February 21, 2003

Linux Advisory Watch - February 21st, 2003

- By Benjamin D.
Thomas

Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for mod_dav, w3m, cups, php, mysql, openssl,
mailman, syslinux, nethack, bitchx, util-linux, apcupdb, pam, shadow-utils,
and imp.  The distributors include Caldera, Debian, Guardian Digital's
EnGarde Secure Linux, Gentoo, Mandrake, Red Hat, and SuSE.

LinuxSecurity Feature Extras:

Remote
Syslog with MySQL and PHP
- Msyslog has the ability to log syslog
messages to a database. This allows for easier monitoring of multiple servers
and the ability to be display and search for syslog messages using PHP
or any other programming language that can communicate with the database.by
that, too.

Review:
Mastering Network Security, Second Edition
- The introduction states
that this book is aimed at systems administrators who are not security
experts, but have some responsibility for ensuring the integrity of their
systems. That would seem to cover most sysadmins.

 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

 

The Linux Advisory Watch newsletter is developed by the community
of volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.


 

 
Package: mod_dav
Date: 02-17-2003
Description: The
Apache mod_dav module contains a format string vulnerability in the "ap_log_rerror()"
function.
Vendor Alerts: Caldera:
mod_dav-1.0.2_1.3.6-3.i386.rpm
bcb45e6cffe4b274dd2363b6880a9164 

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-007.0/RPMS
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2859.html

 

Package: w3m
Date: 02-14-2003
Description: The
w3m browser does not properly escape HTML tags in frame contents and img
alt attributes.  A malicious HTML frame or img alt attribute may deceive
a user to send his local cookies which are used for configuration. 
The information is not leaked automatically, though.
Vendor Alerts: Debian:
 

http://security.debian.org/pool/updates/
main/w/w3m/w3m_0.3-2.4_i386.deb
Size/MD5 checksum:  
536546 403d4d66e4a35b72fde1ca2648477eee

http://security.debian.org/pool/updates/
main/w/w3m/w3m-img_0.3-2.4_i386.deb
Size/MD5 checksum:   
44696 2dea9365153597340338fa6cb3d26a73

http://security.debian.org/pool/updates/
main/w/w3m-ssl/w3m-ssl_0.3-2.4_i386.deb
Size/MD5 checksum:  
378256 f678a241934a5cd884dc08a19602670a
 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2855.html

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2858.html

 

Package: cups
Date: 02-20-2003
Description: This
update corrects a library dependency for the libcupsys2 package which sneaked
in with the last security update to CUPS for the stable distribution.
Vendor Alerts: Debian:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2860.html

 

Package: php
Date: 02-19-2003
Description: A
heap-based buffer overflow vulnerability has been found in the wordwrap()
function of PHP.  This vulnerability may cause a denial of service
attack or arbitrary code execution if wordwrap() is used on untrusted input.
Vendor Alerts: EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

i386/mod_php-4.2.3-1.0.22.i386.rpm
MD5 Sum: 4fb941c9d2d96b448df72e158b1fdb92

i386/php-4.2.3-1.0.22.i386.rpm
MD5 Sum: 54b33db7d2bd6203392f7aec91c20aaf

i686/mod_php-4.2.3-1.0.22.i686.rpm
MD5 Sum: 722a305a2848f1840c92a61c204d932d

i686/php-4.2.3-1.0.22.i686.rpm
MD5 Sum: aec6f8b625f03b6fff8fa3ebd544dd67

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2870.html

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2867.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2877.html

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2863.html

 

Package: mysql
Date: 02-19-2003
Description: This
update fixes a double free() bug in the MySQL daemon that could allow an
attacker, with a specially crafted MySQL client, to crash the server. 
The attacker also requires a valid user account.
Vendor Alerts: EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

i386/MySQL-3.23.36-1.0.22.i386.rpm
MD5 Sum: 5326e9561a5fa3a4fe141f85eaf952cc

i386/MySQL-client-3.23.36-1.0.22.i386.rpm
MD5 Sum: d85c85c2e0aaddab775e616208ce81c6

i386/MySQL-shared-3.23.36-1.0.22.i386.rpm
MD5 Sum: 0226c8ee2d6d196130f730ce3fed3568

i686/MySQL-3.23.36-1.0.22.i686.rpm
MD5 Sum: 8346d78f2a51c24372e0561be75896ce

i686/MySQL-client-3.23.36-1.0.22.i686.rpm
MD5 Sum: 4a955ebf6e116a5df38653bd9f27d6cd

i686/MySQL-shared-3.23.36-1.0.22.i686.rpm
MD5 Sum: 2a5a37357c64bb067be740f95aa1b93a
 

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html

 

