[ISN] Linux Advisory Watch - December 10th 2004

From: InfoSec News (isn@private)
Date: Mon Dec 13 2004 - 01:57:18 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  December 10th, 2004                         Volume 5, Number 49a   |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for hpsockd, viewvcs, nfs-util,
cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth,
rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl,
mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl,
ImageMagick, samba, and cups.  The distributors include Debian,
Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.

----

Internet Productivity Suite: Open Source Security
Trust Internet Productivity Suite's  open source architecture to give
you the best security and productivity applications  available.
Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and
methods into their design.

http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml

---

Packet Sniffers

One of the most common ways intruders gain access to more systems
on your network is by employing a packet sniffer on a already
compromised  host. This "sniffer" just listens on the Ethernet port
for things like  passwd and login and su in the packet stream and
then logs the traffic after that. This way, attackers gain passwords
for systems they are not even attempting to break into. Clear-text
passwords are very vulnerable to this attack.

Example: Host A has been compromised. Attacker installs a sniffer.
Sniffer picks up admin logging into Host B from Host C. It gets the
admins personal password as they login to B. Then, the admin does a
su to fix a problem. They now have the root password for Host  B.
Later the admin lets someone telnet from his account to Host Z on
another site. Now the attacker has a password/login on Host Z.

In this day and age, the attacker doesn't even need to compromise a
system to do this: they could also bring a laptop or pc into a
building and tap into your net.

Using ssh or other encrypted password methods thwarts this attack.
Things like APOP for POP accounts also prevents this attack. (Normal
POP logins are very vulnerable to this, as is anything that sends
clear-text passwords over the network.)

Excerpt from LinuxSecurity HowTO:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
By: Dave Wreski (dave@private) & Kevin Fenzi

-----

Mass deploying Osiris

Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system.  A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people.  The communication is all done over an encrypted
communication channel.

http://www.linuxsecurity.com/content/view/101884/49/

---------------------------------------------------------------------

AIDE and CHKROOTKIT

Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.

http://www.linuxsecurity.com/content/view/101882/49/

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: hpsockd denial of service fix
  3rd, December, 2004

"infamous41md" discovered a buffer overflow condition in hpsockd, the
socks server written at Hewlett-Packard.  An exploit could cause the
program to crash or may have worse effect.

http://www.linuxsecurity.com/content/view/117313


* Debian: viewcvs information leak fix
  6th, December, 2004

Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility
for viewing CVS and Subversion repositories via HTTP. When exporting
a repository as a tar archive the hide_cvsroot and forbidden settings
were not honoured enough.

http://www.linuxsecurity.com/content/view/117392


* Debian: nfs-util denial of service fix
  8th, December, 2004

SGI has discovered that rpc.statd from the nfs-utils package, the
Network Status Monitor, did not ignore the "SIGPIPE".  Hence, a
client prematurely terminating the TCP connection could also
terminate the server process.

http://www.linuxsecurity.com/content/view/117423


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora: cyrus-imapd-2.2.10-3.fc2 update
  3rd, December, 2004

The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits
revealed a package installation problem.

http://www.linuxsecurity.com/content/view/117366


* Fedora: cyrus-imapd-2.2.10-3.fc3 update
  3rd, December, 2004

The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits
revealed a package installation problem. If the main configuration
files for cyrus-imapd

http://www.linuxsecurity.com/content/view/117367


* Fedora: netatalk-1.6.4-2.2 update
  6th, December, 2004

Fix to temp file vulnerability in /etc/psf/etc2ps

http://www.linuxsecurity.com/content/view/117395


* Fedora: netatalk-1.6.4-4 update
  6th, December, 2004

Fix temp file vulnerability in /etc/psf/etc2ps

http://www.linuxsecurity.com/content/view/117396


* Fedora: gaim-1.1.0-0.FC2 update
  6th, December, 2004

Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.

http://www.linuxsecurity.com/content/view/117397


* Fedora: gaim-1.1.0-0.FC3 update
  6th, December, 2004

Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.

http://www.linuxsecurity.com/content/view/117398


* Fedora: rhpl-0.148.1-2 update
  6th, December, 2004

Remove synaptics requires (#137935)

http://www.linuxsecurity.com/content/view/117399


* Fedora: ttfonts-ja-1.2-36.FC3.0 update
  7th, December, 2004

reverted the previous changes so that it broke ghostscript working.
(#139798)

http://www.linuxsecurity.com/content/view/117404


* Fedora: mc-4.6.1-0.11FC3 update
  7th, December, 2004

The updated version of Midnight Commander contains finished
CAN-2004-0494 security fixes in extfs scripts and has better support
for UTF-8, contains subshell prompt fixes and enhanced large file
support.

