[ISN] Linux Advisory Watch - November 14th 2003

From: InfoSec News (isn@private)
Date: Mon Nov 17 2003 - 01:45:53 PST

  • Next message: InfoSec News: "Re: [ISN] Cracking the hacker underground"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  November 14th, 2003                      Volume 4, Number 45a |
    +----------------------------------------------------------------+
    
       Editors:     Dave Wreski                Benjamin Thomas
                    dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for thhtpd, cups, ethereal, mpg123,
    xinetd, hylafax, postgresql, conquest, epic4, glibc, and and zebra.  The
    distributors include Conectiva, Debian, Mandrake, Red Hat, and SuSE.
    
    ---
    
     >> Get Thawte's NEW Step-by-Step SSL Guide for Apache <<
    
    In this guide you will find out how to test, purchase, install and use a
    Thawte Digital Certificate on you Apache web server. Throughout, best
    practices for set-up are highlighted to help you ensure efficient ongoing
    management of your encryption keys and digital certificates. Get you copy
    of this new guide now:
    
      Click Command:
      https://www.guardiandigital.com/cgi-bin/thawteguide.pl?guidetype=apache
    
    ---
    
    The recent news has been flooded with reports about a looming security FUD
    campaign against Linux.  Although I have strong opinions on this matter,
    I've decided to keep quiet about it this week simply because additional
    hype will not help the situation. Readers of this newsletter are already
    aware of the merits of Linux and its potential for achieving an acceptable
    state of security. Rather than re-hash the same old rhetoric, I've decided
    to write about something a little bit more practical this week, tunneling
    through SSH.
    
    As you probably saw last week, the fifth vulnerability listed on the SANS
    Top 10 for Unix list is 'clear text services.' Sadly, these will remain a
    problem for years to come simply because many older applications are
    dependent on these.  For example, a Web development team may use an HTML
    editor that has a built in FTP client.  The moment that you suggest they
    stop using this editor, and start using SFTP or SCP, they'll laugh in your
    face. Unfortunately, there is always a balance between security and
    convenience, and convenience usually wins.  In most cases, a compromise
    can be established by tunneling insecure plaintext services through SSH.
    
    Probably the biggest misconception is that tunneling is difficult.  In
    fact, it is quite the opposite.  A tunnel can be setup in less than a
    minute and put a stop to years of paranoia.  A tunnel can be established
    as a simple command at the commandline.
    
    For example, to establish a tunnel:
    prompt$ ssh -L 2121:remotehost:21 bdthomas@remotehost -i keyfile.key
    
    To establish FTP connection: (at new terminal)
    prompt$ ftp -p localhost 2121
    
    At both terminals, you will authenticate as normal.  Looking at the
    example above, you'll see that the user is trying to make a secure FTP
    connection to 'remotehost.' To establish the tunnel, the SSH option '-L
    2121:remotehost:21' was given.  This simply means, listen on local port
    2121 and forward to remote port 21.  The options can be changed to fit any
    port requirement of any plaintext service.
    
    If you've never giving SSH tunneling a try, hopefully I've given you
    enough information to be interested.  Sometimes it can be a lifesaver
    because of its simplicity.  There is a large amount of information
    available on Google.  Also, Brian Hatch has written several good pieces
    that are available on LinuxSecurity.com
    
    http://www.linuxsecurity.com/articles/documentation_article-6822.html
    
    
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ---
    
    OpenVPN: An Introduction and Interview with Founder, James Yonan In this
    article, Duane Dunston gives a brief introduction to OpenVPN and
    interviews its founder James Yonan.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-152.html
    
    --------------------------------------------------------------------
    
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    --------------------------------------------------------------------
    
    FEATURE: R00ting The Hacker
    Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
    Hackers is a former intelligence officer in the U.S. Marine Corps who
    currently writes for Computerworld and CNN.com, covering national
    cyber-security issues and critical infrastructure protection.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-150.html
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
      11/7/2003 - thhtpd
        Multiple vulnerabilities
    
        Multiple vulnerabilities including sensitive file disclosure,
        cross-site scription, and directory traversal vulnerabilities have
        been fixed.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3765.html
    
      11/7/2003 - net-snmp
        Multiple vulnerabilities
    
        "net-snmp" version 5.0.9 was released to address a security
        vulnerability in previous 5.0.x versions where an existing
        user/community could get access to data in MIB objects that were
        explicitly excluded from their view.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3766.html
    
      11/7/2003 - cups
        DoS Vulnerability
    
        It has been reported that the IPP daemon from the Cups package can
        under some circumstances enter a loop and consume excessive CPU
        resources, causing the service to become slow and unresponsive.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3767.html
    
