+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | November 19th, 2004 Volume 5, Number 46a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@private ben@private Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for libxml2, MySQL, imagemagick, Apache, fetch, Ruby, BNC, Squirrelmail, gd, sudo, totem, drakxtools, httpd, freeradius, libxml2, and iptables. The distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, Suse, and Trustix. ----- LinuxSecurity.com Version 2 ----- Get ready ... on December 1st the new LinuxSecurity.com site will be revealed. The same great content you've come to expect with a whole new look and great new features. A sneak preview is coming soon! http://ads.linuxsecurity.com/cgi-bin/ads.pl?banner=lsv2flashdemo ------ Root Security The most sought-after account on your machine is the superuser account. This account has authority over the entire machine, which may also include authority over other machines on the network. Remember that you should only use the root account for very short specific tasks and should mostly run as a normal user. Running as root all the time is a very very very bad idea. Several tricks to avoid messing up your own box as root: * When doing some complex command, try running it first in a non destructive way...especially commands that use globbing: e.g., you are going to do a rm foo*.bak, instead, first do: ls foo*.bak and make sure you are going to delete the files you think you are. Using echo in place of destructive commands also sometimes works. * Provide your users with a default alias to the /bin/rm command to ask for confirmation for deletion of files. * Only become root to do single specific tasks. If you find yourself trying to figure out how to do something, go back to a normal user shell until you are sure what needs to be done by root. * The command path for the root user is very important. The command path, or the PATH environment variable, defines the location the shell searches for programs. Try and limit the command path for the root user as much as possible, and never use '.', meaning 'the current directory', in your PATH statement. Additionally, never have writable directories in your search path, as this can allow attackers to modify or place new binaries in your search path, allowing them to run as root the next time you run that command. * Never use the rlogin/rsh/rexec (called the ``r-utilities'') suite of tools as root. They are subject to many sorts of attacks, and are downright dangerous run as root. Never create a .rhosts file for root. * The /etc/securetty file contains a list of terminals that root can login from. By default (on Red Hat Linux) this is set to only the local virtual consoles (vtys). Be very careful of adding anything else to this file. You should be able to login remotely as your regular user account and then use su if you need to (hopefully over ssh or other encrypted channel), so there is no need to be able to login directly as root. * Always be slow and deliberate running as root. Your actions could affect a lot of things. Think before you type! If you absolutely positively need to allow someone (hopefully very trusted) to have superuser access to your machine, there are a few tools that can help. sudo allows users to use their password to access a limited set of commands as root. sudo keeps a log of all successful and unsuccessful sudo attempts, allowing you to track down who used what command to do what. For this reason sudo works well even in places where a number of people have root access, but use sudo so you can keep track of changes made. Although sudo can be used to give specific users specific privileges for specific tasks, it does have several shortcomings. It should be used only for a limited set of tasks, like restarting a server, or adding new users. Any program that offers a shell escape will give the user root access. This includes most editors, for example. Also, a program as innocuous as /bin/cat can be used to overwrite files, which could allow root to be exploited. Consider sudo as a means for accountability, and don't expect it to replace the root user yet be secure. Excerpt from the LinuxSecurity Administrator's Guide: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html Written by: Dave Wreski (dave@private) ----- Mass deploying Osiris Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel. http://www.linuxsecurity.com/feature_stories/feature_story-175.