+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 11th, 2003 Volume 4, Number 27a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released xpdf, ml85p, openldap, imp, php, semi,
x-face-el, liece, mozart, skk, unzip, xbl, phpsysinfo, and teapop. The
distributors include Conectiva, Debian, Mandrake, and TurboLinux. Again,
there were no particularly serious vulnerabilities this week. However, it
is imperative that you make an effort to keep your servers up-to-date.
It's mid-July, which means 'vacation month' for many of our readers. When
going on leave from work, there are often many things that needs to be
prepared for. Often, a system administrator will ensure that all systems
are fully patched and up-to-date, backup and restore functions are working
correctly, and other users have the appropriate access so that minor
problems can be taken care of while away. Hypothetically, this could mean
a senior administrator is giving a junior admin full rights, or perhaps
the root passwords to the servers.
Next, if he senior admin has an over-sized ego (most likely) he/she will
feel compelled to add an autoreply message to his/her email. Because this
senior admin is very proactive, he/she is subscribed to over 30 security
related mailing lists. Because this hypothetical senior admin took only a
1/2 day on Friday, he/she did not take the time to ensure that autoreply
was setup to only reply to emails from the same domain. Instead, the
account was configured to reply to every single email received. By
mid-Saturday, the autoreply "feature" has kicked out over 100 emails.
Although primarily replies to bogus spam addresses, several were sent to
un-moderated mailing list. What does this mean? The entire world knows
the senior admin is "in Florida, please contact my staff Jr. Admin, Ryan
Typesalot." It's now Monday morning, quiet, and Ryan is just now getting
settled in at this desk. He receives a call from "patient social
engineer" who has been waiting for the perfect time to attack this this
company. What happens next? Because our patient social engineer knows
that the senior admin is out of the office for the next two weeks, and
that Ryan Typesalot is eger to solve problems, the attack is started.
You can probably figure out what will happen next. Ryan is conned into
believing that the person on the other side of the phone is a company
executive who is on the road and needs immediate access to his network
home directory and several passwords resets.
What is the moral of this story? Don't give out more information that you
have to. If you're going on vacation, you should only let the minimum
number of people know. If you must use autoreply, it is necessary to keep
it intracompany. Many of you probably already know this and already take
every necessary precaution. However, each time we send this newsletter
out, we receive quite a few auto replies. I don't want to tell you that
it should never be used, only that "features" such as autoreply should be
used carefully.
Until next time,
Benjamin D. Thomas
benat_private
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25
FEATURE: Real-Time Alerting with Snort
Real-time alerting is a feature of an IDS or any other monitoring
application that notifies a person of an event in an acceptably short
amount of time. The amount of time that is acceptable is different for
every person.
http://www.linuxsecurity.com/feature_stories/feature_story-144.html
--------------------------------------------------------------------
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
--------------------------------------------------------------------
LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez
Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will
encounter: Host and Network based.
http://www.linuxsecurity.com/feature_stories/feature_story-143.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
7/7/2003 - xpdf
arbitrary command execution
This update fixes a vulnerability that allows attackers to embed
commands in document hyperlinks.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3430.html
7/7/2003 - ml85p
insecure tmp file vulnerability
This is a SUID root program and it creates temporary files in an
insecure way, which makes it vulnerable to a race condition
exploit.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3431.html
7/7/2003 - openldap
denial of service vulnerability
A failed password extended operation (password EXOP) can cause
openldap to, if using the back-ldbm backend, attempt to free
memory which was never allocated, resulting in a segfault.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3432.html
7/8/2003 - imp
SQL code injection vulnerability
A remote attacker can use this vulnerability to execute SQL
commands and possibly get session IDs and steal another user's
webmail session.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3439.html
7/10/2003 - PHP4
mulitple vulnerabilities
There are mutliple vulnerabiles in php.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3440.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
7/7/2003 - semi, wemi insecure temporary file vulnerability
mulitple vulnerabilities
due to a combination of administrative problems, this advisory was
erroneously released with the identifier "DSA-337-1". DSA-337-1
correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3435.html
7/7/2003 - x-face-el insecure temporary file vulnerability
mulitple vulnerabilities
due to a combination of administrative problems, this advisory was
erroneously released with the identifier "DSA-337-1". DSA-337-1
correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3436.html
7/7/2003 - liece
insecure temporary file vulnerability
due to a combination of administrative problems, this advisory was
erroneously released with the identifier "DSA-337-1". DSA-337-1
correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3437.html
7/7/2003 - mozart
unsafe mailcap configuration
due to a combination of administrative problems, this advisory was
erroneously released with the identifier "DSA-337-1". DSA-337-1
correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3438.html
7/10/2003 - skk
insecure tmp file vulnerability
skk does not take appropriate security precautions when creating
temporary files.
http://www.linuxsecurity.com/advisories/debian_advisory-3441.html
7/10/2003 - unzip
directory traversal vulnerability
A directory traversal vulnerability in UnZip 5.50 allows attackers
to bypass a check for relative pathnames ("../") by placing
certain invalid characters between the two "." characters.
http://www.linuxsecurity.com/advisories/debian_advisory-3442.html
7/10/2003 - xbl
buffer overflow vulnerability
Another buffer overflow was discovered in xbl, distinct from the
one addressed in DSA-327 (CAN-2003-0451), involving the display
command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3443.html
7/10/2003 - phpsysinfo
directory traversal vulnerability
Another buffer overflow was discovered in xbl, distinct from the
one addressed in DSA-327 (CAN-2003-0451), involving the -display
command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3444.html
7/10/2003 - teapop
SQL injection vulnerability
Another buffer overflow was discovered in xbl, distinct from the
one addressed in DSA-327 (CAN-2003-0451), involving the -display
command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3445.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
7/8/2003 - unzip
directory traversal vulnerability
Another buffer overflow was discovered in xbl, distinct from the
one addressed in DSA-327 (CAN-2003-0451), involving the -display
command line option.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3446.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
7/9/2003 - unzip
directory traversal vulnerability
When certain encoded characters are inserted into '../' directory
traversal sequences, the creator of the archive can cause the file
to be extracted to arbitrary locations on the filesystem -
including paths containing system binaries and other sensitive
or confidential information.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3447.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 05:57:33 PDT