This week advisories were released for zlib, sendmail, qpopper, file, snort,
mysqlcc, netscape-flash, ethereal, usermode, tcpdump, and lprold. The
distributors include Caldera, Debian, Guardian Digital’s EnGarde Secure Linux,
Gentoo, Mandrake, NetBSD, Red Hat, and SuSE.
LinuxSecurity Feature Extras:
out of a BIND – install DJBDNS– DJBDNS eases DNS management and
improves security over BIND alternatives by taking a different approach
to serving and caching DNS answers.
Syslog with MySQL and PHP – Msyslog has the ability to log syslog
messages to a database. This allows for easier monitoring of multiple servers
and the ability to be display and search for syslog messages using PHP
or any other programming language that can communicate with the database.by
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
is a buffer overflow in the gzprintf function in zlib that can enable attackers
to cause a denial of service or possibly execute arbitrary code.
CA-2003-07: Researchers at Internet Security Systems (ISS) have discovered
a remotely exploitable vulnerability in sendmail. This vulnerability could
allow an intruder to gain control of a vulnerable sendmail server.
sample exploit requires a valid user account and password, and overflows
a string in the pop_msg() function to give the user “mail” group privileges
and a shell on the system. Since the Qvsnprintf function is used elsewhere
exploits may be possible.
discovered a buffer overflow vulnerability in the ELF format parsing of
the “file” command, one which can be used to execute arbitrary code with
the privileges of the user running the command. The vulnerability can be
exploited by crafting a special ELF binary which is then input to file.
This could be accomplished by leaving the binary on the file system and
waiting for someone to use file to identify it, or by passing it to a service
that uses file to classify input.
ISS X-Force discovered a buffer overflow vulnerability in the RPC preprocessor
of the snort IDS system. A remote attacker could send fragmented
RPC records and cause snort to execute arbitrary code as the snort user.
prior to 0.8.9 had all configuration and connection files world readable.
cumulative security patch is available today and addresses the potential
for exploits surrounding buffer overflows (read/write) and sandbox integrity
within the player, which might allow malicious users to gain access to
a user’s computer.
SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow.
This vulnerability has been present in Ethereal since the SOCKS dissector
was introduced in version 0.8.7. It was discovered by Georgi Guninski.
Additionally, the NTLMSSP code is susceptible to a heap overflow. All users
of Ethereal 0.9.9 and below are encouraged to upgrade.
/usr/bin/shutdown command that comes with the usermode package can be executed
by local users to shutdown all running processes and drop into a root shell.
This command is not really needed to shutdown a
so it has been removed and all users are encouraged to upgrade. Please
note that the user must have local console access in order to obtain a
root shell in this fashion.
network traffic analyzer tool tcpdump is vulnerable to a denial-of-service
condition while parsing ISAKMP or BGP packets. This bug can be exploited
remotely by an attacker to stop the use of tcpdump for analyzing network
traffic for signs of security breaches or alike. Another bug
may lead to system compromise due to the handling of malformed NFS packets
send by an attacker.
lprm command of the printing package lprold shipped till SuSE 7.3 contains
a buffer overflow. This buffer overflow can be exploited by a local user,
if the printer system is set up correctly, to gain root privileges. lprold
is installed as default package and has the setuid bit set.