[ISN] Linux Advisory Watch - January 7th 2005

From: InfoSec News (isn@private)
Date: Mon Jan 10 2005 - 07:16:42 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  January 7th, 2005                           Volume 6, Number 1a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for mplayer, samba, wxgtk, cups,
htmlheadline, nasm, zip, pcal, tiff, namazu, imlib2, selinux, tetex,
pcmcia, kernel, mysql, gpdf, hotplug, linpopup, firefox, shoutcast,
mit-kbr5, xine, phpgroupware, xzgv, vilistextum, vim, mc, and fam.
The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake,
and Red Hat.

----

Internet Productivity Suite: Open Source Security
Trust Internet Productivity Suite's  open source architecture to give
you the best security and productivity applications  available.
Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and
methods into their design.

http://store.guardiandigital.com/html/eng/products/software/ips_overview.sh=
tml

---

Network and Host Mapping

In order to keep yourself secure you must understand your enemy.
Prevention is the only protection from becoming the victim of a security
exploit.  The first step in doing this is to determine what services
your servers offer, so you can secure them in the best manner possible.
Network scanning can be used to determine potential communication
channels.  Mapping their existence facilitates the exchange of
information with the host, and thus is quite useful for anyone wishing
to explore their networked environment, including attackers.

Scanning, as a method for discovering exploitable communication channels,
has been around for ages.  The idea is to probe as many listeners as
possible, and keep track of the ones that are receptive or useful.  Once
these listeners are found, means to exploit the host can be developed.
Unnecessarily offering a particular service to a hacker means another
avenue to exploit the host.

Many different types of scanning are currently available.  These range
from a simple ping test to see if the host is alive, network broadcasts,
and even performing a "stealth" attack by manipulating the ICMP, TCP, or
UDP information in a data packet, intentionally violating the protocol
definition in an attempt to trick a firewall.

Becoming familiar with the tools and techniques an attacker might use to
probe a network is the only way to know what information is available if
someone attempts to mount an attack against us.  Among the things that
can be determined from port scanning a machine include:

- Services a host is offering which can then be used to construct the
  appropriate attack based on information gathered from this process
- If there is in fact a host at the IP address that is being scanned
- A topology map of our network, which can be used to determine where
  firewalls and other hosts are positioned, trusted relationships between
  those hosts, and routing and DNS information.
- Operating system identification, vendor release and version, as well
  as applications and their versions
- Disclosure of the username and owner of any process connected via TCP,
  which can then be used to determine, for example, the username of which
  the web server is running

Linux Security Tip, by Ryan Maple:
http://www.linuxsecurity.com/content/view/117271/141/


----------------------

A 2005 Linux Security Resolution

Year 2000, the coming of the new millennium, brought us great joy
and celebration, but also brought great fear.  Some believed it would
result in full-scale computer meltdown, leaving Earth as a nuclear
wasteland.  Others predicted minor glitches leading only to
inconvenience.  The following years (2001-2004) have been tainted
with the threat of terrorism worldwide.

http://www.linuxsecurity.com/content/view/117721/49/

---

State of Linux Security 2004

In 2004, security continued to be a major concern. The beginning of the
year was plagued with several kernel flaws and Linux vendor advisories
continue to be released at an ever-increasing rate. This year, we have
seen the reports touting Window's security superiority, only to be
debunked by other security experts immediately after release. Also,
Guardian Digital launched the new LinuxSecurity.com, users continue to
be targeted by automated attacks, and the need for security awareness
and education continues to rise.

http://www.linuxsecurity.com/content/view/117655/49/

-----

Users Respond with Constructive Feedback

When the new version of LinuxSecurity.com  was launched on December 1st,
we also asked our readers to " Tell us what you think ." You have spoken,
and we appreciate that! We received hundreds of comments & requests, and
have been addressing a majority of them. We thought it was important to
share some of the comments with you. While some were purely positive
acknowledgements, others were thoughtful criticisms. We take every
critique into account and address each as resources become available
or when the criticism becomes the concern of many.

