[ISN] Linux Advisory Watch - April 2nd 2004

From: InfoSec News (isn@private)
Date: Sun Apr 04 2004 - 22:58:59 PDT

  • Next message: InfoSec News: "[ISN] Blackwater Security Memorial Fund"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  April 2nd, 2004                          Volume 5, Number 14a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for mc, openssl, ethereal, libxml2,
    emil, Linux kernel, apache, UUDeview, courier, oftpd, fetchmail, squid,
    OpenLDAP, mplayer, Mozilla, and apache.  The distributors include
    Conectiva, Debian, FreeBSD, Gentoo, Mandrake, Red Hat, Trustix, and
    Turbolinux.
    
    ----
    
    >> Internet Productivity Suite:  Open Source Security <<
    
    Trust Internet Productivity Suites open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    design.
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
    
    ----
    
    Ape about EtherApe
    
    It is always the same scene in Hollywood films.  The networks are
    penetrated; cryptic images and characters are scrolling across the screen.
    We're being hacked!  Did you ever wish you could keep a closer eye on your
    network?  Sure we have sniffers and other tools, but did you ever want
    something graphical?
    
    I've always been a huge fan of ntop, but feel that it lacks on graphical
    end.  My curiosity drives the question, what is happening on my network?
    Another interesting program that I enjoy using is EtherApe.  It is a
    network monitor that displays traffic graphically. It supports a wide
    range of protocols and network types.  The display is color-coded allowing
    users to quickly understand the type of traffic on a network.
    
    The project is several years old, originally being based on etherman.  It
    is licensed under the GPL and is currently packaged for many different
    Linux distributions.  The hardware requirements are minimal, however it
    does require you to use X and have libcap installed.
    
    With EtherApe you'll find the network monitoring has never been this fun.
    On an active network, one can easily be drawn to just watching the
    activity.  It can be a very useful tool, but the entertainment value
    should not be discounted.
    
    One of the most useful features of EtherApe is the dynamic graphic images
    it creates.  These can be used to further explain concepts or attacks
    methodologies to business decision makers who wouldn't normally understand
    the output of tcpdump.
    
    More information about EtherApe can be found at the project website:
    http://etherape.sourceforge.net/
    
    Also, for those of you who are just curious, severals screenshots are also
    available:  http://etherape.sourceforge.net/images/
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ----
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    --------------------------------------------------------------------
    
    Security: MySQL and PHP
    
    This is the second installation of a 3 part article on LAMP (Linux Apache
    MySQL PHP). In order to safeguard a MySQL server to the basic level, one
    has to abide by the following guidelines.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-130.html
    
    --------------------------------------------------------------------
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------------------+
    |  Distribution: Conectiva        | ----------------------------//
    +---------------------------------+
    
     3/31/2004 - mc
       Buffer overflow vulnerability
    
       Flaw allows the execution of arbitrary code.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-4183.html
    
     3/31/2004 - OpenSSL
       Denial of service vulnerabilities
    
       This update fixes three denial of service vulnerabilities that
       affect  OpenSSL versions distributed with Conectiva Linux.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-4184.html
    
     3/31/2004 - ethereal
       Multiple vulnerabilities
    
       This patch fixes a large number of vulnerabilities, some remotely
       exploitable.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-4185.html
    
     3/31/2004 - libxml2
       Buffer overflow vulnerability
    
       An attacker can exploit this vulnerability to execute arbitrary
       code with the privileges of the user running an affected
       application.
       http://www.linuxsecurity.com/advisories/conectiva_advisory-4186.html
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     3/26/2004 - emil
       Multiple vulnerabilities
    
       Ulf Harnhammar discovered a number of vulnerabilities in emil,
       both various buffer overflows and format string bugs.
       http://www.linuxsecurity.com/advisories/debian_advisory-4157.html
    
     3/29/2004 - pam-pgsql Unchecked input vulnerability
       Multiple vulnerabilities
    
       An attacker could exploit this bug to insert SQL statements.
       http://www.linuxsecurity.com/advisories/debian_advisory-4160.html
    
    
    +---------------------------------+
    |  Distribution: FreeBSD          | ----------------------------//
    +---------------------------------+
    
     3/29/2004 - kernel
       Input validation error
    
       Flaw with IPv6 validation may result in memory locations being
       accessed without proper validation.
       http://www.linuxsecurity.com/advisories/freebsd_advisory-4161.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     3/26/2004 - apache
       2.x Multiple vulnerabilities
    
       Vulnerabilities include code execution and denial of service.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4156.html
    
