+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 15th, 2004 Volume 5, Number 41a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for cups, samba, mysql, mpg123, sox, Ed, ncompress, LessTif, gettext, xfree86, tiff, wordpress, BNC, libpng, and rsync. The distributors include Conectiva, Debian, Fedora, Gentoo, Slackware, and Trustix. ----- >> The Perfect Productivity Tools << WebMail, Groupware and LDAP Integration provide organizations with the ability to securely access corporate email from any computer, collaborate with co-workers and set-up comprehensive addressbooks to consistently keep employees organized and connected. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05 ----- Storing Log Data Securely It is also a good idea to store log data at a secure location, such as a dedicated log server within your well-protected network. Once a machine has been compromised, log data becomes of little use as it most likely has also been modified by the intruder. It most likely of little value in a criminal investigation. It helps if the log data, which has been stored remotely, indicates when root access was gained so that logs before that point are okay. The syslogd daemon can be configured to automatically send log data to a central syslogd server, but this is typically sent in cleartext data, allowing an intruder to view data as it is being transferred. This may reveal information about your network that is not intended to be public. There are syslog daemons available that encrypt the data as it is being sent. Also be aware that faking syslog messages has been reported, with an exploit program having been published. Syslog even accepts net log entries claiming to come from the local host without indicating their true origin. A more secure implementation has been written by CORE-SDI, and is available at: http://oss.coresecurity.com/projects/msyslog.html If possible, configure syslogd to send a copy of the most important data to a secure system. This will prevent an intruder from covering his tracks by deleting his login, su, ftp, etc attempts. See the syslog.conf(5) man page, and refer to the ``@'' option. If you've already decided to use a central syslog server, the additional security this provides is well worth it. However, you should consider the additional overhead involved with sending this data real-time across your network. Excerpt from the LinuxSecurity Administrator's Guide: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html Written by: Dave Wreski (dave@private) ----- AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. http://www.linuxsecurity.com/feature_stories/feature_story-173.html --------------------------------------------------------------------- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html ------ --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 10/14/2004 - cups denial of service vulnerability fix Alvaro Martinez Echevarria found a vulnerability[2] in the CUPS Internet Printing Protocol (IPP) implementation that allows remote attackers to make CUPS stop listening on the IPP port by sending an empty UDP datagram packet to the IPP port, causing a denial of service situation. http://www.linuxsecurity.com/advisories/conectiva_advisory-4948.html 10/14/2004 - samba vulnerabilities fix This announcement fixes two denial of service vulnerabilities via certain malformed requests[2] and via a SAM_UAS_CHANGE request with a big length value[3] when domain logons are enabled. http://www.linuxsecurity.com/advisories/conectiva_advisory-4949.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 10/10/2004 - python2.2 buffer overflow and restore functionality fix vulnerabilities fix This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine. http://www.linuxsecurity.com/advisories/debian_advisory-4917.html 10/11/2004 - mysql several vulnerabilities fix Severl problems have been discovered in MySQL, a commonly used SQL database on Unix servers. http://www.linuxsecurity.com/advisories/debian_advisory-4931.html 10/12/2004 - cyrus-sasl arbitrary code execution fix several vulnerabilities fix A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. http://www.linuxsecurity.com/advisories/debian_advisory-4936.html 10/12/2004 - cyrus-sasl arbitrary code execution real fix several vulnerabilities fix This advisory corrects DSA 563-1 which contained a library that caused other programs to fail unindented. http://www.linuxsecurity.com/advisories/debian_advisory-4937.html 10/13/2004 - mpg123 arbitrary code exceution fix Davide Del Vecchio discovered a vulnerability mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123. http://www.linuxsecurity.com/advisories/debian_advisory-4941.html 10/13/2004 - sox buffer overflow fix Ulf Harnhammar has reported two vulnerabilities in SoX, a universal sound sample translator, which may be exploited by malicious people to compromise a user's system with a specially crafted .wav file. http://www.linuxsecurity.com/advisories/debian_advisory-4942.html 10/14/2004 - cyrus-sasl arbitrary code execution fix buffer overflow fix This advisory is an addition to DSA 563-1 and 563-2 which weren't able to supersede the library on sparc and arm due to a different version number for them in the stable archive. http://www.linuxsecurity.com/advisories/debian_advisory-4950.html 10/14/2004 - CUPS information leak fix An information leak has been detected in CUPS, the Common UNIX Printing System, which may lead to the disclosure of sensitive information, such as user names and passwords which are written into log files. http://www.linuxsecurity.com/advisories/debian_advisory-4952.