April 16, 2004

Linux Advisory Watch - April 16, 2004

Author: Benjamin D. Thomas

This week, advisories were
released for apache, the Linux kernel, mysql, xonix, ssmtp, openoffice, squid,
cvs, Heimdal, iproute, pwlib, scorched, tcpdump, cadaver, and mailman. The distributors
include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.

Professional Associations

Those of you who have been in the IT industry for years are probably already familiar with most professional organizations. Some of the more popular include ISSA (Information Systems Security Association), USENIX/SAGE, ACM, IAPSC, and countless others. Most organizations require it's members to pay dues, but that is not without value. Because there are so many different organizations, it is a better idea to pick one or two and get heavily involved. Many organizations are worldwide, but have local chapters. This provides many opportunities for benefit.

Did you ever wish you knew the right people? Local chapter meetings are great for professional networking. Some organizations have quarterly meetings, others hold them monthly. Chapter events are a great opportunity to meet people that have similar interests and needs. If you are in search for a specific security solution, often you will find someone at a meeting who can offer it. Conversely, if you're a business owner and wish to extend your services, meetings can be helpful.

Organizations such as the ISSA offer educational benefits. Usually meetings include a lecture that is centered around an information security topic. Other meetings can include practical demonstrations and round-table discussions. Also, ad hoc study groups are often formed to prepare for certification exams.

Do you need additional credentials on your resume/cv? Do you wish you could prove to management that you are ready for a leadership position? Professional organizations also offer its members the chance to lead. Positions such as chapter president, vice president, secretary, etc. open for election each year. Although time consuming, it can be a worthwhile commitment.

Finally, most professional organizations have monthly/quarterly journals that are written by members. Rather than being subject to corporate pressures, you'll find the articles in these journals are of high quality and relatively unbiased. Usually you can also find archives of past papers/publications on each organization's Web site.

For more information about some of the professional organizations that I've mentioned, please see the following Web sites:

Information Systems Security Association

Association for Computing Machinery


International Association of Professional Security Consultants


Until next time, cheers!
Benjamin D. Thomas


LinuxSecurity Feature Extras:

Next Generation Internet Defense & Detection System - Guardian Digital has announced the first fully open source system designed to provide both intrusion detection and prevention functions. Guardian Digital Internet Defense & Detection System (IDDS) leverages best-in-class open source applications to protect networks and hosts using a unique multi-layered approach coupled with the security expertise and ongoing security vigilance provided by Guardian Digital.

Interview with Siem Korteweg: System Configuration Collector - In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments.

Security: MySQL and PHP - This is the second installation of a 3 part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a MySQL server to the basic level, one has to abide by the following guidelines.

[ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]


Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.

[ Subscribe ]

Distribution: Conectiva
  4/12/2004 'mod_python' DoS

This update fixes a remote denial of service vulnerabiliy in Apache web-servers which have mod_python enabled.
Conectiva advisory 4216

  4/13/2004 'squid' ACL bypass vulnerability

This update fixes a vulnerability that allows a malicious user to bypass url_regex ACLs by using a specially crafted URL.
Conectiva advisory 4217

  4/14/2004 apache
    Multiple vulnerabilities

Patch corrects non-filtered escape sequences and a DoS attack.

Conectiva advisory 4219

Distribution: Debian
  4/14/2004 kernel
    Multiple vulnerabilities

This is three advisories in one, each for the same group of kernel 2.4.x vulnerabilities. The first is for the PA-RISC architecture, the second for the IA-64 architecture, and the third for the PowerPC/apus and S/390 architectures.

