[ISN] Linux Advisory Watch - June 11th 2004

From: InfoSec News (isn@private)
Date: Mon Jun 14 2004 - 01:11:34 PDT

  • Next message: InfoSec News: "[ISN] The Fourth WorldWide WarDrive is Underway"

    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  June 11th, 2004                          Volume 5, Number 24a |
      Editors:     Dave Wreski                Benjamin Thomas
                   dave@private     ben@private
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.
    It includes point
    This week, advisories were released for gatos, jftpgw, ethereal, gallery,
    rsync, log2mail, kernel, lha, postgresql, cvs, cups, squirrelmail, squid,
    tla, Ethereal, tripwire, sitecopy, mailman, apache, mdkonline, xpcd,
    mod_ssl, ksymoops, and kerberos5. The distributors include Debain, Fedora,
    FreeBSD, Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, SuSE,
    Trustix, and Turbo Linux.
    >> Internet Productivity Suite:  Open Source Security <<
    Trust Internet Productivity Suite's open source architecture to give you
    the best security and productivity applications available.  Collaborating
    with thousands of developers, Guardian Digital security engineers
    implement the most technologically advanced ideas and methods into their
    Unnecessary Software
    Each week system administrators are inundated by hundreds of vendor
    advisories for every type of software imaginable.  From time to time the
    patches are critical from a security perspective, but on other occasions
    they are merely a fix to a known bug.  It is advisable to update all
    software on a consistent basis so that a bug in software does not result
    in a system vulnerability.
    Unfortunately because of the great number of advisories each week, it
    could be a full time job applying them.  Applying 10 patches to 30 servers
    could possibly take days if an automated process isn't used.  Everyone
    would agree, this is poor utilization of resources.
    There are several solutions to the problem.  First, it is often a good
    idea to choose a specialized distribution, or spend time configuring a
    broad one.  For example, those building a Web server should choose a
    distribution such as EnGarde Linux that has already been optimized and
    secured to perform these services.  If an administrator wishes to use a
    distribution such as Debian, it is important that the necessary time is
    take to remove everything not in use.  For example, there is no need for a
    Web server to have a compiler, X-windows, or games.  This option requires
    system expertise, but is feasible.
    No matter what system is installed, it will almost always be the case that
    at least some unnecessary software is installed on it. On an RPM based
    system, it can be removed with the following command:  /bin/rpm -e
    <packagename> Removing unnecessary software can potentially reduce
    administration work load.  There will no longer be a need to keep that
    software up-to-date, and it no longer has the potential to turn into a
    It should be a priority to remove unnecessary setuid/setgid binaries.
    Vulnerabilities in these can often lead to root compromise, so they should
    only be used when necessary.  To find setuid/setgid binaries on a system,
    simply use the following command:  find / -type f -perm +6000 Remove each
    that is not in use and it can greatly reduce the risk of compromise.
    Until next time, cheers!
    Benjamin D. Thomas
    Interview with Brian Wotring, Lead Developer for the Osiris Project
    Brian Wotring is currently the lead developer for the Osiris project and
    president of Host Integrity, Inc.He is also the founder of knowngoods.org,
    an online database of known good file signatures. Brian is the co-author
    of Mac OS X Security and a long-standing member of the Shmoo Group, an
    organization of security and cryptography professionals.
    Guardian Digital Launches Next Generation Secure Mail Suite
    Guardian Digital, the premier open source security company, announced the
    availability of the next generation Secure Mail Suite, the industry's most
    secure open source corporate email system. This latest edition has been
    optimized to support the changing needs of enterprise and small business
    customers while continually providing protection from the latest in email
    security threats.
    -->  Take advantage of the LinuxSecurity.com Quick Reference Card!
    -->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf
    |  Distribution: Debian           | ----------------------------//
     6/8/2004 - gatos
       Privilege escalation vulnerability
       If initialization fails due to a missing configuration file, root
       privileges are not dropped, and xatitv executes the system(3)
       function without sanitizing user-supplied environment variables.
     6/8/2004 - jftpgw
       Format string vulnerability
       A remote user could potentially cause arbitrary code to be
       executed with the privileges of the jftpgw server process.
     6/8/2004 - ethereal
       Buffer overflow vulnerabilities
       Several buffer overflow vulnerabilities were discovered in
     6/8/2004 - gallery
       Unauthenticated access
       A remote attacker could gain access to the gallery "admin" user
       without proper authentication.
