[ISN] Linux Advisory Watch - April 9th 2004

From: InfoSec News (isn@private)
Date: Mon Apr 12 2004 - 00:59:45 PDT

  • Next message: InfoSec News: "[ISN] SecurityDocs.com - Website Indexes Security White Papers"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  April 9th, 2004                          Volume 5, Number 15a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for the Linux kernel, interchange,
    fte, sysstat, oftpd, squid, heimdal, tcpdump, portage, kde, tcpdump,
    sysstat, ClamAV, Automake, and mplayer.  The distributors include Debian,
    Gentoo, Mandrake, and Turbolinux.
    
    ----
    
    NEW Step-by-Step SSL Guide for Apache from Thawte
    
    Thawte's new guide will show you how to test, purchase, install and use a
    Thawte Digital Certificate on your Apache web server. Throughout, best
    practices for set-up are highlighted to help you ensure efficient ongoing
    management of your encryption keys and digital certificates.
    
    http://ad.doubleclick.net/clk;7739216;9007465;r
    
    ----
    
    File Integrity Monitoring
    
    Recently, I stumbled across a relatively new tool called AFICK. It stands
    for Another File Integrity CHecker.  It is similar to both Tripwire and
    AIDE.  AFICK is GPLed and completely written in PERL.  It is extremely
    flexible has been tested on a wide range of Linux, Windows, and Unix
    system.  According to the AFICK project website, it has a decent
    performance advantage over AIDE.  However, I have not independently
    verified this.  If you're looking for a new toy to play with, I recommend
    giving it a try.
    
    Installing and using AFICK is a piece of cake.  The core piece of code is
    command line based.  A perl-based GUI and webmin module is also available
    for easy administration.  AFICK is available as an independent tar.gz,
    zip, RPM, and Debian package.  It is good idea to take a look at the
    afick.conf file before attempting to execute the script.
    
    AFICK can be used with only a few simple commands.  To use AFICK, an OS
    configuration file must be specified and then your system initialized.
    This can be done with the following command:
    
    # afick.pl -c linux.conf -i
    
    During the initialization process it builds a database of checksums for
    all files on your system.  Next, to compare the checksums of your files
    and the values stored in the database, run the following command:
    
    # afick.pl -c linux.conf -k
    
    After making changes to a system, it is necessary to update the checksum
    database.  Updating is also easy:
    
    # afick.pl -c linux.conf -u
    
    As with all integrity checking software, it is advisable to create a
    cron-job that will compare the files checksums with a database at a
    regular interval.  Also, the integrity of the database is very important.
    If this is compromised, further changes to the system may go undetected.
    Write protected media can be used to help this problem.
    
    While the commands above may seem simple, its functionality is not limited
    to those alone.  A full listing of command line option are available on
    the AFICK website:
    
    http://afick.sourceforge.net/man.html
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ----
    
    Guardian Digital Launches Next Generation Internet
    Defense & Detection System
    
    Guardian Digital has announced the first fully open source system designed
    to provide both intrusion detection and prevention functions. Guardian
    Digital Internet Defense & Detection System (IDDS) leverages best-in-class
    open source applications to protect networks and hosts using a unique
    multi-layered approach coupled with the security expertise and ongoing
    security vigilance provided by Guardian Digital.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-163.html
    
    --------------------------------------------------------------------
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    --------------------------------------------------------------------
    
    >> Internet Productivity Suite:  Open Source Security <<
    
    Trust Internet Productivity Suites open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    design.
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     4/5/2004 - kernel
       2.4 mips/pa-risc Privilege escalation vulnerabilities
    
       Herein is combined the Debian advisories for the same kernel bugs
       on both the mips and pa-risc platforms.
       http://www.linuxsecurity.com/advisories/debian_advisory-4190.html
    
     4/5/2004 - interchange
       Missing input sanitation
    
       This vulnerability can be exploited by an attacker to expose the
       content of arbitrary variables.
       http://www.linuxsecurity.com/advisories/debian_advisory-4191.html
    
