[ISN] Linux Advisory Watch - January 9th 2003

From: InfoSec News (isn@private)
Date: Fri Jan 09 2004 - 09:47:34 PST

  • Next message: InfoSec News: "[ISN] Hey! Uber Haxor suspended for three days..."

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  January 9th, 2004                         Volume 5, Number 2a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for the Linux kernel, lftp, ethereal,
    screen, BIND, libnids, mpg321, nd, jabber, zebra, fsp, and vbox3.  The
    distributors include Conectiva, Debian, Guardian Digital EnGarde Secure
    Linux, Fedora, Immunix, Mandrake, Openwall, Red Hat, Slackware, SuSE,
    Trustix, and Turbolinux.
    
    One of the greatest indicators of unauthorized system activity is logging.
    However, in a compromise the integrity of logs often come into question.
    Depending on the extent of an attack, logs could have been deleted,
    modified, or flooded.  More knowledgeable attackers possess the skills
    necessary to cover their tracks and make any forensic investigation
    virtually impossible.
    
    Those administrators who have external intrusion detection sensors will
    have some advantage and additional information to aid in an investigation,
    but nothing takes the place of accurate system logs.  It is possible to
    have the best of both worlds by setting up an external logging server.
    Msyslog gives system administrators the ability to send syslog messages to
    an external database.  Therefore, logs from multiple servers can reside on
    single hardened machine.  This gives administrators the advantage of being
    able to focus all of their efforts at a single location.
    
    In addition to log integrity problems, often administrators are fed too
    much data.  If logging is too verbose, real anomalies may easily be
    overlooked.  Feeding all logs into a central database will also reduce
    this problem.  Using additional software or SQL queries, it can
    potentially be easier to find correlations and anomalies in logs across
    multiple servers.  Takeing it a step further, one could simply automate
    the log analysis process and only alert the administrator when there is a
    major problem.
    
    Managing logs effectively is no easy task.  Extracting information from
    Gigs of data is even more difficult.  We have a very valuable resource at
    our fingertips.  Start using your logs, they can give a remarkably clear
    picture of the state of a network.
    
    More information on using syslog with MySQL and PHP at:
    http://www.linuxsecurity.com/feature_stories/feature_story-138.html
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ---
    
    Managing Linux Security Effectively in 2004
    
    This article examines the process of proper Linux security management in
    2004.  First, a system should be hardened and patched.  Next, a security
    routine should be established to ensure that all new vulnerabilities are
    addressed.  Linux security should be treated as an evolving process.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-157.html
    
    --------------------------------------------------------------------
    
    CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
    Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
    Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
    thanks to the depth of its security strategy..." Find out what the other
    Linux vendors are not telling you.
    
    http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
    
    --------------------------------------------------------------------
    
    FEATURE: OSVDB: An Independent and Open Source Vulnerability Database This
    article outlines the origins, purpose, and future of the Open Source
    Vulnerability Database project. Also, we talk to with Tyler Owen, a major
    contributor.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-156.html
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     1/5/2004 - kernel
       Privilege escalation vulnerability
    
       Paul Starzetz from iSEC Security Research reported another
       vulnerability in the Linux memory management code which can be
       used by local attackers to obtain root privileges or cause a
       denial of service condition (DoS).
       http://www.linuxsecurity.com/advisories/conectiva_advisory-3912.html
    
     1/6/2004 - lftp
       Buffer overflow vulnerability
    
       Ulf Hrnhammar reported two buffer overflow vulnerabilities[3] in
       the lftp program. An attacker could prepare a directory on a
       server which, if accessed with a vulnerable lftp with the "ls" or
       "rels" command, could cause arbitrary code to be executed on the
       client.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-3919.html
    
     1/7/2004 - ethereal
       Denial of Service vulnerability
    
       When reading crafted data, Ethereal will crash.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-3932.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     1/5/2004 - ethereal
       Denial of service attack
    
