March 1, 2003

Linux Advisory Watch - February 28th, 2003

- By Benjamin D.
Thomas
-

This week, advisories were released for slocate, nanog, tcpdump, kde, openssl,
WebTool, syncookie, webmin, acupsd, tightvnc, vnc, vte, hypermail, libmcrypt,
openldap, mysql, postgresql, initscripts, krb5, lynx, and shadow-utils. 
The distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure
Linux, Gentoo, Mandrake, Red Hat, SuSE, and Trustix.

LinuxSecurity Feature Extras:

Remote
Syslog with MySQL and PHP
- Msyslog has the ability to log syslog messages
to a database. This allows for easier monitoring of multiple servers and the
ability to be display and search for syslog messages using PHP or any other
programming language that can communicate with the database.by that, too.

Review:
Mastering Network Security, Second Edition
- The introduction states
that this book is aimed at systems administrators who are not security experts,
but have some responsibility for ensuring the integrity of their systems.
That would seem to cover most sysadmins.
 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

 

The Linux Advisory Watch newsletter is developed by the community
of volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.  


 

 
Package: slocate
Date: 02-21-2003
Description: A
problem has been discovered in slocate, a secure locate replacement. A
buffer overflow in the setuid program slocate can be used to execute arbitrary
code as superuser.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/s/
slocate/slocate_2.6-1.3.1_i386.deb
Size/MD5 checksum:   
24788 9c9121191ee8ce7321bda76b3bb0c8fa

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2880.html

 

Package: nanog
Date: 02-27-2003
Description: A
vulnerability has been discovered in NANOG traceroute, an enhanced version
of the Van Jacobson/BSD traceroute program.  A buffer overflow occurs
in the 'get_origin()' function.  Due to insufficient bounds checking
performed by the whois parser, it may be possible to corrupt memory on
the system stack.  This vulnerability can be exploited by a remote
attacker to gain root privileges on a target host.  Though, most probably
not in Debian.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/t/traceroute-nanog/
traceroute-nanog_6.0-2.2_i386.deb
Size/MD5 checksum:   
18588 78445b5c9cbef332d14f22e40dce094b
 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2906.html

 

Package: tcpdump
Date: 02-27-2003
Description: Andrew
Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful
tool for network monitoring and data acquisition.  An attacker is
able to send a specially crafted network packet which causes tcpdump to
enter an infinite loop.
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/t/
tcpdump/tcpdump_3.6.2-2.3_i386.deb
Size/MD5 checksum:  
169482 2e6aadf125c8e7bbde3d0dd162201480

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2909.html

 

Package: kde
Date: 02-20-2003
Description: This
is a full update of the KDE desktop to the 3.0.5a version, the latest 3.0.x
release from the KDE project[1]. Besides containing several bugfixes and
enhancements, this update also fixes several
 security
vulnerabilities[2] found during an internal code audit organized by the
KDE team.
Vendor Alerts: Conectiva:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2879.html

 

Package: openssl
Date: 02-21-2003
Description: Vulnerable[2][3]
openssl versions do not perform a MAC computation if an incorrect block
cipher padding is used. An active attacker who can insert data into an
existing encrypted connection is then able to measure time differences
between the error messages the server sends. This information can make
it easier to launch cryptographic attacks that rely on distinguishing between
padding and MAC verification errors, possibly leading to extraction of
the original plaintext. 
Vendor Alerts:
 

PLEASE SEE VENDOR ADVISORY
FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2893.html

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2887.html

FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2903.html

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2904.html

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2885.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2896.html

 

Package: WebTool
Date: 02-21-2003
Description: Keigo
Yamazaki discovered a vulnerability in miniserv.pl (the webserver program
at the core of the WebTool) which may allow an attacker to spoof a session
ID by including special metacharacters in the BASE64 encoded string using
during the authentication process. This may allow a remote attacker to
gain full administrative privileges over the WebTool.  All users are
recommended to upgrade immediately.
Vendor Alerts: EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

noarch/WebTool-1.2-1.0.74.noarch.rpm
MD5 Sum: 9a77f14ae33c4e3de1bdd0d5a325f0d3

noarch/WebTool-userpass-1.2-1.0.74.noarch.rpm
MD5 Sum: 294fc1527f35b22b6db536b16730c25e

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2898.html

 

Package: syncookie
Date: 02-24-2003
Description: Once
a syncookie key has been recovered, an attacker may construct valid ISNs
until the key is rotated (typically up to four seconds). The ability to
construct a valid ISN may be used to spoof a TCP connection in exactly
the same way as in the well-known ISN prediction attacks (see `References'). 
Spoofing may allow an attacker to bypass IP-based access control lists
such as those implemented by tcp_wrappers and many firewalls.  Similarly,
SMTP and other connections may be forged, increasing the difficulty of
tracing abusers.  Recovery of a syncookie key will also allow the
attacker to reset TCP connections initiated within the same 31.25ms window.
Vendor Alerts: FreeBSD:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2888.html

 

Package: webmin
Date: 02-22-2003
Description: Due
to a remotely exploitable security hole being discovered that effects all
previous Webmin releases, version 1.070 is now available for download. 
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
http://www.linuxsecurity.com/advisories/gentoo_advisory-2890.html
 

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2908.html

 

Package: acupsd
Date: 02-22-2003
Description: A
remote root vulnerability in slave setups and some buffer overflows in
the network information server code were discovered by the apcupsd developers.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2889.html

 

Package: tightvnc
Date: 02-24-2003
Description: The
VNC server acts as an X server, but the script for starting it generates
an MIT X cookie (which is used for X authentication) without using a strong
enough random number generator.  This could allow an attacker to be
able to more easily guess the authentication cookie.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2891.html

 

