[ISN] Linux Advisory Watch - July 18th 2003

From: InfoSec News (isnat_private)
Date: Sat Jul 19 2003 - 01:34:18 PDT

  • Next message: InfoSec News: "Re: [ISN] Update: Money seen as biggest obstacle to effective IT security"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  July 18th, 2003                          Volume 4, Number 28a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    This week, advisories were released for pam, gnupg, mpg123, ucd-snmp,
    phpgroupware, traceroute-nanog, nfs-utils, falconseye, php4, unzip,
    radius, gtksee, kernel, mozilla, xpdf, apache, and ypserv. The
    distributors include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red
    Hat, Slackware, SuSE, Trustix, and Turbo Linux.
    
    One of the most reoccurring annoyances that I have had about vendor
    vulnerability announcements is the lack of standardization. Week after
    week software vendors continue to release advisories that outline various
    vulnerabilities and announce major updates. What is wrong with these?
    Why am I concerned about standards? As a seasoned Linux user, I have
    become accustom to the various formatting techniques of each vendor.
    Other less experienced users may have trouble determining exactly what to
    update from poorly organized advisories.  One of the most consistently
    good distributions is Red Hat.  Each week, advisories are released with an
    informative but concise history of each vulnerability, links to all
    updated packages, information on how to update, and MD5 checksums for each
    updated file.
    
    Another consistent distribution is Debian.  The presentation is similar to
    Red Hat, however they choose to include the MD5 checksum below each URL.
    This simple difference can save an administrator time when verifying each
    file.  Rather than having to look the hash up in a table, it is easier to
    find and identify. Other distributions such as Immunix and Gentoo provide
    very little information in each advisory.  Only a very short description
    and links to updated packages, or instructions how to update the software
    is given.  Personally, I prefer the Red Hat/Debian style because I am
    concerned about having an informed idea of what I am applying.  Others may
    prefer shorter advisories because time is not wasted sifting through
    mounds of information.
    
    Is there a solution?  The closest to a standardization that I have found
    is the VulnXML project.  What is it?  It is an open XML DTD to regulate
    the creation of XML-type security advisories.  Rather than plaintext,
    vendors will be encouraged to release advisories as an XML document
    resulting in more consistency.  With this, users will ultimately have an
    easier understanding of the advisories released.  Web sites will then have
    the ability to format advisories for better readability and indexing.  I
    commend the VulnXML development team for establishing this project.  I am
    anxious to see how it progresses.  Probably the most difficult aspect will
    be getting vendors to participate.  Initially, I see this getting started
    by recruiting volunteers to 'translate' new advisories. As community
    support and demand grows for VulnXML advisories, vendors will conform.
    
    If you are interested in learning more about VulnXML, I recommend that you
    visit:  http://www.owasp.org/vulnxml/
    
    
    Until next time,
    
     Benjamin D. Thomas
     benat_private
    
    
    INTRODUCING: Secure Mail Suite from Guardian Digital
    
    Unparalleled E-Mail Security. Secure Mail Suite is the most Dynamic,
    Rigorous Protection for Your Email System on the market today. It Clobbers
    Spam.  Detects and Disables Viruses. And its Killer Firewall Keeps Your
    Data -- and Your System and Safe and Secure. All in an Easy-to-Manage
    Application that's Simple to Administer and Maintain.
    
    Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security.
    It's based on Open-Source Engineering, so it's constantly Improving.  And
    with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard
    for You -- for Many Reliable Years.
    
    Secure Mail Suite. Sweet!
      From the First Name in Open-Source Security. Guardian Digital.
    
     --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews3
    
    
    
    REVIEW: Linux Security Cookbook
    
    There are rarely straightforward solutions to real world issues,
    especially in the field of security. The Linux Security Cookbook is an
    essential tool to help solve those real world problems.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-145.html
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    --------------------------------------------------------------------
    
    >> FREE Apache SSL Guide from Thawte <<
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
    
     Click Command:
     http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     7/11/2003 - pam
       Local vulnerability
    
       Andreas Beck discovered[1] a vulnerability in the use of pam_xauth
       by the su utility. If the attacker can make one user run su from an
       X session, he can steal the X credentials and execute programs in the
       X display of the user running su. The worst scenario is the one where
       an administrator, logged as root, uses "su" to an account belonging
       to an attacker.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3453.html
    
     7/11/2003 - gnupg
       Key validity vulnerability
    
       During the development of GnuPG 1.2.2, a bug has been found in
       the key validation code
    
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3454.html
    
     7/15/2003 - mpg123
       buffer overflow vulnerability
    
       A vulnerability[1] in the way mpg123 handles mp3 files with a
       bitrate of zero may allow attackers to execute arbitrary code
       using a specially crafted mp3 file.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3458.html
    
     7/15/2003 - ucd-snmp heap overflow vulnerability
       buffer overflow vulnerability
    
       There is a remote heap overflow vulnerability in snmpnetstat (a
       tool used to retrieve information about a remote host).
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3459.html
    
     7/16/2003 - ucd-snmp remote heap overflow vulnerability
       buffer overflow vulnerability
    
       There is a remote heap overflow vulnerability in snmpnetstat .
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3464.html
    
