[ISN] Linux Advisory Watch - November 18th 2005

From: InfoSec News (isn@private)
Date: Sun Nov 20 2005 - 22:43:30 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  November 18th, 2005                        Volume 6, Number 47a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@private          ben@private

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for awstats, kdelibs, acidlab,
AbiWord, uim, ftpd-ssl, phpsysinfo, phpgroupware, lynx, rar,
sylpheed, gtk, egroupware, cpio, lm_sensors, and gdk-pixpuf. The
distributors include Debian, Gentoo, Mandriva, and Red Hat.

----

Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you
can earn this esteemed degree, without disrupting your career or home
life.

http://www.msia.norwich.edu/linsec

----

SELinux Administration, Part II
By: Pax Dickinson

Policy booleans are sections of policy that can be switched on or
off, providing a basic level of policy configurability at runtime
without requiring the recompilation of the entire security policy.
For example, you might be running a webmail application on your
server that requires the webserver process to be able to connect
to your mail server ports and read mail files out of user's home
directories. Rather than adding those permissions to the security
policy where they would reduce security for those not running
webmail, a policy developer would create a boolean that the local
administrator could enable only if it is required. This helps
maintain a high level of security and follows the principle of
least privilege.

To view a list of the policy booleans in your running policy
and their current states, use the sestatus command. This command
will list your current enforcing mode and the enforcing mode
from the /etc/selinux/config file among other information, and
a list of all policy booleans and whether they are active or
inactive.

You can view the current status of a single boolean by using
the command getsebool and passing it the name of the boolean
you want to view the state of. Booleans are set using the
setsebool command, and passing it the name of the boolean
you want to set followed by a 1 or 0 to set the boolean
active or inactive respectively.

Some sample booleans from the EnGarde Secure Linux SELinux
policy are httpd_webmail and user_ping. The httpd_webmail
boolean is used for the exact situation used as an example
above, while the user_ping boolean determines whether or not
regular users are able to send ping packets over the network.
Booleans can be as simple as a single allow statement, or
can enable or disable large swathes of the policy depending
on their purpose.

Our SELinux journey is almost done. Next time, we'll discuss
policy development basics and see how we can troubleshoot
policy denials and write new SELinux policy or modify existing
policy to allow our SELinux system to get its jobs done while
maintaining a high level of security. Until then, farewell
and remember to stay secure.

Read Entire Article:
http://www.linuxsecurity.com/content/view/120700/49/

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New awstats packages fix arbitrary command execution
  10th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120778


* Debian: New kdelibs packages fix backup file information leak
  10th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120779


* Debian: New acidlab packages fix SQL injection
  14th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120802


* Debian: New AbiWord packages fix arbitrary code execution
  14th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120807


* Debian: New uim packages fix privilege escalation
  14th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120808


* Debian: New ftpd-ssl packages fix arbitrary code execution
  15th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120809


* Debian: New phpsysinfo packages fix several vulnerabilities
  15th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120810


* Debian: New phpgroupware packages fix several vulnerabilities
  17th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120833



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: PHP Multiple vulnerabilities
  13th, November, 2005

PHP suffers from multiple issues, resulting in security functions
bypass, local Denial of service, cross-site scripting or PHP
variables overwrite.

http://www.linuxsecurity.com/content/view/120797


* Gentoo: Lynx Arbitrary command execution
  13th, November, 2005

Lynx is vulnerable to an issue which allows the remote execution of
arbitrary commands.

http://www.linuxsecurity.com/content/view/120798


* Gentoo: RAR Format string and buffer overflow vulnerabilities
  13th, November, 2005

RAR contains a format string error and a buffer overflow
vulnerability that may be used to execute arbitrary code.

http://www.linuxsecurity.com/content/view/120799


* Gentoo: linux-ftpd-ssl Remote buffer overflow
  13th, November, 2005

A buffer overflow vulnerability has been found, allowing a remote
attacker to execute arbitrary code with escalated privileges on the
local system.

http://www.linuxsecurity.com/content/view/120800


* Gentoo: Scorched 3D Multiple vulnerabilities
  15th, November, 2005

Multiple vulnerabilities in Scorched 3D allow a remote attacker to
deny service or execute arbitrary code on game servers.

http://www.linuxsecurity.com/content/view/120814


* Gentoo: Sylpheed, Sylpheed-Claws Buffer overflow in LDIF
  15th, November, 2005

Sylpheed and Sylpheed-Claws contain a buffer overflow vulnerability
which may lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120815


* Gentoo: GTK+ 2, GdkPixbuf Multiple XPM decoding vulnerabilities
  16th, November, 2005

The GdkPixbuf library, that is also included in GTK+ 2, contains
vulnerabilities that could lead to a Denial of Service or the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120827



+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated lynx packages fix critical vulnerability
  12th, November, 2005

An arbitrary command execution vulnerability was discovered in the
lynx "lynxcgi:" URI handler.  An attacker could create a web page
that redirects to a malicious URL which could then execute arbitrary
code as the user running lynx. The updated packages have been patched
to address this issue.

http://www.linuxsecurity.com/content/view/120796


* Mandriva: Updated egroupware packages to address phpldapadmin,
phpsysinfo vulnerabilities
  16th, November, 2005

The updated packages have new versions of these subsystems to correct
these issues.

http://www.linuxsecurity.com/content/view/120829


* Mandriva: Updated php packages fix multiple vulnerabilities
  17th, November, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120832


* Mandriva: Updated autofs packages fix problem with LDAP
  16th, November, 2005

A problem with how autofs was linked with the LDAP libraries would
cause autofs to segfault on startup. The updated package has been
fixed to correct this problem.

http://www.linuxsecurity.com/content/view/120830


* Mandriva: Updated acpid package fixes various bugs
  16th, November, 2005

A number of bugs have been fixed in this new acpid package: Correct
an error in the initscript, to look for lm_battery.sh rather than
battery.sh.

http://www.linuxsecurity.com/content/view/120831



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Critical: lynx security update
  11th, November, 2005

An updated lynx package that corrects a security flaw is now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120795


* RedHat: Low: cpio security update
  10th, November, 2005

An updated cpio package that fixes multiple issues is now available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120785


* RedHat: Low: lm_sensors security update
  10th, November, 2005

Updated lm_sensors packages that fix an insecure file issue are now
available. This update has been rated as having low security impact
by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120786


* RedHat: Moderate: php security update
  10th, November, 2005

Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 and 4. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/120787


* RedHat: Moderate: php security update
  10th, November, 2005

Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 2.1 This update has been rated
as having moderate security impact by the Red Hat Security Response
Team.

http://www.linuxsecurity.com/content/view/120788


* RedHat: Important: gdk-pixbuf security update
  15th, November, 2005

Updated gdk-pixbuf packages that fix several security issues are now
available. This update has been rated as having important security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120817


* RedHat: Important: gtk2 security update
  15th, November, 2005

Updated gtk2 packages that fix two security issues are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120818

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Sun Nov 20 2005 - 23:04:29 PST