[ISN] Linux Advisory Watch - March 24th 2006

From: InfoSec News (isn@private)
Date: Mon Mar 27 2006 - 01:20:02 PST


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  March 24th, 2006                           Volume 7, Number 13n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave@private    |
|                   Benjamin D. Thomas      ben@private     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week advisories were released for xpvm, vlc, xine-lib, wzdftpd,
drupal, kpdf, libmail-audit-perl, ilohamail, kernel-patch-vserver,
unzip, snmptrapfmt, firebird2, sendmail, evolution, kernel, xorg,
avahi, beagle, curl, php-pear, xterm, scim-anthy, tzdata, logwatch,
shadow-utils, cpio, libsepol, bind, Freeciv, zoo, bypass, rshd,
metamail, cube, squirrelmail, flex, gnupg, pngcrush, libcurl,
cairo, flash-player, and realplayer.  The distributors include
Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE.

---

EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi

---

Linux Command Reference Manual: Linux File Structure
By: Suhas Desai

In the Linux file structure files are grouped according to purpose.
Ex: commands, data files, documentation. Parts of a Unix directory
tree are listed below. All directories are grouped under the root
entry "/". That part of the directory tree is left out of the below
diagram. See the FSSTND standard(Filesystem standard).

 root - The home directory for the root user
 home - Contains the user's home directories along with directories
 for services

   ftp
   HTTP
   samba

 bin - Commands needed during bootup that might be needed by
 normal users

 sbin - Like bin but commands are not intended for normal users.


Commands run by LINUX:
----------------------

 proc - This filesystem is not on a disk. It is a virtual filesystem
 that exists in the kernels imagination, which is memory.

 usr - Contains all commands, libraries, man pages, games and static
 files for normal operation

 bin - Almost all user commands. some commands are in /bin or
 /usr/local/bin.

 sbin - System admin commands not needed on the root filesystem.
 e.g., most server programs.

 include - Header files for the C programming language. Should be
 below /user/lib for consistency.

 lib - Unchanging data files for programs and subsystems

 local - The place for locally installed software and other files.

  man - Manual pages

 info - Info documents

 doc - Documentation

 tmp

 X11R6 - The X windows system files. There is a directory similar to
 sr below this directory.

 X386 - Like X11R6 but for X11 release 5

 boot - Files used by the bootstrap loader, LILO. Kernel images are
 often kept here.

 lib - Shared libraries needed by the programs on the root filesystem

 modules - Loadable kernel modules, especially those needed to boot
 the system after disasters.

 dev - Device files

 etc - Configuration files specific to the machine.

 sysconfig - Files that configure the linux system for devices.

 var - Contains files that change for mail, news, printers log files, man
 pages, temp files

 lib - Files that change while the system is running normally

 local - Variable data for programs installed in /usr/local.

 lock - Lock files. Used by a program to indicate it is using a
 particular device or file

 log - Log files from programs such as login and syslog which logs
 all logins and logouts.

 run - Files that contain information about the system that is valid
 until the system is next booted.

 spool - Directories for mail, printer spools, news and other
 spooled work.

 tmp - Temporary files that are large or need to exist for longer
 than they should in /tmp.

 mnt - Mount points for temporary mounts by the system administrator.

 tmp - Temporary files. Programs running after bootup should use
 /var/tmp.


Read Full Paper
http://www.linuxsecurity.com/images/stories/commandref.pdf

----------------------

EnGarde Secure Community 3.0.4 Released

Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.4 (Version 3.0, Release 4). This release
includes several bug fixes and feature enhancements to the Guardian
Digital WebTool and the SELinux policy, and several new packages
available for installation.

http://www.linuxsecurity.com/content/view/121560/65/

---

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New xpvm packages fix insecure temporary file
  16th, March, 2006

Eric Romang discoverd that xpvm, a graphical console and monitor for
PVM, creates a temporary file that allows local attackers to create
or overwrite arbitrary files with the privileges of the user running
xpvm.