http://www.linuxsecurity.com/content/view/117417


* Fedora: udev-039-10.FC3.4 update
  7th, December, 2004

udev is a implementation of devfs in userspace using sysfs and
/sbin/hotplug. It requires a 2.6 kernel to run properly.

http://www.linuxsecurity.com/content/view/117418


* Fedora: udev-039-10.FC3.5 update
  7th, December, 2004

fixed udev.rules for cdrom symlinks (bug 141897)

http://www.linuxsecurity.com/content/view/117419


* Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update
  7th, December, 2004

fixed again gnome-bluetooth-manager script for 64bit (bug 134864)

http://www.linuxsecurity.com/content/view/117420


* Fedora: rsh update
  8th, December, 2004

fixed rexec fails with "Invalid Argument" (#118630)

http://www.linuxsecurity.com/content/view/117432


* Fedora: Omni-0.9.2-1.1 update
  8th, December, 2004

This is the 0.9.2 release of the Omni printer driver collection.  It
also fixes a library path problem on multilib architectures such as
x86_64.

http://www.linuxsecurity.com/content/view/117433


* Fedora: mysql-3.23.58-9.1 update
  8th, December, 2004

fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 (bugs
#135372, 135375, 135387)

http://www.linuxsecurity.com/content/view/117434


* Fedora: libpng-1.2.8-1.fc2 update
  9th, December, 2004

Updates libpng to the current release 1.2.8. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html

http://www.linuxsecurity.com/content/view/117439


* Fedora: libpng10-1.0.18-1.fc2 update
  9th, December, 2004

Updates libpng10 to the current release 1.0.18. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html

http://www.linuxsecurity.com/content/view/117440


* Fedora: glib2-2.4.8-1.fc2 update
  9th, December, 2004

Updates GLib to the current stable release 2.4.8. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00004.html

http://www.linuxsecurity.com/content/view/117441


* Fedora: gtk2-2.4.14-1.fc2 update
  9th, December, 2004

Updates GTK+ to the current stable release 2.4.14. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00007.html

http://www.linuxsecurity.com/content/view/117442


* Fedora: libpng10-1.0.18-1.fc3 update
  9th, December, 2004

Updates libpng10 to the current release 1.0.18. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html

http://www.linuxsecurity.com/content/view/117443


* Fedora: libpng-1.2.8-1.fc3 update
  9th, December, 2004

Updates libpng to the current release 1.2.8. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html

http://www.linuxsecurity.com/content/view/117444


* Fedora: glib2-2.4.8-1.fc3 update
  9th, December, 2004

Updates GLib to the current stable release 2.4.8. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00004.html

http://www.linuxsecurity.com/content/view/117445


* Fedora: gtk2-2.4.14-1.fc3 update
  9th, December, 2004

Updates GTK+ to the current stable release 2.4.14. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00007.html

http://www.linuxsecurity.com/content/view/117446


* Fedora: postgresql-odbc-7.3-6.2 update
  9th, December, 2004

This update fixes problems occurring on 64-bit platforms.

http://www.linuxsecurity.com/content/view/117447


* Fedora: postgresql-odbc-7.3-8.FC3.1 update
  9th, December, 2004

This update fixes problems occurring on 64-bit platforms.

http://www.linuxsecurity.com/content/view/117448


* Fedora: postgresql-7.4.6-1.FC2.1 update
  9th, December, 2004

This update synchronizes PostgreSQL for FC2 with the version already
released in FC3.

http://www.linuxsecurity.com/content/view/117449


* Fedora: shadow-utils-4.0.3-55 update
  9th, December, 2004

A regression has been fixed where strict enforcement of POSIX rules
for user and group names prevented Samba 3 from using its "add
machine script" feature...

http://www.linuxsecurity.com/content/view/117452


* Fedora: shadow-utils-4.0.3-56 update
  9th, December, 2004

A regression has been fixed where strict enforcement of POSIX rules
for user and group names prevented Samba 3 from using its "add
machine script" feature...

http://www.linuxsecurity.com/content/view/117453


* Gentoo: rssh, scponly Unrestricted command execution
  3rd, December, 2004

rssh and scponly do not filter command-line options that can be
exploited to execute any command, thereby allowing a remote user to
completely bypass the restricted shell.

