[ISN] Linux Advisory Watch - August 8th 2003

From: InfoSec News (isnat_private)
Date: Mon Aug 11 2003 - 00:21:19 PDT

  • Next message: InfoSec News: "[ISN] How an e-mail virus could cripple a nation"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  August 8th, 2003                         Volume 4, Number 31a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilitiaes that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for wget, postfix, kernel, atari800,
    xfstt, kdelibs, mindi, phpgroupware, eroaster, libc, kdelibs, php, core,
    stunnel, man-db, Konqueror, and wuftpd. The distributors include
    Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, FreeBSD,
    Mandrake, NetBSD, Red Hat, Slackware, SuSe, and TurboLinux.
    
    >> FREE Apache SSL Guide from Thawte <<
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
    
    Click Command:
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
    
    One of the most common causes of software vulnerabilities is poor
    programming practices.  Often, developers sacrifice security to add
    additional features.  Although most coders wish to write securely, many do
    not.  At most universities security is not addressed in programming
    classes.  The only training a student may receive is learning how to check
    input variables.  I now understand that more universities are beginning to
    take software development security more seriously.
    
    For those of us who code at work, or just as a hobby, how can we ensure
    that we.re coding with best security practices?  I recently had the
    pleasure of reading the recent O.Reilly book Secure Coding: Principles &
    Practices by Mark G. Graff and Kenneth R. van Wyk.  Like all O.Reilly
    books, it is moderately technical and will not bore you with irrelevant
    narratives. The book weighs in at just over 200 pages and retails for
    $29.95 USD.  I would normally consider this a bit pricy for a small book.
    However, in this case the information provided is well worth the money.
    Every serious developer should have a copy.  This book is intended for
    moderately skilled programmers all the way up to expert level.
    
    The best part of the book is that it is written primarily as informational
    text and theory.  It contains very little source code.  The authors chose
    to focus on the practice of secure coding, rather than specific
    techniques.  The information found in this book can provide a strong
    foundation to the knowledge necessary to begin the secure development
    process. The beginning of the book provides an introduction to all types
    of attacks that affect software.  Next, a chapter is devoted to secure
    design including coding steps, issues, and practices to be avoided.  The
    book ends with techniques on how to successfully test software before
    release.  Another valuable part of the book is the case studies provided.
    Each section contains several real world examples that can help you better
    understand each concept.
    
    As previously stated, Secure Coding: Principles & Practices is highly
    recommended.  If you have been waiting for the perfect book on secure
    coding, this may be it!
    
    http://www.bestwebbuys.com/books/compare/isbn/0596002424/isrc/b-home-search
    
    Until Next time,
    Benjamin D. Thomas
    benat_private
    
    
    Expert vs. Expertise: Computer Forensics and the Alternative OS
    
    No longer a dark and mysterious process, computer forensics have been
    significantly on the scene for more than five years now. Despite this,
    they have only recently gained the notoriety they deserve.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-147.html
    
    REVIEW: Linux Security Cookbook
    
    There are rarely straightforward solutions to real world issues,
    especially in the field of security. The Linux Security Cookbook is an
    essential tool to help solve those real world problems. By covering
    situations that apply to everyone from the seasoned Systems Administrator
    to the security curious home user, the Linux Security Cookbook
    distinguishes itself as an indispensible reference for security oriented
    individuals.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-145.html
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     8/2/2003 - wu-ftpd off-by-one vulnerability
    
       There is an off-by-one buffer overflow vulnerability in the
       fb_realpath() function, which handles filename paths in wu-ftpd.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3518.html
    
     8/4/2003 - wget
       buffer overflow vulnerability
    
       An attacker can create a long (more than 256 characters),
       specially crafted URL that when parsed by wget can cause the
       execution of arbitrary code or program misbehavior.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3519.html
    
