April 25, 2003

Linux Advisory Watch - April 25th, 2003

- By Benjamin D.
Thomas
-

This week, advisories were released for vixie-cron, tcpdump, balsa, sendmail-wide,
ircii, mime-support, kdelibs, gkrellm, snort, ethereal, and xinetd.  The
distributors include Contectiva, Debian, Mandrake, Red Hat, Slackware, SuSE,
and Turbo Linux.

LinuxSecurity Feature Extras:

Days
of the Honeynet: Attacks, Tools, Incidents
- Among other benefits, running
a honeynet makes one acutely aware about "what is going on" out there. While
placing a network IDS outside one's firewall might also provide a similar flood
of alerts, a honeypot provides a unique prospective on what will be going on
when a related server is compromised used by the intruders.

Making
It Big: Large Scale Network Forensics (Part 2 of 2)
-
Proper methodology
for computer forensics would involve a laundry-list of actions and thought
processes that an investigator needs to consider in order to have the basics
covered.
 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

  The Linux Advisory Watch newsletter is developed by the community
of volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.    

 

 

Package: vixie-cron
Description: The
vixie-cron package contains the Vixie version of cron. Cron is a standard
UNIX daemon that runs specified programs at scheduled times.
 
Vendor Alerts: Conectiva:
Contectiva Vendor
Advisory:

http://www.linuxsecurity.com/advisories/connectiva_advisory-3187.html

 

Package: tcpdump
Description: tcpdump
fails to check the boundaries of some buffers when parsing NFS traffic.
A remote atacker can exploit this vulnerability to crash the tcpdump process
or to potentially execute arbitrary code with the privileges of the user
running it (tcpdump is usually run by the root user). This vulnerability
was discovered by the tcpdump developers.
 
Vendor Alerts: Conectiva:
Contectiva Vendor
Advisory:

http://www.linuxsecurity.com/advisories/connectiva_advisory-3191.html
 

Red Hat:

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-3198.html

 

Package: balsa
Description: An
attacker who is able to control an IMAP server accessed by Balsa can exploit
this vulnerability to remotely crash the client or execute arbitrary code
with the privileges of the user running it. This update fixes this vulnerability. 
Vendor Alerts: Conectiva:
Contectiva Vendor
Advisory:

http://www.linuxsecurity.com/advisories/connectiva_advisory-3195.html

 

Package: sendmail-wide
Description: Michal
Zalewski discovered a buffer overflow, triggered by a char to int conversion,
in the address parsing code in sendmail, a widely used powerful, efficient,
and scalable mail transport agent.  This problem is potentially remotely
exploitable.
 
Vendor Alerts: Debian:
Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-3188.html

 

Package: ircii
Description: Timo
Sirainen discovered several problems in ircII, a popular client for Internet
Relay Chat (IRC).  A malicious server could
craft special
reply strings, triggering the client to write beyond buffer boundaries. 
This could lead to a denial of service if the
client only
crashes, but may also lead to executing of arbitrary code under the user
id of the chatting user.
Vendor Alerts: Debian:
Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-3188.html

 

Package: mime-support
Description: Colin
Phipps discovered several problems in mime-support, that contains support
programs for the MIME control files 'mime.types' and 'mailcap'. When a
temporary file is to be used it is created insecurely, allowing an attacker
to overwrite arbitrary under the user id of the person executing run-mailcap,
most probably root.  Additionally the program did not properly escape
shell escape characters when executing a command. This is unlikely to be
exploitable, though.
Vendor Alerts: Debian:
Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-3193.html
http://www.linuxsecurity.com/advisories/debian_advisory-3196.html

 

Package: kdelibs
Description: The
KDE team discoverd a vulnerability in the way KDE uses Ghostscript software
for processing of PostScript (PS) and PDF files.  An attacker could
provide a malicious PostScript or PDF file via mail or websites that could
lead to executing arbitrary commands under the privileges of the user viewing
the file or when the browser generates a directory listing with thumbnails.
Vendor Alerts: Debian:
Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-3197.html
 

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-3189.html
 

Slackware:

Slackware Vendor
Advisory:

http://www.linuxsecurity.com/advisories/slackware_advisory-3190.html
 

SuSE

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3201.html

 

Package: gkrellm
Description: There
are multiple vulnerabilities in gkrellm.
Vendor Alerts: Debian:
Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-3199.html

 

Package: snort
Description: The
Sourcefire Vulnerability Research Team has learned of an integer overflow
in the Snort stream4 preprocessor used by the Sourcefire Network Sensor
product line. The Snort stream4 preprocessor (spp_stream4) incorrectly
calculates segment size parameters during stream reassembly for certain
sequence number ranges which can lead to an integer overflow that can be
expanded to a heap overflow.
Vendor Alerts: Gentoo:
Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-3194.html

 

Package: ethereal
Description: Updated
ethereal packages are now available which fix a format string bug and a
heap-based buffer overflow.
Vendor Alerts: Red Hat:
Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-3200.html

 

Package: xinetd
Description: The
xinetd has the memory leaks when the connections are refused.
 
Vendor Alerts: TurboLinux:
Turbo Linux Vendor
Advisory:

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3202.html

Category:

  • Security
Click Here!