January 31, 2003

Linux Advisory Watch - January 31st 2003

- by Benjamin D.
Thomas
-
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for kdeutils, noffle, dhcp3, tomcat3, courier,
mysql, fetchmail, vim, webalizer, postgresql, and cvs. The distributors include
Debian, Guardian Digital's EnGarde Secure Linux, Mandrake, and Yellow Dog.

LinuxSecurity Feature Extras:

Patching
It Up
-
Patching and upgrading software requires more than running
a few commands. Having a patch recovery plan, communicating with developers
on that server, and knowing who to contact in case of a botched patch job
is critical.

Newest
Members of the Team
- Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.

 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]


 
 
Package: kdeutils
Date: 01-24-2003
Description: The
KDE team discovered several vulnerabilities in the K Desktop Environment. 
In some instances KDE fails to properly quote parameters of instructions
passed to a command shell for execution.  These parameters may incorporate
data such as URLs, filenames and e-mail addresses, and this data may be
provided remotely to a victim in an e-mail, a webpage or files on a network
filesystem or other untrusted
source.
Vendor Alerts: Debian:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2809.html
http://www.linuxsecurity.com/advisories/debian_advisory-2810.html
http://www.linuxsecurity.com/advisories/debian_advisory-2811.html

 

Package: noffle
Date: 01-27-2003
Description: Dan
Jacobson noticed a problem in noffle, an offline news server, that leads
to a segmentation fault.  It is not yet clear whether this problem
is exploitable.  However, if it is, a remote attacker could trigger
arbitrary code execution under the user that calls noffle, probably news.
 
Vendor Alerts: Debian:
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_i386.deb
Size/MD5 checksum:   
76410 2363f56a8ec52a321cb963771135271e
 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2816.html

 

Package: dhcp3
Date: 01-28-2003
Description: Florian
Lohoff discovered a bug in the dhcrelay causing it to send a continuing
packet storm towards the configured DHCP server(s) in case of a malicious
BOOTP packet, such as sent from buggy Cisco switches.
 
Vendor Alerts: Debian:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2820.html

 

Package: tomcat3
Date: 01-29-2003
Description: A
maliciously crafted request could return a directory listing even when
an index.html, index.jsp, or other welcome file is present.  File
contents can be returned as well.
Vendor Alerts: Debian:
 http://security.debian.org/pool/updates/contrib/t/tomcat/libapache-mod-jk_3.3a-4woody1_i386.deb
 Size/MD5 checksum:   
51522 1e11d6a43654fc6d921c8bc90ad15b4b

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2823.html

 

Package: courier
Date: 01-30-2003
Description: The
developers of courier, an integrated user side mail server, discovered
a problem in the PostgreSQL auth module.  Not all potentially malicious
characters were sanitized before the username was passed to the PostgreSQL
engine.  An attacker could inject arbitrary SQL commands and queries
exploiting this vulnerability.  The MySQL auth module is not affected.
Vendor Alerts: Debian:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2824.html

 

Package: mysql
Date: 01-27-2003
Description: Update
for the COM_TABLE_DUMP vulnerability.  
Vendor Alerts: EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

i386/MySQL-3.23.36-1.0.21.i386.rpm
MD5 Sum: 36113d7995b6ebf09aabbb1970e9a203

i386/MySQL-client-3.23.36-1.0.21.i386.rpm
MD5 Sum: 4a765f412de0ae0f9f5abfb58812c4fe

i386/MySQL-shared-3.23.36-1.0.21.i386.rpm
MD5 Sum: 7b5b90da33569f3be8be9bb5d2134533

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2817.html

 

Package: fetchmail
Date: 01-27-2003
Description: Stefan
Esser of e-matters, while re-auditing the Fetchmail package, found another
vulnerability.  This heap overflow vulnerability allows a malicious
remote attacker to crash Fetchmail or potentially execute arbitrary code
as the user under which Fetchmail is being run.
Vendor Alerts: EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

i386/fetchmail-ssl-6.1.0-1.0.6.i386.rpm
MD5 Sum: a28aa248c0b262ec8745a7c776b8584b

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2818.html
 

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2819.html

 

Package: vim
Date: 01-27-2003
Description: VIM
allows a user to set the modeline differently for each edited text file
by placing special comments in the files. Georgi Guninski found that these
comments can be carefully crafted in order to call external
 programs.
This could allow an attacker to create a text file such that when it is
opened arbitrary commands are executed.
Vendor Alerts: Yellow Dog:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/

ppc/vim-common-6.1-18.7x.2a.ppc.rpm
b286bd901010634b69a8fd09e7dfb785  

ppc/vim-enhanced-6.1-18.7x.2a.ppc.rpm
804e3f6b21255656acaa07b48bff276e 

ppc/vim-minimal-6.1-18.7x.2a.ppc.rpm
d525f6f668095b93f4d7cfa9194fff5c  

ppc/vim-X11-6.1-18.7x.2a.ppc.rpm
f9da0f1d03ece2214b80b6558bb7cc8f  
 

Yellow Dog Vendor
Advisory:

http://www.linuxsecurity.com/advisories/yellowdog_advisory-2812.html

 

Package: webalizer
Date: 01-27-2003
Description: A
buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute arbitrary
code by connecting to the monitored Web server from an IP address that
resolves to a long hostname.
Vendor Alerts: Yellow Dog:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/

ppc/webalizer-2.01_09-1.72.ppc.rpm
c15f69de408b21dbb01075c449e7d2a7  
 

Yellow Dog Vendor
Advisory:

http://www.linuxsecurity.com/advisories/yellowdog_advisory-2813.html

 

Package: postgresql
Date: 01-27-2003
Description: Buffer
overflows in PostgreSQL 7.2 allow attackers to cause a denial of 
service and possibly execute arbitrary code via long arguments to the lpad 
or rpad functions. CAN-2002-0972
Vendor Alerts: Yellow Dog:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/

PLEASE SEE VENDOR ADVISORY
FOR UPDATE

Yellow Dog Vendor
Advisory:

http://www.linuxsecurity.com/advisories/yellowdog_advisory-2814.html

 

Package: cvs
Date: 01-27-2003
Description: On
servers which are configured to allow anonymous read-only access, this
bug could be used by anonymous users to gain write privileges. Users with
CVS write privileges can then use the Update-prog and Checkin-prog features
to execute arbitrary commands on the server.
Vendor Alerts: Yellow Dog:
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/

ppc/cvs-1.11.1p1-8.7.ppc.rpm
9652be9c12995d3873d20b7ce24ff3d6  

Yellow Dog Vendor
Advisory:

http://www.linuxsecurity.com/advisories/yellowdog_advisory-2815.html

 

 

 

Category:

  • Security
Click Here!