     3/29/2004 - UUDeview
       Buffer overflow vulnerability
    
       By decoding a MIME archive with excessively long strings for
       various parameters, it is possible to crash UUDeview, or cause it
       to execute arbitrary code.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4163.html
    
     3/29/2004 - Courier
       Multiple buffer overflows
    
       Explotation of overflows may result in execution of arbitrary
       code.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4164.html
    
     3/29/2004 - ethereal
       Multiple buffer overflows
    
       Explotation of these bugs may result in denial of service or
       remote execution of arbitrary code.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4165.html
    
     3/29/2004 - oftpd
       Denial of service vulnerability
    
       A port command with a number above 255, even unauthenticated, can
       crash the oftpd server.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4166.html
    
     3/31/2004 - fetchmail
       Denial of service vulnerability
    
       Fetchmail 6.2.5 fixes a remote DoS.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4177.html
    
     3/31/2004 - squid
       Access control escape vulnerability
    
       A URL can be specially crafted to automatically bypass the squid
       Access Control functionality.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4178.html
    
     3/31/2004 - mc
       Buffer overflow vulnerability
    
       A remotely-exploitable buffer overflow in Midnight Commander
       allows arbitrary code to be run on a user's computer.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4179.html
    
     3/31/2004 - OpenLDAP
       Denial of service vulnerability
    
       A failed password operation can cause the OpenLDAP slapd server,
       if it is using the back-ldbm backend, to free memory that was
       never allocated.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4180.html
    
     3/31/2004 - mplayer
       Buffer overflow vulnerability
    
       MPlayer contains a remotely exploitable buffer overflow in the
       HTTP parser that may allow attackers to run arbitrary code on a
       user's computer.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4181.html
    
     3/31/2004 - Monit
       Multiple vulnerabilities
    
       A denial of service and a buffer overflow vulnerability have been
       found in Monit.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4182.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     3/31/2004 - ethereal
       Multiple vulnerabilities
    
       This update patches quite a few ethereal issues, with threats
       ranging from denial of service to execution of arbitrary code.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4175.html
    
     3/31/2004 - squid
       Access control escape vulnerability
    
       It is possible for a remote attacker to create URLs that would not
       be properly tested against squid's ACLs, and thus be automatically
       allowed.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4176.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     3/29/2004 - squid
       ACL escape vulnerability
    
       If a Squid configuration uses Access Control Lists (ACLs), a
       remote attacker could cause allowed access to crafted, prohibited
       URLs.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4162.html
    
     3/29/2004 - Mozilla
       Denial of service vulnerability
    
       The parsing of unexpected ASN.1 constructs within S/MIME data
       could cause Mozilla to crash or consume large amounts of memory.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4167.html
    
     3/30/2004 - etherial
       Multiple vulnerabilities
    
       Updated Ethereal packages that fix various security
       vulnerabilities are now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4168.html
    
    
    +---------------------------------+
    |  Distribution: Trustix          | ----------------------------//
    +---------------------------------+
    
     3/30/2004 - fcron,crontabs,stunnel,kernel,ntp Multiple vulnerabilities
       Multiple vulnerabilities
    
       Patches now available for these packages.
       http://www.linuxsecurity.com/advisories/trustix_advisory-4171.html
    
     3/30/2004 - xinetd,dev,filesystem Multiple vulnerabilities
       Multiple vulnerabilities
    
       Patches now available for these packages also.
       http://www.linuxsecurity.com/advisories/trustix_advisory-4172.html
    
     3/30/2004 - tcpdump,libpcap Multiple vulnerabilities
       Multiple vulnerabilities
    
       The new upstream version of tcpdump fixes several bugs, some
       security related.
       http://www.linuxsecurity.com/advisories/trustix_advisory-4173.html
    
     3/30/2004 - apache
       Multiple vulnerabilities
    
       The new upstream version of apache addresses several security
       issues.
       http://www.linuxsecurity.com/advisories/trustix_advisory-4174.html
    
    
    +---------------------------------+
    |  Distribution: Turbolinux       | ----------------------------//
    +---------------------------------+
    
     3/30/2004 - wu-ftpd/OpenSSL Multiple vulnerabilities
       Multiple vulnerabilities
    
       New patches fix multiple vulnerabilities in both packages.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-4170.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _______________________________________________
    ISN mailing list
    ISN@private
    http://www.attrition.org/mailman/listinfo/isn
    



    This archive was generated by hypermail 2b30 : Sun Apr 04 2004 - 23:56:03 PDT