May 14, 2004

Linux Advisory Watch - May 14, 2004

Author: Benjamin D. Thomas

This week, advisories were
released for lha, rsync, film, exim, mc, OpenSSL, heimdal, libneon, clamav,
utempter, propftd, apache2, systrace, cvs, procfs, libpng, openoffice, kernel,
sysklogd, and live. The distributors include Conectiva, Debian, Fedora, FreeBSD,
Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.

Why Security

As security professionals and systems
administrators we often forget exactly why we're adding additional security.
In the daily grime of configuring firewalls, intrusion detection systems, and
other controls, we tend to loose sight of the real objective. In any organization
the purpose of information security is to support long-term growth and stability,
and ensuring confidentiality, integrity, and availability. In a business environment,
information security is critical.

A typical business objective is
to maximize profit, while having a high and sustainable rate of growth. Today,
businesses are increasingly dependent on IT to support the automation of tasks,
and e-Business functions. Email and Web access are no longer just a 'nice thing
to have,' they are a necessity. With this, comes increased risks.

Information is an essential resource
for all businesses, and is often a key factor for achieving business goals.
Having the right information in the hands of the right people, at the right
time is a critical success factor. It could be the difference between success
and failure. Today, businesses are so dependent on IT that if any event interrupted
service, productivity would grind to a halt. In many cases, doing a task manually
is no longer an option or even possible.

We have information security initiatives
in business to help prevent those catastrophic occurrences. We must also realize
it is impossible to prevent every incident. With that in mind, it is important
to have a plan to appropriately deal with situations as they occur, possibly
limiting any consequential damage. Information security is about maintaining
confidentiality, integrity, and availability with appropriate controls. It is
not about having the latest-and-greatest experimental technology. Although fun
to play with, it is important to keep the real objectives in mind.

Until next time, cheers!
Benjamin D. Thomas


Feature Extras:

Digital Security Solutions Win Out At Real World Linux

- Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian Digital's
enterprise and small business applications were stand-out successes.

with Siem Korteweg: System Configuration Collector

- In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open source,
and information on future developments.


- This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe

Distribution: Conectiva
  5/10/2004 lha

Specially crafted LHarc archives, when processed by lha, may execute arbitrary
code or overwrite arbitrary files.

Conectiva advisory 4322

Distribution: Debian
  5/10/2004 rsync
traversal vulneraiblity

Patch fixes issue where a remote user could cause an rsync daemon to write
files outside of the intended directory tree unless 'chroot' option is on.

Debian advisory 4319

  5/10/2004 flim
temporary file vulnerability

This vulnerability could be exploited by a local user to overwrite files
with the privileges of the user running emacs.

Debian advisory 4320

  5/10/2004 exim
overflow vulnerabilities

Neither of these stack-based buffer overflows is exploitable with the default
Debian configuration.

Debian advisory 4321

  5/12/2004 exim-tls
Buffer overflow vulnerabilities
overflow vulnerabilities

These can not be exploited with the default configuration from the Debian

Debian advisory 4330

  5/13/2004 mah-jong
Denial of service vulnerability
overflow vulnerabilities

A problem has been discovered in mah-jong that can be utilised to crash
the game server after dereferencing a NULL pointer.

Debian advisory 4336

Distribution: Fedora
  5/10/2004 mc

Several buffer overflows, several temporary file creation vulnerabilities,
and one format string vulnerability have been discovered in Midnight Commander.

Fedora advisory 4317

  5/10/2004 OpenSSL
of service vulnerability

Testing uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d
that can lead to a denial of service attack (infinite loop).

Fedora advisory 4318

Distribution: FreeBSD
  5/10/2004 heimdal
trust vulnerability

It is possible for the Key Distribution Center (KDC) of a realm to forge
part or all of the `transited' field to fake zone trustedness.

FreeBSD advisory 4315

  5/10/2004 crypto_heimdal
    Heap overflow

A remote attacker may send a specially formatted message to k5admind, causing
it to crash or possibly resulting in arbitrary code execution.

FreeBSD advisory 4316

Distribution: Gentoo
  5/10/2004 LHa

Patch corrects two stack-based buffer overflows and two directory traversal
problems in LHa.

