April 4, 2003

Linux Advisory Watch - April 4, 2003

- Benjamin D.
Thomas
-

This week advisories were released for sendmail, dietlibc, krb4, mutt, lpr,
kernel, apcupsd, samba, eterm, evolution, dhcp, openssl, vsftp, kerberos, eog,
enetbpm, and mysql.  The distributors include Caldera, Conectiva, Gentoo,
Immunix, Red Hat, SuSE, Slackware, Trustix, and Yellow Dog.
 

LinuxSecurity Feature Extras:

Making
It Big: Large Scale Network Forensics (Part 2 of 2)
-
Proper methodology
for computer forensics would involve a laundry-list of actions and thought
processes that an investigator needs to consider in order to have the basics
covered.http://www.linuxsecurity.com/feature_stories/feature_story-139.html

Making
It Big: Large Scale Network Forensics (Part 1 of 2)
- Computer
forensics have hit the big time. A previously superniche technology, forensics
have moved into the collective consciousness of IT sys. admins. and Corporate
CSOs.

 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]
 

 

 The Linux Advisory Watch newsletter is developed by the community of
volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.    

 


 
 
Package: sendmail
Date: 03-28-2003
Description:  From
CERT CA-2003-12: There is a vulnerability in sendmail that can be exploited
to cause a denial-of-service condition and could allow a remote attacker
to execute arbitrary code with the privileges of the sendmail daemon, typically
root.
Vendor Alerts: Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-016.0/RPMS/
sendmail-8.11.6-14.i386.rpm

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3109.html
 

Conectiva:

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
sendmail-8.11.6-1U60_3cl.i386.rpm

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2913.html
http://www.linuxsecurity.com/advisories/connectiva_advisory-2913.html 

Gentoo:

Gentoo Vendot
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-3088.html
 

Immunix:

Immunix Vendor
Advisory:

http://www.linuxsecurity.com/advisories/immunix_advisory-3093.html
http://www.linuxsecurity.com/advisories/immunix_advisory-3093.html 

Red Hat:

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-3097.html
http://www.linuxsecurity.com/advisories/redhat_advisory-3097.html 

SuSE:

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3095.html
 

Slackware:

Slackware Vendor
Advisory:

http://www.linuxsecurity.com/advisories/slackware_advisory-3086.html
http://www.linuxsecurity.com/advisories/slackware_advisory-3086.html 

Turbo Linux:

TurboLinux Vendor
Advisory:

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3094.html
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3094.html 

Yellow Dog:

Yellow Dog Linux:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2935.html

 
 
 

Package: dietlibc
Date: 03-28-2003
Description: eEye
Digital Security discovered an integer overflow in the xdrmem_getbytes()
function of glibc, that is also present in dietlibc, a small libc useful
especially for small and embedded systems.  This function is part of
the XDR  coder/decoder derived from Sun's RPC implementation. 
Depending upon the application, this vulnerability can cause buffer overflows
and could possibly be exploited to execute arbitray code.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/d/
dietlibc/dietlibc-dev_0.12-2.5_i386.deb
Size/MD5 checksum:  
230736 d6766661ce15e7d0bb981dd4283af35c

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3077.html
http://www.linuxsecurity.com/advisories/debian_advisory-3077.html 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-3090.html

 
 
 

Package: krb4
Date: 03-28-2003
Description: A
cryptographic weakness in version 4 of the Kerberos protocol allows an attacker
to use a chosen-plaintext attack to impersonate anyprincipal in a realm. 
Additional cryptographic weaknesses in the krb4 implementation permit the
use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized
client principals if triple-DES keys are used to key krb4 services. 
These attacks can subvert a site's entire Kerberos authentication infrastructure.
Vendor Alerts: Debian:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3078.html
http://www.linuxsecurity.com/advisories/debian_advisory-3078.html 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-3089.html

 
 

Package: mutt
Date: 03-28-2003
Description: Byrial
Jensen discovered a couple of off-by-one buffer overflow in the IMAP code
of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and
threading.  This problem could potentially allow a remote malicious
IMAP server to cause a denial of service (crash) and possibly execute arbitrary
code via a specially crafted mail folder.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/m/mutt/
mutt_1.3.28-2.2_i386.deb
Size/MD5 checksum:  1301466
aa1b5f036516de1e6ffe434c71e53ea9

http://security.debian.org/pool/updates/main/m/mutt/
mutt-utf8_1.3.28-2.2_i386.deb
Size/MD5 checksum:  
360826 b8c3485a23be019515673825eb299589

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3081.html

 
 
 

