[ISN] Linux Advisory Watch - September 12th 2003

From: InfoSec News (isnat_private)
Date: Mon Sep 15 2003 - 00:33:35 PDT

  • Next message: InfoSec News: "Re: [ISN] ISPs Could Block Ports to Reduce Spread of Malware (2 messages)"

    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  September 12th, 2003                     Volume 4, Number 36a |
       Editors:     Dave Wreski                Benjamin Thomas
                    daveat_private     benat_private
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    This week advisories were released for pam_smb, exim, stunnel, wu-ftpd,
    mah-jong, sane-backends, pine, GtkHTML, and inetd.  The distributors
    include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Red
    Hat, Slackware, and SuSE.
     >> FREE Apache SSL Guide from Thawte  <<
    Are you worried about your web server security?  Click here to get a FREE
    Thawte Apache SSL Guide and find the answers to all your Apache SSL
    security needs.
      Click Command:
    It has been an exciting week for me.  My wife and I have been preparing to
    move over 2000 miles away.  After months of consideration, I have decided
    that it is in my best interest to return to school.  I will be pursuing a
    Master's of Science in Information Security at Royal Holloway, University
    of London.  I will continue to write Linux Advisory Watch as well as other
    projects that I am involved in while abroad.
    The course that I have chosen is quite interesting.  It was established in
    1992 and includes study in security management, network security, host
    operating system security, standards and evaluation, advanced
    cryptography, database security, computer crime, as well as multiple
    industrial seminars.  A thesis written on a specic area of information
    security is required to complete the course.  I have decided go full-time,
    so it will be completed in a year.  I have talked with many students who
    have completed the course and they are all quite pleased.  I look forward
    to getting back in the classroom.
    As you can imagine, I did not jump into this overnight.  I have wanted to
    go to graduate school for quite some time.  I also considered a getting a
    MBA from the University of Louisville (my home town), and a Master's of
    Science in Computer Science (MSCS) with concentration in information
    security from James Madison University.  Although the NSA accreditation is
    very appealing, several of the modules taught do not seem to be strictly
    dedicated to security. It seems to be a very good program, but London is
    While attending Royal Holloway, University of London, I expect to learn
    many things in addition to security that will be helpful throughout life.
    First, I will gain international experience, meet friends from around the
    world, and see how America is perceived from an outside perspective.  I
    also hope to be able to dedicate more time to several of the projects that
    I am working on.  If you have experiences from, or live in London, I would
    love to hear from you!  From time to time, I will be sharing my
    experiences and knowledge that I gain.
    Until next time, cheers!
    Benjamin D. Thomas
    FEATURE: A Practical Approach of Stealthy Remote Administration This paper
    is written for those paranoid administrators who are looking for a
    stealthy technique of managing sensitive servers (like your enterprise
    firewall console or IDS).
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    Expert vs. Expertise: Computer Forensics and the Alternative OS
    No longer a dark and mysterious process, computer forensics have been
    significantly on the scene for more than five years now. Despite this,
    they have only recently gained the notoriety they deserve.
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    |  Distribution: Conectiva        | ----------------------------//
      9/5/2003 - pam_smb
        Remote buffer overflow
        A buffer overflow vulnerability has been discovered in the pam_smb
        module. An attacker can execute arbitrary code in the context of the
        program using the module by supplying a long password.
      9/5/2003 - exim
        Remote buffer overflow
        A remote heap buffer overflow vulnerability[2] has been reported[3] in
        the Exim server. Carefully constructed EHLO/HELO messages can cause a
        buffer overflow.
      9/5/2003 - stunnel
        File descriptor and DoS vulnerabilities
        A file descriptor leak and denial of service vulnerability have been
    |  Distribution: Debian           | ----------------------------//
      9/5/2003 - 'exim' buffer overflow
        File descriptor and DoS vulnerabilities
        A buffer overflow exists in exim, which is the standard mail transport
        agent in Debian.  By supplying a specially crafted HELO or EHLO
        command, an attacker could cause a constant string to be written past
        the end of a buffer allocated on the heap.  This vulnerability is not
        believed at this time to be exploitable to execute arbitrary code.
      9/5/2003 - 'wu-ftpd' insecure program execution
        File descriptor and DoS vulnerabilities
        wu-ftpd, an FTP server, implements a feature whereby multiple files
        can be fetched in the form of a dynamically constructed archive file,
        such as a tar archive.  This feature may be abused to execute
        arbitrary programs with the privileges of the wu-ftpd process.
      9/8/2003 - exim
        buffer overflow vulnerability
        A buffer overflow exists in exim.
      9/8/2003 - mah-jong multiple vulnerabilities
        buffer overflow vulnerability
        Nicolas Boullis discovered two vulnerabilities in mah-jong.
      9/11/2003 - sane-backends multiple vulnerabilities
        buffer overflow vulnerability
        Thes problems allow a remote attacker to cause a segfault fault and/or
        consume arbitrary amounts of memory.
    |  Distribution: EnGarde          | ----------------------------//
      9/11/2003 - 'pine' buffer overflows
        buffer overflow vulnerability
        The pine e-mail client shipped with EnGarde Secure Linux contains
        buffer overflows which may be exploited by a remote attacker by
        sending the victim a specially crafted email.
    |  Distribution: Red Hat          | ----------------------------//
      9/5/2003 - 'httpd' vulnerabilities
        buffer overflow vulnerability
        Updated httpd packages that fix several minor security issues are now
        available for Red Hat Linux 8.0 and 9.
      9/11/2003 - GtkHTML
        denial of service vulnerability
        Alan Cox discovered that certain malformed messages could cause the
        Evolution mail component to crash due to a null pointer dereference in
        the GtkHTML library.
      9/11/2003 - pine
        buffer overflow vulnerability
        A buffer overflow exists in the way unpatched versions of Pine prior
        to 4.57 handle the 'message/external-body' type.
    |  Distribution: Slackware        | ----------------------------//
      9/9/2003 - inetd
        denial of service vulnerability
        These updates fix a previously hard-coded limit of 256
        connections-per-minute, after which the given service is disabled for
        ten minutes.
      9/11/2003 - pine
        arbitrary code execution vulnerability
        Upgraded pine packages are available for Slackware 8.1, 9.0 and -
    |  Distribution: SuSE             | ----------------------------//
      9/5/2003 - 'pam_smb' privilege escalation
        arbitrary code execution vulnerability
        Dave Airlie informed us about a bug in the authentication code of
        pam_smb that allows a remote attacker to gain access to a system using
        pam_smb by issuing a too long password string.
      9/11/2003 - pine
        arbitrary code execution vulnerability
        The well known and widely used mail client pine is vulnerable to a
        buffer overflow.  The vulnerability exists in the code processing
        'message/external-body' type messages.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Sep 15 2003 - 03:00:55 PDT