[ISN] Linux Advisory Watch - May 21st 2004

From: InfoSec News (isn@private)
Date: Mon May 24 2004 - 00:20:19 PDT

  • Next message: InfoSec News: "[ISN] Comm squadron fights 'cyber' war every day"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  May 21st, 2004                           Volume 5, Number 21a |
    +----------------------------------------------------------------+
    
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for heimdal, cvs, neon, cadaver,
    libpng, iproute, lha, mailman, kdelibs, tcpdump, utempter, subversion,
    exim, Pound, ProFTPD, Icecast, libuser, passwd, apache, kdelibs, mc,
    rsync, the and kernel.  The distributors include Debian, Fedora, FreeBSD,
    Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.
    
    ----
    
    >> NEW Step-by-Step SSL Guide for Apache from Thawte <<
    
    Thawtes new guide will show you how to test, purchase, install and use a
    Thawte Digital Certificate on your Apache web server. Throughout, best
    practices for set-up are highlighted to help you ensure efficient ongoing
    management of your encryption keys and digital certificates.
    
    Download a guide to learn more:
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06
    
    
    ----
    
    Security Failure
    
    Over the years computer systems and networks of all types have been the
    object of attack and compromise.  Generally, systems that are compromised
    have similar characteristics.  I will focus on some of the more common
    shortcomings.  First, failure to have adequate security policies and
    procedures.  What information assets should be protected?  Who and what
    are they being protected from, and how should they be protected?  All
    these questions should be addressed formally.  A security policy provides
    direction and justification. Next, poor system logging and auditing.  On
    many occasions, system administrators fail to review log files.  If the
    job is too big to do it manually, there are many automated tools that will
    do a fine job.  Knowing the network and its traffic patterns intimately
    can have many advantages.
    
    Failure to patch vulnerable services or applications in a timely fashion
    is a major contributor.  Begin testing patches as soon as they are
    publicly available.  After it has been determined stable, roll the changes
    out to production.  Also, don't forget to verify those MD5s!  Next, poor
    password generation and management can be troublesome.  It is important to
    be sure that users are choosing and using strong passwords.  Often, this
    is the only form of control used.  Remember, weak passwords or bad key
    management practices can circumvent even the strongest cryptography
    schemes.
    
    Unused software/tools/commands should be removed, and network services
    should be disabled.  If it is not there, it can't be exploited.  You'll
    find that this is one technique that many hardened distributions (such as
    EnGarde Linux) use.  A Web server does not need X11, games, etc.  The
    system should be built for one purpose, exposing it to the least amount of
    risk.  It is also important to ensure that all configurations are correct.
    On many distributions, the default settings are generally calibrated for
    usability, rather than high security.  It is up to you to do the necessary
    research to find out what changes must be made.  This also brings up the
    point of removing or disabling any pre-installed accounts or default
    passwords.
    
    Finally, it is imperative that the system is protected from remote network
    attacks.  A properly configured, restrictive, firewall can go a long way
    in improving a systems security posture.  In several situations, I've seen
    companies with firewalls that virtually allow all traffic through.  Over
    time, service by service, new rules are added after each complaint.
    Rather than provide strong security, it only gives false assurance.  By
    taking simple precautions, security can greatly be improved.  Give your
    valuable information the protection it deserves.
    
    
    Until next time, cheers!
    Benjamin D. Thomas
    ben@private
    
    ----
    
    Guardian Digital Security Solutions Win Out At Real World Linux
    
    Enterprise Email and Small Business Solutions Impres at Linux Exposition.
    Internet and network security was a consistent theme and Guardian Digital
    was on hand with innovative solutions to the most common security issues.
    Attending to the growing concern for cost-effective security, Guardian
    Digital's enterprise and small business applications were stand-out
    successes.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-164.html
    
    --------------------------------------------------------------------
    
    Interview with Siem Korteweg: System Configuration Collector
    
    In this interview we learn how the System Configuration Collector (SCC)
    project began, how the software works, why Siem chose to make it open
    source, and information on future developments.
    
    http://www.linuxsecurity.com/feature_stories/feature_story-162.html
    
    --------------------------------------------------------------------
    
    >> Internet Productivity Suite:  Open Source Security <<
    
    Trust Internet Productivity Suite's open source architecture to give you
    the best security and productivity applications available. Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    design.
    
    
    http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
    
    
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    
    +---------------------------------+
    |  Distribution: Debian           | ----------------------------//
    +---------------------------------+
    
     5/18/2004 - heimdal
       Buffer overflow vulnerability
    
       This problem could perhaps be exploited to cause the daemon to
       read a negative amount of data which could lead to unexpected
       behaviour.
       http://www.linuxsecurity.com/advisories/debian_advisory-4347.html
    
     5/19/2004 - cvs
       Heap overflow vulnerability
    
       Stefan Esser discovered a heap overflow in the CVS server, which
       serves the popular Concurrent Versions System.
       http://www.linuxsecurity.com/advisories/debian_advisory-4375.html
    