Package: openssl
Date: 02-20-2003
Description: In
an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay
(EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based
attack on CBC cipher suites used in SSL and TLS. OpenSSL has been found
to vulnerable to this attack.  This update fixes these vulnerabilities.
Vendor Alerts: EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

i386/openssl-0.9.6-1.0.18.i386.rpm
MD5 Sum: df7657e406732b3abc7b7b3414bf07b2

i386/openssl-misc-0.9.6-1.0.18.i386.rpm
MD5 Sum: d251465a15f7167dee9a0929af23edd9

i686/openssl-0.9.6-1.0.18.i686.rpm
MD5 Sum: 707774a9ad3d06e6596b7389745ee89e

i686/openssl-misc-0.9.6-1.0.18.i686.rpm
MD5 Sum: e09d2a7e893f12247475a8821abee3da
 

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2875.html

 

Package: mailman
Date: 02-17-2003
Description: The
email variable and the default error page in mailmain 2.1 contains cross
site scripting vulnerabilities.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2856.html

 

Package: syslinux
Date: 02-17-2003
Description: Security
flaws have been found in the SYSLINUX installer when running setuid root.
Rewrite the SYSLINUX installer so it uses mtools instead. It therefore
now requires mtools (specifically mcopy and mattrib) to exist on your system,
but it will not require root privileges and SHOULD NOT be setuid.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2857.html

 

Package: nethack
Date: 02-18-2003
Description: Overflowing
a buffer in nethack may lead to privelige escalation to games uid.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2861.html

 

Package: bitchx
Date: 02-20-2003
Description: A
denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY
numeric 353 causes BitchX to segfault.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2876.html

 

Package: util-linux
Date: 02-13-2003
Description: The
util-linux package provides the mcookie utility, a tool for  generating
random cookies that can be used for X authentication.  The util-linux
packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch
that made it use /dev/urandom instead of /dev/random, which resulted in
the mcookie being more predictable than it would otherwise be.  This
patch has been removed in these updates, giving mcookie a better source
of entropy and making the generated cookies less predictable.  Thanks
to Dirk Mueller for pointing this out.
Vendor Alerts: Mandrake:
 

http://www.mandrakesecure.net/en/ftp.php

9.0/RPMS/losetup-2.11u-1.1mdk.i586.rpm
09586a3e81b2212b8044445fc4559fc5 

9.0/RPMS/mount-2.11u-1.1mdk.i586.rpm
be9751b84f20ec4bc1ced03c4004dcb4 

9.0/RPMS/util-linux-2.11u-1.1mdk.i586.rpm
613661ae3c324580e653330814f74756 
 

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2854.html

 

Package: apcupsd
Date: 02-13-2003
Description: A
remote root vulnerability in slave setups and some buffer overflows in
the network information server code were discovered by the apcupsd developers. 
They have been fixed in the latest unstable version, 3.10.5 which contains
additional enhancements like USB support, and the latest stable version,
3.8.6.
Vendor Alerts: Mandrake:
 

http://www.mandrakesecure.net/en/ftp.php

9.0/RPMS/apcupsd-3.10.5-1.1mdk.i586.rpm
9031edab8f3e692b6c5dbc8717819d8b 

9.0/SRPMS/apcupsd-3.10.5-1.1mdk.src.rpm
cf73f9b746b808c17d55dacb44a2efaa 

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2869.html

 

Package: pam
Date: 02-18-2003
Description: Andreas
Beck discovered that the pam_xauth module would forward authorization information
from the root account to unprivileged users.   This can be exploited
by a local attacker to gain access to the root  user's X session. 
In order for it to be successfully exploited, the attacker would have to
somehow get the root user to su to the account belonging to the attacker.
Vendor Alerts: Mandrake:
 

http://www.mandrakesecure.net/en/ftp.php

9.0/RPMS/pam-0.75-25.1mdk.i586.rpm
dc82d88d63dafc3668e7ab4f1d09d404 

9.0/RPMS/pam-devel-0.75-25.1mdk.i586.rpm
ca86fc0f07855ced3f9ed7793608d376 

9.0/RPMS/pam-doc-0.75-25.1mdk.i586.rpm
65545ca4597990fb5ccf0218a2b6c922 

9.0/RPMS/pam_ldap-156-1.1mdk.i586.rpm
b70c25f7b8a3b5f86149dd199003a4ff 
 

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2869.html

 

Package: shadow-utils
Date: 02-18-2003
Description: Updated
shadow-utils packages correct a bug that caused the useradd tool to create
mail spools with incorrect permissions.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/shadow-utils-20000902-12.8.i386.rpm
6dd61ab968afbc537e25faea914788bc 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2878.html

 

Package: imp
Date: 02-18-2003
Description: An
attacker can gain access to protected information or, in conjunction with
PostgreSQL, execute shell commands remotely.
Vendor Alerts: SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/imp-2.2.6-248.i586.rpm
17b26d9e48a75cc499b6d4da0c1067c3
    
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2862.html

 

Category:

  • Security
Click Here!