     8/5/2003 - postfix
       remote denial of service vulnerability
    
       There are multiple vulnerabilities in postfix.
       http://www.linuxsecurity.com/advisories/connectiva_advisory-3530.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     8/1/2003 - wu-ftpd buffer overflow vulnerability
       remote denial of service vulnerability
    
       iSEC Security Research reports that wu-ftpd contains an off-by-one
       bugin the fb_realpath function which could be exploited by a
       logged-in user(local or anonymous) to gain root privileges.
       http://www.linuxsecurity.com/advisories/debian_advisory-3507.html
    
     8/1/2003 - kernel
       mulitple vulnerabilities
    
       A number of vulnerabilities have been discovered in the Linux
       kernel.
       http://www.linuxsecurity.com/advisories/debian_advisory-3508.html
    
     8/1/2003 - atari800
       multiple vulnerabilities
    
       Steve Kemp discovered multiple buffer overflows in atari800, an
       Atariemulator.
       http://www.linuxsecurity.com/advisories/debian_advisory-3509.html
    
     8/1/2003 - xfstt
       multiple vulnerabilities
    
       There are multiple vulnerabilities in xfstt.
       http://www.linuxsecurity.com/advisories/debian_advisory-3510.html
    
     8/1/2003 - kdelibs
       Multiple remote vulnerabilities
    
       Potential unauthorized access and man-in-the-middle attacks have
       been fixed.
       http://www.linuxsecurity.com/advisories/debian_advisory-3515.html
    
     8/2/2003 - mindi
       insecure tmp file vulnerability
    
       mindi, a program for creating boot/root disks, does not
       takeappropriate security precautions when creating temporary
       files.
       http://www.linuxsecurity.com/advisories/debian_advisory-3520.html
    
     8/3/2003 - postfix
       multiple vulnerabilities
    
       There are multiple vulnerabiilities in postfix.
       http://www.linuxsecurity.com/advisories/debian_advisory-3521.html
    
     8/5/2003 - man-db multiple vulnerabilities
       multiple vulnerabilities
    
       There are multiple vulnerabilities in suid install of man-db.
       http://www.linuxsecurity.com/advisories/debian_advisory-3531.html
    
     8/5/2003 - kernel
       vulnerability
    
       This advisory provides a correction to the previous kernel
       updates,which contained an error introduced in
       kernel-source-2.4.18 version2.4.18-7.  This error could result in
       a kernel "oops" under certaincircumstances.
       http://www.linuxsecurity.com/advisories/debian_advisory-3532.html
    
     8/5/2003 - kernel
       vulnerability
    
       This advisory provides a correction to the previous kernel
       updates,which contained an error introduced in
       kernel-source-2.4.18 version2.4.18-7.
       http://www.linuxsecurity.com/advisories/debian_advisory-3533.html
    
     8/6/2003 - phpgroupware
       multiple vulnerabilities
    
       Several vulnerabilities have been discovered in phpgroupware.
       http://www.linuxsecurity.com/advisories/debian_advisory-3536.html
    
     8/6/2003 - eroaster
       insecure temporary file vulnerabilitiy
    
       eroaster does nottake appropriate security precautions when
       creating a temporary filefor use as a lockfile.
       http://www.linuxsecurity.com/advisories/debian_advisory-3537.html
    
    
    +---------------------------------+
    |  Distribution: EnGarde          | ----------------------------//
    +---------------------------------+
    
     8/4/2003 - 'postfix' remote denial-of-service
       insecure temporary file vulnerabilitiy
    
       Michal Zalewski has discovered a vulnerability in the Postfix MTA
       which could lead to a remote DoS attack.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html
    
     8/6/2003 - 'stunnel' signal handler race DoS
       insecure temporary file vulnerabilitiy
    
       Stunnel is an SSL wrapper used in EnGarde to tunnel SIMAP and
       SPOP3. A potential vulnerability has been found when stunnel is
       configured to listen to incoming connections for these services.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html
    
    
    +---------------------------------+
    |  Distribution: FreeBSD          | ----------------------------//
    +---------------------------------+
    