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 11/18/2004 - libxml2 buffer overflow vulnerabilities fix This update fixes a buffer overflow vulnerability[2,3] in the URI parsing code found by "infamous41md" at the nanoftp and nanohttp modules of libxml2. An attacker may exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. http://www.linuxsecurity.com/advisories/conectiva_advisory-5193.html 11/18/2004 - MySQL vulnerabilities fix Oleksandr Byelkin noticed[2] that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one. Lukasz Wojtow noticed[3] a buffer overrun in the mysql_real_connect() function. http://www.linuxsecurity.com/advisories/conectiva_advisory-5194.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 11/12/2004 - ez-ipupdate format string vulnerability fix vulnerabilities fix Ulf Hrnhammar from the Debian Security Audit Project discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. This problem can only be exploited if ez-ipupdate is running in daemon mode (most likely) with many but not all service types. http://www.linuxsecurity.com/advisories/debian_advisory-5162.html 11/16/2004 - imagemagick arbitrary code execution fix A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic images could lead to the execution of arbitrary code. http://www.linuxsecurity.com/advisories/debian_advisory-5172.html 11/17/2004 - Apache arbitrary code execution fix "Crazy Einstein" has discovered a vulnerability in the "mod_include" module, which can cause a buffer to be overflown and could lead to the execution of arbitrary code. http://www.linuxsecurity.com/advisories/debian_advisory-5180.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 11/12/2004 - httpd-2.0.51-2.9 update arbitrary code execution fix This update includes the fixes for an issue in mod_ssl which could lead to a bypass of an SSLCipherSuite setting in directory or location context (CVE CAN-2004-0885), and a memory consumption denial of service issue in the handling of request header lines (CVE CAN-2004-0942). http://www.linuxsecurity.com/advisories/fedora_advisory-5166.html 11/12/2004 - httpd-2.0.52-3.1 update arbitrary code execution fix This update includes the fix for a memory consumption denial of service issue in the handling of request header lines (CVE CAN-2004-0942). http://www.linuxsecurity.com/advisories/fedora_advisory-5167.html 11/12/2004 - subversion-1.0.9-1 update arbitrary code execution fix This update includes the latest release of Subversion 1.0, including the fix for a regression in the performance of repository browsing since version 1.0.8. http://www.linuxsecurity.com/advisories/fedora_advisory-5168.html 11/12/2004 - subversion-1.1.1-1.1 update arbitrary code execution fix This update includes the latest release of Subversion 1.1, including the fix for a regression in the performance of repository browsing since version 1.1.0 and a variety of other bug fixes. http://www.linuxsecurity.com/advisories/fedora_advisory-5169.html 11/12/2004 - gdb-6.1post-1.20040607.43 update arbitrary code execution fix #136455 workaround to prevent gdb from failing and getting stuck when hitting certain DWARF-2 symbols. http://www.linuxsecurity.com/advisories/fedora_advisory-5170.html 11/16/2004 - abiword-2.0.12-4.fc3 update arbitrary code execution fix Backport fix to stop #rh139201# crash on CTRL-A and making font changes http://www.linuxsecurity.com/advisories/fedora_advisory-5178.html 11/16/2004 - authd-1.4.3-1 update arbitrary code execution fix fix double-free prob detected on x86_64 glibc (#136392) http://www.linuxsecurity.com/advisories/fedora_advisory-5182.html 11/16/2004 - gaim-1.0.3-0.FC3 update arbitrary code execution fix 1.0.3 another bugfix release http://www.linuxsecurity.com/advisories/fedora_advisory-5183.html 11/17/2004 - xorg-x11-6.7.0-10 update arbitrary code execution fix Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. http://www.linuxsecurity.com/advisories/fedora_advisory-5191.html 11/17/2004 - xorg-x11-6.8.1-12.FC3.1 update arbitrary code execution fix Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. http://www.linuxsecurity.com/advisories/fedora_advisory-5192.html +---------------------------------+ | Distribution: FreeBSD | ----------------------------// +---------------------------------+ 11/18/2004 - fetch Overflow error An integer overflow condition in the processing of HTTP headers can result in a buffer overflow. http://www.linuxsecurity.com/advisories/freebsd_advisory-5195.