire Kerberos authentication infrastructure.
    
    Vendor Alerts:
    
     Debian:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-3078.html
    
    
     Gentoo:
      Gentoo Vendor Advisory:
      http://www.linuxsecurity.com/advisories/gentoo_advisory-3089.html
    
    
    
    +---------------------------------+
    |  Package:  mutt                 | ----------------------------//
    |  Date: 03-28-2003               |
    +---------------------------------+
    
    Description:
    Byrial Jensen discovered a couple of off-by-one buffer overflow in
    the IMAP code of Mutt, a text-oriented mail reader supporting IMAP,
    MIME, GPG, PGP and threading.  This problem could potentially allow a
    remote malicious IMAP server to cause a denial of service (crash) and
    possibly execute arbitrary code via a specially crafted mail folder.
    
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/m/mutt/
      mutt_1.3.28-2.2_i386.deb
      Size/MD5 checksum:  1301466 aa1b5f036516de1e6ffe434c71e53ea9
    
      http://security.debian.org/pool/updates/main/m/mutt/
      mutt-utf8_1.3.28-2.2_i386.deb
      Size/MD5 checksum:   360826 b8c3485a23be019515673825eb299589
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-3081.html
    
    
    
    
    +---------------------------------+
    |  Package:  lpr                  | ----------------------------//
    |  Date: 03-28-2003               |
    +---------------------------------+
    
    Description:
    A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
    printer spooling system.  This problem can be exploited by a local
    user to gain root privileges, even if the printer system is set up
    properly.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/l/
      lpr-ppd/lpr-ppd_0.72-2.1_i386.deb
      Size/MD5 checksum:	87626 67ae1097288920eac71f5fc8acad5873
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-3104.html
    
    
    
    
    +---------------------------------+
    |  Package:  kernel               | ----------------------------//
    |  Date: 04-3-2003                |
    +---------------------------------+
    
    Description:
    A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
    printer spooling system.  This problem can be exploited by a local
    user to gain root privileges, even if the printer system is set up
    properly.
    
    Vendor Alerts:
    
     Debian:
    
      http://security.debian.org/pool/updates/main/k/
      kernel-patch-2.4.17-s390/
      kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1_all.deb
      Size/MD5 checksum:   301464 691bc1a529cb6125bb04ca43d795c139
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-3105.html
    
    
     Mandrake:
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-3082.html
      http://www.linuxsecurity.com/advisories/mandrake_advisory-3083.html
    
    
    
    
    +---------------------------------+
    |  Package:  apcupsd              | ----------------------------//
    |  Date: 04-3-2003                |
    +---------------------------------+
    
    Description:
    The controlling and management daemon apcupsd for APC's Unbreakable
    Power Supplies is vulnerable to several buffer overflows and format
    string attacks. These bugs can be exploited remotely by an attacker
    to gain root access to the machine apcupsd is running on.
    
    Vendor Alerts:
    
     Debian:
      http://security.debian.org/pool/updates/main/a/apcupsd/
      apcupsd_3.8.5-1.1.1_i386.deb
      Size/MD5 checksum:   879266 2cf3d527d12b8eb2a6644db08e81add4
    
      Debian Vendor Advisory:
      http://www.linuxsecurity.com/advisories/debian_advisory-3110.html
    
    
    
    +---------------------------------+
    |  Package:  sambda               | ----------------------------//
    |  Date: 04-3-2003               |
    +---------------------------------+
    
    Description:
    A buffer overrun condition exists in the SMB/CIFS packet fragment
    re-assembly code in smbd which would allow an attacker to cause smbd
    to overwrite arbitrary areas of memory in its own process address
    space. This could allow a skilled attacker to inject binary specific
    exploit code into smbd.
    
    Vendor Alerts:
    
     Immunix:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Immunix Vendor Advisory:
      http://www.linuxsecurity.com/advisories/immunix_advisory-3092.html
    
     Red Hat:
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3100.html
    
    
    
    
    +---------------------------------+
    |  Package:  eterm                | ----------------------------//
    |  Date: 04-3-2003                |
    +---------------------------------+
    
    Description:
    A buffer overrun condition exists in the SMB/CIFS packet fragment
    re-assembly code in smbd which would allow an attacker to cause smbd
    to overwrite arbitrary areas of memory in its own process address
    space. This could allow a skilled attacker to inject binary specific
    exploit code into smbd.
    
