Thomas -
This week, advisories were released for pam, gnupg, mpg123,
ucd-snmp, phpgroupware, traceroute-nanog, nfs-utils, falconseye, php4, unzip,
radius, gtksee, kernel, mozilla, xpdf, apache, and ypserv. The distributors
include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red Hat, Slackware, SuSE,
Trustix, and Turbo Linux.
One of the most frequently recurring annoyances that I have had about
vendor vulnerability announcements is the lack of standardization. Why am I concerned about
standards? As a seasoned Linux user, I have become accustom to the various formatting
techniques of each vendor. Other less experienced users may have trouble determining
exactly what to update from poorly organized advisories. One of the most consistently
good distributions is Red Hat. Each week, it releases advisories with an informative
but concise history of each vulnerability, links to all updated packages, information
on how to update, and MD5 checksums for each updated file.
Another consistent distribution is Debian. The presentation is similar to
Red Hat, but Debian chooses to include the MD5 checksum below each URL. This
simple difference can save an administrator time when verifying each file. Rather
than having to look the hash up in a table, it is easier to find and identify.
Other distributions such as Immunix and Gentoo provide very little information
in each advisory -- only a very short description and links to updated packages,
or instructions how to update the software is given. I prefer the
Red Hat/Debian style because I am concerned about having an informed idea of
what I am applying. Others may prefer shorter advisories so they don't have to waste time sifting through mounds of information.
Is there a solution? The closest to a standardization that I have found is
the VulnXML project, an open XML DTD to regulate the creation
of XML-type security advisories. Rather than plain text, vendors are encouraged
to release advisories as an XML document resulting in more consistency. With
this, users will ultimately have an easier understanding of the advisories released.
Web sites will then have the ability to format advisories for better readability
and indexing. I commend the VulnXML development team for establishing this project.
I am anxious to see how it progresses. Probably the most difficult aspect will
be getting vendors to participate. Initially, I see this getting started by
recruiting volunteers to "translate" new advisories. As community support and
demand grows for VulnXML advisories, vendors will conform.
Until next time,
Benjamin D. Thomas
LinuxSecurity Feature Extras:
REVIEW:
Linux Security Cookbook - There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.Real-Time
Alerting with Snort - Real-time alerting is a feature of an IDS or
any other monitoring application that notifies a person of an event in an
acceptably short amount of time. The amount of time that is acceptable is
different for every person.[ Linux
Advisory Watch ] - [ Linux
Security Week ] - [ PacketStorm
Archive ] - [ Linux Security
Documentation ]
Linux Advisory Watch is a comprehensive newsletter
that outlines the security vulnerabilities that have been announced throughout
the week. It includes pointers to updated packages and descriptions of each
vulnerability.
[ Subscribe
]
| Distribution: | Conectiva |
Local vulnerability
Andreas Beck discovered[1] a vulnerability in the use of pam_xauth by
the su utility. If the attacker can make one user run su from an X session,
he can steal the X credentials and execute programs in the X display of
the user running su. The worst scenario is the one where an administrator,
logged as root, uses "su" to an account belonging to an attacker.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3453.html
7/11/2003gnupg Key validity vulnerability
During the development of GnuPG 1.2.2, a bug has been found in the key validation
code
http://www.linuxsecurity.com/advisories/connectiva_advisory-3454.html 7/15/2003mpg123
buffer overflow vulnerability
A vulnerability[1] in the way mpg123 handles mp3 files with a bitrate of zero may allow attackers to execute arbitrary code using a specially crafted mp3 file.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3458.html 7/15/2003ucd-snmp heap overflow vulnerability
buffer overflow vulnerability
There is a remote heap overflow vulnerability in snmpnetstat (a tool used to retrieve information about a remote host).
http://www.linuxsecurity.com/advisories/connectiva_advisory-3459.html 7/16/2003ucd-snmp remote heap overflow vulnerability
buffer overflow vulnerability
There is a remote heap overflow vulnerability in snmpnetstat .