       A heap-based buffer overflow allows remote attackers to cause a
       denial of service (crash) and possibly execute arbitrary code via
       the SOCKS dissector.
       http://www.linuxsecurity.com/advisories/debian_advisory-3906.html
    
     1/5/2004 - lftp
       Buffer overflow vulnerability
    
       An attacker could create a carefully crafted directory on a
       website so that the execution of an 'ls' or 'rels' command would
       lead to the execution of arbitrary code on the client machine.
       http://www.linuxsecurity.com/advisories/debian_advisory-3907.html
    
     1/5/2004 - screen
       Privilege leak vulnerability
    
       Timo Sirainen reported a vulnerability in screen, a terminal
       multiplexor with VT100/ANSI terminal emulation, that can lead an
       attacker to gain group utmp privledges.
       http://www.linuxsecurity.com/advisories/debian_advisory-3908.html
    
     1/6/2004 - BIND
       Cache poisoning vulnerability
    
       A vulnerability was discovered in BIND, a domain name server,
       whereby a malicious name server could return authoritative
       negative responses with a large TTL (time-to-live) value, thereby
       rendering a domain name unreachable.  A successful attack would
       require that a vulnerable BIND instance submit a query to a
       malicious nameserver.
       http://www.linuxsecurity.com/advisories/debian_advisory-3915.html
    
     1/6/2004 - libnids
       Buffer overflow vulnerability
    
       A vulnerability was discovered in libnids, a library used to
       analyze IP network traffic, whereby a carefully crafted TCP
       datagram could cause memory corruption and potentially execute
       arbitrary code with the privileges of the user executing a program
       which uses libnids (such as dsniff).
       http://www.linuxsecurity.com/advisories/debian_advisory-3916.html
    
     1/6/2004 - mpg321
       Malformed format string vulnerability
    
       A vulnerability was discovered in mpg321, a command-line mp3
       player, whereby user-supplied strings were passed to printf(3)
       unsafely.  This vulnerability could be exploited by a remote
       attacker to overwrite memory, and possibly execute arbitrary code.
       http://www.linuxsecurity.com/advisories/debian_advisory-3917.html
    
     1/6/2004 - nd
       Buffer overflow vulnerability
    
       Multiple vulnerabilities were discovered in nd, a command-line
       WebDAV interface, whereby long strings received from the remote
       server could overflow fixed-length buffers.  This vulnerability
       could be exploited by a remote attacker in control of a malicious
       WebDAV server to execute arbitrary code if the server was accessed
       by a vulnerable version of nd.
       http://www.linuxsecurity.com/advisories/debian_advisory-3918.html
    
     1/6/2004 - kernel
       Privilege escalation vulnerability
    
       Paul Starzetz discovered a flaw in bounds checking in mremap() in
       the Linux kernel (present in version 2.2.x, 2.4.x and 2.6.x) which
       may allow a local attacker to gain root privileges.
       http://www.linuxsecurity.com/advisories/debian_advisory-3923.html
    
     1/7/2004 - jabber
       Denial of Service vulnerability
    
       A bug in the handling of SSL connections could cause the server
       process to crash, resulting in a denial of service.
       http://www.linuxsecurity.com/advisories/debian_advisory-3928.html
    
     1/7/2004 - zebra
       Denial of Service vulnerability
    
       Two vulnerabilities were discovered in zebra, both resulting in
       DoS.
       http://www.linuxsecurity.com/advisories/debian_advisory-3929.html
    
     1/7/2004 - fsp
       Buffer overflow/Directory traversal vulns.
    
       A remote user could both escape from the FSP root directory, and
       also overflow a fixed-length buffer to execute arbitrary code.
       http://www.linuxsecurity.com/advisories/debian_advisory-3930.html
    
     1/7/2004 - kernel
       More for Priv. Esc vulnerability
    
       A flaw in bounds checking in mremap() in the Linux kernel may
       allow a local attacker to gain root privileges.
       http://www.linuxsecurity.com/advisories/debian_advisory-3931.html
    
     1/8/2004 - vbox3
       Privilege leak vulnerability
    
       Root privileges were not properly relinquished before executing a
       user-supplied tcl script.
       http://www.linuxsecurity.com/advisories/debian_advisory-3933.html
    
    
    +---------------------------------+
    |  Distribution: EnGarde          | ----------------------------//
    +---------------------------------+
    
     1/5/2004 - kernel
       bug and security fixes.
    