Gentoo advisory 4313

  5/10/2004 libneon
string vulnerabilities

Allows malicious WebDAV server to execute arbitrary code.

Gentoo advisory 4314

  5/12/2004 ClamAV
escalation vulnerability

With a specific configuration Clam AntiVirus is vulnerable to an attack
allowing execution of arbitrary commands.

Gentoo advisory 4328

Format string vulnerabilities
escalation vulnerability

Several format string vulnerabilities are present in the Neon library allowing
remote execution of arbitrary code when connected to an untrusted WebDAV

Gentoo advisory 4329

  5/13/2004 utempter
temporary file vulnerability

Utempter contains a vulnerability that may allow local users to overwrite
arbitrary files via a symlink attack.

Gentoo advisory 4335

Distribution: Mandrake
  5/10/2004 proftpd
control escape vulnerability

CIDR ACLs in version 1.2.9 allow access even to files and directories that
are otherwise specifically denied.

Mandrake advisory 4312

  5/12/2004 rsync
traversal vulnerability

Rsync before 2.6.1 does not properly sanitize paths when running a read/write
daemon without using chroot, allows remote attackers to write files outside
of the module's path.

Mandrake advisory 4326

  5/12/2004 apache2
of service vulnerability

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49
allows a remote denial of service attack against an SSL-enabled server.

Mandrake advisory 4327

Distribution: NetBSD
  5/13/2004 systrace
escalation vulnerability

A local user that is allowed to use /dev/systrace can obtain root access.

NetBSD advisory 4334

Distribution: OpenBSD
  5/10/2004 cvs
validation vulnerabilities

Patches for both client and server prevent file creation and modification
outside of allowed directories.

OpenBSD advisory 4311

  5/13/2004 procfs
bounds checking vulnerability

Incorrect bounds checking in several procfs functions could allow an unprivileged
malicious user to read arbitrary kernel memory.

OpenBSD advisory 4332

Distribution: Red
  5/10/2004 utempter
file vulnerability

Utemper can be userd to overwrite privileged files with symlink.

Red Hat advisory 4300

  5/10/2004 libpng
of service vulnerability

An attacker could carefully craft a PNG file in such a way that it would
cause an application linked to libpng to crash when opened by a victim.

Red Hat advisory 4301

  5/10/2004 OpenOffice
string vulnerability

An attacker could create a malicious WebDAV server in such a way as to allow
arbitrary code execution on the client should a user connect to it using

Red Hat advisory 4302

  5/10/2004 mc

This patch corrects many vulnerabilities of Midnight Commander.

Red Hat advisory 4303

  5/12/2004 kernel

This patches the 2.4.x kernel for a wide variety of platforms to fix a large
number of bugs, including several with security implications.

Red Hat advisory 4324

  5/12/2004 ipsec-tools
Multiple vulnerabilities

This patch fixes three seperate vulnerabilities in IPSec under Red Hat.

Red Hat advisory 4325

Distribution: Slackware
  5/10/2004 rsync
write access vulnerability

When running an rsync server without the chroot option it is possible for
an attacker to write outside of the allowed directory.

Slackware advisory 4306

  5/10/2004 sysklogd
of service vulnerability

New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue where a user could cause syslogd to crash.

Slackware advisory 4307

  5/10/2004 xine-lib
Arbitrary code execution vulnerability
of service vulnerability

Playing a specially crafted Real RTSP stream could run malicious code as
the user playing the stream.

Slackware advisory 4308

  5/10/2004 libpng
of service vulnerability

libpng could be caused to crash, creating a denial of service issue if network
services are linked with it.

Slackware advisory 4309

  5/10/2004 lha

Fixes buffer overflows and directory traversal vulnerabilities.

Slackware advisory 4310

  5/13/2004 apache

Patch corrects denial of service and shell escape vulnerabilities.

Slackware advisory 4333

Distribution: Suse
  5/10/2004 kernel

This patch fixes a large number of minor vulnerabilities and bugs related
to the SuSE 8.1 and SuSE 9.0 kernels.

SUSE advisory 4304

  5/10/2004 Live
    CD 9.1
Passwordless superuser

A configuration error on the Live CD allows for a passwordless, remote root
login to the system via ssh, if the computer has booted from the Live CD
and if it is connected to a network.

SUSE advisory 4305

Click Here!