August 13, 2004

Linux Advisory Watch - August 13, 2004

Author: Dave Wreski

This week, advisories were released for Apache, Cfengine, Courier, Ethereal, Gaim, glibc, gnome-vfs, gv, imagemagick, kernel, libpng, libpng10, Mozilla, MPlayer, Nessus, Opera, PuTTY, Roundup, sox, SpamAssassin, squirrelmail, and shorewall.  The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Openwall, Red Hat, Slackware, Suse, Trustix, and Turbolinux.Root Security

Keeping the superuser account secure should be a top priority for any system. The most sought-after account on your machine is the superuser account. This account has authority over the entire machine, which may also include
authority over other machines on the network. Remember that you should
only use the root account for very short specific tasks and should
mostly run as a normal user. Running as root all the time is a very,
very, very bad idea.

Several tricks
to avoid messing up your own box as root:

  • When doing some complex command, try running it first in a non destructive way...especially commands that use globbing: e.g., you are
    going to do a rm foo*.bak, instead, first do: ls foo*.bak and make sure you are going to delete the files you think you are. Using echo in
    place of destructive commands also works.
  • Provide your
    users with a default alias to the /bin/rm command to ask
    for confirmation for deletion of files.
  • Only become
    root to do single specific tasks. If you find yourself trying to figure out how to do something, go back to a normal user shell until you are sure what needs to be done by root.
  • The command
    path for the root user is very important. The command
    path, or the PATH environment variable, defines the location the shell
    searches for programs. Try and limit the command path for the root user
    as much as possible, and never use '.', meaning 'the current
    directory', in your PATH statement. Additionally, never have
    writable directories in your search path, as this can allow attackers
    to modify or place new binaries in your search path, allowing them to
    run as root the next time you run that command.
  • Never use the
    rlogin/rsh/rexec (called the "r-utilities") suite of
    tools as root. They are subject to many sorts of attacks, and are
    downright dangerous run as root. Never create a .rhosts file for root.
  • The
    /etc/securetty file contains a list of terminals that root can
    login from. By default (on Red Hat Linux) this is set to only the local
    virtual consoles (vtys). Be very careful of adding anything else to
    this file. You should be able to login remotely as your regular user
    account and then use su if you need to (hopefully over ssh or other
    encrypted channel), so there is no need to be able to login directly as
  • Always be slow
    and deliberate running as root. Your actions could
    affect a lot of things. Think before you type!

Security Tip
Written by Dave Wreski (
Additional tips
are available at the following URL:

Feature Extras:

Interview with Gary McGraw, Co-author of Exploiting Software: How to
Break Code
- Gary McGraw is perhaps best known for his
work on securing software, having co-authored the classic Building
Secure Software (Addison-Wesley, 2002). More recently, he has
co-written with Greg Hoglund a companion volume, Exploiting Software,
which details software security from the vantage point of the other
side, the attacker. He has graciously agreed to share some of his
insights with all of us at

Expert Dave Wreski Discusses Open Source Security
- Dave Wreski, CEO of
Guardian Digital, Inc. and respected author of various hardened
security and Linux publications, talks about how Guardian Digital is
changing the face of IT security today. Guardian Digital is perhaps
best known for their hardened Linux solution EnGarde Secure Linux,
touted as the premier secure, open-source platform for its
comprehensive array of general purpose services, such as web, FTP,
email, DNS, IDS, routing, VPN, firewalling, and much more.

[ Linux
Advisory Watch
] - [ Linux Security Week
] - [ PacketStorm
] - [ Linux
Security Documentation

Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each

Distribution: Conectiva
  8/11/2004 libpng
    Multiple vulnerabilities

Chris Evans found several vulnerabilities in unpatched libpng versions
pior to 1.0.16rc1 and 1.2.6rc1

  8/11/2004 apache
    Format string

Ralf S. Engelschall found[1] a dangerous call[2] to ssl_log function in
ssl_engine_log.c that could allow remote attackers to execute arbitrary

  8/13/2004 squirrelmail
    Multiple vulnerabilities

This patch addresses four vulnerabilities in SquirrelMail, including
XSS and SQL injection attacks.

Distribution: Debian
  8/11/2004 squirrelmail
    Multiple vulnerabilities

This patch addresses multiple Cross Site Scripting and SQL Injection

  8/11/2004 libpng
    Multiple vulnerabilities

This patch addresses a large number of vulnerabilities in libpng.

Distribution: Fedora
  8/11/2004 kernel
    Multiple vulnerabilities

This update kernel for Fedora Core 2 contains the security fixes as
found by Paul Starzetz from

  8/11/2004 libpng10
    Multiple vulnerabilities

Multiple libpng vulnerabilities are backpatched to the old 1.0.x libpng

  8/11/2004 libpng
    Multiple vulnerabilities

This patch fixes numerous buffer overflow and pointer dereference
vulnerabilities that a security audit turned up in libpng 1.2.x

  8/11/2004 kernel
    Unsafe pointer

A local unprivileged user could make use of these flaws to access large
portions of kernel memory.

Distribution: Gentoo
  8/11/2004 MPlayer
    Buffer overflow

When compiled with GUI support MPlayer is vulnerable to a remotely
exploitable buffer overflow attack.

  8/11/2004 Courier
    Cross-site scripting

The SqWebMail web application, included in the Courier suite, is
vulnerable to cross-site scripting attacks.