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 10/11/2004 - squid-2.5.STABLE5-4.fc2.1 update information leak fix This update fixes a potential DoS against squid that was reported by Secunia. http://www.linuxsecurity.com/advisories/fedora_advisory-4920.html 10/8/2004 - cyrus-sasl-2.1.18-2.2 update information leak fix In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. http://www.linuxsecurity.com/advisories/fedora_advisory-4922.html 10/11/2004 - pcmcia-cs-3.2.7-1.8.2.1 update information leak fix This update fixes a few problems in the PCMCIA init script. http://www.linuxsecurity.com/advisories/fedora_advisory-4933.html 10/11/2004 - gimp-2.0.5-0.fc2.1 update information leak fix The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. http://www.linuxsecurity.com/advisories/fedora_advisory-4934.html 10/12/2004 - tzdata-2004e-1.fc2 update information leak fix This package contains data files with rules for various timezones around the world. http://www.linuxsecurity.com/advisories/fedora_advisory-4940.html 10/13/2004 - libuser-0.52.5-0.FC2.1 update information leak fix This update fixes many bugs, mostly in the LDAP backend and the Python bindings. http://www.linuxsecurity.com/advisories/fedora_advisory-4944.html 10/13/2004 - squid-2.5.STABLE5-4.fc2.2 update information leak fix Backport fix for CAN-2004-0918 (Remote Denial of Service attack) http://www.linuxsecurity.com/advisories/fedora_advisory-4945.html 10/13/2004 - system-config-users-1.2.25-0.fc2.1 update information leak fix when renaming users, ensure that groups forget about the old user name (#135280) http://www.linuxsecurity.com/advisories/fedora_advisory-4946.html 10/14/2004 - k3b-0.11.14-0.FC2.2 version string parsing fix information leak fix K3b provides a comfortable user interface to perform most CD/DVD burning tasks. While the experienced user can take influence in all steps of the burning process the beginner may find comfort in the automatic settings and the reasonable k3b defaults which allow a quick start. http://www.linuxsecurity.com/advisories/fedora_advisory-4951.html 10/14/2004 - gimp-2.0.5-0.fc2.2 update information leak fix This update fixes the bug that catches the wrong values of bpp in the BMP plugin. http://www.linuxsecurity.com/advisories/fedora_advisory-4953.html 10/14/2004 - libtiff-3.5.7-20.2 update information leak fix Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. http://www.linuxsecurity.com/advisories/fedora_advisory-4954.html 10/14/2004 - w3m-0.5.1-3.1 update information leak fix The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. http://www.linuxsecurity.com/advisories/fedora_advisory-4955.html 10/14/2004 - ruby-1.8.1-6 update information leak fix A security fix [CAN-2004-0755]. ruby-1.8.1-cgi_session_perms.patch: sets the permission of the session data file to 0600. (#130063) http://www.linuxsecurity.com/advisories/fedora_advisory-4956.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 10/9/2004 - CUPS Leakage of sensitive information CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication. http://www.linuxsecurity.com/advisories/gentoo_advisory-4926.html 10/9/2004 - Ed Insecure temporary file handling The ed utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change rights on arbitrary files with the rights of the user running ed, which could be the root user. http://www.linuxsecurity.com/advisories/gentoo_advisory-4927.html 10/9/2004 - ncompress Buffer overflow compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process. http://www.linuxsecurity.com/advisories/gentoo_advisory-4928.html 10/9/2004 - LessTif Integer and stack overflows in libXpm Multiple vulnerabilities have been discovered in libXpm, which is included in LessTif, that can potentially lead to remote code execution. http://www.linuxsecurity.com/advisories/gentoo_advisory-4929.html 10/10/2004 - gettext Insecure temporary file handling The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user. http://www.linuxsecurity.com/advisories/gentoo_advisory-4930.html 10/11/2004 - xfree86 integer and stack overflows Chris Evans discovered several stack and integer overflows in the libXpm library which is provided by X.Org, XFree86 and LessTif. http://www.linuxsecurity.com/advisories/gentoo_advisory-4932.html 10/13/2004 - tiff Buffer overflows in image decoding Multiple heap-based overflows have been found in the tiff library image decoding routines, potentially allowing to execute arbitrary code with the rights of the user viewing a malicious image. http://www.linuxsecurity.com/advisories/gentoo_advisory-4943.html 10/14/2004 - wordpress HTTP response splitting and XSS vulnerabilities WordPress contains HTTP response splitting and cross-site scripting vulnerabilities. http://www.linuxsecurity.com/advisories/gentoo_advisory-4947.html 10/15/2004 - BNC Input validation flaw BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands. http://www.linuxsecurity.com/advisories/gentoo_advisory-4957.html +---------------------------------+ | Distribution: Other | ----------------------------// +---------------------------------+ 10/12/2004 - CUPS before 1.1.21 allows remote attackers to cause a denial of service The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service via a certain UDP packet to the IPP port. http://www.linuxsecurity.com/advisories/other_advisory-4938.html 10/12/2004 - libpng Multiple Vulnerabilities Several vulnerabilities exist in the libpng library, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. http://www.linuxsecurity.com/advisories/other_advisory-4939.html +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ 10/12/2004 - rsync security update New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. http://www.linuxsecurity.com/advisories/slackware_advisory-4935.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 10/8/2004 - cyrus-sasl Insecure handling of environment variable security update Kurt Lieber reported that libsasl honors the environment variable SASL_PATH blindly, allowing a local user to compile a "library" locally that is executed with the EID of SASL. http://www.linuxsecurity.com/advisories/trustix_advisory-4919.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 08:26:24 PDT