     4/5/2004 - fte
       Multiple buffer overflow vulnerabilities
    
       This patch removes setuid root from vfte, which has a number of
       known buffer overflows.
       http://www.linuxsecurity.com/advisories/debian_advisory-4192.html
    
     4/5/2004 - sysstat
       Insecure temporary file vulnerability
    
       As usual for temporary file vulnerabilities, this allows local
       users to read/overwrite arbitrary files with the permissions of
       the running user.
       http://www.linuxsecurity.com/advisories/debian_advisory-4193.html
    
     4/5/2004 - oftpd
       Denial of service vulnerability
    
       A remote attacker could cause the oftpd process to crash by
       specifying a large value in a PORT command.
       http://www.linuxsecurity.com/advisories/debian_advisory-4194.html
    
     4/5/2004 - squid
       ACL bypass vulnerability
    
       A URL can be crafted to be ignored (and automatically pass) by
       Squid's ACL system.
       http://www.linuxsecurity.com/advisories/debian_advisory-4195.html
    
     4/6/2004 - heimdal
       Cross-realm impersonation vulnerability
    
       Patch fixes an error which allows someone with control over a
       realm to impersonate anyone in the cross-realm trust path.
       http://www.linuxsecurity.com/advisories/debian_advisory-4197.html
    
     4/6/2004 - xine-ui Insecure temporary file vulnerability
       Cross-realm impersonation vulnerability
    
       Bug allows attacker to read/write arbitrary files with the
       permissions of the program user.
       http://www.linuxsecurity.com/advisories/debian_advisory-4198.html
    
     4/7/2004 - tcpdump
       Denial of service vulnerability
    
       Crafted invalid ISAKMP packets can remotely crash tcpdump.
       http://www.linuxsecurity.com/advisories/debian_advisory-4203.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     4/6/2004 - Portage
       Insecure temporary file vulnerability
    
       Exploitation of this bug could allow an attacker to wipe out the
       contents of an arbitrary file.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4199.html
    
     4/6/2004 - kde
       Buffer overflow vulnerability
    
       KDE-PIM may be vulnerable to a remote buffer overflow attack that
       may allow unauthorized access to an affected system.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4200.html
    
     4/6/2004 - tcpdump
       Multiple buffer overflows
    
       Attacker could exploit this to execute arbitrary code with the
       permissions of the 'pcap' user.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4201.html
    
     4/7/2004 - sysstat
       Multiple vulnerabilities
    
       Multiple vulnerabilities may allow an attacker to execute
       arbitrary code or overwrite arbitrary files.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4204.html
    
     4/7/2004 - ipsec-tools Key non-verification vulnerability
       Multiple vulnerabilities
    
       racoon (a utility in the ipsec-tools package) does not verify
       digital signatures on Phase1 packets.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4207.html
    
     4/7/2004 - util-linux Information leak vulnerability
       Multiple vulnerabilities
    
       Due to a pointer error, the 'login' program might leak sensitive
       information.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4208.html
    
     4/7/2004 - ClamAV
       Denial of service vulnerability
    
       ClamAV is vulnerable to a denial of service attack when processing
       certain RAR archives.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4209.html
    
     4/8/2004 - Automake
       Symbolic link vulnerability
    
       Automake may be vulnerable to a symbolic link attack which may
       allow an attacker to modify data or elevate their privileges.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4210.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     4/6/2004 - mplayer
       Buffer overflow vulnerability
    
       Exploitation could result in the execution of arbitrary code with
       the permissions of the user.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4202.html
    
     4/7/2004 - fileutils/coreutils Denial of service vulnerability
       Buffer overflow vulnerability
    
       'ls' can be made to segfault upon listing directories with large
       numbers of files on an amd64 platform.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4205.html
    
    
    +---------------------------------+
    |  Distribution: Turbolinux       | ----------------------------//
    +---------------------------------+
    
     4/7/2004 - apache/httpd/libxml2/mod_python Multiple vulnerabilities
       Buffer overflow vulnerability
    
       Many fixes for buffer overflows and DOS attacks.
       http://www.linuxsecurity.com/advisories/turbolinux_advisory-4206.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon Apr 12 2004 - 02:14:11 PDT