Thomas –
This week advisories were released for sendmail, dietlibc, krb4, mutt, lpr,
kernel, apcupsd, samba, eterm, evolution, dhcp, openssl, vsftp, kerberos, eog,
enetbpm, and mysql. The distributors include Caldera, Conectiva, Gentoo,
Immunix, Red Hat, SuSE, Slackware, Trustix, and Yellow Dog.
LinuxSecurity Feature Extras:
Making
It Big: Large Scale Network Forensics (Part 2 of 2) – Proper methodology
for computer forensics would involve a laundry-list of actions and thought
processes that an investigator needs to consider in order to have the basics
covered.http://www.linuxsecurity.com/feature_stories/feature_story-139.htmlMaking
It Big: Large Scale Network Forensics (Part 1 of 2) – Computer
forensics have hit the big time. A previously superniche technology, forensics
have moved into the collective consciousness of IT sys. admins. and Corporate
CSOs.
[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
The Linux Advisory Watch newsletter is developed by the community of
volunteers at
and sponsored by Guardian Digital, Inc., the open
source security company.
| Package: | dietlibc |
| Date: | 03-28-2003 |
| Description: | eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR coder/decoder derived from Sun’s RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. |
| Vendor Alerts: | Debian:
Gentoo:
|
| Package: | krb4 |
| Date: | 03-28-2003 |
| Description: | A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate anyprincipal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site’s entire Kerberos authentication infrastructure. |
| Vendor Alerts: | Debian:
Gentoo:
|
| Package: | mutt |
| Date: | 03-28-2003 |
| Description: | Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder. |
| Vendor Alerts: | Debian:
|
| Package: | lpr |
| Date: | 03-28-2003 |
| Description: | A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly. |
| Vendor Alerts: | Debian:
|
| Package: | kernel |
| Date: | 04-3-2003 |
| Description: | The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible. |
| Vendor Alerts: | Debian:
Mandrake:
|
| Package: | apcupsd |
| Date: | 04-3-2003 |
| Description: | The controlling and management daemon apcupsd for APC’s Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on. |
| Vendor Alerts: | Debian:
|
| Package: | samba |
| Date: | 04-3-2003 |
| Description: | A buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address space. This could allow a skilled attacker to inject binary specific exploit code into smbd. |
| Vendor Alerts: | Immunix:
Red Hat:
|
| Package: | eterm |
| Date: | 04-3-2003 |
| Description: | Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. |
| Vendor Alerts: | Mandrake:
|
| Package: | evolution |
| Date: | 04-1-2003 |
| Description: | Multiple vulnerabilities have been found in the Ximian Evolution email client. These vulnerabilities make it possible for a carefully crafted email to crash the program, cause general system instability through resource starvation, and get around security measures implemented within the program. |
| Vendor Alerts: | Red Hat:
|
| Package: | dhcp |
| Date: | 04-1-2003 |
| Description: | A potential remote denial of service attack affects version 3 of the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0. |
| Vendor Alerts: | Red Hat:
|
| Package: | openssl |
| Date: | 04-1-2003 |
| Description: | Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. |
| Vendor Alerts: | Red Hat:
|
| Package: | vsftp |
| Date: | 04-1-2003 |
| Description: | In Red Hat Linux 9, the vsftpd FTP daemon switched from being run by xinetd to being run as a standalone service. In doing so, it was accidentally not compiled against tcp_wrappers. |
| Vendor Alerts: | Red Hat:
|
| Package: | kerberos |
| Date: | 04-2-2003 |
| Description: | Vulnerabilities have been found in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared with another realm, to impersonate any principal in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). |
| Vendor Alerts: | Red Hat:
|
| Package: | eog |
| Date: | 04-2-2003 |
| Description: | A vulnerability was found in EOG version 2.2.0 and earlier. A carefully crafted filename passed to the program could lead to the execution of arbitrary code. An attacker could exploit this because various ackages (Mutt, for example) make use of EOG for image viewing. |
| Vendor Alerts: | Red Hat:
|
| Package: | enetpbm |
| Date: | 04-2-2003 |
| Description: | One way that an attacker could exploit these vulnerabilities would be to submit a carefully crafted image to be printed, as the LPRng print spooler used by default in Red Hat Linux releases uses netpb utilities to parse various types of image files. |
| Vendor Alerts: | Red Hat:
|
| Package: | mysql |
| Date: | 04-2-2003 |
| Description: | This vulnerability is a configuration file being overwritten by using the “SELECT * INFO OUTFILE”. |
| Vendor Alerts: | Turbo Linux:
|
Category:
- Security
