[ISN] Linux Advisory Watch - July 11th 2003

From: InfoSec News (isnat_private)
Date: Mon Jul 14 2003 - 01:33:30 PDT

  • Next message: InfoSec News: "[ISN] Cybersecurity Laws Expected"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  July 11th, 2003                          Volume 4, Number 27a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released xpdf, ml85p, openldap, imp, php, semi,
    x-face-el, liece, mozart, skk, unzip, xbl, phpsysinfo, and teapop. The
    distributors include Conectiva, Debian, Mandrake, and TurboLinux.  Again,
    there were no particularly serious vulnerabilities this week.  However, it
    is imperative that you make an effort to keep your servers up-to-date.
    
    It's mid-July, which means 'vacation month' for many of our readers. When
    going on leave from work, there are often many things that needs to be
    prepared for.  Often, a system administrator will ensure that all systems
    are fully patched and up-to-date, backup and restore functions are working
    correctly, and other users have the appropriate access so that minor
    problems can be taken care of while away.  Hypothetically, this could mean
    a senior administrator is giving a junior admin full rights, or perhaps
    the root passwords to the servers.
    
    Next, if he senior admin has an over-sized ego (most likely) he/she will
    feel compelled to add an autoreply message to his/her email. Because this
    senior admin is very proactive, he/she is subscribed to over 30 security
    related mailing lists.  Because this hypothetical senior admin took only a
    1/2 day on Friday, he/she did not take the time to ensure that autoreply
    was setup to only reply to emails from the same domain.  Instead, the
    account was configured to reply to every single email received.  By
    mid-Saturday, the autoreply "feature" has kicked out over 100 emails.
    Although primarily replies to bogus spam addresses, several were sent to
    un-moderated mailing list.  What does this mean?  The entire world knows
    the senior admin is "in Florida, please contact my staff Jr. Admin, Ryan
    Typesalot." It's now Monday morning, quiet, and Ryan is just now getting
    settled in at this desk.  He receives a call from "patient social
    engineer" who has been waiting for the perfect time to attack this this
    company.  What happens next?  Because our patient social engineer knows
    that the senior admin is out of the office for the next two weeks, and
    that Ryan Typesalot is eger to solve problems, the attack is started.
    You can probably figure out what will happen next.  Ryan is conned into
    believing that the person on the other side of the phone is a company
    executive who is on the road and needs immediate access to his network
    home directory and several passwords resets.
    
    What is the moral of this story?  Don't give out more information that you
    have to.  If you're going on vacation, you should only let the minimum
    number of people know.  If you must use autoreply, it is necessary to keep
    it intracompany.  Many of you probably already know this and already take
    every necessary precaution.  However, each time we send this newsletter
    out, we receive quite a few auto replies.  I don't want to tell you that
    it should never be used, only that "features" such as autoreply should be
    used carefully.
    
    Until next time,
    Benjamin D. Thomas
    benat_private
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    >> FREE Apache SSL Guide from Thawte <<
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
     Click Command:
     http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25
    
    
    FEATURE: Real-Time Alerting with Snort
    Real-time alerting is a feature of an IDS or any other monitoring
    application that notifies a person of an event in an acceptably short
    amount of time. The amount of time that is acceptable is different for
    every person.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-144.html
    
    
    --------------------------------------------------------------------
    
    * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
    unparalleled in security, ease of management, and features. Open source
    technology constantly adapts to new threats. Email firewall, simplified
    administration, automatically updated.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
    
    --------------------------------------------------------------------
    
    LINSECURITY.COM FEATURE:
    Intrusion Detection Systems: An Introduction
    By: Alberto Gonzalez
    
    Intrusion Detection is the process and methodology of inspecting data for
    malicious, inaccurate or anomalous activity. At the most basic levels
    there are two forms of Intrusion Detection Systems that you will
    encounter: Host and Network based.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-143.html
    
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     7/7/2003 - xpdf
       arbitrary command execution
    
       This update fixes a vulnerability that allows attackers to embed
       commands in document hyperlinks.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3430.html
    
     7/7/2003 - ml85p
       insecure tmp file vulnerability
    
       This is a SUID root program and it creates temporary files in an
       insecure way, which makes it vulnerable to a race condition
       exploit.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3431.html
    
