August 15, 2003

Linux Advisory Watch - August 15th 2003

- by Benjamin D. Thomas -
This week, advisories were released for lynx, zblast, perl, kernel,
signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix,
and php. The distributors include Conectiva, Debian, FreeBSD,
Gentoo, Red Hat, SuSe, Trustix, and TurboLinux.

For many, it has been an eventful week. Blaster has affected nearly every windows
users on the net. Although Iââ¬â¢m sure many Linux administrators smirked while
saying ââ¬Ånot my servers,ââ¬? an equal number had ââ¬Åto deal with it.ââ¬? Whether you
maintain Windows boxes or not, there are several lessons to be learned. First,
as most readers of this newsletter are already aware, patching is critical.
Also, incident preparation is extremely important. It is important to develop
a weekly schedule where time can be allocated for regular server maintenance.
Also, a documented set of incident procedures should be written. It is important
to have emergency contacts and system procedures documented before an incident
so that damage can be minimized.

Last week I reviewed the Oââ¬â¢Reilly book, Secure Coding: Principles & Practices. I received several emails about the book including one from David Wheeler, author of the ââ¬ÅSecure Programming for Linux and Unix HOWTO.ââ¬? Because Iââ¬â¢ve found this document helpful in the past, I thought that I should share it with you. The latest PDF version of the document is 168 pages, written in twelve chapters. It is distributed under the GNU Free Documentation License, therefore copying and distributing is perfectly legal. In the past, Iââ¬â¢ve sent previous versions of this document to friends who are full time software developers. Everyone that has read this document has been impressed.

The HOWTO includes chapters on input validation, avoiding buffer overflows, using system resources, as well as special topics include passwords, random numbers, cryptography, and authentication. The book also includes a chapter with specific information for popular languages such as C/C++, PERL, python, shell, Ada, Java, Tcl, and PHP.

This HOWTO is worth the bandwidth! Download
! It is a great addition to last weekââ¬â¢s book because it focuses
on many specific issues. If you have a problem related to secure program to
solve, this is definitely one of the first places you should check.

Until next time,
Benjamin D. Thomas


LinuxSecurity Feature

vs. Expertise: Computer Forensics and the Alternative OS
- No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

Linux Security Cookbook
- There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe


Distribution: Conectiva

 8/11/2003lynx   CRLF injection vulnerability

Ulf Harnhammar reported a CRLF injection vulnerability in lynx.
  Distribution:Debian 8/8/2003'man-db' vulnerability   CRLF injection vulnerability

The previous man-db update (DSA-364-1) introduced an error whichresulted
in a segmentation fault in the "mandb" command, which runspart of the daily
cron job. This error was caused by allocating amemory region which was one
byte too small to hold the data writteninto it.
  8/8/2003'xtokkaetama' buffer overflow   CRLF injection vulnerability

Another buffer overflow was discovered in xtokkaetama, involving the"-nickname"
command line option. This vulnerability could beexploited by a local attacker
to gain gid 'games'.
  8/8/2003'xpcd' buffer overflow   CRLF injection vulnerability

Steve Kemp discovered a buffer overflow in xpcd-svga which can betriggered
by a long HOME environment variable. This vulnerabilitycould be exploited
by a local attacker to gain root privileges.
  8/11/2003zblast   buffer overflow vulnerability

Steve Kemp discovered a buffer overflow in zblast-svgalib, when savingthe
high score file.
  8/11/2003pam-pgsql format string vulnerability   buffer overflow vulnerability

There is a vulnerability in pam-pgsql whereby theusername to be used for
authentication is used as a format string whenwriting a log message.
  8/9/2003kdelibs-crypto multiple vulnerabilities   buffer overflow vulnerability

There are multiple vulnerabilities in kdelibs.
  8/11/2003perl XSS vulnerability

A cross-site scripting vulnerability exists in the start_form()function
  8/14/2003kernel   oops

This advisory provides a correction to the previous kernel updates,which
contained an error introduced in kernel-source-2.4.18 version2.4.18-10.
  Distribution:FreeBSD 8/11/2003signal   kernel vulnerability

Some mechanisms for causing a signal to be sent did not properlyvalidate
the signal number, in some cases allowing the kernel toattempt to deliver
a negative or out-of-range signal number.
  8/11/2003iBCS2   kernel vulnerability

The iBCS2 system call translator for statfs erroneously used theuser-supplied
length parameter when copying a kernel data structureinto userland. If the
length parameter were larger than required,then instead of copying only
the statfs-related data structure,additional kernel memory would also be
made available to the user.
  8/12/2003kernel   signal vulnerability

Some mechanisms for causing a signal to be sent did not properlyvalidate
the signal number, in some cases allowing the kernel toattempt to deliver
a negative or out-of-range signal number.
  Distribution:Gentoo 8/14/2003multiple   vulnerabilities

There are multiple vulnerabilities in Gentoo Linux source tree.
  Distribution:Red Hat 8/8/2003'up2date' gpg signature verification vulnerability   vulnerabilities

up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG signatures.
These are the versions found in Red Hat Linux 8.0 and 9.
    8/11/2003ddskk   tmp file vulnerability

ddskk does not take appropriate security precautions when creatingtemporary
  8/11/2003konquerer   information disclosure vulnerability

Konqueror may inadvertently sendauthentication credentials to websites other
than the intended website inclear text via the HTTP-referer header.
  Distribution:SuSe 8/12/2003kernel   multiple vulnerabilities

There are multiple vulnerabilities in the kernel.
  Distribution:Trustix 8/8/2003'stunnel' DoS vulnerability   multiple vulnerabilities

Stunnel prior to 3.25 and 4.04 has an error in the SIGCHILD handling code
which could lead to a denial of service attack if the child processes were
terminated too fast.
  8/8/2003'postfix' DoS vulnerability   multiple vulnerabilities

This patch fixes a denial of service condition in the Postfix smtpd, qmgr,
and other programs that use the trivial-rewrite service. The problem is
triggered when an invalid address resolves to an impossible result. This
causes the affected programs to reject the result and to retry the trivial-rewrite
request indefinitely.
  Distribution:TurboLinux 8/13/2003php   XSS vulnerability

An attacker could use this vulnerability to execute embedded scripts within
the context of the generated page.



  • Security
Click Here!