Package: lpr
Date: 03-28-2003
Description: A
buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling
system.  This problem can be exploited by a local user to gain root
privileges, even if the printer system is set up properly.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/l/
lpr-ppd/lpr-ppd_0.72-2.1_i386.deb
Size/MD5 checksum:   
87626 67ae1097288920eac71f5fc8acad5873

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3104.html

 
 
 

Package: kernel
Date: 04-3-2003
Description: The
kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace.
This hole allows local users to obtain root privileges by using ptrace to
attach to a child process that is spawned by the kernel. Remote exploitation
of this hole is not possible.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/
kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1_all.deb
Size/MD5 checksum:  
301464 691bc1a529cb6125bb04ca43d795c139

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3105.html
http://www.linuxsecurity.com/advisories/debian_advisory-3105.html 

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-3082.html
http://www.linuxsecurity.com/advisories/mandrake_advisory-3083.html

 

Package: apcupsd
Date: 04-3-2003
Description: The
controlling and management daemon apcupsd for APC's Unbreakable Power Supplies
is vulnerable to several buffer overflows and format string attacks. These
bugs can be exploited remotely by an attacker to gain root access to the
machine apcupsd is running on.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/a/apcupsd/
apcupsd_3.8.5-1.1.1_i386.deb
Size/MD5 checksum:  
879266 2cf3d527d12b8eb2a6644db08e81add4

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3110.html

 

Package: samba
Date: 04-3-2003
Description: A
buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly
code in smbd which would allow an attacker to cause smbd to overwrite arbitrary
areas of memory in its own process address space. This could allow a skilled
attacker to inject binary specific exploit code into smbd.  
Vendor Alerts: Immunix:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Immunix Vendor Advisory:
http://www.linuxsecurity.com/advisories/immunix_advisory-3092.html
http://www.linuxsecurity.com/advisories/immunix_advisory-3092.html 

Red Hat:

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-3100.html

 

Package: eterm
Date: 04-3-2003
Description: Digital
Defense Inc. released a paper detailing insecurities in various terminal
emulators, including Eterm. Many of the features supported by these programs
can be abused when untrusted data is displayed on the screen. This abuse
can be anything from garbage data being displayed to the screen or a system
compromise.
Vendor Alerts: Mandrake:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3106.html

 

Package: evolution
Date: 04-1-2003
Description: Multiple
vulnerabilities have been found in the Ximian Evolution email client. These
vulnerabilities make it possible for a carefully crafted email to crash
the program, cause general system instability through resource starvation,
and get around security measures implemented within the program.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/9/en/os/i386/
evolution-1.2.2-5.i386.rpm
bd29c1f05f08510072856f0b9fcbf858 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3096.html

 

Package: dhcp
Date: 04-1-2003
Description: A
potential remote denial of service attack affects version 3 of the ISC 
DHCPD server.  This advisory provides fixed packages for Red Hat Linux
8.0.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3098.html

 

Package: openssl
Date: 04-1-2003
Description: Updated
OpenSSL packages are available that fix a potential timing-based attack
and a modified Bleichenbacher attack.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3099.html

 

Package: vsftp
Date: 04-1-2003
Description: In
Red Hat Linux 9, the vsftpd FTP daemon switched from being run by xinetd
to being run as a standalone service. In doing so, it was accidentally not
compiled against tcp_wrappers.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/9/en/os/i386/
vsftpd-1.1.3-8.i386.rpm
d2e807f808c45407f08528f50d29933b 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3101.html

 
 

Package: kerberos
Date: 04-2-2003
Description: Vulnerabilities
have been found in the Kerberos IV authentication protocol which allow an
attacker with knowledge of a cross-realm key, which is shared with another
realm, to impersonate any principal in that realm to any service in that
realm. This vulnerability can only be closed by disabling cross-realm authentication
in Kerberos IV (CAN-2003-0138). 
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3102.html

 

Package: eog
Date: 04-2-2003
Description: A
vulnerability was found in EOG version 2.2.0 and earlier.  A carefully
crafted filename passed to the program could lead to the execution of arbitrary
code.  An attacker could exploit this because various  ackages
(Mutt, for example) make use of EOG for image viewing.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3107.html

 

Package: enetpbm
Date: 04-2-2003
Description: One
way that an attacker could exploit these vulnerabilities would be to submit
a carefully crafted image to be printed, as the LPRng print spooler used
by default in Red Hat Linux releases uses netpb utilities to parse various
types of image files.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3108.html

 

Package: mysql
Date: 04-2-2003
Description: This
vulnerability is a configuration file being overwritten by using the "SELECT
* INFO OUTFILE".
Vendor Alerts: Turbo Linux:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3103.html

Category:

  • Security
Click Here!