Linux Advisory Watch – December 13th 2002

27
By:  Benjamin
D. Thomas

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each vulnerability.

This week, advisories were released for nss_ldap, icecast, fileutils,
imp, apache, groff, html2ps, im, gtetrinet, tcpdump, tetex, perl, python,
canna, and wget.  The distributors include Caldera, Debian, Mandrake,
and Red Hat.

LinuxSecurity Feature Extras:

Network
Security Audit
“Information for the right people at right time
and from anywhere” has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.

Security:
MySQL and PHP (3 of 3)
This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following guidelines.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]


 

 

Package: nss_ldap
Date: 12-06-2002
Description: A
buffer overflow in the DNS SRV code for nss_ldap allows remote attackers
to cause a denial of service and possibly execute arbitrary code.
Vendor Alerts: Caldera:

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2002-058.0/RPMS
nss_ldap-172-5.i386.rpm
2f9e141ceaae799721272590043e524d 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2648.html

 

Package: icecast
Date: 12-10-2002
Description: Buffer
overflows in the icecast server allow remote attackers to execute arbitrary
code via a long HTTP GET request, as well as allowing denial of service
attacks.
Vendor Alerts: Caldera:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
icecast-1.3.12-1.i386.rpm
83407efa0c40a9ceac02606ae37237f2 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2653.html

 

Package: fileutils
Date: 12-10-2002
Description: A
race condition in various utilities from the GNU fileutils package may
cause a root user to delete the whole filesystem. This updates resolves
a problem in the original fix that would cause an attempt to recursively
remove a directory with trailing slashes to memory fault.
Vendor Alerts: Caldera:

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/current/RPMS
fileutils-4.1-5.i386.rpm
d01d42d41800d0b9c1d02c4fec07a79d 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2654.html

 

Package: imp
Date: 12-16-2002
Description: There
are some potential cross-site scripting (CSS) attacks in the imp and horde
programs.
Vendor Alerts: Caldera:

horde-1.2.8-1.i386.rpm
f52d7821dcbefafc220a479a34f359a7 

imp-2.2.8-1.i386.rpm
7dec82815fe2a801b40fd1cc64712f28 

ftp://ftp.caldera.com/pub/updates/OpenLinux/
3.1.1/Server/current/RPMS
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2655.html

 

Package: apache
Date: 12-06-2002
Description: Cross-site
scripting (XSS) vulnerability in the default error page of Apache when
UseCanonicalName is “Off” and support for wildcard DNS is present, allows
remote attackers to execute script as other web page visitors via the Host:
header.
Vendor Alerts: Caldera:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2641.html
 

Red Hat:

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-2659.html

 

Package: groff
Date: 12-06-2002
Description: groff
pic(1) has a buffer overrun in argument handling. The problem could be
remotely exploited depending on the lpd(8) setup.
Vendor Alerts: Caldera:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2645.html

 

 

Package: html2ps
Date: 12-06-2002
Description: The
SuSE Security Team found a vulnerability in html2ps, a HTML to PostScript
converter, that opened files based on unsanitized input insecurely. 
This problem can be exploited when html2ps is installed as filter within
lrpng and the attacker has previously gained access to the lp account.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/h/html2ps/
html2ps_1.0b3-1.2_all.deb
Size/MD5 checksum:  
146438 ee707e980052c595a6a778f65ceafa57

 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2643.html

 

Package: im
Date: 12-06-2002
Description: The
impwagent program creates a temporary directory in an insecure manner in
/tmp using predictable directory names without checking the return code
of mkdir, so it’s possible to seize a permission of the temporary directory
by local access as another user.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/i/im/im_141-18.2_all.deb
Size/MD5 checksum:  
217680 af681b5b5d149adf134471b1dcb37ad7

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2644.html

 

Package: gtetrinet
Date: 12-10-2002
Description: Steve
Kemp and James Antill found several buffer overflows in the gtetrinet (a
multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0,
which could be abused by a malicious server.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/g/gtetrinet/
gtetrinet_0.4.1-9woody1.1_i386.deb
Size/MD5 checksum:  
107954 5303aa820794aabb10e59ff06b837472

 

Debain Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2649.html

 

Package: tcpdump
Date: 12-10-2002
Description: The
BGP decoding routines for tcpdump used incorrect bounds checking when copying
data. This could be abused by introducing malicious traffic on a sniffed
network for a denial of service attack against tcpdump,

or possibly
even remote code execution.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
Size/MD5 checksum:  
169360 f303ec8777785c742a29469e49a9c63a

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2650.html

 

Package: tetex
Date: 12-11-2002
Description: If
dvips is used in a print filter, this allows a local or remote attacker
with print permission execute arbitrary code as the printer user (usually
lp).
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/t/tetex-bin/
tetex-bin_1.0.6-7.3_i386.deb
Size/MD5 checksum: 
2656066 7a84a5905bf56c67a0eaf4d4fbd12ffd

http://security.debian.org/pool/updates/main/t/
tetex-bin/tetex-dev_1.0.6-7.3_i386.deb
Size/MD5 checksum:   
63794 262135c0af64616080f10573fb2af29d

http://security.debian.org/pool/updates/main/t/
tetex-bin/tetex-lib_1.0.6-7.3_i386.deb
Size/MD5 checksum:   
33194 4a042dc080fb61834fea8bd3b5c50123

 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2652.html

 

Package: perl
Date: 12-12-2002
Description: If
dvips is used in a print filter, this allows a local or remote attacker
with print permission execute arbitrary code as the printer user (usually
lp).
Vendor Alerts: Debian:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2657.html

 

 

 

Package: python
Date: 12-9-2002
Description: A
vulnerability was discovered in python by Zack Weinberg in the way that
the execvpe() method from the os.py module uses a temporary file name. 
The file is created in an unsafe manner and execvpe() tries to

 execute
it, which can be used by a local attacker to execute arbitrary code with
the privilege of the user running the python code that is using this method.
Vendor Alerts: Mandrake:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2651.html

 

 

Package: canna
Date: 12-11-2002
Description: The
Canna server, used for Japanese character input, has two security vulnerabilities
including an exploitable buffer overrun allowing a local user to gain ‘bin’
user privileges.  Updated packages for Red Hat Linux are available.
Vendor Alerts: Red Hat:

ftp://updates.redhat.com/8.0/en/os/i386/
Canna-3.5b2-70.8.0.1.i386.rpm
72ffd082d58f626105317c7ddc224fc0 

ftp://updates.redhat.com/8.0/en/os/i386/
Canna-devel-3.5b2-70.8.0.1.i386.rpm
6539144bcf78e6cabf03df9d60b0ed9b

ftp://updates.redhat.com/8.0/en/os/i386/
Canna-libs-3.5b2-70.8.0.1.i386.rpm
8b3cebc96837ece1ddccb3cc7112b8bd 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2646.html

 

 

Package: wget
Date: 12-10-2002
Description: The
wget packages shipped with Red Hat Linux 6.2 through 8.0 contain a security
bug which, under certain circumstances, can cause local files to be written
outside the download directory.
Vendor Alerts: Red Hat:

ftp://updates.redhat.com/8.0/en/os/i386/wget-1.8.2-5.i386.rpm
efbebb343ded09fc553e5a34c75697f0 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2647.html