April 2, 2004

Linux Advisory Watch - April 2, 2004

Author: Benjamin D. Thomas

This week, advisories were
released for mc, openssl, ethereal, libxml2, emil, Linux kernel, apache, UUDeview,
courier, oftpd, fetchmail, squid, OpenLDAP, mplayer, Mozilla, and apache. The
distributors include Conectiva, Debian, FreeBSD, Gentoo, Mandrake, Red Hat,
Trustix, and Turbolinux.

Ape about EtherApe

is always the same scene in Hollywood films. The networks are penetrated; cryptic
images and characters are scrolling across the screen. We're being hacked! Did
you ever wish you could keep a closer eye on your network? Sure we have sniffers
and other tools, but did you ever want something graphical?

I've always been a huge
fan of ntop, but feel that it lacks on graphical end. My curiosity drives the
question, what is happening on my network? Another interesting program that
I enjoy using is EtherApe. It is a network monitor that displays traffic graphically.
It supports a wide range of protocols and network types. The display is color-coded
allowing users to quickly understand the type of traffic on a network.

The project is several
years old, originally being based on etherman. It is licensed under the GPL
and is currently packaged for many different Linux distributions. The hardware
requirements are minimal, however it does require you to use X and have libcap

With EtherApe you'll find
the network monitoring has never been this fun. On an active network, one can
easily be drawn to just watching the activity. It can be a very useful tool,
but the entertainment value should not be discounted.

One of the most useful
features of EtherApe is the dynamic graphic images it creates. These can be
used to further explain concepts or attacks methodologies to business decision
makers who wouldn't normally understand the output of tcpdump.

More information about
EtherApe can be found at the project website:

Also, for those of you
who are just curious, severals screenshots are also available:

Until next time, cheers!
Benjamin D. Thomas


Feature Extras:

with Siem Korteweg: System Configuration Collector

- In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open source,
and information on future developments.


- This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

Web/DNS/Mail Securely in 5 Minutes with EnGarde
- Web, DNS, and
Mail are the building block services of the Internet. In this article, I show
how to setup a Web, DNS, and Mail server with a few clicks of the mouse using
EnGarde Secure Linux.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe

Distribution: Conectiva
  3/31/2004 mc
overflow vulnerability

Flaw allows the execution of arbitrary code.

Conectiva advisory 4183

  3/31/2004 OpenSSL
of service vulnerabilities

This update fixes three denial of service vulnerabilities that affect OpenSSL
versions distributed with Conectiva Linux.

Conectiva advisory 4184

  3/31/2004 ethereal

This patch fixes a large number of vulnerabilities, some remotely exploitable.

Conectiva advisory 4185

  3/31/2004 libxml2
overflow vulnerability

An attacker can exploit this vulnerability to execute arbitrary code with
the privileges of the user running an affected application.

Conectiva advisory 4186

Distribution: Debian
  3/26/2004 emil

Ulf Harnhammar discovered a number of vulnerabilities in emil, both various
buffer overflows and format string bugs.

Debian advisory 4157

  3/29/2004 pam-pgsql
Unchecked input vulnerability

An attacker could exploit this bug to insert SQL statements.

Debian advisory 4160

Distribution: FreeBSD
  3/29/2004 kernel
validation error

Flaw with IPv6 validation may result in memory locations being accessed
without proper validation.

Freebsd advisory 4161

Distribution: Gentoo
  3/26/2004 apache
    2.x Multiple

Vulnerabilities include code execution and denial of service.

Gentoo advisory 4156

  3/29/2004 UUDeview
overflow vulnerability

By decoding a MIME archive with excessively long strings for various parameters,
it is possible to crash UUDeview, or cause it to execute arbitrary code.

Gentoo advisory 4163

  3/29/2004 Courier
buffer overflows

Explotation of overflows may result in execution of arbitrary code.

Gentoo advisory 4164

  3/29/2004 etherial
buffer overflows

Explotation of these bugs may result in denial of service or remote execution
of arbitrary code.

Gentoo advisory 4165

  3/29/2004 oftpd
of service vulnerability

A port command with a number above 255, even unauthenticated, can crash
the oftpd server.

Gentoo advisory 4166

  3/31/2004 fetchmail
of service vulnerability

Fetchmail 6.2.5 fixes a remote DoS.

Gentoo advisory 4177

  3/31/2004 squid
control escape vulnerability

A URL can be specially crafted to automatically bypass the squid Access
Control functionality.

Gentoo advisory 4178

  3/31/2004 mc
overflow vulnerability

A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary
code to be run on a user's computer.

Gentoo advisory 4179

  3/31/2004 OpenLDAP
of service vulnerability

A failed password operation can cause the OpenLDAP slapd server, if it is
using the back-ldbm backend, to free memory that was never allocated.

Gentoo advisory 4180

  3/31/2004 mplayer
overflow vulnerability

MPlayer contains a remotely exploitable buffer overflow in the HTTP parser
that may allow attackers to run arbitrary code on a user's computer.

Gentoo advisory 4181

  3/31/2004 Monit

A denial of service and a buffer overflow vulnerability have been found
in Monit.

Gentoo advisory 4182

Distribution: Mandrake
  3/31/2004 ethereal

This update patches quite a few ethereal issues, with threats ranging from
denial of service to execution of arbitrary code.

Mandrake advisory 4175

  3/31/2004 squid
control escape vulnerability

It is possible for a remote attacker to create URLs that would not be properly
tested against squid's ACLs, and thus be automatically allowed.

Mandrake advisory 4176

Distribution: Red
  3/29/2004 squid
    ACL escape

If a Squid configuration uses Access Control Lists (ACLs), a remote attacker
could cause allowed access to crafted, prohibited URLs.

Redhat advisory 4162

  3/29/2004 Mozilla
of service vulnerability

The parsing of unexpected ASN.1 constructs within S/MIME data could cause
Mozilla to crash or consume large amounts of memory.

Redhat advisory 4167

  3/30/2004 etherial

Updated Ethereal packages that fix various security vulnerabilities are
now available.

Redhat advisory 4168

Distribution: Trustix
  3/30/2004 fcron,crontabs,stunnel,kernel,ntp
Multiple vulnerabilities

Patches now available for these packages.

Trustix advisory 4171

  3/30/2004 xinetd,dev,filesystem
Multiple vulnerabilities

Patches now available for these packages also.

Trustix advisory 4172

  3/30/2004 tcpdump,libpcap
Multiple vulnerabilities

The new upstream version of tcpdump fixes several bugs, some security related.

Trustix advisory 4173

  3/30/2004 apache

The new upstream version of apache addresses several security issues.

Trustix advisory 4174

Distribution: Turbolinux
  3/30/2004 wu-ftpd/OpenSSL
Multiple vulnerabilities

New patches fix multiple vulnerabilities in both packages.

Turbolinux advisory 4170

Click Here!