http://www.linuxsecurity.com/content/view/117614/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

* Conectiva: mplayer vulnerabilities fix
  5th, January, 2005

iDEFENSE[2] found a buffer overflow vulnerability[3] due to an error
in dynamically allocating memory and further investigation by mplayer
team found more vulnerabilities. This announcement fixes these
vulnerabilities.

http://www.linuxsecurity.com/content/view/117769


* Conectiva: Samba vulnerabilities fix
  6th, January, 2005

Remote exploitation of an integer overflow vulnerability[2] in the
smbd daemon could allow an attacker to cause controllable heap
corruption, leading to execution of arbitrary commands with root
privileges.

http://www.linuxsecurity.com/content/view/117793


* Conectiva: wxgtk2 library vulnerabilities fix
  6th, January, 2005

Several vulnerabilities were found in libtiff, which may also be in
wxGTK library, since it has a private copy of libtiff's source.

http://www.linuxsecurity.com/content/view/117794


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: CUPS arbitrary code execution fix
  31st, December, 2004

An iDEFENSE security researcher discovered a buffer overflow in xpdf,
the Portable Document Format (PDF) suite.  Similar code is present in
the PDF processing part of CUPS.  A maliciously crafted PDF file
could exploit this problem, leading to the execution of arbitrary
code.

http://www.linuxsecurity.com/content/view/117725


* Debian: htmlheadline insecure temporary files fix
  3rd, January, 2005

Javier Fern=C3=A1ndez-Sanguino Pe=C3=B1a has discovered multiple insecure u=
ses
of temporary files that could lead to overwriting arbitrary files via
a symlink attack.

http://www.linuxsecurity.com/content/view/117726


* Debian: nasm arbitrary code execution fix
  4th, January, 2005

Jonathan Rockway discovered a buffer overflow in nasm, the
general-purpose x86 assembler, which could lead to the execution of
arbitrary code when compiling a maliciously crafted assembler source
file.

http://www.linuxsecurity.com/content/view/117756


* Debian: zip arbitrary code execution fix
  5th, January, 2005

A buffer overflow has been discovered in zip, the archiver for .zip
files.=09When doing recursive folder compression the program did not
check the resulting path length, which would lead to memory being
overwritten.  A malicious person could convince a user to create an
archive containing a specially crafted path name, which could lead to

the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117767


* Debian: pcal arbitrary code execution fix
  5th, January, 2005

Danny Lungstrom discovered two buffer overflows in pcal, a program to
generate Postscript calendars, that could lead to the execution of
arbitrary code when compiling a calendar.

http://www.linuxsecurity.com/content/view/117770


* Debian: tiff denial of service fix
  6th, January, 2005

Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag
Image File Format library for processing TIFF graphics files.  Upon
reading a TIFF file it is possible to crash the application, and
maybe also to execute arbitrary code.

http://www.linuxsecurity.com/content/view/117780


* Debian: namazu2 cross-site scripting vulnerability fix
  6th, January, 2005

A cross-site scripting vulnerability has been discovered in namazu2,
a full text search engine.  An attacker could prepare specially
crafted input that would not be sanitised by namazu2 and hence
displayed verbatim for the victim.

http://www.linuxsecurity.com/content/view/117790


* Debian: imlib2 arbitrary code execution fix
  6th, January, 2005

Pavel Kankovsky discovered that several overflows found in the libXpm
library were also present in imlib and imlib2, imaging libraries for
X11.  An attacker could create a carefully crafted image file in such
a way that it could cause an application linked with imlib or imlib2
to execute arbitrary code when the file was opened by a victim.

http://www.linuxsecurity.com/content/view/117791


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora: selinux-policy-targeted-1.17.30-2.62 update
  31st, December, 2004

Fix for postgres startup scripts.

http://www.linuxsecurity.com/content/view/117729


* Fedora: tetex-2.0.2-14FC2.1 update
  3rd, January, 2005

The updated tetex package fixes a buffer overflow which allows
attackers to cause the internal xpdf library used by applications in
tetex to crash, and possibly to execute arbitrary code.  The Common
Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2004-1125 to this issue.

