[ISN] Linux Advisory Watch - July 4th 2003

From: InfoSec News (isnat_private)
Date: Mon Jul 07 2003 - 00:09:24 PDT

  • Next message: InfoSec News: "[ISN] Ten minute host firewall, Part 1"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  July 4th, 2002                           Volume 4, Number 26a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisoiry Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for kopete, kde, unzip, acm, xgalaga,
    mantis, kernel, proftpd, gtksee, proftpd, xpdf, acroread, tcptraceroute,
    phpbb, noweb, gnocatan, mikmod, XFree86, PHP, ethereal, and ypserv.  The
    distributors include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red
    Hat, TurboLinux, and YellowDog.  A number of advisories were released for
    Debian and Gentoo.  Red Hat released a moderate amount, and Immunix, Turbo
    Linux, and Yellow Dog released only a few.  There were several new
    vulnerabilities found, but a majority of the advisories released were
    patches to old issues.
    
    Last week, many of you enjoyed the insightful comments submitted by others
    readers.  This week, many of our American readers are preparing for a long
    holiday weekend.  Other readers across the world are also on holiday
    enjoying time with family and friends. Last weekend, I was quite busy
    because I got married.  What do we do with our servers during this time?
    Many of us would like to shut them off and restart when we return.  This
    option is never feasible. Others have no worries and leave their systems
    alone while away. No matter camp you're in, it is a great time to go
    'back-to-the-basics.'
    
    Today, many of us concern ourselves with complex security mechanisms and
    newer technologies.  However, many of us need to remember and return to
    the basics.  Are all accounts on the system legitimate and used regularly?
    What is my password policy? Are only the minimum necessary applications on
    the system?  No matter how many times a system is patched, if a
    disgruntled former employee still has an account on a system, it remains
    extremely vulnerable.
    
    People ask me almost daily, "I am new to Linux, how can I make sure that
    my system is secure?"  I always point new users to several resources.
    First, the Linux Security Quick Reference card:
    
     http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    Although it was written several years ago, almost all of it is sill
    relevant.  Topics on the quick reference card includes permissions, kernel
    security, apache security, tcpwrappers, NIDS, critical system files, and
    others.  It is advisable to print it on a single sheet double sided.
    
    Also, several other documents include the Linux Security Administrator's
    Guide, and the Linux Security Howto:
    
    http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
    http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
    
    Both documents can provide you with a strong foundation in Linux security.
    Often systems remain vulnerable because the basics have been ignored or
    forgotten.
    
    In this season of vacationing, it is a good time to remember the basics of
    security administration.  Double check your firewall rules, check for
    unnecessary applications and users, and verify critical file permissions.
    
    Until next time,
    
    Benjamin D. Thomas
    benat_private
    
    
    >> FREE Apache SSL Guide from Thawte <<
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     Click Command:
     http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25
    
    
    FEATURE: Real-Time Alerting with Snort
    Real-time alerting is a feature of an IDS or any other monitoring
    application that notifies a person of an event in an acceptably short
    amount of time. The amount of time that is acceptable is different for
    every person.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-144.html
    
    
    --------------------------------------------------------------------
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    --------------------------------------------------------------------
    
    LINSECURITY.COM FEATURE:
    Intrusion Detection Systems: An Introduction
    By: Alberto Gonzalez
    
    Intrusion Detection is the process and methodology of inspecting data for
    malicious, inaccurate or anomalous activity. At the most basic levels
    there are two forms of Intrusion Detection Systems that you will
    encounter: Host and Network based.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-143.html
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     7/1/2003 - radiusd-cistron buffer overflow vulnerability
    
       David Luyer reported[1] a buffer overflow vulnerability in
       radiusd-cistron versions <= 1.6.6 that could allow remote
       attackers to cause a denial of service (DoS) and possibly execute
       arbitrary code in the server context.
    
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3407.html
    
     7/1/2003 - kopete
       arbitrary command execution vulnerability
    
       A vulnerability in the GnuPG plugin in kopete versions prior to
       0.6.2 allows remote attackers to execute arbitrary commands in the
       client context by sending specially crafted messages to it.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3408.html
    
     7/1/2003 - kde
       mulitple vulnerabilities
    
       There are multiple vulnerabilities in KDE.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3409.html
    
     7/3/2003 - unzip
       directory traversal vulnerability
    
       A vulnerability has been found in the way unzip extracts files
       with invalid characters between two '.' (dot) characters in their
       path/names.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3426.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     6/28/2003 - acm
       Integer overflow
    
       A vulnerability has been found in the way unzip extracts files
       with invalid characters between two '.' (dot) characters in their
       path/names.
       http://www.linuxsecurity.com/advisories/debian_advisory-3402.html
    
     6/28/2003 - xgalaga
       Buffer overflow vulnerability
    
       A vulnerability has been found in the way unzip extracts files
       with invalid characters between two '.' (dot) characters in their
       path/names.
       http://www.linuxsecurity.com/advisories/debian_advisory-3403.html
    
     6/28/2003 - kernel-2.4.17 Multiple vulnerabilities
       Buffer overflow vulnerability
    
       A vulnerability has been found in the way unzip extracts files
       with invalid characters between two '.' (dot) characters in their
       path/names.
       http://www.linuxsecurity.com/advisories/debian_advisory-3404.html
    
     6/28/2003 - imagemagick
       temporary file
    
       A vulnerability has been found in the way unzip extracts files
       with invalid characters between two '.' (dot) characters in their
       path/names.
       http://www.linuxsecurity.com/advisories/debian_advisory-3405.html
    
     6/28/2003 - mantis
       Incorrect permissions vulnerability
    
       A vulnerability has been found in the way unzip extracts files
       with invalid characters between two '.' (dot) characters in their
       path/names.
       http://www.linuxsecurity.com/advisories/debian_advisory-3406.html
    
