[ISN] Linux Advisory Watch - May 23rd 2003

From: InfoSec News (isnat_private)
Date: Sat May 24 2003 - 00:26:35 PDT

  • Next message: InfoSec News: "[ISN] U.S. government to get cybersecurity chief"

    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  May 23rd, 2002                           Volume 4, Number 20a |
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    Linux Advisoiry Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    This week, advisories were released for bugzilla, lv, mysql, sendmail,
    bitchx, PHP, gnupg, cdrtools, xinetd, fileutils, lpr, epic4, glibc,
    mod_ssl, and quotacheck. The distributors include Conectiva, Debian,
    Guardian Digital, Gentoo, Immunix, Mandrake, OpenPKG, RedHat, and
    Slackware. There were not any advisories that particularly caught my
    attention. Perhaps the most serious are lpr, cdrecord, and lv, all of
    which may result in a local root compromise. If you are using these
    packages, they should be updated immediately.
    Many of you probably have experience in general network security. Also,
    many of you have probably worked with wireless equipment. In the last
    three years I've seen hundreds of articles and whitepapers on how to
    improve the security of wireless networks. Each paper usually falls into
    two categories. First, I have found that about 80% of the papers are too
    broad and do not provide any useful information. The other 20% of
    articles/whitepapers are helpful in that they focus on specific issues.
    Recently, I had the opportunity to read the O'Reilly book, "802.11
    Security."  It was written by Bruce Potter and Bob Fleck and published
    early this year. If you are looking for a overall source for 802.11
    security, I highly recommend this book. Although it is only 176 pages
    long, it is cram-packed with information. Like all O'Reilly books, it is
    suitable and interesting enough to read from cover-to-cover or can be
    easily used as a reference.
    The book begins with an introduction to wireless networking and quickly
    moves into explaining types of attacks and potential risks. The second
    part book focuses on locking down five types of wireless workstations. It
    includes specific chapters that cover FreeBSD, Linux, OpenBSD, OS X, and
    Windows. Next, it covers aspects pertaining to access point security and
    provides guidance on how to build a Linux, FreeBSD, or OpenBSD gateway.
    The book concludes with a chapter on authentication and encryption, and a
    chapter that discusses several wireless networking issues and predicts
    what the future will hold. Although no one can claim that this book is
    fully comprehensive, it does provide enough information to get started.
    Some of you will probably be looking for more detailed information, while
    others will think that it is the perfect dose. Once again, if you are
    looking for a general book on 802.11 security, take a look at what
    O'Reilly has to offer.
    Until next time,
     Benjamin D. Thomas
    Intrusion Detection Systems: An Introduction
    By: Alberto Gonzalez
    Intrusion Detection is the process and methodology of inspecting data for
    malicious, inaccurate or anomalous activity. At the most basic levels
    there are two forms of Intrusion Detection Systems that you will
    encounter: Host and Network based.
    At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next
    generation of the Community edition of EnGarde Secure Linux - the secure
    and easy to manage system for building a complete Internet presence while
    protecting your information assets.
    Download the FREE trial today!
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
    running a honeynet makes one acutely aware about "what is going on" out
    there. While placing a network IDS outside one's firewall might also
    provide a similar flood of alerts, a honeypot provides a unique
    prospective on what will be going on when a related server is compromised
    used by the intruders.
    |  Distribution: Conectiva        | ----------------------------//
     5/22/2003 - bugzilla
       multiple vulnerabilities
       There are multiple vulnerabilities in bugzilla.
    |  Distribution: Debian           | ----------------------------//
     5/16/2003 - lv
       privilege escalation vulnerability
       lv reads options from a configuration file in the current
       directory. Because such a file could be placed there by a
       malicious user, and lv configuration options can be used to
       execute commands, this represented a security vulnerability.
     5/16/2003 - mysql
       privilege escalation vulnerability
       There are multiple vulnerabilities in the mysql package.
     5/16/2003 - sendmail
       insecure tmp file vulnerability
       aul Szabo discovered bugs in three scripts included in the