     6/8/2004 - rsync
       Directory traversal vulnerability
       A remote user could cause an rsync daemon to write files outside
       of the intended directory tree, if the daemon is not configured
       with the 'chroot' option.
     6/8/2004 - log2mail
       Format string vulnerability
       Exploit could cause arbitrary code to be executed with the
       privileges of the log2mail process.
     6/8/2004 - kernel
       2.2.20 Privilege escalation vulnerability
       Due to flushing the TLB too early it is possible for an attacker
       to trigger a local root exploit.  This fix is to the sparc-built
       kernel and the kernel source.
     6/8/2004 - lha
       Multiple vulnerabilities
       Fixes multiple buffer overflows and multiple directory traversal
     6/8/2004 - postgresql
       Denial of service vulnerability
       It possible to exploit this problem and crash the surrounding
     6/10/2004 - cvs
       Buffer overflow vulnerability
       Derek Robert Price discovered a potential buffer overflow
       vulnerability in the CVS server.
    |  Distribution: Fedora           | ----------------------------//
     6/8/2004 - cups
       Non-encryption vulnerability
       Among other bugs, this fixes a failure to use encryption when
     6/8/2004 - ethereal
       Multiple vulnerabilies
       This patch fixes three DoS vulns and a buffer overflow.
     6/8/2004 - net-tools Excessive privilege vulnerability
       Multiple vulnerabilies
       netlink_listen & netlink_receive_dump should both check the source
       of the packets by looking at nl_pid and ensuring that it is 0
       before performing any reconfiguration of network interfaces.
     6/8/2004 - krb5
       Multiple buffer overflows
       Exploitation could lead to denial of service or arbitrary code
     6/10/2004 - squirrelmail
       Multiple vulnerabilities
       Patch fixes a SQL injection and cross-site scripting flaw.
     6/10/2004 - squid
       Buffer overflow vulnerability
       A remotely-exploitable buffer overflow allows the execution of
       arbitrary code.
    |  Distribution: FreeBSD          | ----------------------------//
     6/8/2004 - kernel
       Excessive privilege vulnerability
       Jailed processes can manipulate host routing tables.
    |  Distribution: Gentoo           | ----------------------------//
     6/8/2004 - tla
       Heap overflow vulnerability
       This vulnerability could allow execution of arbitrary code with
       the rights of the user running tla. Note: Important errata
       included at bottom.
     6/8/2004 - MPlayer, xine-lib Multiple vulnerabilities
       Heap overflow vulnerability
       A remote attacker, posing as a RTSP stream server, can execute
       arbitrary code with the rights of the user of the software playing
       the stream.
     6/8/2004 - Ethereal
       Multiple vulnerabilities
       Exploitation may allow an attacker to run arbitrary code or crash
       the program.
     6/8/2004 - tripwire
       Format string vulnerability
       Attacker could cause execution of arbitrary code with permissions
       of the user running tripwire, which could be the root user.
     6/8/2004 - sitecopy
       Multiple vulnerabilities
       When connected to a malicious WebDAV server, these vulnerabilities
       could allow execution of arbitrary code with the rights of the
       user running sitecopy.
     6/10/2004 - Mailman
       Password leak
       Mailman contains a bug allowing 3rd parties to retrieve member
     6/10/2004 - apache
       Buffer overflow vulnerability
       A bug in mod_ssl may allow a remote attacker to execute remote
       code when Apache is configured a certain way.
     6/10/2004 - cvs
       Multiple vulnerabilities
       Several serious new vulnerabilities have been found in CVS, which
       may allow an attacker to remotely compromise a CVS server.
    |  Distribution: Mandrake         | ----------------------------//
     6/8/2004 - mdkonline
       Squid incompatability
       Though not a security problem per se, this is important to any who
       use Mandrake Online to patch their systems.
     6/8/2004 - xpcd
       Buffer overflow vulnerability
       Problem could be exploited by a local attacker to obtain root
     6/8/2004 - mod_ssl
       Buffer overflow vulnerability
       A remote attacker may be able to execute arbitrary code via a
       client certificate with a long subject DN.
     6/8/2004 - apache2
       Buffer overflow vulnerability
       When mod_ssl is configured to trust the issuing CA, a remote
       attacker may be able to execute arbitrary code via a client
       certificate with a long subject DN.
     6/8/2004 - krb5
       Buffer overflow vulnerabilities
       This could lead to root privileges, though it requires successfull
       authentication plus a non-default configuration to exploit.
