This week, advisories were released for vixie-cron, tcpdump, balsa, sendmail-wide,
ircii, mime-support, kdelibs, gkrellm, snort, ethereal, and xinetd. The
distributors include Contectiva, Debian, Mandrake, Red Hat, Slackware, SuSE,
and Turbo Linux.
LinuxSecurity Feature Extras:
of the Honeynet: Attacks, Tools, Incidents - Among other benefits, running
a honeynet makes one acutely aware about "what is going on" out there. While
placing a network IDS outside one's firewall might also provide a similar flood
of alerts, a honeypot provides a unique prospective on what will be going on
when a related server is compromised used by the intruders.
It Big: Large Scale Network Forensics (Part 2 of 2) - Proper methodology
for computer forensics would involve a laundry-list of actions and thought
processes that an investigator needs to consider in order to have the basics
vixie-cron package contains the Vixie version of cron. Cron is a standard
UNIX daemon that runs specified programs at scheduled times.
fails to check the boundaries of some buffers when parsing NFS traffic.
A remote atacker can exploit this vulnerability to crash the tcpdump process
or to potentially execute arbitrary code with the privileges of the user
running it (tcpdump is usually run by the root user). This vulnerability
was discovered by the tcpdump developers.
Red Hat Vendor
attacker who is able to control an IMAP server accessed by Balsa can exploit
this vulnerability to remotely crash the client or execute arbitrary code
with the privileges of the user running it. This update fixes this vulnerability.
Zalewski discovered a buffer overflow, triggered by a char to int conversion,
in the address parsing code in sendmail, a widely used powerful, efficient,
and scalable mail transport agent. This problem is potentially remotely
Sirainen discovered several problems in ircII, a popular client for Internet
Relay Chat (IRC). A malicious server could
reply strings, triggering the client to write beyond buffer boundaries.
This could lead to a denial of service if the
crashes, but may also lead to executing of arbitrary code under the user
id of the chatting user.
KDE team discoverd a vulnerability in the way KDE uses Ghostscript software
for processing of PostScript (PS) and PDF files. An attacker could
provide a malicious PostScript or PDF file via mail or websites that could
lead to executing arbitrary commands under the privileges of the user viewing
the file or when the browser generates a directory listing with thumbnails.
SuSE Vendor Advisory:
are multiple vulnerabilities in gkrellm.
Sourcefire Vulnerability Research Team has learned of an integer overflow
in the Snort stream4 preprocessor used by the Sourcefire Network Sensor
product line. The Snort stream4 preprocessor (spp_stream4) incorrectly
calculates segment size parameters during stream reassembly for certain
sequence number ranges which can lead to an integer overflow that can be
expanded to a heap overflow.
ethereal packages are now available which fix a format string bug and a
heap-based buffer overflow.
|Vendor Alerts:||Red Hat:
Red Hat Vendor
xinetd has the memory leaks when the connections are refused.
Turbo Linux Vendor