http://www.linuxsecurity.com/content/view/121949


* Debian: New vlc packages fix arbitrary code execution
  16th, March, 2006

Simon Kilvington discovered that specially crafted PNG images can
trigger a heap overflow in libavcodec, the multimedia library of
ffmpeg, which may lead to the execution of arbitrary code. The vlc
media player links statically against libavcodec.

http://www.linuxsecurity.com/content/view/121951


* Debian: New xine-lib packages fix arbitrary code execution
  16th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121957


* Debian: New wzdftpd packages fix arbitrary shell command execution
  16th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121959


* Debian: New drupal packages fix several vulnerabilities
  17th, March, 2006

The Drupal Security Team discovered several vulnerabilities in
Drupal, a fully-featured content management and discussion engine.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2006-1225,CVE-2006-1226,CVE-2006-1227,CVE-2006-1228

http://www.linuxsecurity.com/content/view/121964


* Debian: New kpdf packages fix arbitrary code execution
  17th, March, 2006

Marcelo Ricardo Leitner noticed that the current patch in DSA 932
(CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all
buffer overflows, still allowing an attacker to execute arbitrary
code.

http://www.linuxsecurity.com/content/view/121966


* Debian: New libmail-audit-perl packages fix insecure temporary file
use
  20th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121981


* Debian: New crossfire packages fix arbitrary code execution
  20th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121982


* Debian: New ilohamail packages fix cross-site scripting
vulnerabilities
  20th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121983


* Debian: New kernel-patch-vserver packages fix root exploit
  21st, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122004


* Debian: New unzip packages fix arbitrary code execution
  21st, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122005


* Debian: New snmptrapfmt packages fix insecure temporary file
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122031


* Debian: New firebird2 packages fix denial of service
  23rd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122058


* Debian: New sendmail packages fix arbitrary code execution
  23rd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122059


* Debian: New evolution packages fix arbitrary code execution
  23rd, March, 2006

Several format string vulnerabilities in Evolution, a free groupware
suite, that could lead to crashes of the application or the execution
of arbitrary code.

http://www.linuxsecurity.com/content/view/122065


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.25
  16th, March, 2006

Rebuilt against the latest kernel (2.6.15-1.1833_FC4).

http://www.linuxsecurity.com/content/view/121954


* Fedora Core 5 Update: xorg-x11-server-1.0.1-9
  20th, March, 2006

Coverity scanned the X.Org source code for problems and
reported their findings to the X.Org development team. Upon
analysis, Alan Coopersmith, a member of the X.Org
development team, noticed a couple of serious security
issues in the findings.  In particular, the Xorg server can
be exploited for root privilege escalation by passing a path
to malicious modules using the -modulepath command line
argument.  Also, the Xorg server can be exploited to
overwrite any root writable file on the filesystem with the
-logfile command line argument.

http://www.linuxsecurity.com/content/view/121985


* Fedora Core 5 Update: avahi-0.6.9-8.FC5
  20th, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122003


* Fedora Core 5 Update: beagle-0.2.3-4
  21st, March, 2006

Some of the wrapper scripts (including beagle-status) looked
in the current directory for files with a specific name and
ran that instead of the binary in the path. All such cases
have been fixed in this release.

http://www.linuxsecurity.com/content/view/122022


* Fedora Core 5 Update: curl-7.15.1-3
  21st, March, 2006

This curl update fixes security vulnerability CVE-2006-1061 -
curl can overflow a heap-based memory buffer if very long
TFTP URL with valid host name is passed to curl.
This update fixes instalation problems on multilib
architectures, too.

http://www.linuxsecurity.com/content/view/122023


* Fedora Core 5 Update: sendmail-8.13.6-0.FC5.1
  22nd, March, 2006

A flaw in the handling of asynchronous signals. A remote attacker may
be able to exploit a race condition to execute arbitrary code as
root.