       sendmail package where temporary files were created insecurely
       (expn, checksendmail and doublebounce.pl).
     5/19/2003 - bitchx
       multiple vulnerabilities
       Timo Sirainen discovered several overflow problems in BitchX.
    |  Distribution: EnGarde          | ----------------------------//
     5/20/2003 - 'swatch' incorrect value in default configuration
       multiple vulnerabilities
       A bug was recently discovered in the default configuration of the
       daily log summaries.  The default address is set incorrectly
       causing daily summaries to bounce until the system is ran through
       the initial configuration process or the admin e-mail address is
     5/21/2003 - PHP
       debugging and PEAR fixes
       This update disables debugging and enables support for PEAR in
       EnGarde's PHP packages.
    |  Distribution: Gentoo           | ----------------------------//
     5/16/2003 - gnupg
       key validation bug
       As part of the development of GnuPG 1.2.2, a bug was discovered in
       the key validation code.
     5/16/2003 - ut2003-demo passive DOS exploit
       key validation bug
       There is a negative sign bug in the unreal tournement engine.
     5/18/2003 - cdrtools
       privilege escalation vulnerability
       Incorrect link fixed. A vulnerability in cdrecord that could lead
       to a root compromise was discovered. cdrecord is not installed
       suid by default in Gentoo.
    |  Distribution: Gentoo           | ----------------------------//
     5/19/2003 - lv
       arbitrary command execution vulnerability
       Previous versions of lv read the file .lv in the current
       directory.  Becuse this file could be created by other users and
       could contain malicious commands to execute upon viewing certain
       files this is considered a potential local root exploit.
     5/19/2003 - xinetd
       denial of service vulnerability
       Steve Stubb has discovered that xinetd leaks 144 bytes for every
       connection it rejects.
    |  Distribution: Immunix          | ----------------------------//
     5/16/2003 - fileutils
       race condition vulnerability
       Steve Stubb has discovered that xinetd leaks 144 bytes for every
       connection it rejects.
    |  Distribution: Mandrake         | ----------------------------//
     5/22/2003 - cdrecord
       privilege escalation vulnaerbility
       A vulnerability in cdrecord was discovered that can be used to
       obtain root access because Mandrake Linux ships with the cdrecord
       binary suid root and sgid cdwriter.
    |  Distribution: Mandrake         | ----------------------------//
     5/22/2003 - lpr
       buffer overflow vulnerability
       A buffer overflow was discovered in the lpr printer spooling
       system that can be exploited by a local user to gain root
    |  Distribution: OpenPKG          | ----------------------------//
     5/16/2003 - gnupg
       incorrect key validation vulnerability
       The GNU Privacy Guard (GnuPG) development team discovered that the
       key validation code in GnuPG 1.2.1 and older versions does not
       properly determine the validity of keys with multiple user IDs
    |  Distribution: RedHat           | ----------------------------//
     5/16/2003 - lv
       privilege escalation vulnerability
       A bug has been found in versions of lv that read a .lv file in the
       current directory.  Local attackers can use this to place an .lv
       file in any directory to which they have write access.
     5/21/2003 - gnupg
       key validation bug
       Updated gnupg packages correcting a bug in the GnuPG key
       validation functions are now available.
    |  Distribution: Slackware        | ----------------------------//
     5/22/2003 - epic4
       multiple vulnerabilities
       New EPIC4 packages are available to fix security problems found by
       Timo Sirainen.
     5/22/2003 - bitchx
       multiple vulnerabilities
       Timo Sirainen discovered several overflow problems in BitchX.
     5/22/2003 - glibc
       buffer overflow vulnerability
       An integer overflow in the xdrmem_getbytes() function found in the
       glibc library has been fixed.
     5/22/2003 - gnupg
       key validation bug
       A key validation bug which results in all user IDs on a given key
       being treated with the validity of the most-valid user ID on that
       key has been fixed with the release of GnuPG 1.2.2.
     5/22/2003 - mod_ssl
       timing based attack vulnerability
       This version provides RSA blinding by default which prevents an
       extended timing analysis from revealing details of the secret key
       to an attacker.
     5/22/2003 - quotacheck
       An upgraded sysvinit package is available which fixes a problem
       with the use of quotacheck in /etc/rc.d/rc.M.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat May 24 2003 - 02:11:43 PDT