+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| November 7th, 2003 Volume 4, Number 44a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@private ben@private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for bugzilla, fileutils, postgresql,
apache, CUPS, and thttpd. The distributors include Conectiva, Guardian
Digital's EnGarde Linux, Gentoo, Immunix, Mandrake, RedHat, Slackware, and
SuSE.
>> Get Thawte's NEW Step-by-Step SSL Guide for Apache <<
In this guide you will find out how to test, purchase, install and use a
Thawte Digital Certificate on you Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates. Get you copy
of this new guide now:
Click Command:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte26
Although the update has been out for several weeks, the SANS Top20 list
still remains important. For administrators and management, it is a good
way to get an idea of some of the most vulnerable services. Although best
practice should dictate that these services have already been eliminated
or secured, this is often not the case. The SANS Top20 can should be an
eye-opener to those who do not regularly patch and update systems.
Both the problem and beauty of the Top20 list is its length. For those of
us with only Unix and/or Linux based servers, the list is cut down to 10.
Some of the vulnerabilities listed are related to BIND, RPC, Apache,
passwords, and clear text services. The list is very useful because of
its length giving people a quick idea of some of the biggest problems.
My concern is that diligence will stop after number 10. After each of the
10 Unix system vulnerabilities are addressed, administrators may have a
false sense of security. It is important to equally ensure that all other
services have been patched. One of the most common-sense ways to reduce
this workload is simply to not start services, or have software installed
that may be a potential problem in the future. Living with only the
minimum necessary requirements is often difficult. For example, when
installing a particular flavor of Linux, it takes much more time to
individually choose the packages you require, rather than simply
installing a pre-configured server configuration.
The Top20 list should only be a starting point for those wishing to
maintain a secure network. After each item on the list has been
addressed, security staff should then strive to achieve compliance with
standards such as BS-7799/ISO-17799, NIST security standards, the ISF's
Standard of Good Practice, and others. Once again, the common
re-occurring theme in information security process and standardization.
The absolute best way to achieve a secure operating environment is the
continual re-evaluation of policies, procedures, and practices.
Until next time, cheers!
Benjamin D. Thomas
ben@private
---
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--------------------------------------------------------------------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
11/6/2003 - bugzilla
multiple vulnerabilities
Several vulnerabilities have been announced and are being fixed in
this update.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3760.html
11/6/2003 - apache
multiple vulnerabilities
New versions of the Apache web server have been made available with
the following security fixes.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3761.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
11/4/2003 - 'openssl' ASN.1 parsing DoS
multiple vulnerabilities
This vulnerability (triggered by certain ASN.1 sequences which cause a
large recursion) is only believed to be exploitable as a denial of
service on the Windows platform at this time.
http://www.linuxsecurity.com/advisories/engarde_advisory-3757.html
11/5/2003 - 'apache' mod_alias and mod_rewrite buffer overflow
multiple vulnerabilities
A buffer overflow in mod_alias and mod_rewrite was discovered in the
Apache web server. This vulnerability may be exploited when a regular
expression with more then nine captures is defined in either the
httpd.conf or an .htaccess file.
http://www.linuxsecurity.com/advisories/engarde_advisory-3759.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
10/31/2003 - net-www/apache Buffer overflow vulnerability
multiple vulnerabilities
A buffer overflow could occur in mod_alias and mod_rewrite when a
regular expression with more than 9 captures is configured.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3753.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
10/31/2003 - fileutils
Memory exhaustion vulnerability
An off-by-one attack that may lead to a memory exhaustion
vulnerability has been fixed.
http://www.linuxsecurity.com/advisories/immunix_advisory-3749.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
11/3/2003 - postgresql
Buffer overflow vulnerability
Two bugs were discovered that lead to a buffer overflow in PostgreSQL
versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type
(ADT) to ASCII conversion functions.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3755.html
11/3/2003 - apache
Buffer overflow vulnerability
A buffer overflow in mod_alias and mod_rewrite was discovered in
Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and
earlier.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3756.html
11/6/2003 - CUPS
denial of service vulnerability
A bug in versions of CUPS prior to 1.1.19 was reported in the Internet
Printing Protocol (IPP) implementation would result in CUPS going into
a busy loop, which could result in a Denial of Service (DoS)
condition.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3762.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
11/3/2003 - CUPS
Denial of Service vulnerability
Updated CUPS packages that fix a problem where CUPS can hang are now
available.
http://www.linuxsecurity.com/advisories/redhat_advisory-3754.html
11/6/2003 - fileutils
denial of service vulnerability
Georgi Guninski discovered a memory starvation denial of service
vulnerability in the ls program.
http://www.linuxsecurity.com/advisories/redhat_advisory-3763.html
11/6/2003 - CUPS
denial of service vulnerability
Paul Mitcheson reported a situation where the CUPS Internet Printing
Protocol (IPP) implementation in CUPS versions prior to 1.1.19 would
get into a busy loop.
http://www.linuxsecurity.com/advisories/redhat_advisory-3764.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
11/4/2003 - apache
multiple vulnerabilities
These updates fix local vulnerabilities that could allow users who can
create or edit Apache config files to gain additional privileges.
http://www.linuxsecurity.com/advisories/slackware_advisory-3758.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
11/1/2003 - thttpd
Remote privilege escalation vulnerability
A Buffer overflow and privilege escalation vulnerabilty have been
fixed.
http://www.linuxsecurity.com/advisories/suse_advisory-3752.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Nov 10 2003 - 03:12:39 PST