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 11/16/2004 - Ruby Denial of Service issue The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition. http://www.linuxsecurity.com/advisories/gentoo_advisory-5173.html 11/16/2004 - BNC Buffer overflow vulnerability BNC contains a buffer overflow vulnerability that may lead to Denial of Service and execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-5174.html 11/17/2004 - Squirrelmail Encoded text XSS vulnerability Squirrelmail fails to properly sanitize user input, which could lead to a compromise of webmail accounts. http://www.linuxsecurity.com/advisories/gentoo_advisory-5189.html 11/17/2004 - GIMPS, SETI@home, ChessBrain Insecure installation Encoded text XSS vulnerability Improper file ownership allows user-owned files to be run with root privileges by init scripts. http://www.linuxsecurity.com/advisories/gentoo_advisory-5190.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 11/17/2004 - gd integer overflows fix Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. http://www.linuxsecurity.com/advisories/mandrake_advisory-5185.html 11/17/2004 - sudo vulnerability fix Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. http://www.linuxsecurity.com/advisories/mandrake_advisory-5186.html 11/17/2004 - Apache buffer overflow fix A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an httpd child process. http://www.linuxsecurity.com/advisories/mandrake_advisory-5187.html 11/17/2004 - Apache2 request DoS fix A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. http://www.linuxsecurity.com/advisories/mandrake_advisory-5188.html 11/18/2004 - bootloader-utils kheader issue fix request DoS fix A problem with generating kernel headers exists when using the newer kernel-i686-up-64GB package. The updated bootloader-utils package corrects the issue. http://www.linuxsecurity.com/advisories/mandrake_advisory-5196.html 11/18/2004 - totem problem with blue screen fix There is a problem in the totem package where in some cases when running totem a blue screen would appear. Resizing the screen seems to fix the problem temporarily, however upon minimizing or maximizing the screen it would once again become blue. http://www.linuxsecurity.com/advisories/mandrake_advisory-5197.html 11/18/2004 - drakxtools various issues fix A number of fixes are available in the updated drakxtools package. http://www.linuxsecurity.com/advisories/mandrake_advisory-5198.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 11/12/2004 - httpd security issue and bugs fix Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-5163.html 11/12/2004 - freeradius security flaws fix Updated freeradius packages that fix a number of denial of service vulnerabilities as well as minor bugs are now available for Red Hat Enterprise Linux 3. http://www.linuxsecurity.com/advisories/redhat_advisory-5164.html 11/12/2004 - libxml2 security vulnerabilities fix An updated libxml2 package that fixes multiple buffer overflows is now available. http://www.linuxsecurity.com/advisories/redhat_advisory-5165.html 11/16/2004 - samba security vulnerabilities fix Updated samba packages that fix various security vulnerabilities are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-5179.html +---------------------------------+ | Distribution: Suse | ----------------------------// +---------------------------------+ 11/15/2004 - samba remote buffer overflow There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames. http://www.linuxsecurity.com/advisories/suse_advisory-5171.html 11/17/2004 - xshared, XFree86-libs, xorg-x11-libs remote system compromises remote buffer overflow The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. http://www.linuxsecurity.com/advisories/suse_advisory-5184.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 11/16/2004 - gd samba sqlgrey sudo Various security fixes gd is a graphics library. It allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and write out the result as a PNG or JPEG file. http://www.linuxsecurity.com/advisories/trustix_advisory-5175.html 11/16/2004 - apache automake bind console-tools Package bugfix Apache is a full featured web server that is freely available, and also happens to be the most widely used. http://www.linuxsecurity.com/advisories/trustix_advisory-5176.html 11/16/2004 - iptables Loading too many modules Olaf Rempel pointed out that the list of modules we autoload is too large. This has now been fixed. http://www.linuxsecurity.com/advisories/trustix_advisory-5177.html 11/16/2004 - gd samba sqlgrey sudo several overflows There has been found serveral overflows in gd. This can be used to execute arbitary code in programs using the gd library. http://www.linuxsecurity.com/advisories/trustix_advisory-5181.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Mon Nov 22 2004 - 05:20:00 PST