     5/19/2004 - neon
       Heap overflow vulnerability
    
       User input is copied into variables not large enough for all
       cases.  This can lead to an overflow of a static heap variable.
       http://www.linuxsecurity.com/advisories/debian_advisory-4376.html
    
     5/19/2004 - cadaver
       Heap overflow vulnerability
    
       User input is copied into variables not large enough for all
       cases.  This can lead to an overflow of a static heap variable.
       http://www.linuxsecurity.com/advisories/debian_advisory-4377.html
    
    
    +---------------------------------+
    |  Distribution: Fedora           | ----------------------------//
    +---------------------------------+
    
     5/14/2004 - libpng
       1.2.2 Information leak vulnerability
    
       Fixes a possible out-of-bounds read in the error message handler.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4340.html
    
     5/14/2004 - libpng
       1.0.13 Information leak
    
       Fixes a possible out-of-bounds read in the error message handler.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4341.html
    
     5/14/2004 - iproute
       Denial of service vulnerability
    
       iproute 2.4.7 and earlier allows local users to cause a denial of
       service via spoofed messages as other users to the kernel netlink
       interface.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4342.html
    
     5/14/2004 - lha
       Multiple vulnerabilities
    
       Ulf Hrnhammar discovered two stack buffer overflows and two
       directory traversal flaws in LHA.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4343.html
    
     5/18/2004 - mailman
       Cross-site scripting vulnerability
    
       A cross-site scripting (XSS) vulnerability exists in the admin CGI
       script for Mailman before 2.1.4.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4353.html
    
     5/18/2004 - neon
       Format string vulnerabilities
    
       Exploiting these bugs may allow remote malicious WebDAV servers to
       execute arbitrary code.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4354.html
    
     5/18/2004 - cvs
       Chroot escape vulnerability
    
       The client for CVS before 1.11.15 allows a remote malicious CVS
       server to create arbitrary files by using absolute pathnames
       during checkouts or updates.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4355.html
    
     5/18/2004 - kdelibs
       Multiple vulnerabilities
    
       An attacker could create a carefully crafted link such that when
       opened by a victim it creates or overwrites a file in the victims
       home directory.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4356.html
    
     5/19/2004 - tcpdump
       Denial of service vulnerability
    
       Upon receiving specially crafted ISAKMP packets, TCPDUMP would try
       to read beyond the end of the packet capture buffer and
       subsequently crash.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4368.html
    
     5/19/2004 - utempter
       Insecure temporary file vulnerability
    
       An updated utempter package that fixes a potential symlink
       vulnerability is now available.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4369.html
    
     5/19/2004 - kdelibs
       Insufficient input sanitation
    
       An attacker could create a carefully crafted link such that when
       opened by a victim it creates or overwrites a file in the victims
       home directory.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4370.html
    
     5/19/2004 - cvs
       Heap overflow vulnerability
    
       Stefan Esser discovered a flaw in cvs where malformed "Entry"
       lines could cause a heap overflow.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4371.html
    
     5/19/2004 - neon
       Heap overflow vulnerability
    
       An attacker could create a malicious WebDAV server in such a way
       as to allow arbitrary code execution on the client, such as
       cadaver.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4372.html
    
     5/19/2004 - subversion
       Buffer overflow vulnerability
    
       An attacker could send malicious requests to a Subversion server
       and perform arbitrary execution of code.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4373.html
    
     5/19/2004 - ipsec-tools Denial of service vulnerability
       Buffer overflow vulnerability
    
       A crafted ISAKMP header can cause racoon to crash.
       http://www.linuxsecurity.com/advisories/fedora_advisory-4374.html
    
    
    +---------------------------------+
    |  Distribution: FreeBSD          | ----------------------------//
    +---------------------------------+
    
     5/19/2004 - cvs
       Heap overflow vulnerability
    
       Malformed data can cause a heap buffer to overflow, allowing the
       client to overwrite arbitrary portions of the server's memory.
       http://www.linuxsecurity.com/advisories/freebsd_advisory-4367.html
    
    
    +---------------------------------+
    |  Distribution: Gentoo           | ----------------------------//
    +---------------------------------+
    
     5/14/2004 - exim
       Buffer overflow vulnerabiity
    
       When the verify=header_syntax option is set, there is a buffer
       overflow in Exim that allows remote execution of arbitrary code.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4344.html
    
     5/14/2004 - libpng
       Denial of service vulnerability
    
       A bug in the libpng library can be abused using a crafted .png to
       crash programs making use of that library.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4345.html
    
     5/19/2004 - Pound
       Format string vulnerability
    
       There is a format string flaw in Pound, allowing remote execution
       of arbitrary code with the rights of the Pound process.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4363.html
    
     5/19/2004 - ProFTPD
       ACL bypass vulnerability
    
       Version 1.2.9 of ProFTPD introduced a vulnerability that causes
       CIDR-based Access Control Lists automatically allow remote users
       full access to available files.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4364.html
    