      11/7/2003 - ethereal
        Multiple vulnerabilities
    
        This update announcement addresses several vulnerabilities[2] in
        ethereal versions prior to 0.9.16. These vulnerabilities can be
        exploited by an attacker who can insert crafted packets in the wire
        being monitored by ethereal or make an user open a trace file with
        such packets inside.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3770.html
    
      11/12/2003 - mpg123
        Buffer overflow vulnerability
    
        When used to play mp3 audio streams over the network, audio servers
        can exploit this vulnerability by sending a carefully crafted response
        to the client which will overflow a buffer on the heap and execute
        arbitrary code.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3778.html
    
      11/12/2003 - xinetd
        Multiple vulnerabilities
    
        A memory leak and several other problems have been fixed in the latest
        version of xinetd.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3779.html
    
      11/12/2003 - hylafax
        Format string vulnerability
    
        This vulnerability can be exploited by a remote attacker to execute
        arbitrary code with the privileges of the root user in the host where
        hfaxd is running.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3780.html
    
      11/13/2003 - postgresql
        Multiple buffer overflow vulnerabilities
    
        Multiple buffer overflow vulnerabilities in the to_ascii() function
        have been fixed.
        http://www.linuxsecurity.com/advisories/connectiva_advisory-3781.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
      11/7/2003 - postgresql
        Remote buffer overflow vulnerability
    
        Tom Lane discovered a buffer overflow in the to_ascii function in
        PostgreSQL.  This allows remote attackers to execute arbitrary code on
        the host running the database.
        http://www.linuxsecurity.com/advisories/debian_advisory-3771.html
    
      11/10/2003 - conquest
        Buffer overflow vulnerability
    
        Steve Kemp discovered a buffer overflow in the environment variable
        handling of conquest, a curses based, real-time, multi-player space
        warfare game, which could lead a local attacker to gain unauthorised
        access to the group conquest.
        http://www.linuxsecurity.com/advisories/debian_advisory-3772.html
    
      11/10/2003 - epic4
        Buffer overflow vulnerability
    
        A malicious server could craft a reply which triggers the client to
        allocate a negative amount of memory.  This could lead to a denial of
        service if the client only crashes, but may also lead to executing of
        arbitrary code under the user id of the chatting user.
        http://www.linuxsecurity.com/advisories/debian_advisory-3773.html
    
      11/11/2003 - omega-rpg buffer overflow vulnerability
        Buffer overflow vulnerability
    
        Steve Kemp discovered a buffer overflow in the commandline and
        environment variable handling of omega-rpg.
        http://www.linuxsecurity.com/advisories/debian_advisory-3776.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
      11/11/2003 - hylafax
        buffer overflow vulnerability
    
        The SuSE Security Team discovered a format bug condition that allows
        remote attackers to execute arbitrary code as the root user.
        http://www.linuxsecurity.com/advisories/mandrake_advisory-3777.html
    
      11/12/2003 - fileutils/coreutils Denial of service vulnerability
        buffer overflow vulnerability
    
        A memory starvation denial of service vulnerability in the ls program
        was discovered.
        http://www.linuxsecurity.com/advisories/mandrake_advisory-3783.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
      11/10/2003 - ethereal
        Buffer overflow vulnerability
    
        Updated Ethereal packages that fix a number of exploitable security
        issues are now available.
        http://www.linuxsecurity.com/advisories/redhat_advisory-3775.html
    
      11/12/2003 - glibc
        Multiple vulnerabilities
    
        Updated glibc packages that resolve vulnerabilities and address
        several bugs are now available.
        http://www.linuxsecurity.com/advisories/redhat_advisory-3784.html
    
      11/12/2003 - PostgreSQL
        Buffer overflow vulnerability
    
        Updated PostgreSQL packages that correct a buffer overflow in the
        to_ascii routines are now available.
        http://www.linuxsecurity.com/advisories/redhat_advisory-3785.html
    
      11/12/2003 - zebra
        Multiple vulnerabilities
    
        Updated zebra packages that close a locally-exploitable and a
        remotely-exploitable denial of service vulnerability are now
        available.
        http://www.linuxsecurity.com/advisories/redhat_advisory-3786.html
    
    
    +---------------------------------+
    |  Distribution: SuSE             | ----------------------------//
    +---------------------------------+
    
      11/10/2003 - hylafax
        Remote code execution vulnerability
    
        The SuSE Security Team found a format bug condition during a code
        review of the hfaxd server. It allows remote attackers to execute
        arbitrary code as root. However, the bug can not be triggered in
        hylafax' default configuration.
        http://www.linuxsecurity.com/advisories/suse_advisory-3774.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Nov 17 2003 - 04:52:10 PST