http://www.linuxsecurity.com/content/view/122043


* Fedora Core 4 Update: sendmail-8.13.6-0.FC4.1
  22nd, March, 2006

A flaw in the handling of asynchronous signals. A remote attacker may
be able to exploit a race condition to execute arbitrary code as
root.

http://www.linuxsecurity.com/content/view/122044


* Fedora Core 5 Update: php-pear-1.4.6-2.1
  22nd, March, 2006

This update includes the latest upstream version of the PEAR XML_RPC
package (version 1.4.5), which fixes operation of the XML_RPC server
component with PHP 5.1.2.

http://www.linuxsecurity.com/content/view/122045


* Fedora Core 4 Update: xterm-208-4.FC4
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122046


* Fedora Core 5 Update: scim-anthy-0.9.0-3.fc5
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122047


* Fedora Core 4 Update: tzdata-2006b-2.fc4
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122050


* Fedora Core 4 Update: logwatch-7.2.1-1.fc4
  22nd, March, 2006

This new version of logwatch package fixes problems with --splithosts
option and contains a lot of services updates.

http://www.linuxsecurity.com/content/view/122051


* Fedora Core 5 Update: anthy-7500-1.fc5
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122052


* Fedora Core 5 Update: shadow-utils-4.0.14-5.FC5
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122053


* Fedora Core 5 Update: cpio-2.6-14.FC5
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122054


* Fedora Core 5 Update: libsepol-1.12.1-1.fc5
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122055


* Fedora Core 5 Update: bind-9.3.2-12.FC5
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122056



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Freeciv Denial of Service
  16th, March, 2006

A memory allocation bug in Freeciv allows a remote attacker to
perform a Denial of Service attack.

http://www.linuxsecurity.com/content/view/121944


* Gentoo: zoo Buffer overflow
  16th, March, 2006

A buffer overflow in zoo may be exploited to execute arbitrary when
creating archives of specially crafted directories and files.

http://www.linuxsecurity.com/content/view/121945


* Gentoo: PEAR-Auth Potential authentication bypass
  17th, March, 2006

PEAR-Auth did not correctly verify data passed to the DB and LDAP
containers, thus allowing to inject false credentials to bypass the
authentication.

http://www.linuxsecurity.com/content/view/121970


* Gentoo: Heimdal rshd privilege escalation
  17th, March, 2006

An error in the rshd daemon of Heimdal could allow authenticated
users
to elevate privileges.

http://www.linuxsecurity.com/content/view/121971


* Gentoo: Crypt:CBC: Insecure initialization vector
  17th, March, 2006

Crypt::CBC uses an insecure initialization vector, potentially
resulting in a weaker encryption.

http://www.linuxsecurity.com/content/view/121972


* Gentoo: Metamail Buffer overflow
  17th, March, 2006

A buffer overflow in Metamail could possibly be exploited to execute
arbitrary code.

http://www.linuxsecurity.com/content/view/121973


* Gentoo: Cube Multiple vulnerabilities
  21st, March, 2006

Cube is vulnerable to a buffer overflow, invalid memory access and
remote client crashes, possibly leading to a Denial of Service or
remote code execution.

http://www.linuxsecurity.com/content/view/122012


* Gentoo: SquirrelMail Cross-site scripting and IMAP command
injection
  21st, March, 2006

SquirrelMail is vulnerable to several cross-site scripting
vulnerabilities and IMAP command injection.

http://www.linuxsecurity.com/content/view/122013


* Gentoo: GNU tar Buffer overflow
  21st, March, 2006

A malicious tar archive could trigger a Buffer overflow in GNU tar,
potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122014


* Gentoo: flex Potential insecure code generation
  21st, March, 2006

flex might generate code with a buffer overflow, making applications
using such scanners vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122015


* Gentoo: GnuPG Incorrect signature verification
  21st, March, 2006

GnuPG may erroneously report a modified or unsigned message has a
valid digital signature.