http://www.linuxsecurity.com/advisories/connectiva_advisory-3464.html 7/16/2003phpgroupware
mulitple XSS vulnerabilities
There are several "cross-site-scripting" vulnerabilities in versions of phpgroupware
http://www.linuxsecurity.com/advisories/connectiva_advisory-3465.html Distribution:Debian 7/14/2003traceroute-nanog buffer overflow vulnerability
mulitple XSS vulnerabilities
traceroute-nanog, an enhanced version of the common traceroute program,
contains an integer overflow bug which could be exploited to execute arbitrary
code. traceroute-nanog is setuid root, but drops root privileges immediately
after obtaining raw ICMP and raw IP sockets.
http://www.linuxsecurity.com/advisories/debian_advisory-3455.html 7/14/2003nfs-utils buffer overflow vulnerability
mulitple XSS vulnerabilities
The logging code in nfs-utils contains an off-by-one buffer overrun when
adding a newline to the string being logged. This vulnerability may allow
an attacker to execute arbitrary code or cause a denial of service condition
by sending certain RPC requests.
http://www.linuxsecurity.com/advisories/debian_advisory-3456.html 7/15/2003falconseye
buffer overflow vulnerability
The falconseye package is vulnerable to a buffer overflow exploited via
a long '-s' command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3460.html 7/17/2003php4 XSS vulnerability
http://www.linuxsecurity.com/advisories/debian_advisory-3468.html Distribution:Gentoo 7/11/2003unzip
Directory traversal vulnerability
By inserting invalid characters between ".." attackers can overwrite
arbitrary files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3448.html
Buffer overflow vulnerability
Allows remote attackers to cause a denial of service and possibly execute
arbitrary code via a large value in an NAS-Port attribute, which is interpreted
as a negative number and causes a buffer overflow.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3449.html
Remote denial of service
Allows remote attackers to cause a denial of service via a TCP client
request that does not respond to the server, which causes ypserv to block.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3450.html
Buffer overflow vulnerability
Attackers can use carefully crafted png pictures to execute arbitrary
commands using a buffer overflow in when viewed in gtksee.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3451.html
Distribution:Immunix 7/16/2003nfs-utils off-by-one overflow vulnerability
Buffer overflow vulnerability
http://www.linuxsecurity.com/advisories/immunix_advisory-3466.html Distribution:Mandrake 7/17/2003kernel
mulitple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux kernel.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3469.html Distribution:RedHat 7/14/2003nfs-utils denial of service vulnerability
mulitple vulnerabilities
Updated nfs-utils packages are available that fix a remotely exploitable
Denial of Service vulnerability.
http://www.linuxsecurity.com/advisories/redhat_advisory-3457.html 7/15/2003mozilla
heap overflow vulnerability
A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression.
http://www.linuxsecurity.com/advisories/redhat_advisory-3461.html 7/17/2003xpdf
arbitrary code execution vulnerability
Updated Xpdf packages are available that fix a vulnerability where a malicious
PDF document could run arbitrary code.
http://www.linuxsecurity.com/advisories/redhat_advisory-3470.html Distribution:Slackware 7/15/2003nfs-utils denial of service vulnerability
arbitrary code execution vulnerability
This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code.
http://www.linuxsecurity.com/advisories/slackware_advisory-3462.html 7/16/2003nfs-utils off-by-one overflow vulnerability
arbitrary code execution vulnerability
There is an off-by-one overflow in xlog() in the nfs-utils package.
http://www.linuxsecurity.com/advisories/slackware_advisory-3467.html Distribution:SuSe 7/15/2003nfs-utils denial of service vulnerability
arbitrary code execution vulnerability
There is an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root.
http://www.linuxsecurity.com/advisories/suse_advisory-3463.html Distribution:Trustix 7/11/2003apache
Multiple vulnerabilities
Multiple vulnerabilities including a possible buffer overflow have been fixed.
http://www.linuxsecurity.com/advisories/trustix_advisory-3452.html Distribution:Turbo Linux 7/17/2003ypserv
denial of service vulnerability
The vulnerability allow an attacker can cause to denial of service of the ypserv.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3471.html