Linux Advisory Watch – February 13, 2004


Author: Benjamin D. Thomas

This week, advisories were released
for vim, gaim, mailman, cgiemail, PHP, XFree86, monkeyd, gallery, mutt, netpbm,
kernel, IPv6, and NetPBM. The distributors include Conectiva, Debian, Gentoo,
Mandrake, OpenBSD, and Red Hat.

On February 9th, Guardian
Digital launched the latest version of EnGarde Secure Linux for the community.
It is the result of many hours of hard work and dedication. The purpose of the
ESL project is to bring the most secure and easy to use server operating system
to the community. Many of you are probably already familiar with EnGarde Secure
Professional. It is the enterprise-level cousin to the EnGarde Secure Linux
project, just like the relationship between Red Hat Enterprise and Fedora.

The latest version of EnGarde Secure
Linux is freely available and contains many desirable features. First, users
can take advantage of ESL’s easy-to-use and secure Web-based management system.
Core services such as Web, DNS and mail can be setup in a matter of minutes.
Rather than depending on intuition, one can have assurance that the system is
configured in the most secure way.

In addition, ESL includes a complete
backup and recovery system, rock-solid access control mechanisms, cryptography
tools, a hardened kernel, firewalling capabilities, and tools for extended system

EnGarde Secure Linux is perfect
for those wishing to setup a Web server on a DSL connection. An EnGarde system
can act as a firewall, gateway, intrusion detection system, and requires very
little system resources. ESL is intended for those wishing to gain a better
understanding of system security, while maintaining complete control. Also,
ESL is the perfect stepping stone for those wishing to use EnGarde Secure Professional
in an enterprise environment.

With EnGarde Secure Linux, it is
possible to subscribe to the Guardian Digital Secure Network. This service is
beneficial if you not not have time install security updates by hand.

ESL’s improved alerting and reporting
capabilities will make any administrator sleep better at night. Having assurance
that the system is properly defending itself and reporting any such attempts
is valuable.

If you haven’t given EnGarde Secure
Linux a try, now is the time! It is available at the project’s Website:

Until next time, cheers!
Benjamin D. Thomas

Feature Extras:

to Netwox and Interview with Creator Laurent Constantin

– In this article Duane Dunston gives a brief introduction to Netwox, a combination
of over 130 network auditing tools. Also, Duane interviews Laurent Constantin,
the creator of Netwox.

Linux Security Effectively in 2004

– This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.

OSVDB – An Independent and Open Source Vulnerability Database

– This article outlines the origins, purpose, and future of the Open Source
Vulnerability Database project. Also, we talk to with Tyler Owen, a major

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
] – [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe

Distribution: Conectiva
  2/11/2004 vim
execution vulnerability

vim can be exploited to execute arbitrary commands when the user opens a
text file specially crafted by an attacker.

  2/11/2004 gaim

A remote attacker can use specially crafted network packets to execute arbitrary
code as the running user.

Distribution: Debian:
gaim Debian
  2/6/2004 ‘gaim’

Stefan Esser discovered several security related problems in Gaim, a multi-protocol
instant messaging client.

Distribution: Debian:
mpg123 Debian
  2/6/2004 ‘mpg123’
heap overflow

A vulnerability was discovered in mpg123, a command-line mp3 player, whereby
a response from a remote HTTP server could overflow a buffer allocated on
the heap, potentially permitting execution of arbitrary code with the privileges
of the user invoking mpg123.

Distribution: Debian
  2/9/2004 mailman

The cross-site scripting vulnerabilities could allow an attacker to perform
administrative operations without authorization, by stealing a session cookie.

  2/12/2004 cgiemail
    Open mail

Previous versions could be used to send email to arbitrary addresses, which
is exploited by spammers.

Distribution: Gentoo
  2/9/2004 PHP
globals vulnerability

Depending on the server and site, an attacker may be able to exploit global
variables to gain access to reserved areas.

  2/11/2004 XFree86
overflow vulnerability

Exploitation allows local attackers to gain root privileges.

  2/11/2004 monkeyd
of service vulnerability

A bug allows for a Denial of Service attack to be launched against the webserver.

  2/11/2004 gallery
    PHP injection

A crafted URL can overwrite $HTTP_POST_VARS.

Distribution: Mandrake
  2/12/2004 mutt
of service vulnerability

A carefully crafted mail message can cause mutt to segfault and possibly
execute arbitrary code as the user running mutt.

  2/12/2004 netpbm
file vulnerabilities

These could allow a local user the ability to overwrite or create files
as a different user.

Distribution: OpenBSD
  2/9/2004 kernel
memory violation

A reference counting bug in the shmat(2) system call could be used to write
to kernel memory under certain circumstances.

  2/9/2004 IPv6
of service vulnerability

This bug can be exploited to lock up the network stack if reachable via

Distribution: Red
Hat: netpbm Red Hat
  2/6/2004 ‘netpbm’
temporary file vulnerabilities
of service vulnerability

A number of temporary file bugs have been found in versions of NetPBM. These
could allow a local user the ability to overwrite or create files as a different
user who happens to run one of the the vulnerable utilities.

Distribution: Red
  2/9/2004 NetPBM
file vulnerabilities

These could allow a local user the ability to overwrite or create files
as the user running one of these utilities.

  2/9/2004 gaim

If Gaim uses an HTTP proxy for connecting to a server, it could run arbitrary
code as the running user.

  2/11/2004 mutt
      2/11/2004 mutt
of service vulnerability

New mutt packages that fix a remotely-triggerable crash in the menu drawing
code are now available.