[ISN] Linux Advisory Watch - May 16th 2003

From: InfoSec News (isnat_private)
Date: Sun May 18 2003 - 23:33:08 PDT

  • Next message: InfoSec News: "[ISN] Internet Dreams Turn To Crime"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  May 16th, 2002                           Volume 4, Number 19a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for kernel, mgetty, slocate,
    evolution, kernel, shadow, kopte, kopte, xinetd, mysql, kde, xinetd,
    kernel, tcpdump, and openssh.  The distributors include SCO, Conectiva,
    Guardian Digital, Gentoo, Mandrake, Red Hat, and TurboLinux.
    
    Your editors would like to thank our readers for the wonderful feedback
    that we received from the last issue. All suggestions have been noted and
    we are making efforts to address each and every one. For those of you who
    have not yet had a chance to respond, there is still time! What are we
    looking for? We are looking for suggestions on how to make this newsletter
    better. Suggestions can range from tips on presentation to the type and
    amount of information included with each advisory. We are making this
    effort to serve you, the community, better. Help us take a step forward,
    let us know what it would take to make this newsletter perfect for you. We
    look forward to hearing from you! Please send all suggestions to:
    newsat_private
    
    This week, several interesting advisories were released. Most notably were
    the recent updates to the kernel. At the time of this writing, only
    EnGarde and Red Hat have released updates to the "ioperm" system call bug.
    It does not restrict privileges properly, which may result in a local user
    being able to access the I/O ports on a system. In addition, an attacker
    sending packets with a specially chosen forged source address can cause a
    large number of collisions in the kernel's networking hash tables, which
    results in a denial of service.
    
    I recently had an interesting conversation with Dave Wreski, my co-editor.
    We discussed the changes that will be made to the United States $20 bills
    to thwart counterfeiters. Dave brought up the point that the US Federal
    Reserveis implementing some changes that will not be made public. His
    thoughts were, "Would giving store clerks and the general public more
    information to recognize a bogus bill help? Or would releasing this
    information give too much to the counterfeiters and improve their
    capabilities?" I found this discussion interesting because it has the same
    underlying question as the security of open source software. Most people
    reading this newsletter would probably agree that security can not be
    gained through obscurity.
    
    Until next time, stay secure!
    Benjamin Thomas
    
    
    At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next
    generation of the Community edition of EnGarde Secure Linux - the secure
    and easy to manage system for building a complete Internet presence while
    protecting your information assets.
    
    Download the FREE trial today!
    http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=freetrial
    
    --------------------------------------------------------------------
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    --------------------------------------------------------------------
    
    Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
    running a honeynet makes one acutely aware about "what is going on" out
    there. While placing a network IDS outside one's firewall might also
    provide a similar flood of alerts, a honeypot provides a unique
    prospective on what will be going on when a related server is compromised
    used by the intruders.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-141.html
    
    +---------------------------------+
    |  Distribution: SCO              | ----------------------------//
    +---------------------------------+
    
     5/13/2003 - kernel
       kmod/ptrace root exploit
    
       The kernel module loader in the Linux kernel allows local users to
       gain root  privileges by using ptrace to attach to a child process
       that is spawned by the kernel.
       http://www.linuxsecurity.com/advisories/caldera_advisory-3248.html
    
     5/14/2003 - mgetty
       buffer overflow vulnerability
    
       mgetty will overflow an internal buffer if the caller name
       reported by the modem is too long.
       http://www.linuxsecurity.com/advisories/caldera_advisory-3251.html
    
    
    +---------------------------------+
    |  Distribution: Connectiva       | ----------------------------//
    +---------------------------------+
    
     5/9/2003 - slocate
       buffer overflow vulnerability
    
       It has been reported that slocate contains a buffer overflow
       vulnerability which could be used by a local attacker to obtain
       the privileges of the slocate user.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3246.html
    
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     5/14/2003 - evolution
       multiple vulnerabilities
    
       Core Security Technologies found several vulnerabilities in
       Evolution <= 1.2.2 and in the gtkhtml library.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3252.html
    
    
    +---------------------------------+
    |  Distribution: EnGarde          | ----------------------------//
    +---------------------------------+
    
     5/15/2003 - 'sudo' heap corruption vulnerability
       multiple vulnerabilities
    
       There is a heap corruption vulnerability in sudo which may allow
       an attacker to execute arbitrary commands.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3257.html
    
     5/15/2003 -  'gnupg' key validation bug
       multiple vulnerabilities
    
       A key validation bug was recently discovered in the GNU Privacy
       Guard (GPG) which would cause keys with more then one user ID to
       trust all user ID's with the amount of trust given to the
       most-valid user ID.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html
    
     5/15/2003 - kernel
       updates
    
       This kernel update fixes several bugs and vulnerabilities.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3259.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     5/13/2003 - shadow
       user id vulnerability
    
       Updated shadow package that contains a workarkaround for OpenSSH
       user identification problem.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3249.html
    
     5/14/2003 - kopte
       arbitrary code execution vulnerability
    
       The GnuPG plugin in kopete before 0.6.2 does not properly cleanse
       the command line when executing gpg, which allows remote attackers
       to execute arbitrary commands.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3253.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     5/9/2003 - kopte
       gunpg arbitrary code execution
    
       This vulnerabiliy is in the GnuPG plugin that allows for users to
       send each other GPG-encrypted instant messages.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3247.html
    
     5/15/2003 - xinetd
       denial of service vulnerability
    
       A vulnerability was discovered in xinetd where memory was
       allocated and never freed if a connection was refused for any
       reason.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3260.html
    
     5/15/2003 - mysql
       root vulnerability
    
       In MySQL 3.23.55 and earlier, MySQL would create world-writeable
       files and allow mysql users to gain root privileges by using the
       "SELECT * INTO OUTFILE" operator to overwrite a configuration
       file, which could cause mysql to run as root upon restarting the
       daemon.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3261.html
    
    
    +---------------------------------+
    |  Distribution: RedHat           | ----------------------------//
    +---------------------------------+
    
     5/13/2003 - kde
       multiple vulnerabilities
    
       KDE fails in multiple places to properly quote URLs and file names
       before passing them to a command shell.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3250.html
    
     5/14/2003 - xinetd
       denial of service vulnerability
    
       Updated xinetd packages that fix a security vulnerability are now
       avaliable.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3254.html
    
     5/14/2003 - kernel
       multiple vulnerabilities
    
       Updated kernel packages that fix a remote denial of service
       vulnerability in the TCP/IP stack, and a local privilege
       vulnerability, are now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3255.html
    
     5/15/2003 - tcpdump
       privilege dropping vulnerability
    
       Updated tcpdump packages that correctly drop privileges on startup
       are now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3262.html
    
    
    +---------------------------------+
    |  Distribution: TurboLinux       | ----------------------------//
    +---------------------------------+
    
     5/14/2003 - openssh
       user id vulnerability
    
       The opessh immediately returns an error message if the user does
       not exist on openssh server. As a result, it is possible to check
       user's validity by measuring response time.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3256.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 19 2003 - 02:08:38 PDT