http://www.linuxsecurity.com/content/view/117364


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: PDFlibs Multiple overflows in the included TIFF library
  6th, December, 2004

PDFlib is vulnerable to multiple overflows, which can potentially
lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117393


* Gentoo: imlib Buffer overflows in image decoding
  6th, December, 2004

Multiple overflows have been found in the imlib library image
decoding routines, potentially allowing execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117394


* Gentoo: perl Insecure temporary file creation
  6th, December, 2004

Perl is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/117402


* Gentoo: mirrorselect Insecure temporary file creation
  7th, December, 2004

mirrorselect is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/117403


* Mandrake: drakxtools update
  7th, December, 2004

Beginning immediately, all bug reports for stable releases will be
handled via Bugzilla at http://qa.mandrakesoft.com/.  The drakbug
tool has been updated to point users of stable releases to Bugzilla.

http://www.linuxsecurity.com/content/view/117405


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

* Mandrake: dietlibc fix
  7th, December, 2004

There was a problem with dietlibc in Mandrakelinux 10.0/amd64 where
it would not provide proper support for the AMD64 architecture.  The
updated package fixes this.

http://www.linuxsecurity.com/content/view/117406


* Mandrake: gzip fix
  7th, December, 2004

The Trustix developers found some insecure temporary file creation
problems in the zdiff, znew, and gzeze supplemental scripts in the
gzip package.  These flaws could allow local users to overwrite files
via a symlink attack.

http://www.linuxsecurity.com/content/view/117407


* Mandrake: ImageMagick fix
  7th, December, 2004

A vulnerability was discovered in ImageMagick where, due to a
boundary error within the EXIF parsing routine, a specially crafted
graphic image could potentially lead to the execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/117408


* Mandrake: lvml fix
  7th, December, 2004

The Trustix developers discovered that the lvmcreate_initrd script,
part of the lvm1 package, created a temporary directory in an
insecure manner.  This could allow for a symlink attack to create or
overwrite arbitrary files with the privileges of the user running the
script.

http://www.linuxsecurity.com/content/view/117409


* Mandrake: rp-pppoe fix
  7th, December, 2004

Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe
package.  When pppoe is running setuid root, an attacker can
overwrite any file on the system.  Mandrakelinux does not install
pppoe setuid root, however the packages have been patched to prevent
this problem.

http://www.linuxsecurity.com/content/view/117410


* Mandrake: nfs-utils fix
  7th, December, 2004

SGI developers discovered a remote DoS (Denial of Service) condition
in the NFS statd server.  rpc.statd did not ignore the "SIGPIPE"
signal which would cause it to shutdown if a misconfigured or
malicious peer terminated the TCP connection prematurely.

http://www.linuxsecurity.com/content/view/117411


* Mandrake: openssl fix
  7th, December, 2004

The Trustix developers found that the der_chop script, included in
the openssl package, created temporary files insecurely.  This could
allow local users to overwrite files using a symlink attack.

http://www.linuxsecurity.com/content/view/117412


* Trustix: multiple package bugfixes
  9th, December, 2004

amavisd-new
AMaViS is a script that interfaces a mail transport agent (MTA) with
one or more virus scanners.

http://www.linuxsecurity.com/content/view/117437



+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

* Trustix: nfs-util Remote denial of service
  9th, December, 2004

SGI developers discovered a remote Denial of Service in the NFS statd
server where it did not ignore the "SIGPIPE" signal. This could cause
the server to shut down if a client terminates prematurely.

http://www.linuxsecurity.com/content/view/117438


+---------------------------------+
|  Distribution: Red Ha          | ----------------------------//
+---------------------------------+

* Red Hat: ImageMagick security vulnerability fix
  8th, December, 2004

Updated ImageMagick packages that fixes a buffer overflow are now
available.

http://www.linuxsecurity.com/content/view/117431


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: cyrus-imapd remote command execution
  3rd, December, 2004

Stefan Esser reported various bugs within the Cyrus IMAP Server.
These include buffer overflows and out-of-bounds memory access which
could allow remote attackers to execute arbitrary commands as root.
The bugs occur in the pre-authentication phase, therefore an update
is strongly recommended.

http://www.linuxsecurity.com/content/view/117317


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

* TurboLinux: samba, cups vulnerabilities
  8th, December, 2004

Two vulnerabilities discovered in Samba. DoS vulnerability in cups.

http://www.linuxsecurity.com/content/view/117424


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Dec 13 2004 - 07:46:53 PST