Debian advisory 4229

  4/14/2004 mysql
    Insecure temporary file vulnerabilities

Two scripts contained in the package don't create temporary files in a secure fashion, which could lead to a root exploit.
Debian advisory 4230

  4/15/2004 kernel
    2.4.18 Multiple vulnerabilities

Here is a patch release specifically for kernel 2.4.18 on the i386 architecture, fixing multiple kernel security issues, and fixing a build error from a previous patch to same.
Debian advisory 4231

  4/15/2004 xonix
retention vulnerability

A local attacker could exploit this vulnerability to gain gid "games".
Debian advisory 4232

  4/15/2004 ssmtp
    Format string vulnerability

These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).

Debian advisory 4233

Distribution: Fedora
  4/14/2004 kernel
    Multiple vulnerabilities

This patch fixes a variety of buffer overflow and information leak vulnerabilities.

Fedora advisory 4228

  4/15/2004 kernel

Something went wrong with the md5sums in yesterdays announcement.

Fedora advisory 4234

  4/15/2004 openoffice
format string vulnerabilities

This patch fixes vulnerabilities that may allow execution of arbitrary code, as well as other bugfixes.
Fedora advisory 4238

  4/15/2004 squid
    2.5 ACL escape vulnerability

This is a backport of an older patch which prevented crafted URLs from being able to ignore Squid's ACLs.
Fedora advisory 4239

Distribution: FreeBSD
  4/15/2004 cvs
    Chroot escape vulnerability

This patch fixes two cvs errors, one with the client and one with the server. Both allow chroot escapes.
FreeBSD advisory 4240

Distribution: Gentoo
  4/9/2004 Heimdal
    Cross-realm scripting vulnerability

Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.

Gentoo advisory 4211

  4/9/2004 iproute
    Denial of service vulnerability

The iproute package allows local users to cause a denial of service.
Gentoo advisory 4212

  4/9/2004 pwlib

Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack.
Gentoo advisory 4213

  4/9/2004 Scorched
    3D Format
string attack vulnerability

Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.
Gentoo advisory 4214

  4/15/2004 cvs
    Multiple vulnerabilities

There are two vulnerabilities in CVS; one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on
both client and server.
Gentoo advisory 4235

Distribution: Mandrake
  4/9/2004 ipsec-tools
Signature non-verification vulnerability

Racoon does not verify the RSA signature during phase one of a
using either main or aggressive mode. Only the certificate of the
is verified, the certificate is not used to verify the client's

Mandrake advisory 4215

  4/14/2004 cvs
escape vulnerability

A maliciously configured server could then create any file with
on the local user's disk.

Mandrake advisory 4226

  4/14/2004 kernel

This patch fixes a large variety of kernel bugs, including an
of filesystem related vulnerabilities.

Mandrake advisory 4227

  4/15/2004 tcpdump

Corrects out of bounds read and DoS attack.

Mandrake advisory 4236

Distribution: Red
  4/14/2004 cvs
escape vulnerability

Updated cvs packages that fix a client vulnerability that could be
by a malicious server are now available.

Red Hat advisory 4222

  4/14/2004 cadaver
format string vulnerabilities

An updated cadaver package that fixes a vulnerability in neon
by a malicious DAV server is now available.

Red Hat advisory 4223

  4/14/2004 mailman
of service vulnerability

An updated mailman package that closes a DoS vulnerability in
mailman introduced
by RHSA-2004:019 is now available.

Red Hat advisory 4224

  4/14/2004 OpenOffice
format string vulnerabilities

An attacker could create a malicious WebDAV server in such a way
as to allow
arbitrary code execution on the client.

Red Hat advisory 4225

  4/15/2004 subversion
format string vulnerabilities

An attacker could create a malicious WebDAV server in such a way
as to allow
arbitrary code execution on the client connecting via

Red Hat advisory 4237

Distribution: Suse
  4/14/2004 kernel

Two vulnerabilities, one involving symlink names and one involving
the JFS
filesystem, can both be used to gain root privileges.

SUSE advisory 4220

  4/14/2004 cvs
escape vulnerability

Patches an ability for a rogue CVS server to remotely create
arbitrary absolute-path
files with the user's permission.

SUSE advisory 4221

Click Here!