       This update fixes two security issues and one critical bug in the
       Linux Kernel shipped with EnGarde Secure Linux.
       http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
    
    
    +---------------------------------+
    |  Distribution: Fedora           | ----------------------------//
    +---------------------------------+
    
     1/6/2004 - kernel
       Privilege escalation vulnerability
    
       Paul Starzetz discovered a flaw in bounds checking in mremap() in
       the Linux kernel versions 2.4.23 and previous which may allow a
       local attacker to gain root privileges.
       http://www.linuxsecurity.com/advisories/fedora_advisory-3913.html
    
    
    +---------------------------------+
    |  Distribution: Immunix          | ----------------------------//
    +---------------------------------+
    
     1/6/2004 - kernel
       Privilege escalation vulnerability
    
       Paul Starzetz has discovered a mishandled boundary condition in
       the mremap(2) systemcall; Starzetz reports this vulnerability
       may be exploited by local untrusted users to gain root
       privileges.
       http://www.linuxsecurity.com/advisories/immunix_advisory-3914.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     1/8/2004 - kernel
       Privilege escalation vulnerability
    
       A flaw in bounds checking in mremap() in the Linux kernel may be
       used to allow a local attacker to obtain root privilege.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-3934.html
    
    
    +---------------------------------+
    |  Distribution: Openwall         | ----------------------------//
    +---------------------------------+
    
     1/6/2004 - kernel
       Privilege escalation vulnerability
    
       This vulnerability may allow any local user and any process to
       execute arbitrary code with kernel privileges and thus gain root
       access.
       http://www.linuxsecurity.com/advisories/openwall_advisory-3921.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     1/5/2004 - kernel
       Privilege escalation vulnerability
    
       Updated kernel packages are now available that fix a security
       vulnerability which may allow local users to gain root privileges.
       http://www.linuxsecurity.com/advisories/redhat_advisory-3909.html
    
     1/8/2004 - ethereal
       Denial of Service vulnerabilities
    
       By exploiting these two issues it may be possible to make Ethereal
       crash by injecting an intentionally malformed packet
       http://www.linuxsecurity.com/advisories/redhat_advisory-3935.html
    
    
    +---------------------------------+
    |  Distribution: Slackware        | ----------------------------//
    +---------------------------------+
    
     1/7/2004 - kernel
       Privilege escalation vulnerability
    
       There is a bounds-checking problem in the kernel's mremap() call
       which could be used by a local attacker to gain root privileges.
       http://www.linuxsecurity.com/advisories/slackware_advisory-3926.html
    
    
    +---------------------------------+
    |  Distribution: SuSE             | ----------------------------//
    +---------------------------------+
    
     1/5/2004 - kernel
       Privilege escalation vulnerability
    
       By exploiting an incorrect bounds check in do_mremap() during
       the remapping of memory it is possible to create a VMA with
       the size of 0.
       http://www.linuxsecurity.com/advisories/suse_advisory-3911.html
    
    
    +---------------------------------+
    |  Distribution: Trustix          | ----------------------------//
    +---------------------------------+
    
     1/5/2004 - kernel
       Privilege escalation vulnerability
    
       The kernel packages prior to this update suffers from a bug in the
       mremap function. This issue is fixed in this update. We have
       also fixed some minor bugs in the structure of the packages.
       http://www.linuxsecurity.com/advisories/trustix_advisory-3910.html
    
    
    +---------------------------------+
    |  Distribution: Turbolinux       | ----------------------------//
    +---------------------------------+
    
     1/6/2004 - kernel
       Privilege escalation vulnerability
    
       The local users may be able to gain root privileges.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-3922.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jan 09 2004 - 12:37:40 PST