July 18, 2003

Linux Advisory Watch - July 18, 2003

- by Benjamin D.

This week, advisories were released for pam, gnupg, mpg123,
ucd-snmp, phpgroupware, traceroute-nanog, nfs-utils, falconseye, php4, unzip,
radius, gtksee, kernel, mozilla, xpdf, apache, and ypserv. The distributors
include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red Hat, Slackware, SuSE,
Trustix, and Turbo Linux.

One of the most frequently recurring annoyances that I have had about
vendor vulnerability announcements is the lack of standardization. Why am I concerned about
standards? As a seasoned Linux user, I have become accustom to the various formatting
techniques of each vendor. Other less experienced users may have trouble determining
exactly what to update from poorly organized advisories. One of the most consistently
good distributions is Red Hat. Each week, it releases advisories with an informative
but concise history of each vulnerability, links to all updated packages, information
on how to update, and MD5 checksums for each updated file.

Another consistent distribution is Debian. The presentation is similar to
Red Hat, but Debian chooses to include the MD5 checksum below each URL. This
simple difference can save an administrator time when verifying each file. Rather
than having to look the hash up in a table, it is easier to find and identify.
Other distributions such as Immunix and Gentoo provide very little information
in each advisory -- only a very short description and links to updated packages,
or instructions how to update the software is given. I prefer the
Red Hat/Debian style because I am concerned about having an informed idea of
what I am applying. Others may prefer shorter advisories so they don't have to waste time sifting through mounds of information.

Is there a solution? The closest to a standardization that I have found is
the VulnXML project, an open XML DTD to regulate the creation
of XML-type security advisories. Rather than plain text, vendors are encouraged
to release advisories as an XML document resulting in more consistency. With
this, users will ultimately have an easier understanding of the advisories released.
Web sites will then have the ability to format advisories for better readability
and indexing. I commend the VulnXML development team for establishing this project.
I am anxious to see how it progresses. Probably the most difficult aspect will
be getting vendors to participate. Initially, I see this getting started by
recruiting volunteers to "translate" new advisories. As community support and
demand grows for VulnXML advisories, vendors will conform.

Until next time,
Benjamin D. Thomas


LinuxSecurity Feature Extras:

Linux Security Cookbook
- There are rarely straightforward solutions
to real world issues, especially in the field of security. The Linux Security
Cookbook is an essential tool to help solve those real world problems. By
covering situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook distinguishes
itself as an indispensible reference for security oriented individuals.

Alerting with Snort
- Real-time alerting is a feature of an IDS or
any other monitoring application that notifies a person of an event in an
acceptably short amount of time. The amount of time that is acceptable is
different for every person.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security

Linux Advisory Watch is a comprehensive newsletter
that outlines the security vulnerabilities that have been announced throughout
the week. It includes pointers to updated packages and descriptions of each

[ Subscribe

Distribution: Conectiva


Local vulnerability

Andreas Beck discovered[1] a vulnerability in the use of pam_xauth by
the su utility. If the attacker can make one user run su from an X session,
he can steal the X credentials and execute programs in the X display of
the user running su. The worst scenario is the one where an administrator,
logged as root, uses "su" to an account belonging to an attacker.


  7/11/2003gnupg   Key validity vulnerability
During the development of GnuPG 1.2.2, a bug has been found in the key validation

buffer overflow vulnerability

A vulnerability[1] in the way mpg123 handles mp3 files with a bitrate of zero may allow attackers to execute arbitrary code using a specially crafted mp3 file.

  7/15/2003ucd-snmp heap overflow vulnerability  
buffer overflow vulnerability

There is a remote heap overflow vulnerability in snmpnetstat (a tool used to retrieve information about a remote host).

  7/16/2003ucd-snmp remote heap overflow vulnerability  
buffer overflow vulnerability

There is a remote heap overflow vulnerability in snmpnetstat .

mulitple XSS vulnerabilities

There are several "cross-site-scripting" vulnerabilities in versions of phpgroupware
  Distribution:Debian 7/14/2003traceroute-nanog buffer overflow vulnerability  
mulitple XSS vulnerabilities

traceroute-nanog, an enhanced version of the common traceroute program,
contains an integer overflow bug which could be exploited to execute arbitrary
code. traceroute-nanog is setuid root, but drops root privileges immediately
after obtaining raw ICMP and raw IP sockets.

  7/14/2003nfs-utils buffer overflow vulnerability  
mulitple XSS vulnerabilities

The logging code in nfs-utils contains an off-by-one buffer overrun when
adding a newline to the string being logged. This vulnerability may allow
an attacker to execute arbitrary code or cause a denial of service condition
by sending certain RPC requests.

buffer overflow vulnerability

The falconseye package is vulnerable to a buffer overflow exploited via
a long '-s' command line option.

  7/17/2003php4   XSS vulnerability

  Distribution:Gentoo 7/11/2003unzip  

Directory traversal vulnerability

By inserting invalid characters between ".." attackers can overwrite
arbitrary files.



Buffer overflow vulnerability

Allows remote attackers to cause a denial of service and possibly execute
arbitrary code via a large value in an NAS-Port attribute, which is interpreted
as a negative number and causes a buffer overflow.



Remote denial of service

Allows remote attackers to cause a denial of service via a TCP client
request that does not respond to the server, which causes ypserv to block.



Buffer overflow vulnerability

Attackers can use carefully crafted png pictures to execute arbitrary
commands using a buffer overflow in when viewed in gtksee.


  Distribution:Immunix 7/16/2003nfs-utils off-by-one overflow vulnerability  
Buffer overflow vulnerability

  Distribution:Mandrake 7/17/2003kernel  
mulitple vulnerabilities

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

  Distribution:RedHat 7/14/2003nfs-utils denial of service vulnerability  
mulitple vulnerabilities

Updated nfs-utils packages are available that fix a remotely exploitable
Denial of Service vulnerability.

heap overflow vulnerability

A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression.

arbitrary code execution vulnerability

Updated Xpdf packages are available that fix a vulnerability where a malicious
PDF document could run arbitrary code.

  Distribution:Slackware 7/15/2003nfs-utils denial of service vulnerability  
arbitrary code execution vulnerability

This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code.

  7/16/2003nfs-utils off-by-one overflow vulnerability  
arbitrary code execution vulnerability

There is an off-by-one overflow in xlog() in the nfs-utils package.

  Distribution:SuSe 7/15/2003nfs-utils denial of service vulnerability  
arbitrary code execution vulnerability

There is an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root.

  Distribution:Trustix 7/11/2003apache  
Multiple vulnerabilities

Multiple vulnerabilities including a possible buffer overflow have been fixed.

  Distribution:Turbo Linux 7/17/2003ypserv  
denial of service vulnerability

The vulnerability allow an attacker can cause to denial of service of the ypserv.



  • Linux
Click Here!