     7/1/2003 - proftpd
       SQL injection vulnerability
    
       ProFTPD's PostgreSQL authentication module is vulnerable to a SQL
       injection attack.
       http://www.linuxsecurity.com/advisories/debian_advisory-3411.html
    
     7/1/2003 - gtksee
       buffer overflow vulnerability
    
       Viliam Holub discovered a bug in gtksee whereby, when loading PNG
       images of certain color depths, gtksee would overflow a
       heap-allocated buffer.
       http://www.linuxsecurity.com/advisories/debian_advisory-3412.html
    
     7/1/2003 - 2.2 kernel multiple vulnerabilities
       buffer overflow vulnerability
    
       This advisory is being released as a factual correction to
       DSA-336-1.
       http://www.linuxsecurity.com/advisories/debian_advisory-3413.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     6/27/2003 - proftpd
       sql inject vulnerability
    
       A SQL Inject exists in ProFTPD server using the mod_sql module to
       authenticate against PostgreSQL database server. This
       vulnerability may allow a remote user to login whithout user and
       password.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3397.html
    
     6/27/2003 - xpdf
       arbitrary code execution vulnerability
    
       Valid PDF files can contain malicious external-type hyperlinks
       that can execute arbitrary shell commands underneath Unix with
       various PDF viewers/readers.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3398.html
    
     6/27/2003 - acroread
       arbitrary code execution vulnerability
    
       Valid PDF files can contain malicious external-type hyperlinks
       that can execute arbitrary shell commands underneath Unix with
       various PDF viewers/readers.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3399.html
    
     6/27/2003 - ethereal
       arbitrary code execution vulnerability
    
       It may be possible to make Ethereal crash or run arbitrary code by
       injecting a purposefully malformed packet onto the wire, or by
       convincing someone to read a malformed packet trace file.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3400.html
    
     7/1/2003 - tcptraceroute
       privilege escalation vulnerability
    
       tcptraceroute 1.4 and earlier does not fully drop privileges after
       obtaining a file descriptor for capturing packets, which may allow
       local users to gain access to the descriptor via a separate
       vulnerability in tcptraceroute.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3414.html
    
     7/1/2003 - phpbb
       SQL injection vulnerability
    
       QL injection vulnerability in viewtopic.php for phpBB 2.0.5 and
       earlier allows remote attackers to steal password hashes via the
       topic_id parameter.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3415.html
    
     7/1/2003 - noweb
       insecure tmp file vulnerability
    
       Multiple vulnerabilities in noweb 2.9 and earlier creates
       temporary files insecurely, which allows local users to overwrite
       arbitrary files via multiple vectors including the noroff script.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3416.html
    
     7/1/2003 - gnocatan
       multiple vulnerabilities
    
       Bas Wijnen discovered that the gnocatan server is vulnerable to
       several buffer overflows which could be exploited to execute
       arbitrary code on the server system.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3417.html
    
     7/3/2003 - mikmod
       arbitrary code execution vulnerability
    
       Buffer overflow in mikmod 3.1.6 and earlier allows remote
       attackers to execute arbitrary code via an archive file that
       contains a file with a long filename.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3427.html
    
    
    +---------------------------------+
    |  Distribution: Immunix          | ----------------------------//
    +---------------------------------+
    
     7/3/2003 - unzip
       directory traversal vulnerabilities
    
       Jelmer has discovered it is possible to bypass unzip's ".."
       protections by including garbage characters between the two
       periods.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3428.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     6/30/2003 - xpdf
       arbitrary code execution vulnerability
    
       Martyn Gilmore discovered flaws in various PDF viewers, including
       xpdf.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3418.html
    
     6/30/2003 - ypserv
       denial of service vulnerability
    
       A vulnerability was found in versions of ypserv prior to version
       2.7.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3419.html
    
    
    +---------------------------------+
    |  Distribution: RedHat           | ----------------------------//
    +---------------------------------+
    
     6/27/2003 - XFree86
       multiple vulnerabilities
    
       Since the last XFree86 update for Red Hat Linux 7.1 and 7.2, a
       number of security vulnerabilities have been found and fixed.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3401.html
    
     7/1/2003 - unzip
       trojan vulnerability
    
       A vulnerabilitiy in unzip version 5.50 and earlier allows
       attackers to overwrite arbitrary files during archive extraction
       by placing invalid (non-printable) characters between two "."
       characters.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3420.html
    
     7/2/2003 - PHP
       multiple vulnerabilities
    
       his update contains fixes for a number of bugs discovered in the
       version of PHP included in Red Hat Linux 8.0 and 9.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3425.html
    
     7/3/2003 - ethereal
       multiple vulnerabilities
    
       A number of security issues affect Ethereal.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3429.html
    
    
    +---------------------------------+
    |  Distribution: TurboLinux       | ----------------------------//
    +---------------------------------+
    
     7/2/2003 - radiusd-cistron arbitrary code execution vulnerability
       multiple vulnerabilities
    
       This may allow remote attackers to cause a denial of service or
       even execute arbitrary code.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3421.html
    
     7/2/2003 - kernel
       multiple vulnerabilities
    
       Local users may be able to gain read or write access to certain
       I/O ports.  Attackers may be able to cause a denial of service .
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3422.html
    
    
    +---------------------------------+
    |  Distribution: YellowDog        | ----------------------------//
    +---------------------------------+
    
     7/2/2003 - ypserv
       denial of service vulnerability
    
       A vulnerability has been discovered in the ypserv NIS server prior
       to version 2.7.
       http://www.linuxsecurity.com/advisories/yellowdog_advisory-3423.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 02:35:37 PDT