[ISN] Linux Advisory Watch - June 6th 2003

From: InfoSec News (isnat_private)
Date: Sun Jun 08 2003 - 23:55:15 PDT

  • Next message: InfoSec News: "[ISN] Deputy CIO at Homeland Security Department placed on leave"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  June 6th, 2002                           Volume 4, Number 22a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for maelstrom, apache, tomcat, kernel,
    wget, file, lprng, cups, ghostscript, kon2, gnupg, squirrelmail,
    xinetd,lprng, lv, and httpd. The distributors include Gentoo, Immunix,
    Mandrake, OpenPKG, Red Hat, Turbolinux, and Yellow Dog. This week there
    were several new advisories. Red Hat and others released several patches
    to their 2.4 kernel. For those of you using PPC architecture and running
    Yellow Dog Linux, this is your week. Eight new advisories were released,
    but most of these were fixes to known problems. Many would argue that late
    is better than never. :)
    
    Last week, I wrote about several choices a system administrator can make
    to achieve a secure system. However, I did not discuss why someone would
    want to pay particular attention to security. Perhaps it is because your
    boss demands it, or because you are responsible and take special pride in
    maintaining a secure system. Several industries are madated by the US
    federal government to ensure privacy and security. If you are familiar the
    health care industry, you have probably heard about HIPAA (The Health
    Insurance Portability and Accountability Act of 1996), or if you you work
    closely with the the financial industry, you've heard of the
    Graham-Leach-Bliley Act.
    
    If you have been to the doctor's office, dentist, or pharmacist in the
    last few months, you should have been asked to sign several forms that
    inform you of your privacy rights. This is a requirement of the HIPAA
    privacy rule. Now, companies are working achieve compliance with the
    second part of HIPAA, the security rule. Compliance must be met by April
    21st 2005. You may be asking yourself, "I'm not part of the heath care
    industry, why should I care?" The HIPAA security rule (164.308-164.312)
    provides a high level outline of what it takes to achieve security in an
    organization. It outlines administrative, physical, and technical
    safeguards to ensure the confidentiality, integrity, and maximum
    availability of data.
    
    The Department of Health and Human Services has made a strong effort to
    ensure that all mandatory and addressable rules follow industry standards.
    The security requirements have been scrutinized and modified at the
    request of health care industry leaders. Addressing each of the rules
    prescribed by HIPAA should not be viewed as a hindrance, but as good
    business practice. Although every organization has an established method
    for maintaining security, a lot can be learned from HIPAA. No matter what
    industry you're in, you should take a moment to review the requirements
    and apply the principles to everyday operation. The final published
    security rule can be found in the Federal Register, Volume 68, No. 34.
    Some of the major parts of the security standards include the security
    management process, incident procedures, contingency planning, workstation
    security, audit controls, integrity, authentication, etc. In short, the
    point I am trying to make is that the standards proposed by HIPAA can be
    applied to almost any organization. Although I believe they are far from
    perfect, they can be quite helpful.
    
    If you have any questions on how the HIPAA standards can be applied to
    your organizations, please feel free to write.
    
    Until next time,
    benat_private
    
    
    >> Need to Secure Multiple Domain or Host Names? <<
    
    Securing multiple domain or host names need not burden you with unwanted
    administrative hassles. Learn more about how the cost-effective Thawte
    Starter PKI program can streamline management of your digital
    certificates.
    
     Click here to download our Free guide:
     http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte20
    
    
    FEATURE: Real-Time Alerting with Snort
    Real-time alerting is a feature of an IDS or any other monitoring
    application that notifies a person of an event in an acceptably short
    amount of time. The amount of time that is acceptable is different
    for every person.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-144.html
    
    
    --------------------------------------------------------------------
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail
    Suite is unparalleled in security, ease of management, and features.
    Open source technology constantly adapts to new threats. Email
    firewall, simplified administration, automatically updated.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    --------------------------------------------------------------------
    
    LINSECURITY.COM FEATURE:
    Intrusion Detection Systems: An Introduction
    By: Alberto Gonzalez
    
    Intrusion Detection is the process and methodology of inspecting data for
    malicious, inaccurate or anomalous activity. At the most basic levels
    there are two forms of Intrusion Detection Systems that you will
    encounter: Host and Network based.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-143.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     5/30/2003 - maelstrom
       buffer overflow vulnerability
    
       A local buffer overflow exists in maelstrom.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3305.html
    
     6/2/2003 - uw-imapd buffer overflow vulnerability
       buffer overflow vulnerability
    
       UW-imapd can also act as IMAP client, allowing user to connect to
       specified server. It is disabled for anonymous users, but allowed
       for everyone else.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3309.html
    
     6/2/2003 - apache
       2.x denial of service vulnerability
    
       Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash
       in certain circumstances.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3310.html
    
     6/2/2003 - tomcat
       file access vulnerability
    
       Versions prior to tomcat-4.1.24 created /opt/tomcat with a
       directory mode which allowed users to access files containing
       passwords.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3311.html
    