Package: vnc
Date: 02-24-2003
Description: The
VNC server acts as an X server, but the script for starting it generates
an MIT X cookie (which is used for X authentication) without using a strong
enough random number generator.  This could allow an attacker to be
able to more easily guess the authentication cookie.
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2892.html

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2894.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2900.html

 

 

Package: vte
Date: 02-24-2003
Description: One
feature that most terminal emulators support is the ability for the shell
to set the title of the window using an escape sequence.  Certain
xterm variants also provide an escape sequence for reporting the current
window title.  This essentially takes the current title and places
it directly on the command line.  This feature could be potentially
exploited if an attacker can cause carefully crafted escape sequences to
be displayed on a vulnerable terminal emulator used by their victim.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/vte-0.8.19-2.i386.rpm
a274eeb1dd40afeed45ea2f7601a6bac 

ftp://updates.redhat.com/8.0/en/os/i386/vte-devel-0.8.19-2.i386.rpm
e4172c1224bc77357a0f0a8c315f2dc5

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2901.html

 

Package: hypermail
Date: 02-24-2003
Description: During
an internal source code review done by Thomas Biege several bugs where
found in hypermail and its tools. These bugs allow remote code execution,
local tmp race conditions, denial-of-service conditions and read access
to files belonging to the host hypermail is running on.  Additionally
the mail CGI program can be abused by spammers as email-relay and should
thus be disabled.
Vendor Alerts: SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
hypermail-2.1.4-58.i586.rpm
a4b683703b65cb65d0d1b246c2bf652d
 

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2905.html

 

Package: libmcrypt
Date: 02-26-2003
Description: Versions
of libmcrypt prior to 2.5.5 include several buffer overflows that can be
triggered by passing very long input to the mcrypt functions. 
Vendor Alerts: SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/
i586/libmcrypt-2.5.2-48.i586.rpm
6dc3127a069545b9cb00cafd9897021f 

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2902.html

 

Package: openldap
Date: 02-20-2003
Description: Several
minor security issues where fixed in the new upstream version 1.2.13
Vendor Alerts: Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/

./1.5/RPMS/openldap1-servers-1.2.13-1tr.i586.rpm
c71ef6c3a75b869d975503ad0e83ce28 

./1.5/RPMS/openldap1-devel-1.2.13-1tr.i586.rpm
61075ed423e0eae96eb552d3c758a0fb 

./1.5/RPMS/openldap1-1.2.13-1tr.i586.rpm
0c4c1a15002b12f5c2f077e2ce2df869 

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2882.html

 

Package: mysql
Date: 02-20-2003
Description: The
new upstream version of mysql, 3.23.55, included several minor security
fixes.
Vendor Alerts: Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/

./1.5/RPMS/mysql-shared-3.23.55-1tr.i586.rpm
f00e01e926018961578532eda9702f4f 

./1.5/RPMS/mysql-devel-3.23.55-1tr.i586.rpm
4b216ea845e3cb21f32bd7cadbc0d298 

./1.5/RPMS/mysql-client-3.23.55-1tr.i586.rpm
9a4ce5a9be56e59191a050ca8e543097 

./1.5/RPMS/mysql-bench-3.23.55-1tr.i586.rpm
a5f91d90674586626d1cf3aff3129c7e 

 ./1.5/RPMS/mysql-3.23.55-1tr.i586.rpm
094d0947f8b7c0b9bfa6e0dde0a66bb4 

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2883.html

 

Package: postgresql
Date: 02-20-2003
Description: The
new upstream version of postgresql, 7.1.3, included several minor security
fixes.
Vendor Alerts: Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/

PLEASE SEE VENDOR ADVISORY
FOR UPDATE

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2884.html

 

Package: installer
initscripts
Date: 02-20-2003
Description: A
dependency loop exists between several package including initscripts, 
pam and SysVinit, that causes the installer to complaint. This update removes
the loop, as it was not needed.
Vendor Alerts: Trustix:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2881.html

 

Package: krb5
Date: 02-21-2003
Description: A
vulnerability was discovered in the Kerberos FTP client.  When the
client retrieves a file that has a filename beginning with a pipe character,
the FTP client will pass that filename to the command shell in a system()
call.  This could allow a malicious remote FTP server to write to
files outside of the current directory or even execute arbitrary commands
as the user using the FTP client.
Vendor Alerts: Mandrake:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2895.html

 

Package: lynx
Date: 02-21-2003
Description: A
vulnerability was discovered in lynx, a text-mode web browser.  The
HTTP queries that lynx constructs are from arguments on the command line
or the $WWW_HOME environment variable, but lynx does not properly sanitize
special characters such as carriage returns or linefeeds. Extra headers
can be inserted into the request because of this, which can cause scripts
that use lynx to fetch data from the wrong site from servers that use virtual
hosting.
Vendor Alerts: Mandrake:
9.0/RPMS/lynx-2.8.5-0.10mdk.dev.8.i586.rpm
59fd26d160a9168588b3dde6a0405c5e 

http://www.mandrakesecure.net/en/ftp.php

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2899.html

 

Package: shadow-utils
Date: 02-21-2003
Description: The
shadow-utils package contains the tool useradd, which is used to create
or update new user information.  When useradd creates an account,
it would create it with improper permissions; instead of having it owned
by the group mail, it would be owned by the user's primary group. 
If this is a shared group (ie. "users"), then all
 members
of the shared group would be able to obtain access to the mail spools of
other members of the same group.  A patch to useradd has been applied
to correct this problem.
Vendor Alerts: Mandrake:
9.0/RPMS/shadow-utils-20000902-8.1mdk.i586.rpm
4aec1f507ffde87dd10299f31cb20b84 

http://www.mandrakesecure.net/en/ftp.php

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2907.html

 

Category:

  • Security
Click Here!