     5/19/2004 - Icecast
       Denial of service vulnerability
    
       Icecast is vulnerable to a denial of service attack allowing
       remote users to crash the application.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4365.html
    
     5/19/2004 - KDE
       Insufficient input sanitation
    
       Vulnerabilities in KDE URI handlers makes your system vulnerable
       to various attacks.
       http://www.linuxsecurity.com/advisories/gentoo_advisory-4366.html
    
    
    +---------------------------------+
    |  Distribution: Mandrake         | ----------------------------//
    +---------------------------------+
    
     5/18/2004 - libuser
       Denial of service vulnerability
    
       Steve Grubb discovered a number of problems in the libuser library
       that  can lead to a crash in applications linked to it, or
       possibly write 4GB  of garbage to the disk.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4350.html
    
     5/18/2004 - passwd
       Multiple vulnerabilities
    
       Passwords given to passwd via stdin are one character shorter than
       they are supposed to be.  He also discovered that pam may not have
       been sufficiently initialized to ensure safe and proper operation.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4351.html
    
     5/18/2004 - apache
       Multiple vulnerabilities
    
       Patch fixes four seperate apache vulnerabilities.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4352.html
    
     5/19/2004 - kdelibs
       Insufficient input sanitation
    
       This vulnerability can allow remote attackers to create or
       truncate arbitrary files.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4360.html
    
     5/19/2004 - cvs
       Buffer overflow vulnerability
    
       Stefan Esser discovered that malformed "Entry" lines can be used
       to overflow malloc()ed memory in a way that can be remotely
       exploited.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4361.html
    
     5/19/2004 - libneon
       Heap overflow vulnerability
    
       It was discovered that in portions of neon can be used to overflow
       a static heap variable.
       http://www.linuxsecurity.com/advisories/mandrake_advisory-4362.html
    
    
    +---------------------------------+
    |  Distribution: Red Hat          | ----------------------------//
    +---------------------------------+
    
     5/18/2004 - kdelibs
       Multiple vulnerabilities
    
       Updated kdelibs packages that fix telnet URI handler and mailto
       URI handler file vulnerabilities are now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4348.html
    
     5/19/2004 - cvs
       Buffer overflow vulnerability
    
       An updated cvs package that fixes a server vulnerability that
       could be exploited by a malicious client is now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4358.html
    
     5/19/2004 - cadaver
       Heap overflow vulnerability
    
       An updated cadaver package is now available that fixes a
       vulnerability in neon which could be exploitable by a malicious
       DAV server.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4359.html
    
     5/19/2004 - mc
       Multiple vulnerabilities
    
       Updated mc packages that resolve several buffer overflow
       vulnerabilities, one format string vulnerability and several
       temporary file creation vulnerabilities are now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4378.html
    
     5/19/2004 - rsync
       Chroot escape vulnerability
    
       An updated rsync package that fixes a directory traversal security
       flaw is now available.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4379.html
    
     5/19/2004 - libpng
       Denial of service vulnerability
    
       An attacker could carefully craft a PNG file in such a way that it
       would cause an application linked to libpng to crash when opened
       by a victim.
       http://www.linuxsecurity.com/advisories/redhat_advisory-4380.html
    
    
    +---------------------------------+
    |  Distribution: Slackware        | ----------------------------//
    +---------------------------------+
    
     5/17/2004 - mc
       Multiple vulnerabilities
    
       These could lead to a denial of service or the execution of
       arbitrary code as the user running mc.
       http://www.linuxsecurity.com/advisories/slackware_advisory-4346.html
    
     5/18/2004 - kdelibs
       Multiple vulnerabilities
    
       The telnet, rlogin, ssh and mailto URI handlers in KDE do not do
       sufficient argument checking, allowing improper passing of
       arguments.
       http://www.linuxsecurity.com/advisories/slackware_advisory-4349.html
    
    
    +---------------------------------+
    |  Distribution: SuSE             | ----------------------------//
    +---------------------------------+
    
     5/14/2004 - mc
       Multiple vulnerabilities
    
       This patch fixes buffer overflows, temporary file problems and
       format string bugs associated with Midnight Commander.
       http://www.linuxsecurity.com/advisories/suse_advisory-4339.html
    
     5/19/2004 - cvs
       Buffer overflow vulnerability
    
       Stefan Esser reported buffer overflow conditions within the cvs
       program.
       http://www.linuxsecurity.com/advisories/suse_advisory-4357.html
    
    
    +---------------------------------+
    |  Distribution: Trustix          | ----------------------------//
    +---------------------------------+
    
     5/14/2004 - apache
       Multiple vulnerabilities
    
       This patch addresses a wide variety of known apache
       vulnerabilities.
       http://www.linuxsecurity.com/advisories/trustix_advisory-4337.html
    
     5/14/2004 - kernel
       Privilege escalation vulnerability
    
       Patch corrects a local root exploit.
       http://www.linuxsecurity.com/advisories/trustix_advisory-4338.html
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon May 24 2004 - 01:34:22 PDT