http://www.linuxsecurity.com/content/view/117742


* Fedora: tetex-2.0.2-21.2 update
  3rd, January, 2005

The updated tetex package fixes a buffer overflow which allows
attackers to cause the internal xpdf library used by applications in
tetex to crash, and possibly to execute arbitrary code.  The Common
Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2004-1125
to this issue.

http://www.linuxsecurity.com/content/view/117743


* Fedora: pcmcia-cs-3.2.7-2.1 update
  3rd, January, 2005

This update fixes bug #135508, silencing a warning message on cardmgr
startup.

http://www.linuxsecurity.com/content/view/117750


* Fedora: pcmcia-cs-3.2.7-1.8.2.2 update
  3rd, January, 2005

This update fixes bug #135508, silencing a warning message on cardmgr
startup.

http://www.linuxsecurity.com/content/view/117751


* Fedora: kernel-2.6.9-1.11_FC2 update
  3rd, January, 2005

A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.

http://www.linuxsecurity.com/content/view/117752


* Fedora: kernel-2.6.9-1.724_FC3 update
  3rd, January, 2005

A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.

http://www.linuxsecurity.com/content/view/117753


* Fedora: mysql-3.23.58-14 update
  5th, January, 2005

work around SELinux restriction that breaks mysql_install_db (bug
#141062). Add a restorecon to keep the mysql.log file in the right
context (bz#143887). Fix init script to not need a valid username for
startup check (bz#142328). Don't assume /etc/my.cnf will specify
pid-file (bz#143724)

http://www.linuxsecurity.com/content/view/117777


* Fedora: man-pages-ja-20041215-1.FC3.0 update
  6th, January, 2005

prefer GNU fileutils's chown(1) rather than gnumaniak's. (#142077)

http://www.linuxsecurity.com/content/view/117783


* Fedora: ruby-1.8.2-1.FC3.0 update
  6th, January, 2005

New upstream release.

http://www.linuxsecurity.com/content/view/117784


* Fedora: man-pages-ja-20041215-1.FC2.0 update
  6th, January, 2005

ixed wrong filename for in.rlogind.8 man pages. prefer=09GNU
fileutils's chown(1) rather than gnumaniak's.

http://www.linuxsecurity.com/content/view/117785


* Fedora: tetex-2.0.2-14FC2.1 update
  6th, January, 2005

The updated tetex package fixes a buffer overflow which allows
attackers to cause the internal xpdf library used by applications in
tetex to crash, and possibly to execute arbitrary code.  The Common
Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2004-1125
to this issue.

http://www.linuxsecurity.com/content/view/117786


* Fedora: tetex-2.0.2-21.2 update
  6th, January, 2005

The updated tetex package fixes a buffer overflow which allows
attackers to cause the internal xpdf library used by applications in
tetex to crash, and possibly to execute arbitrary code.  The Common
Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2004-1125
to this issue.

http://www.linuxsecurity.com/content/view/117787


* Fedora: gpdf-2.8.0-8.2 update
  6th, January, 2005

Applied patch to fix CAN-2004-1125 (bug #144210)

http://www.linuxsecurity.com/content/view/117788


* Fedora: gpdf-2.8.0-4.2.fc2 update
  6th, January, 2005

Applied patch to fix CAN-2004-1125 (bug #144210)

http://www.linuxsecurity.com/content/view/117789


* Fedora: hotplug-2004_04_01-8.1 update
  6th, January, 2005

This adds a fix to properly set the path for devices on USB removal.

http://www.linuxsecurity.com/content/view/117792


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: LinPopUp Buffer overflow in message reply
  4th, January, 2005

LinPopUp contains a buffer overflow potentially allowing execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/117760


* Gentoo: a2ps Insecure temporary files handling
  4th, January, 2005

The fixps and psmandup scripts in the a2ps package are vulnerable to
symlink attacks, potentially allowing a local user to overwrite
arbitrary files.

