+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 11th, 2003 Volume 4, Number 27a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas daveat_private benat_private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released xpdf, ml85p, openldap, imp, php, semi, x-face-el, liece, mozart, skk, unzip, xbl, phpsysinfo, and teapop. The distributors include Conectiva, Debian, Mandrake, and TurboLinux. Again, there were no particularly serious vulnerabilities this week. However, it is imperative that you make an effort to keep your servers up-to-date. It's mid-July, which means 'vacation month' for many of our readers. When going on leave from work, there are often many things that needs to be prepared for. Often, a system administrator will ensure that all systems are fully patched and up-to-date, backup and restore functions are working correctly, and other users have the appropriate access so that minor problems can be taken care of while away. Hypothetically, this could mean a senior administrator is giving a junior admin full rights, or perhaps the root passwords to the servers. Next, if he senior admin has an over-sized ego (most likely) he/she will feel compelled to add an autoreply message to his/her email. Because this senior admin is very proactive, he/she is subscribed to over 30 security related mailing lists. Because this hypothetical senior admin took only a 1/2 day on Friday, he/she did not take the time to ensure that autoreply was setup to only reply to emails from the same domain. Instead, the account was configured to reply to every single email received. By mid-Saturday, the autoreply "feature" has kicked out over 100 emails. Although primarily replies to bogus spam addresses, several were sent to un-moderated mailing list. What does this mean? The entire world knows the senior admin is "in Florida, please contact my staff Jr. Admin, Ryan Typesalot." It's now Monday morning, quiet, and Ryan is just now getting settled in at this desk. He receives a call from "patient social engineer" who has been waiting for the perfect time to attack this this company. What happens next? Because our patient social engineer knows that the senior admin is out of the office for the next two weeks, and that Ryan Typesalot is eger to solve problems, the attack is started. You can probably figure out what will happen next. Ryan is conned into believing that the person on the other side of the phone is a company executive who is on the road and needs immediate access to his network home directory and several passwords resets. What is the moral of this story? Don't give out more information that you have to. If you're going on vacation, you should only let the minimum number of people know. If you must use autoreply, it is necessary to keep it intracompany. Many of you probably already know this and already take every necessary precaution. However, each time we send this newsletter out, we receive quite a few auto replies. I don't want to tell you that it should never be used, only that "features" such as autoreply should be used carefully. Until next time, Benjamin D. Thomas benat_private --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25 FEATURE: Real-Time Alerting with Snort Real-time alerting is a feature of an IDS or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable is different for every person. http://www.linuxsecurity.com/feature_stories/feature_story-144.html -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- LINSECURITY.COM FEATURE: Intrusion Detection Systems: An Introduction By: Alberto Gonzalez Intrusion Detection is the process and methodology of inspecting data for malicious, inaccurate or anomalous activity. At the most basic levels there are two forms of Intrusion Detection Systems that you will encounter: Host and Network based. http://www.linuxsecurity.com/feature_stories/feature_story-143.html +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 7/7/2003 - xpdf arbitrary command execution This update fixes a vulnerability that allows attackers to embed commands in document hyperlinks. http://www.linuxsecurity.com/advisories/connectiva_advisory-3430.html 7/7/2003 - ml85p insecure tmp file vulnerability This is a SUID root program and it creates temporary files in an insecure way, which makes it vulnerable to a race condition exploit. http://www.linuxsecurity.com/advisories/connectiva_advisory-3431.html 7/7/2003 - openldap denial of service vulnerability A failed password extended operation (password EXOP) can cause openldap to, if using the back-ldbm backend, attempt to free memory which was never allocated, resulting in a segfault. http://www.linuxsecurity.com/advisories/connectiva_advisory-3432.html 7/8/2003 - imp SQL code injection vulnerability A remote attacker can use this vulnerability to execute SQL commands and possibly get session IDs and steal another user's webmail session. http://www.linuxsecurity.com/advisories/connectiva_advisory-3439.html 7/10/2003 - PHP4 mulitple vulnerabilities There are mutliple vulnerabiles in php. http://www.linuxsecurity.com/advisories/connectiva_advisory-3440.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 7/7/2003 - semi, wemi insecure temporary file vulnerability mulitple vulnerabilities due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3435.html 7/7/2003 - x-face-el insecure temporary file vulnerability mulitple vulnerabilities due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3436.html 7/7/2003 - liece insecure temporary file vulnerability due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3437.html 7/7/2003 - mozart unsafe mailcap configuration due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3438.html 7/10/2003 - skk insecure tmp file vulnerability skk does not take appropriate security precautions when creating temporary files. http://www.linuxsecurity.com/advisories/debian_advisory-3441.html 7/10/2003 - unzip directory traversal vulnerability A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters. http://www.linuxsecurity.com/advisories/debian_advisory-3442.html 7/10/2003 - xbl buffer overflow vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the display command line option. http://www.linuxsecurity.com/advisories/debian_advisory-3443.html 7/10/2003 - phpsysinfo directory traversal vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. http://www.linuxsecurity.com/advisories/debian_advisory-3444.html 7/10/2003 - teapop SQL injection vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. http://www.linuxsecurity.com/advisories/debian_advisory-3445.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 7/8/2003 - unzip directory traversal vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. http://www.linuxsecurity.com/advisories/mandrake_advisory-3446.html +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ 7/9/2003 - unzip directory traversal vulnerability When certain encoded characters are inserted into '../' directory traversal sequences, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem - including paths containing system binaries and other sensitive or confidential information. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3447.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 05:57:33 PDT