+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 2nd, 2004 Volume 5, Number 14a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for mc, openssl, ethereal, libxml2, emil, Linux kernel, apache, UUDeview, courier, oftpd, fetchmail, squid, OpenLDAP, mplayer, Mozilla, and apache. The distributors include Conectiva, Debian, FreeBSD, Gentoo, Mandrake, Red Hat, Trustix, and Turbolinux. ---- >> Internet Productivity Suite: Open Source Security << Trust Internet Productivity Suites open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10 ---- Ape about EtherApe It is always the same scene in Hollywood films. The networks are penetrated; cryptic images and characters are scrolling across the screen. We're being hacked! Did you ever wish you could keep a closer eye on your network? Sure we have sniffers and other tools, but did you ever want something graphical? I've always been a huge fan of ntop, but feel that it lacks on graphical end. My curiosity drives the question, what is happening on my network? Another interesting program that I enjoy using is EtherApe. It is a network monitor that displays traffic graphically. It supports a wide range of protocols and network types. The display is color-coded allowing users to quickly understand the type of traffic on a network. The project is several years old, originally being based on etherman. It is licensed under the GPL and is currently packaged for many different Linux distributions. The hardware requirements are minimal, however it does require you to use X and have libcap installed. With EtherApe you'll find the network monitoring has never been this fun. On an active network, one can easily be drawn to just watching the activity. It can be a very useful tool, but the entertainment value should not be discounted. One of the most useful features of EtherApe is the dynamic graphic images it creates. These can be used to further explain concepts or attacks methodologies to business decision makers who wouldn't normally understand the output of tcpdump. More information about EtherApe can be found at the project website: http://etherape.sourceforge.net/ Also, for those of you who are just curious, severals screenshots are also available: http://etherape.sourceforge.net/images/ Until next time, cheers! Benjamin D. Thomas ben@private ---- Interview with Siem Korteweg: System Configuration Collector In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments. http://www.linuxsecurity.com/feature_stories/feature_story-162.html -------------------------------------------------------------------- Security: MySQL and PHP This is the second installation of a 3 part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a MySQL server to the basic level, one has to abide by the following guidelines. http://www.linuxsecurity.com/feature_stories/feature_story-130.html -------------------------------------------------------------------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 3/31/2004 - mc Buffer overflow vulnerability Flaw allows the execution of arbitrary code. http://www.linuxsecurity.com/advisories/conectiva_advisory-4183.html 3/31/2004 - OpenSSL Denial of service vulnerabilities This update fixes three denial of service vulnerabilities that affect OpenSSL versions distributed with Conectiva Linux. http://www.linuxsecurity.com/advisories/conectiva_advisory-4184.html 3/31/2004 - ethereal Multiple vulnerabilities This patch fixes a large number of vulnerabilities, some remotely exploitable. http://www.linuxsecurity.com/advisories/conectiva_advisory-4185.html 3/31/2004 - libxml2 Buffer overflow vulnerability An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. http://www.linuxsecurity.com/advisories/conectiva_advisory-4186.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 3/26/2004 - emil Multiple vulnerabilities Ulf Harnhammar discovered a number of vulnerabilities in emil, both various buffer overflows and format string bugs. http://www.linuxsecurity.com/advisories/debian_advisory-4157.html 3/29/2004 - pam-pgsql Unchecked input vulnerability Multiple vulnerabilities An attacker could exploit this bug to insert SQL statements. http://www.linuxsecurity.com/advisories/debian_advisory-4160.html +---------------------------------+ | Distribution: FreeBSD | ----------------------------// +---------------------------------+ 3/29/2004 - kernel Input validation error Flaw with IPv6 validation may result in memory locations being accessed without proper validation. http://www.linuxsecurity.com/advisories/freebsd_advisory-4161.