    
    +---------------------------------+
    |  Distribution: Immunix          | ----------------------------//
    +---------------------------------+
    
     5/30/2003 - kernel
       raceguard rules
    
       Added patch to add raceguard cache clearing across sessions but
       not across process of different privilege levels.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3306.html
    
     6/4/2003 - wget
       input vulnerability
    
       Steven M. Christey has discovered wget did not perform sufficient
       input sanitization of ftp server responses.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3318.html
    
     6/4/2003 - file
       root vulnerability
    
       An anonymous reporter has reported to iDEFENSE a vulnerability in
       file that could allow for a root compromise, should root run file
       on a specially crafted file.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3319.html
    
     6/5/2003 - lprng
       insecure tmp file vulnerability
    
       A vulnerability has been found in psbanner, which creates a
       temporary file with a known filename in an insecure manner.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3328.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     5/30/2003 - cups
       denial of service vulnerability
    
       A Denial of Service (DoS) vulnerability was discovered in the CUPS
       printing system by Phil D'Amore of Red Hat.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3307.html
    
     6/2/2003 - apache
       2.x multiple vulnerabilities
    
       Two vulnerabilities were discovered in the Apache web server that
       affect all 2.x versions prior to 2.0.46.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3312.html
    
    
    +---------------------------------+
    |  Distributor: Apache            | ----------------------------//
    +---------------------------------+
    
     5/30/2003 - 2.0 multiple vulnerabilities
       2.x multiple vulnerabilities
    
       Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash
       in certain circumstances.
       http://www.linuxsecurity.com/advisories/other_advisory-3304.html
    
    
    +---------------------------------+
    |  Distribution: OpenPKG          | ----------------------------//
    +---------------------------------+
    
     6/3/2003 - ghostscript
       arbitrary command execution
    
       According to a Red Hat security advisory, a flaw in versions of
       Ghostscript before 7.07 allows malicious Postscript files to
       execute arbitrary commands even with command line option -dSAFER
       enabled.
       http://www.linuxsecurity.com/advisories/other_advisory-3314.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     6/2/2003 - ghostscript
       arbitrary command execution vulnerability
    
       A flaw in unpatched versions of Ghostscript before 7.07 allows
       malicious postscript files to execute arbitrary commands even with
       -dSAFER enabled.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3313.html
    
     6/3/2003 - 2.4 kernel multiple vulnerabilities
       arbitrary command execution vulnerability
    
       These packages fix a ptrace-related vulnerability that can lead to
       elevated (root) privileges.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3315.html
    
     6/3/2003 - 2.4 kernel vulnerabilities and driver issues
       arbitrary command execution vulnerability
    
       Several security issues have been found that affect the Linux
       kernel.  This update also fixes some driver issues.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3316.html
    
     6/3/2003 - kon2
       buffer overflow vulnerability
    
       A buffer overflow in kon2 allows local users to obtain root
       privileges.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3317.html
    
    
    +---------------------------------+
    |  Distribution: Turbolinux       | ----------------------------//
    +---------------------------------+
    
     5/30/2003 - gnupg
       key validity bug
    
       This bug causes keys with more than one user ID to give all user
       IDs on the key the amount of validity given to the most-valid key.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3308.html
    
    
    +---------------------------------+
    |  Distribution: YellowDog        | ----------------------------//
    +---------------------------------+
    
     6/4/2003 - squirrelmail
       multiple vulnerabilities
    
       Cross-site scripting vulnerabilities in SquirrelMail version
       1.2.10 and earlier allow remote attackers to execute script as
       other Web users via mailbox displays, message displays, or search
       results displays.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3320.html
    
     6/4/2003 - xinetd
       denial of service vulnerability
    
       Because of a programming error, memory was allocated and never
       freed if a connection was refused for any reason.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3321.html
    
     6/4/2003 - cups
       denial of service vulnerability
    
       Phil D'Amore of Red Hat discovered a vulnerability in the CUPS IPP
       implementation.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3322.html
    
     6/4/2003 - gnupg
       key validation vulnerability
    
       When evaluating trust values for different UIDs assigned to a
       given key, GnuPG versions earlier than 1.2.2 would incorrectly
       associate the trust value of the UID with the highest trust value
       with every UID assigned to that key.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3323.html
    
     6/4/2003 - lprng
       insecure tmp file vulnerability
    
       A vulnerability has been found in psbanner, which creates a
       temporary file with a known filename in an insecure manner.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3324.html
    
     6/4/2003 - lv
       arbitrary code execution vulnerability
    
       A bug has been found in versions of lv that read a .lv file in the
       current     directory.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3325.html
    
     6/4/2003 - compat-gcc  missing module
       arbitrary code execution vulnerability
    
       The version of compat-gcc that comes with Yellow Dog Linux 3.0 is
       missing a compatibility version of the g77 fortran compiler.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3326.html
    
     6/4/2003 - httpd
       multiple vulnerabilities
    
       A build system problem in Apache 2.0 through 2.0.45 allows remote
       attackers to cause a denial of access to authenticated content
       when a threaded server is used.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3327.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 09 2003 - 02:37:56 PDT