http://www.linuxsecurity.com/content/view/122016


* Gentoo: PeerCast Buffer overflow
  21st, March, 2006

PeerCast is vulnerable to a buffer overflow that may lead to the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122017


* Gentoo: Pngcrush Buffer overflow
  21st, March, 2006

Pngcrush is vulnerable to a buffer overflow which could potentially
lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122018


* Gentoo: cURL/libcurl Buffer overflow in the handling
  21st, March, 2006

libcurl is affected by a buffer overflow in the handling of URLs for
the TFTP protocol, which could be exploited to compromise a user's
system.

http://www.linuxsecurity.com/content/view/122029


* Gentoo: Macromedia Flash Player Arbitrary code execution
  21st, March, 2006

Multiple vulnerabilities have been identified that allows arbitrary
code execution on a user's system via the handling of malicious SWF
files.

http://www.linuxsecurity.com/content/view/122030


* Gentoo: Sendmail Race condition in the handling of asynchronous
signals
  22nd, March, 2006

Sendmail is vulnerable to a race condition which could lead to the
execution of arbitrary code with sendmail privileges.

http://www.linuxsecurity.com/content/view/122041


* Gentoo: PHP Format string and XSS vulnerabilities
  22nd, March, 2006

Multiple vulnerabilities in PHP allow remote attackers to inject
arbitrary HTTP headers, perform cross site scripting or in some cases
execute arbitrary code.

http://www.linuxsecurity.com/content/view/122042


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated xorg-x11 packages to address local root vuln
  20th, March, 2006

Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which
allows non-root users to use the -modulepath, -logfile and -configure
 options. This allows loading of arbitrary modules which will execute
as  the root user, as well as a local DoS by overwriting system
files. Updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/122001


* Mandriva: Updated cairo packages to address Evolution DoS
vulnerability
  20th, March, 2006

GNOME Evolution allows remote attackers to cause a denial of service
(persistent client crash) via an attached text file that contains
"Content-Disposition: inline" in the header, and a very long line in
the body, which causes the client to repeatedly crash until the
e-mail message is manually removed, possibly due to a buffer
overflow, as demonstrated using an XML attachment.

http://www.linuxsecurity.com/content/view/122002


* Mandriva: Updated sendmail packages fix remote vulnerability
  22nd, March, 2006

A race condition was reported in sendmail in how it handles
asynchronous signals.  This could allow a remote attacker to be able
to execute arbitrary code with the privileges of the user running
sendmail.

http://www.linuxsecurity.com/content/view/122048


* Mandriva: Updated kernel packages fix multiple vulnerabilities
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122049


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Critical: sendmail security update
  22nd, March, 2006

Updated sendmail packages to fix a security issue are now available
for Red Hat Enterprise Linux 3 and 4. This update has been rated as
having critical security impact by the Red Hat Security Response
Team.

http://www.linuxsecurity.com/content/view/122035


* RedHat: Critical: sendmail security update
  22nd, March, 2006

Updated sendmail packages to fix a security issue are now available
for Red Hat Enterprise Linux 2.1. This update has been rated as having
critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122036


* RedHat: Critical: RealPlayer security update
  23rd, March, 2006

An updated RealPlayer package that fixes a buffer overflow bug is now
available for Red Hat Enterprise Linux Extras 3 and 4. This update
has been rated as having critical security impact by the Red Hat
Security Response Team.

http://www.linuxsecurity.com/content/view/122057


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: flash-player buffer overflow
  21st, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122006


* SuSE: xorg-x11-server local privilege
  21st, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122007


* SuSE: sendmail remote code execution
  22nd, March, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122037


* SuSE: RealPlayer security problems
  23rd, March, 2006

This update fixes the following security problems in Realplayer:
CVE-2006-0323, CVE-2005-2922.

http://www.linuxsecurity.com/content/view/122060





------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Mon Mar 27 2006 - 01:43:00 PST