  8/11/2004 libpng
    Multiple vulnerabilities

libpng contains numerous vulnerabilities potentially allowing an
attacker to perform a Denial of Service attack or even execute
arbitrary code.

  8/11/2004 PuTTY
    Buffer overflow

PuTTY contains a vulnerability allowing a SSH server to execute
arbitrary code on the connecting client.

  8/11/2004 Opera
    Multiple vulnerabilities

Several new vulnerabilities were found and fixed in Opera, including
one allowing an attacker to read the local filesystem remotely.

  8/11/2004 SpamAssassin
    Denial of service

SpamAssassin is vulnerable to a Denial of Service attack when handling
certain malformed messages.

  8/11/2004 Horde-IMP
Input validation
    Denial of service

Horde-IMP fails to properly sanitize email messages that contain
malicious HTML or script code so that it is not safe for users of
Internet Explorer when using the inline MIME viewer for HTML messages.

  8/11/2004 Cfengine
    Heap corruption

Cfengine is vulnerable to a remote root exploit from clients in

  8/13/2004 Roundup
    Filesystem access

Roundup will make files owned by the user that it's running as
accessable to a remote attacker.

  8/13/2004 gv
    Buffer overflow

gv contains an exploitable buffer overflow that allows an attacker to
execute arbitrary code.

  8/13/2004 Nessus
    Race condition

Nessus contains a vulnerability allowing a user to perform a privilege
escalation attack using "adduser".

  8/13/2004 Gaim
    Buffer overflow

Gaim contains a remotely exploitable buffer overflow vulnerability in
the MSN-protocol parsing code that may allow remote execution of
arbitrary code.

  8/13/2004 kdebase,kdelibs
    Buffer overflow

KDE contains three security issues that can allow an attacker to
compromise system accounts, cause a Denial of Service, or spoof
websites via frame injection.

Distribution: Mandrake
  8/11/2004 libpng
    Buffer overflow

Chris Evans discovered numerous vulnerabilities in the libpng graphics

  8/11/2004 shorewall
    Insecure temporary file

The shorewall package has a vulnerability when creating temporary files
and directories, which could allow non-root users to overwrite
arbitrary files on the system.

  8/13/2004 gaim
    Buffer overflow

Sebastian Krahmer discovered two remotely exploitable buffer overflow
vunerabilities in the gaim instant messenger.

  8/13/2004 mozilla
    Multiple vulnerabilities

A large number of Mozilla vulnerabilites is addressed by this update.

Distribution: Openwall
  8/11/2004 kernel
    Multiple vulnerabilities

his corrects the access control check in the Linux kernel which
previously wrongly allowed any local user to change the group ownership
of arbitrary NFS-exported/imported files.

Distribution: Red
  8/11/2004 kernel
    Multiple vulnerabilities

Updated kernel packages that fix potential information leaks and a
incorrect driver permission for Red Hat Enterprise Linux 2.1 are now

  8/11/2004 kernel
    Multiple vulnerabilities

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

  8/11/2004 libpng
    Buffer overflow

An attacker could create a carefully crafted PNG file in such a way
that it would cause an application linked with libpng to execute
arbitrary code when the file was opened by a victim.

  8/11/2004 GNOME
    VFS Multiple

An attacker who is able to influence a user to open a specially-crafted
URI using gnome-vfs could perform actions as that user.

  8/11/2004 glibc
    Multiple vulnerabilities

Updated glibc packages that fix a security flaw in the resolver as well
as dlclose handling are now available.

  8/11/2004 mozilla
    Multiple vulnerabilities

Updated mozilla packages based on version 1.4.3 that fix a number of
security issues for Red Hat Enterprise Linux are now available.

  8/11/2004 Ethereal
    Multiple vulnerabilities

Updated Ethereal packages that fix various security vulnerabilities are
now available.

Distribution: Slackware
  8/11/2004 libpng
    Buffer overflow

Exploitation could cause program crashes, or possibly allow arbitrary
code embedded in a malicious PNG image to execute.

  8/11/2004 mozilla
    Multiple vulnerabilities

This is a full upgrade of Mozilla, put in place to remove security
vulnerabilities whose fixes were not backported.

  8/11/2004 imagemagick
    Buffer overflow

This imagemagick patch fixes issues with PNG images.

  8/11/2004 sox
    Buffer overflow

Fixes buffer overflow security issues that could allow a malicious WAV
file to execute arbitrary code.

Distribution: Suse
  8/6/2004 libpng
    Multiple vulnerabilities

Several different security vulnerabilities were found in the PNG
library which is used by applications to support the PNG image format.

  8/11/2004 kernel
    Multiple vulnerabilities

This patch fixes a large number of kernel vulnerabilities, including a
recently discovered race condition that can be exploited for access to
kernel memeory.

  8/12/2004 gaim
    Buffer overflow

Remote attackers can execute arbitrary code as the user running the
gaim client.

Distribution: Trustix
  8/6/2004 libpng
    Multiple vulnerabilities

This is a roundup patch that fixes all known vulnerabilites with
respect to libpng.

  8/11/2004 kernel
    Multiple vulnerabilities

This roundup patch fixes a large number of kernel vulnerabilites.

Distribution: Turbolinux
  8/11/2004 libpng
    Multiple vulnerabilities

Multiple buffer overflows and a potential NULL pointer dereference in
libpng allow remote attackers to execute arbitrary code via malformed
PNG images.

Click Here!