     6/8/2004 - tripwire
       Format string vulnerability
       Exploit could allow a local user to execute arbitrary code with
       the rights of the user running tripwire (typically root).
     6/10/2004 - krb5
       Patch fix
       The original patch provided contained a bug where rule-based
       entries on systems without HAVE_REGCOMP would not work.
     6/10/2004 - mdkonline
       Patch fix
       The previous update did not parse noarch packages, and new archs
       have been added (ia64, amd64, x86_64, ppc64) as well.  As well,
       the mdkapplet now forces a restart when changes to itself have
     6/10/2004 - cvs
       Multiple vulnerabilities
       This patch addresses four seperate security issues with cvs.
     6/10/2004 - squid
       Buffer overflow vulnerability
       This buffer overflow can be exploited by a remote attacker by
       sending an overly long password, and grants the ability to execute
       arbitrary code.
     6/10/2004 - ksymoops
       Insecure temporary file vulnerability
       The script fails to do proper checking when copying a file to the
       /tmp directory.
    |  Distribution: NetBSD           | ----------------------------//
     6/8/2004 - cvs
       Heap overflow vulnerabilities
       CVS had heap overflow vulnerabilities which can be trigged
       remotely by malicious people on the net.
    |  Distribution: OpenBSD          | ----------------------------//
     6/10/2004 - cvs
       Multiple vulnerabilities
       While no exploits are known to exist for these bugs under OpenBSD
       at this time, some of the bugs have proven exploitable on other
       operating systems.
    |  Distribution: Red Hat          | ----------------------------//
     6/8/2004 - cvs
       Denial of service vulnerabilities
       Updated cvs packages that fix remote denial of service
       vulnerabilities are  now available. (This is a legacy Red Hat fix,
       released by the Fedora Project).
     6/9/2004 - Ethereal
       Multiple vulnerabilities
       Patch fixes a buffer overflow plus several denail of service
     6/9/2004 - krb5
       Buffer overflow vulnerabilities
       Updated Kerberos 5 (krb5) packages which correct buffer overflows
       in the krb5_aname_to_localname function are now available.
     6/9/2004 - squid
       Buffer overflow vulnerability
       If Squid is configured to use the NTLM authentication helper, a
       remote attacker could potentially execute arbitrary code by
       sending a lengthy password.
     6/9/2004 - cvs
       Multiple vulnerabilities
       This patch resolves many outstanding vulnerabilities of cvs.
    |  Distribution: Slackware        | ----------------------------//
     6/8/2004 - mod_ssl
       Buffer overflow vulnerability
       May allow remote attackers to execute arbitrary code via a client
       certificate with a long subject DN, if mod_ssl is configured to
       trust the issuing CA.
     6/8/2004 - php
       Insecure path vulnerability
       Exploitation of this issue requires a static library at an
       insecure path, and could allow denial of service or arbitrary code
     6/10/2004 - cvs
       Multiple vulnerabilities
       Resolves many vulnerabilities, including a buffer overflow.
    |  Distribution: Suse             | ----------------------------//
     6/10/2004 - cvs
       Multiple vulnerabilities
       These bugs allow remote attackers to execute arbitrary code as the
       user the CVS server runs as.
     6/10/2004 - squid
       Buffer overflow vulnerability
       Squid is vulnerable to a buffer overflow that can be exploited
       remotely by using a long password to execute arbitrary code.
    |  Distribution: Trustix          | ----------------------------//
     6/8/2004 - apache
       Buffer overflow vulnerability
       Stack-based buffer overflow may allow remote attackers to execute
       arbitrary code via a client certificate with a long subject DN.
     6/8/2004 - kerberos5
       Buffer overflow vulnerabilities
       Exploitation of these flaws requires an unusual combination of
       factors, including successful authentication to a vulnerable
       service and a non-default configuration on the target service.
     6/10/2004 - squid
       Buffer overflow vulnerability
       Remote exploitation of a buffer overflow vulnerability in Squid
       Web Proxy Cache could allow a remote attacker to execute arbitrary
    |  Distribution: Turbolinux       | ----------------------------//
     6/8/2004 - Multiple
       Pkgs Multiple vulnerabilities
       cvs (2 issues), tcpdump (2 issues), apache (multiple issues) have
       been resolved.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email vuln-newsletter-request@private
             with "unsubscribe" in the subject of the message.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Mon Jun 14 2004 - 02:54:41 PDT