Thomas –
This week, advisories were released for vixie-cron, tcpdump, balsa, sendmail-wide,
ircii, mime-support, kdelibs, gkrellm, snort, ethereal, and xinetd. The
distributors include Contectiva, Debian, Mandrake, Red Hat, Slackware, SuSE,
and Turbo Linux.
LinuxSecurity Feature Extras:
Days
of the Honeynet: Attacks, Tools, Incidents – Among other benefits, running
a honeynet makes one acutely aware about “what is going on” out there. While
placing a network IDS outside one’s firewall might also provide a similar flood
of alerts, a honeypot provides a unique prospective on what will be going on
when a related server is compromised used by the intruders.Making
It Big: Large Scale Network Forensics (Part 2 of 2) – Proper methodology
for computer forensics would involve a laundry-list of actions and thought
processes that an investigator needs to consider in order to have the basics
covered.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
The Linux Advisory Watch newsletter is developed by the community
of volunteers at
and sponsored by Guardian Digital, Inc., the open
source security company.
| Package: | vixie-cron |
| Description: | The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. |
| Vendor Alerts: | Conectiva:
|
| Package: | tcpdump |
| Description: | tcpdump fails to check the boundaries of some buffers when parsing NFS traffic. A remote atacker can exploit this vulnerability to crash the tcpdump process or to potentially execute arbitrary code with the privileges of the user running it (tcpdump is usually run by the root user). This vulnerability was discovered by the tcpdump developers. |
| Vendor Alerts: | Conectiva:
Red Hat:
|
| Package: | balsa |
| Description: | An attacker who is able to control an IMAP server accessed by Balsa can exploit this vulnerability to remotely crash the client or execute arbitrary code with the privileges of the user running it. This update fixes this vulnerability. |
| Vendor Alerts: | Conectiva:
|
| Package: | sendmail-wide |
| Description: | Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable. |
| Vendor Alerts: | Debian:
|
| Package: | ircii |
| Description: | Timo Sirainen discovered several problems in ircII, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user. |
| Vendor Alerts: | Debian:
|
| Package: | mime-support |
| Description: | Colin Phipps discovered several problems in mime-support, that contains support programs for the MIME control files ‘mime.types’ and ‘mailcap’. When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap, most probably root. Additionally the program did not properly escape shell escape characters when executing a command. This is unlikely to be exploitable, though. |
| Vendor Alerts: | Debian:
|
| Package: | kdelibs |
| Description: | The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewing the file or when the browser generates a directory listing with thumbnails. |
| Vendor Alerts: | Debian:
Mandrake:
Slackware:
SuSE
|
| Package: | gkrellm |
| Description: | There are multiple vulnerabilities in gkrellm. |
| Vendor Alerts: | Debian:
|
| Package: | snort |
| Description: | The Sourcefire Vulnerability Research Team has learned of an integer overflow in the Snort stream4 preprocessor used by the Sourcefire Network Sensor product line. The Snort stream4 preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certain sequence number ranges which can lead to an integer overflow that can be expanded to a heap overflow. |
| Vendor Alerts: | Gentoo:
|
| Package: | ethereal |
| Description: | Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow. |
| Vendor Alerts: | Red Hat:
|
| Package: | xinetd |
| Description: | The xinetd has the memory leaks when the connections are refused. |
| Vendor Alerts: | TurboLinux:
|
Category:
- Security