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 3/26/2004 - apache 2.x Multiple vulnerabilities Vulnerabilities include code execution and denial of service. http://www.linuxsecurity.com/advisories/gentoo_advisory-4156.html 3/29/2004 - UUDeview Buffer overflow vulnerability By decoding a MIME archive with excessively long strings for various parameters, it is possible to crash UUDeview, or cause it to execute arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4163.html 3/29/2004 - Courier Multiple buffer overflows Explotation of overflows may result in execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4164.html 3/29/2004 - ethereal Multiple buffer overflows Explotation of these bugs may result in denial of service or remote execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4165.html 3/29/2004 - oftpd Denial of service vulnerability A port command with a number above 255, even unauthenticated, can crash the oftpd server. http://www.linuxsecurity.com/advisories/gentoo_advisory-4166.html 3/31/2004 - fetchmail Denial of service vulnerability Fetchmail 6.2.5 fixes a remote DoS. http://www.linuxsecurity.com/advisories/gentoo_advisory-4177.html 3/31/2004 - squid Access control escape vulnerability A URL can be specially crafted to automatically bypass the squid Access Control functionality. http://www.linuxsecurity.com/advisories/gentoo_advisory-4178.html 3/31/2004 - mc Buffer overflow vulnerability A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code to be run on a user's computer. http://www.linuxsecurity.com/advisories/gentoo_advisory-4179.html 3/31/2004 - OpenLDAP Denial of service vulnerability A failed password operation can cause the OpenLDAP slapd server, if it is using the back-ldbm backend, to free memory that was never allocated. http://www.linuxsecurity.com/advisories/gentoo_advisory-4180.html 3/31/2004 - mplayer Buffer overflow vulnerability MPlayer contains a remotely exploitable buffer overflow in the HTTP parser that may allow attackers to run arbitrary code on a user's computer. http://www.linuxsecurity.com/advisories/gentoo_advisory-4181.html 3/31/2004 - Monit Multiple vulnerabilities A denial of service and a buffer overflow vulnerability have been found in Monit. http://www.linuxsecurity.com/advisories/gentoo_advisory-4182.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 3/31/2004 - ethereal Multiple vulnerabilities This update patches quite a few ethereal issues, with threats ranging from denial of service to execution of arbitrary code. http://www.linuxsecurity.com/advisories/mandrake_advisory-4175.html 3/31/2004 - squid Access control escape vulnerability It is possible for a remote attacker to create URLs that would not be properly tested against squid's ACLs, and thus be automatically allowed. http://www.linuxsecurity.com/advisories/mandrake_advisory-4176.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 3/29/2004 - squid ACL escape vulnerability If a Squid configuration uses Access Control Lists (ACLs), a remote attacker could cause allowed access to crafted, prohibited URLs. http://www.linuxsecurity.com/advisories/redhat_advisory-4162.html 3/29/2004 - Mozilla Denial of service vulnerability The parsing of unexpected ASN.1 constructs within S/MIME data could cause Mozilla to crash or consume large amounts of memory. http://www.linuxsecurity.com/advisories/redhat_advisory-4167.html 3/30/2004 - etherial Multiple vulnerabilities Updated Ethereal packages that fix various security vulnerabilities are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4168.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 3/30/2004 - fcron,crontabs,stunnel,kernel,ntp Multiple vulnerabilities Multiple vulnerabilities Patches now available for these packages. http://www.linuxsecurity.com/advisories/trustix_advisory-4171.html 3/30/2004 - xinetd,dev,filesystem Multiple vulnerabilities Multiple vulnerabilities Patches now available for these packages also. http://www.linuxsecurity.com/advisories/trustix_advisory-4172.html 3/30/2004 - tcpdump,libpcap Multiple vulnerabilities Multiple vulnerabilities The new upstream version of tcpdump fixes several bugs, some security related. http://www.linuxsecurity.com/advisories/trustix_advisory-4173.html 3/30/2004 - apache Multiple vulnerabilities The new upstream version of apache addresses several security issues. http://www.linuxsecurity.com/advisories/trustix_advisory-4174.html +---------------------------------+ | Distribution: Turbolinux | ----------------------------// +---------------------------------+ 3/30/2004 - wu-ftpd/OpenSSL Multiple vulnerabilities Multiple vulnerabilities New patches fix multiple vulnerabilities in both packages. http://www.linuxsecurity.com/advisories/turbolinux_advisory-4170.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _______________________________________________ ISN mailing list ISN@private http://www.attrition.org/mailman/listinfo/isn
This archive was generated by hypermail 2b30 : Sun Apr 04 2004 - 23:56:03 PDT