    Vendor Alerts:
    
     Mandrake:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-3106.html
    
    
    
    +---------------------------------+
    |  Package:  evolution            | ----------------------------//
    |  Date: 04-1-2003                |
    +---------------------------------+
    
    Description:
    Multiple vulnerabilities have been found in the Ximian Evolution
    email client. These vulnerabilities make it possible for a carefully
    crafted email to crash the program, cause general system instability
    through resource starvation, and get around security measures
    implemented within the program.
    
    Vendor Alerts:
    
     Red Hat:
      ftp://updates.redhat.com/9/en/os/i386/
      evolution-1.2.2-5.i386.rpm
      bd29c1f05f08510072856f0b9fcbf858
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3096.html
    
    
    
    +---------------------------------+
    |  Package:  dhcp                 | ----------------------------//
    |  Date: 04-1-2003                |
    +---------------------------------+
    
    Description:
    A potential remote denial of service attack affects version 3 of the
    ISC  DHCPD server.  This advisory provides fixed packages for Red Hat
    Linux 8.0.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3098.html
    
    
    
    +---------------------------------+
    |  Package:  openssl              | ----------------------------//
    |  Date: 04-1-2003                |
    +---------------------------------+
    
    Description:
    Updated OpenSSL packages are available that fix a potential
    timing-based attack and a modified Bleichenbacher attack.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3099.html
    
    
    +---------------------------------+
    |  Package:  vsftp                | ----------------------------//
    |  Date: 04-1-2003                |
    +---------------------------------+
    
    Description:
    In Red Hat Linux 9, the vsftpd FTP daemon switched from being run by
    xinetd to being run as a standalone service. In doing so, it was
    accidentally not compiled against tcp_wrappers.
    
    Vendor Alerts:
    
     Red Hat:
      ftp://updates.redhat.com/9/en/os/i386/
      vsftpd-1.1.3-8.i386.rpm
      d2e807f808c45407f08528f50d29933b
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3101.html
    
    
    
    +---------------------------------+
    |  Package:  kerberos             | ----------------------------//
    |  Date: 04-2-2003                |
    +---------------------------------+
    
    Description:
    Vulnerabilities have been found in the Kerberos IV authentication
    protocol which allow an attacker with knowledge of a cross-realm key,
    which is shared with another realm, to impersonate any principal in
    that realm to any service in that realm. This vulnerability can only
    be closed by disabling cross-realm authentication in Kerberos IV
    (CAN-2003-0138).
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3102.html
    
    
    +---------------------------------+
    |  Package:  eog                  | ----------------------------//
    |  Date: 04-02-2003               |
    +---------------------------------+
    
    Description:
    A vulnerability was found in EOG version 2.2.0 and earlier.  A
    carefully crafted filename passed to the program could lead to the
    execution of arbitrary code.  An attacker could exploit this because
    various  ackages (Mutt, for example) make use of EOG for image
    viewing.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3107.html
    
    
    
    +---------------------------------+
    |  Package:  enetpbm              | ----------------------------//
    |  Date: 04-2-2003                |
    +---------------------------------+
    
    
    Description:
    One way that an attacker could exploit these vulnerabilities would be
    to submit a carefully crafted image to be printed, as the LPRng print
    spooler used by default in Red Hat Linux releases uses netpb
    utilities to parse various types of image files.
    
    Vendor Alerts:
    
     Red Hat:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-3108.html
    
    
    
    +---------------------------------+
    |  Package:  mysql                | ----------------------------//
    |  Date: 04-2-2003                |
    +---------------------------------+
    
    Description:
    This vulnerability is a configuration file being overwritten by using
    the "SELECT * INFO OUTFILE".
    
    Vendor Alerts:
    
     Turbo Linux:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE
    
      Turbo Linux Vendor Advisory:
      http://www.linuxsecurity.com/advisories/turbolinux_advisory-3103.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Apr 07 2003 - 04:27:04 PDT