+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | May 16th, 2002 Volume 4, Number 19a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for kernel, mgetty, slocate, evolution, kernel, shadow, kopte, kopte, xinetd, mysql, kde, xinetd, kernel, tcpdump, and openssh. The distributors include SCO, Conectiva, Guardian Digital, Gentoo, Mandrake, Red Hat, and TurboLinux. Your editors would like to thank our readers for the wonderful feedback that we received from the last issue. All suggestions have been noted and we are making efforts to address each and every one. For those of you who have not yet had a chance to respond, there is still time! What are we looking for? We are looking for suggestions on how to make this newsletter better. Suggestions can range from tips on presentation to the type and amount of information included with each advisory. We are making this effort to serve you, the community, better. Help us take a step forward, let us know what it would take to make this newsletter perfect for you. We look forward to hearing from you! Please send all suggestions to: newsat_private This week, several interesting advisories were released. Most notably were the recent updates to the kernel. At the time of this writing, only EnGarde and Red Hat have released updates to the "ioperm" system call bug. It does not restrict privileges properly, which may result in a local user being able to access the I/O ports on a system. In addition, an attacker sending packets with a specially chosen forged source address can cause a large number of collisions in the kernel's networking hash tables, which results in a denial of service. I recently had an interesting conversation with Dave Wreski, my co-editor. We discussed the changes that will be made to the United States $20 bills to thwart counterfeiters. Dave brought up the point that the US Federal Reserveis implementing some changes that will not be made public. His thoughts were, "Would giving store clerks and the general public more information to recognize a bogus bill help? Or would releasing this information give too much to the counterfeiters and improve their capabilities?" I found this discussion interesting because it has the same underlying question as the security of open source software. Most people reading this newsletter would probably agree that security can not be gained through obscurity. Until next time, stay secure! Benjamin Thomas At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next generation of the Community edition of EnGarde Secure Linux - the secure and easy to manage system for building a complete Internet presence while protecting your information assets. Download the FREE trial today! http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=freetrial -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits, running a honeynet makes one acutely aware about "what is going on" out there. While placing a network IDS outside one's firewall might also provide a similar flood of alerts, a honeypot provides a unique prospective on what will be going on when a related server is compromised used by the intruders. http://www.linuxsecurity.com/feature_stories/feature_story-141.html +---------------------------------+ | Distribution: SCO | ----------------------------// +---------------------------------+ 5/13/2003 - kernel kmod/ptrace root exploit The kernel module loader in the Linux kernel allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. http://www.linuxsecurity.com/advisories/caldera_advisory-3248.html 5/14/2003 - mgetty buffer overflow vulnerability mgetty will overflow an internal buffer if the caller name reported by the modem is too long. http://www.linuxsecurity.com/advisories/caldera_advisory-3251.html +---------------------------------+ | Distribution: Connectiva | ----------------------------// +---------------------------------+ 5/9/2003 - slocate buffer overflow vulnerability It has been reported that slocate contains a buffer overflow vulnerability which could be used by a local attacker to obtain the privileges of the slocate user. http://www.linuxsecurity.com/advisories/connectiva_advisory-3246.html +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 5/14/2003 - evolution multiple vulnerabilities Core Security Technologies found several vulnerabilities in Evolution <= 1.2.2 and in the gtkhtml library. http://www.linuxsecurity.com/advisories/connectiva_advisory-3252.html +---------------------------------+ | Distribution: EnGarde | ----------------------------// +---------------------------------+ 5/15/2003 - 'sudo' heap corruption vulnerability multiple vulnerabilities There is a heap corruption vulnerability in sudo which may allow an attacker to execute arbitrary commands. http://www.linuxsecurity.com/advisories/engarde_advisory-3257.html 5/15/2003 - 'gnupg' key validation bug multiple vulnerabilities A key validation bug was recently discovered in the GNU Privacy Guard (GPG) which would cause keys with more then one user ID to trust all user ID's with the amount of trust given to the most-valid user ID. http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html 5/15/2003 - kernel updates This kernel update fixes several bugs and vulnerabilities. http://www.linuxsecurity.com/advisories/engarde_advisory-3259.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 5/13/2003 - shadow user id vulnerability Updated shadow package that contains a workarkaround for OpenSSH user identification problem. http://www.linuxsecurity.com/advisories/gentoo_advisory-3249.html 5/14/2003 - kopte arbitrary code execution vulnerability The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands. http://www.linuxsecurity.com/advisories/gentoo_advisory-3253.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 5/9/2003 - kopte gunpg arbitrary code execution This vulnerabiliy is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. http://www.linuxsecurity.com/advisories/mandrake_advisory-3247.html 5/15/2003 - xinetd denial of service vulnerability A vulnerability was discovered in xinetd where memory was allocated and never freed if a connection was refused for any reason. http://www.linuxsecurity.com/advisories/mandrake_advisory-3260.html 5/15/2003 - mysql root vulnerability In MySQL 3.23.55 and earlier, MySQL would create world-writeable files and allow mysql users to gain root privileges by using the "SELECT * INTO OUTFILE" operator to overwrite a configuration file, which could cause mysql to run as root upon restarting the daemon. http://www.linuxsecurity.com/advisories/mandrake_advisory-3261.html +---------------------------------+ | Distribution: RedHat | ----------------------------// +---------------------------------+ 5/13/2003 - kde multiple vulnerabilities KDE fails in multiple places to properly quote URLs and file names before passing them to a command shell. http://www.linuxsecurity.com/advisories/redhat_advisory-3250.html 5/14/2003 - xinetd denial of service vulnerability Updated xinetd packages that fix a security vulnerability are now avaliable. http://www.linuxsecurity.com/advisories/redhat_advisory-3254.html 5/14/2003 - kernel multiple vulnerabilities Updated kernel packages that fix a remote denial of service vulnerability in the TCP/IP stack, and a local privilege vulnerability, are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-3255.html 5/15/2003 - tcpdump privilege dropping vulnerability Updated tcpdump packages that correctly drop privileges on startup are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-3262.html +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ 5/14/2003 - openssh user id vulnerability The opessh immediately returns an error message if the user does not exist on openssh server. As a result, it is possible to check user's validity by measuring response time. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3256.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 19 2003 - 02:08:38 PDT