http://www.linuxsecurity.com/content/view/117761


* Gentoo: Mozilla, Firefox, Thunderbird Various vulnerabilities
  5th, January, 2005

Various vulnerabilities were found and fixed in Mozilla-based
products, ranging from a potential buffer overflow and temporary
files disclosure to anti-spoofing issues.

http://www.linuxsecurity.com/content/view/117768


* Gentoo: shoutcast Remote code execution
  5th, January, 2005

Shoutcast Server contains a possible buffer overflow that could lead
to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117771


* Gentoo: mit-kbr5 Heap overflow in libkadm5srv
  5th, January, 2005

The MIT Kerberos 5 administration library (libkadm5srv) contains a
heap overflow that could lead to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117778


* Gentoo: tiff New overflows in image decoding
  5th, January, 2005

An integer overflow has been found in the TIFF library image decoding
routines and the tiffdump utility, potentially allowing arbitrary
code execution.

http://www.linuxsecurity.com/content/view/117779


* Gentoo: xine-lib Multiple overflows
  6th, January, 2005

xine-lib contains multiple overflows potentially allowing execution
of arbitrary code.

http://www.linuxsecurity.com/content/view/117781


* Gentoo: phpGroupWare Various vulnerabilities
  6th, January, 2005

Multiple vulnerabilities have been discovered in phpGroupWare that
could lead to information disclosure or remote compromise.

http://www.linuxsecurity.com/content/view/117798


* Gentoo: xzgv Multiple overflows
  6th, January, 2005

xzgv contains multiple overflows that may lead to the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/117806


* Gentoo: vilistextum Buffer overflow vulnerability
  6th, January, 2005

Vilistextum is vulnerable to a buffer overflow that allows an
attacker to execute arbitrary code through the use of a malicious
webpage.

http://www.linuxsecurity.com/content/view/117807


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

* Mandrake: libtiff multiple vulnerabilities fix
  6th, January, 2005

Several vulnerabilities have been discovered in the libtiff package.

http://www.linuxsecurity.com/content/view/117801


* Mandrake: wcGTK2 vulnerabilities fix
  6th, January, 2005

Several vulnerabilities have been discovered in the libtiff package;
wxGTK2 uses a libtiff code tree, so it may have the same
vulnerabilities.

http://www.linuxsecurity.com/content/view/117802


* Mandrake: vim modeline vulnerabilities fix
  6th, January, 2005

Several "modeline"-related vulnerabilities were discovered in Vim by
Ciaran McCreesh.  The updated packages have been patched with Bram
Moolenaar's vim 6.3.045 patch which fixes the reported
vulnerabilities and adds more conservative "modeline" rights.

http://www.linuxsecurity.com/content/view/117803


* Mandrake: nasm buffer overflow vulnerability fix
  6th, January, 2005

A buffer overflow in nasm was discovered by Jonathan Rockway.  This
vulnerability could lead to the execution of arbitrary code when
compiling a malicious assembler source file.

http://www.linuxsecurity.com/content/view/117804


* Mandrake: libtiff multiple vulnerabilities fix
  6th, January, 2005

Several vulnerabilities have been discovered in the libtiff package.

http://www.linuxsecurity.com/content/view/117805


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* Red Hat: mc security vulnerabilities fix
  5th, January, 2005

An updated mc package that resolves several shell escape security
issues is now available.

http://www.linuxsecurity.com/content/view/117772


* Red Hat: fam security issue fix
  5th, January, 2005

Updated fam packages that fix an information disclosure bug are now
available.

http://www.linuxsecurity.com/content/view/117773


* Red Hat: VIM security vulnerability fix
  5th, January, 2005

Updated vim packages that fix a modeline vulnerability are now
available.

http://www.linuxsecurity.com/content/view/117774


* Red Hat: samba security issue fix
  5th, January, 2005

Updated samba packages that fix an integer overflow vulnerability are
now available for Red Hat Enterprise Linux 2.1.

http://www.linuxsecurity.com/content/view/117775

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Jan 10 2005 - 07:48:46 PST