July 11, 2003

Linux Advisory Watch - July 11th 2003

- by Benjamin D. Thomas -

This week, advisories were released for xpdf, ml85p, openldap, imp, php, semi, x-face-el, liece, mozart, skk, unzip, xbl, phpsysinfo, and teapop. The distributors include Conectiva, Debian, Mandrake, and TurboLinux. Again, there were no particularly serious vulnerabilities this week. However, it is imperative that you make an effort to keep your servers up-to-date.

It's mid-July, which means 'vacation month' for many of our readers. When going on leave from work, there are often many things that needs to be prepared for. Often, a system administrator will ensure that all systems are fully patched and up-to-date, backup and restore functions are working correctly, and other users have the appropriate access so that minor problems can be taken care of while away. Hypothetically, this could mean a senior administrator is giving a junior admin full rights, or perhaps the root passwords to the servers.

Next, if he senior admin has an over-sized ego (most likely) he/she will feel compelled to add an autoreply message to his/her email. Because this senior admin is very proactive, he/she is subscribed to over 30 security related mailing lists. Because this hypothetical senior admin took only a 1/2 day on Friday, he/she did not take the time to ensure that autoreply was setup to only reply to emails from the same domain. Instead, the account was configured to reply to every single email received. By mid-Saturday, the autoreply "feature" has kicked out over 100 emails. Although primarily replies to bogus spam addresses, several were sent to un-moderated mailing list. What does this mean? The entire world knows the senior admin is "in Florida, please contact my staff Jr. Admin, Ryan Typesalot." It's now Monday morning, quiet, and Ryan is just now getting settled in at this desk. He receives a call from "patient social engineer" who has been waiting for the perfect time to attack this this company. What happens next? Because our patient social engineer knows that the senior admin is out of the office for the next two weeks, and that Ryan Typesalot is eger to solve problems, the attack is started. You can probably figure out what will happen next. Ryan is conned into believing that the person on the other side of the phone is a company executive who is on the road and needs immediate access to his network home directory and several passwords resets.

What is the moral of this story? Don't give out more information that you have to. If you're going on vacation, you should only let the minimum number of people know. If you must use autoreply, it is necessary to keep it intracompany. Many of you probably already know this and already take every necessary precaution. However, each time we send this newsletter out, we receive quite a few auto replies. I don't want to tell you that it should never be used, only that "features" such as autoreply should be used carefully.

Until next time,
Benjamin D. Thomas

LinuxSecurity Feature Extra:

Real-Time Alerting with Snort - Real-time alerting is a feature of an IDS or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable is different for every person.

Distribution: Conectiva

7/7/2003xpdf arbitrary command execution

This update fixes a vulnerability that allows attackers to embed commands in document hyperlinks.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3430.html7/7/2003ml85p insecure tmp file vulnerability

This is a SUID root program and it creates temporary files in an insecure way, which makes it vulnerable to a race condition exploit.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3431.html7/7/2003openldap denial of service vulnerability

A failed password extended operation (password EXOP) can cause openldap to, if using the back-ldbm backend, attempt to free memory which was never allocated, resulting in a segfault.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3432.html7/8/2003imp SQL code injection vulnerability

A remote attacker can use this vulnerability to execute SQL commands and possibly get session IDs and steal another user's webmail session.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3439.html7/10/2003PHP4 mulitple vulnerabilities

There are mutliple vulnerabiles in php.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3440.htmlDistribution:Debian7/7/2003semi, wemi insecure temporary file vulnerability mulitple vulnerabilities

due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3435.html7/7/2003x-face-el insecure temporary file vulnerability mulitple vulnerabilities

due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3436.html7/7/2003liece insecure temporary file vulnerability

due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3437.html7/7/2003mozart unsafe mailcap configuration

due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.
http://www.linuxsecurity.com/advisories/debian_advisory-3438.html7/10/2003skk insecure tmp file vulnerability

skk does not take appropriate security precautions when creating temporary files.
http://www.linuxsecurity.com/advisories/debian_advisory-3441.html7/10/2003unzip directory traversal vulnerability

A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters.
http://www.linuxsecurity.com/advisories/debian_advisory-3442.html7/10/2003xbl buffer overflow vulnerability

Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3443.html7/10/2003phpsysinfo directory traversal vulnerability

Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3444.html7/10/2003teapop SQL injection vulnerability

Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3445.htmlDistribution:Mandrake7/8/2003unzip directory traversal vulnerability

Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3446.htmlDistribution:TurboLinux7/9/2003unzip directory traversal vulnerability

When certain encoded characters are inserted into '../' directory traversal sequences, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem - including paths containing system binaries and other sensitive or confidential information.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3447.html

Category:

  • Migration
Click Here!