     7/16/2003 - phpgroupware
       mulitple XSS vulnerabilities
    
       There are several "cross-site-scripting" vulnerabilities in
       versions of phpgroupware <= 0.9.14.003.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3465.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     7/14/2003 - traceroute-nanog buffer overflow vulnerability
       mulitple XSS vulnerabilities
    
      traceroute-nanog, an enhanced version of the common traceroute
      program, contains an integer overflow bug which could be exploited to
      execute arbitrary code.  traceroute-nanog is setuid root, but drops
      root privileges immediately after obtaining raw ICMP and raw IP
      sockets.
    
      http://www.linuxsecurity.com/advisories/debian_advisory-3455.html
    
     7/14/2003 - nfs-utils buffer overflow vulnerability
       mulitple XSS vulnerabilities
    
       The logging code in nfs-utils contains an off-by-one buffer
       overrun when adding a newline to the string being logged.  This
       vulnerability may allow an attacker to execute arbitrary code or
       cause a denial of service condition by sending certain RPC requests.
    
       http://www.linuxsecurity.com/advisories/debian_advisory-3456.html
    
     7/15/2003 - falconseye
       buffer overflow vulnerability
    
       The falconseye package is vulnerable to a buffer overflow
       exploited via a long '-s' command line option.
       http://www.linuxsecurity.com/advisories/debian_advisory-3460.html
    
     7/17/2003 - php4
       XSS vulnerability
    
       http://www.linuxsecurity.com/advisories/debian_advisory-3468.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     7/11/2003 - unzip
       Directory traversal vulnerability
    
       By inserting invalid characters between ".." attackers can
       overwrite arbitrary files.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3448.html
    
     7/11/2003 - cistronradius
       Buffer overflow vulnerability
    
       Allows remote attackers to cause a denial of service and possibly
       execute arbitrary code via a large value in an NAS-Port attribute,
       which is interpreted as a negative number and causes a buffer overflow.
    
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3449.html
    
     7/11/2003 - ypserv
       Remote denial of service
    
       Allows remote attackers to cause a denial of service via a TCP client
       request that does not respond to the server, which causes ypserv to
       block.
    
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3450.html
    
     7/11/2003 - gtksee
       Buffer overflow vulnerability
    
       Attackers can use carefully crafted png pictures to execute arbitrary
       commands using a buffer overflow in when viewed in gtksee.
    
       http://www.linuxsecurity.com/advisories/gentoo_advisory-3451.html
    
    
    +---------------------------------+
    |  Distribution: Immunix          | ----------------------------//
    +---------------------------------+
    
     7/16/2003 - nfs-utils off-by-one overflow vulnerability
       Buffer overflow vulnerability
    
        http://www.linuxsecurity.com/advisories/immunix_advisory-3466.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     7/17/2003 - kernel
       mulitple vulnerabilities
    
       Multiple vulnerabilities were discovered and fixed in the Linux
       kernel.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3469.html
    
    
    +---------------------------------+
    |  Distribution: RedHat           | ----------------------------//
    +---------------------------------+
    
     7/14/2003 - nfs-utils denial of service vulnerability
       mulitple vulnerabilities
    
       Multiple vulnerabilities were discovered and fixed in the Linux
       kernel.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3457.html
    
     7/15/2003 - mozilla
       heap overflow vulnerability
    
       A heap-based buffer overflow in Netscape and Mozilla allows remote
       attackers to execute arbitrary code via a jar: URL referencing a
       malformed .jar file, which overflows a buffer during
       decompression.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3461.html
    
     7/17/2003 - xpdf
       arbitrary code execution vulnerability
    
       Updated Xpdf packages are available that fix a vulnerability
       where a malicious PDF document could run arbitrary code.
    
       http://www.linuxsecurity.com/advisories/redhat_advisory-3470.html
    
    
    +---------------------------------+
    |  Distribution: Slackware        | ----------------------------//
    +---------------------------------+
    
     7/15/2003 - nfs-utils denial of service vulnerability
       arbitrary code execution vulnerability
    
       This fixes an off-by-one buffer overflow in xlog.c which could be
       used by an attacker to produce a denial of NFS service, or to
       execute arbitrary code.
       http://www.linuxsecurity.com/advisories/slackware_advisory-3462.html
    
     7/16/2003 - nfs-utils off-by-one overflow vulnerability
       arbitrary code execution vulnerability
    
       There is an off-by-one overflow in xlog() in the nfs-utils
       package.
       http://www.linuxsecurity.com/advisories/slackware_advisory-3467.html
    
    
    +---------------------------------+
    |  Distribution: SuSe             | ----------------------------//
    +---------------------------------+
    
     7/15/2003 - nfs-utils denial of service vulnerability
       arbitrary code execution vulnerability
    
       There is an off-by-one bug in the xlog() function used by the
       rpc.mountd. It is possible for remote attackers to use this
       off-by-one overflow to execute arbitrary code as root.
       http://www.linuxsecurity.com/advisories/suse_advisory-3463.html
    
    
    +---------------------------------+
    |  Distribution: Trustix          | ----------------------------//
    +---------------------------------+
    
     7/11/2003 - apache
       Multiple vulnerabilities
    
       Multiple vulnerabilities including a possible buffer overflow have
       been fixed.
       http://www.linuxsecurity.com/advisories/trustix_advisory-3452.html
    
    
    +---------------------------------+
    |  Distribution: TurboLinux       | ----------------------------//
    +---------------------------------+
    
     7/17/2003 - ypserv
       denial of service vulnerability
    
       The vulnerability allow an attacker can cause to denial of service
       of the ypserv.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3471.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Jul 19 2003 - 04:42:20 PDT