     8/4/2003 - libc
       buffer overflow vulnerability
    
       An off-by-one error exists in a portion of realpath(3) that
       computesthe length of the resolved pathname.
       http://www.linuxsecurity.com/advisories/freebsd_advisory-3522.html
    
     8/5/2003 - libc
       realpath off-by-one vulnerability
    
       An off-by-one error exists in a portion of realpath(3) that
       computesthe length of the resolved pathname.
       http://www.linuxsecurity.com/advisories/freebsd_advisory-3534.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     8/1/2003 - kdelibs
       authentication vulnerability
    
       A vulnerability in Konqueror was discovered where it could
       inadvertently send authentication credentials to websites other
       than the intended site in clear text via the HTTP-referer header
       when authentication credentials are passed as part of a URL in the
       form http://user:password@host/.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3511.html
    
     8/1/2003 - wu-ftpd off-by-one vulnerability
       authentication vulnerability
    
       There is an off-by- one bug in the fb_realpath() function which
       could be used by a remote attacker to obtain root privileges on
       the server.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3512.html
    
     8/4/2003 - postfix
       multiple vulnerabilities
    
       Two vulnerabilities were discovered in the postfix MTA by Michal
       Zalewski.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3523.html
    
     8/4/2003 - php
       session handling vulnerability
    
       A vulnerability was discovered in the transparent session ID
       support in PHP4 prior to version 4.3.2.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3524.html
    
    
    +---------------------------------+
    |  Distribution: NetBSD           | ----------------------------//
    +---------------------------------+
    
     8/4/2003 - core
       denial of service vulnerability
    
       It is possible to crash an OSI connected system remotely by
       sending ita carefully prepared OSI networking packet.
       http://www.linuxsecurity.com/advisories/netbsd_advisory-3525.html
    
     8/4/2003 - libc
       off-by-one vulnerability
    
       In the library function realpath, there was a string
       manipulationmistake which could lead to 1-byte buffer overrun.
       http://www.linuxsecurity.com/advisories/netbsd_advisory-3526.html
    
    
    +---------------------------------+
    |  Distribution: RedHat           | ----------------------------//
    +---------------------------------+
    
     8/1/2003 - wu-ftpd off-by-one vulnerability
       off-by-one vulnerability
    
       An off-by-one bug has been discovered in versions of wu-ftpd up to
       andincluding 2.6.2.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3513.html
    
     8/4/2003 - postfix
       multiple vulnerabilities
    
       Two security issues have been found in Postfix that affect the
       Postfixpackages in Red Hat Linux 7.3, 8.0, and 9.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3527.html
    
    
    +---------------------------------+
    |  Distribution: Slackware        | ----------------------------//
    +---------------------------------+
    
     8/1/2003 - Konqueror
       Multiple vulnerabilities
    
       Note that this update addresses a security problem in Konqueror
       which may  cause authentication credentials to be leaked to an
       unintended website  through the HTTP-referer header when they have
       been entered into Konqueror	as a URL
       http://www.linuxsecurity.com/advisories/slackware_advisory-3516.html
    
    
    +---------------------------------+
    |  Distribution: SuSe             | ----------------------------//
    +---------------------------------+
    
     8/1/2003 - wuftpd
       off-by-one vulnerability
    
       There is a single byte buffer overflow in the WU ftp daemon
       (wuftpd), a widely used ftp server for Linux-like systems.
       http://www.linuxsecurity.com/advisories/suse_advisory-3514.html
    
     8/4/2003 - postfix
       multiple vulnerabilities
    
       Michal Zalewski has reported problems in postfix which can lead to
          a remote DoS attack or allow attackers to bounce-scan private
       networks.
       http://www.linuxsecurity.com/advisories/suse_advisory-3528.html
    
    
    +---------------------------------+
    |  Distribution: TurboLinux       | ----------------------------//
    +---------------------------------+
    
     8/4/2003 - wu-ftpd off-by-one vulnerability
       multiple vulnerabilities
    
       This vulnerability may allow remote authenticated users to execute
       arbitrary code via commands that cause long pathnames.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3529.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:54:48 PDT