     7/7/2003 - openldap
       denial of service vulnerability
    
       A failed password extended operation (password EXOP) can cause
       openldap to, if using the back-ldbm backend, attempt to free
       memory which was never allocated, resulting in a segfault.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3432.html
    
     7/8/2003 - imp
       SQL code injection vulnerability
    
       A remote attacker can use this vulnerability to execute SQL
       commands and possibly get session IDs and steal another user's
       webmail session.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3439.html
    
     7/10/2003 - PHP4
       mulitple vulnerabilities
    
       There are mutliple vulnerabiles  in php.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3440.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
    
     7/7/2003 - semi, wemi insecure temporary file vulnerability
       mulitple vulnerabilities
    
       due to a combination of administrative problems, this advisory was
       erroneously released with the identifier "DSA-337-1".  DSA-337-1
       correctly refers to an earlier advisory regarding gtksee.
       http://www.linuxsecurity.com/advisories/debian_advisory-3435.html
    
     7/7/2003 - x-face-el insecure temporary file vulnerability
       mulitple vulnerabilities
    
       due to a combination of administrative problems, this advisory was
       erroneously released with the identifier "DSA-337-1".  DSA-337-1
       correctly refers to an earlier advisory regarding gtksee.
       http://www.linuxsecurity.com/advisories/debian_advisory-3436.html
    
    
     7/7/2003 - liece
       insecure temporary file vulnerability
    
       due to a combination of administrative problems, this advisory was
       erroneously released with the identifier "DSA-337-1".  DSA-337-1
       correctly refers to an earlier advisory regarding gtksee.
       http://www.linuxsecurity.com/advisories/debian_advisory-3437.html
    
     7/7/2003 - mozart
       unsafe mailcap configuration
    
       due to a combination of administrative problems, this advisory was
       erroneously released with the identifier "DSA-337-1".  DSA-337-1
       correctly refers to an earlier advisory regarding gtksee.
       http://www.linuxsecurity.com/advisories/debian_advisory-3438.html
    
     7/10/2003 - skk
       insecure tmp file vulnerability
    
       skk does not take appropriate security precautions when creating
       temporary files.
       http://www.linuxsecurity.com/advisories/debian_advisory-3441.html
    
     7/10/2003 - unzip
       directory traversal vulnerability
    
       A directory traversal vulnerability in UnZip 5.50 allows attackers
       to bypass a check for relative pathnames ("../") by placing
       certain invalid characters between the two "." characters.
       http://www.linuxsecurity.com/advisories/debian_advisory-3442.html
    
     7/10/2003 - xbl
       buffer overflow vulnerability
    
       Another buffer overflow was discovered in xbl, distinct from the
       one addressed in DSA-327 (CAN-2003-0451), involving the display
       command line option.
       http://www.linuxsecurity.com/advisories/debian_advisory-3443.html
    
     7/10/2003 - phpsysinfo
       directory traversal vulnerability
    
       Another buffer overflow was discovered in xbl, distinct from the
       one addressed in DSA-327 (CAN-2003-0451), involving the -display
       command line option.
       http://www.linuxsecurity.com/advisories/debian_advisory-3444.html
    
     7/10/2003 - teapop
       SQL injection vulnerability
    
       Another buffer overflow was discovered in xbl, distinct from the
       one addressed in DSA-327 (CAN-2003-0451), involving the -display
       command line option.
       http://www.linuxsecurity.com/advisories/debian_advisory-3445.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     7/8/2003 - unzip
       directory traversal vulnerability
    
       Another buffer overflow was discovered in xbl, distinct from the
       one addressed in DSA-327 (CAN-2003-0451), involving the -display
       command line option.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3446.html
    
    
    +---------------------------------+
    |  Distribution: TurboLinux       | ----------------------------//
    +---------------------------------+
    
     7/9/2003 - unzip
       directory traversal vulnerability
    
       When certain encoded characters are	inserted into '../' directory
       traversal sequences, the creator of the archive can cause the file
       to be extracted to arbitrary locations on the   filesystem -
       including paths containing system binaries and other    sensitive
       or confidential information.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3447.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 05:57:33 PDT