Linux Advisory Watch - May 14, 2004

This week, advisories were
released for lha, rsync, film, exim, mc, OpenSSL, heimdal, libneon, clamav,
utempter, propftd, apache2, systrace, cvs, procfs, libpng, openoffice, kernel,
sysklogd, and live. The distributors include Conectiva, Debian, Fedora, FreeBSD,
Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.

Why Security

As security professionals and systems
administrators we often forget exactly why we’re adding additional security.
In the daily grime of configuring firewalls, intrusion detection systems, and
other controls, we tend to loose sight of the real objective. In any organization
the purpose of information security is to support long-term growth and stability,
and ensuring confidentiality, integrity, and availability. In a business environment,
information security is critical.

A typical business objective is
to maximize profit, while having a high and sustainable rate of growth. Today,
businesses are increasingly dependent on IT to support the automation of tasks,
and e-Business functions. Email and Web access are no longer just a ‘nice thing
to have,’ they are a necessity. With this, comes increased risks.

Information is an essential resource
for all businesses, and is often a key factor for achieving business goals.
Having the right information in the hands of the right people, at the right
time is a critical success factor. It could be the difference between success
and failure. Today, businesses are so dependent on IT that if any event interrupted
service, productivity would grind to a halt. In many cases, doing a task manually
is no longer an option or even possible.

We have information security initiatives
in business to help prevent those catastrophic occurrences. We must also realize
it is impossible to prevent every incident. With that in mind, it is important
to have a plan to appropriately deal with situations as they occur, possibly
limiting any consequential damage. Information security is about maintaining
confidentiality, integrity, and availability with appropriate controls. It is
not about having the latest-and-greatest experimental technology. Although fun
to play with, it is important to keep the real objectives in mind.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Guardian
Digital Security Solutions Win Out At Real World Linux
– Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian Digital’s
enterprise and small business applications were stand-out successes.

Interview
with Siem Korteweg: System Configuration Collector
– In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open source,
and information on future developments.

Security:
MySQL and PHP
– This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]


Distribution:			Conectiva
	5/10/2004	lha
		Multiple vulnerabilities Specially crafted LHarc archives, when processed by lha, may execute arbitrary code or overwrite arbitrary files. Conectiva advisory 4322


Distribution:			Debian
	5/10/2004	rsync
		Directory traversal vulneraiblity Patch fixes issue where a remote user could cause an rsync daemon to write files outside of the intended directory tree unless ‘chroot’ option is on. Debian advisory 4319

	5/10/2004	flim
		Insecure temporary file vulnerability This vulnerability could be exploited by a local user to overwrite files with the privileges of the user running emacs. Debian advisory 4320

	5/10/2004	exim
		Buffer overflow vulnerabilities Neither of these stack-based buffer overflows is exploitable with the default Debian configuration. Debian advisory 4321

	5/12/2004	exim-tls Buffer overflow vulnerabilities
		Buffer overflow vulnerabilities These can not be exploited with the default configuration from the Debian system. Debian advisory 4330

	5/13/2004	mah-jong Denial of service vulnerability
		Buffer overflow vulnerabilities A problem has been discovered in mah-jong that can be utilised to crash the game server after dereferencing a NULL pointer. Debian advisory 4336


Distribution:			Fedora
	5/10/2004	mc
		Multiple vulnerabilities Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. Fedora advisory 4317

	5/10/2004	OpenSSL
		Denial of service vulnerability Testing uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). Fedora advisory 4318


Distribution:			FreeBSD
	5/10/2004	heimdal
		Cross-realm trust vulnerability It is possible for the Key Distribution Center (KDC) of a realm to forge part or all of the `transited’ field to fake zone trustedness. FreeBSD advisory 4315

	5/10/2004	crypto_heimdal
		Heap overflow vulnerability A remote attacker may send a specially formatted message to k5admind, causing it to crash or possibly resulting in arbitrary code execution. FreeBSD advisory 4316


Distribution:			Gentoo
	5/10/2004	LHa
		Multiple vulnerabilities Patch corrects two stack-based buffer overflows and two directory traversal problems in LHa. Gentoo advisory 4313

	5/10/2004	libneon
		Format string vulnerabilities Allows malicious WebDAV server to execute arbitrary code. Gentoo advisory 4314

	5/12/2004	ClamAV
		Privilege escalation vulnerability With a specific configuration Clam AntiVirus is vulnerable to an attack allowing execution of arbitrary commands. Gentoo advisory 4328

	5/12/2004	OpenOffice.org Format string vulnerabilities
		Privilege escalation vulnerability Several format string vulnerabilities are present in the Neon library allowing remote execution of arbitrary code when connected to an untrusted WebDAV server. Gentoo advisory 4329

	5/13/2004	utempter
		Insecure temporary file vulnerability Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Gentoo advisory 4335


Distribution:			Mandrake
	5/10/2004	proftpd
		Access control escape vulnerability CIDR ACLs in version 1.2.9 allow access even to files and directories that are otherwise specifically denied. Mandrake advisory 4312

	5/12/2004	rsync
		Directory traversal vulnerability Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module’s path. Mandrake advisory 4326

	5/12/2004	apache2
		Denial of service vulnerability A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. Mandrake advisory 4327


Distribution:			NetBSD
	5/13/2004	systrace
		Privilege escalation vulnerability A local user that is allowed to use /dev/systrace can obtain root access. NetBSD advisory 4334


Distribution:			OpenBSD
	5/10/2004	cvs
		Pathname validation vulnerabilities Patches for both client and server prevent file creation and modification outside of allowed directories. OpenBSD advisory 4311

	5/13/2004	procfs
		Incorrect bounds checking vulnerability Incorrect bounds checking in several procfs functions could allow an unprivileged malicious user to read arbitrary kernel memory. OpenBSD advisory 4332


Distribution:			Red Hat
	5/10/2004	utempter
		Temporary file vulnerability Utemper can be userd to overwrite privileged files with symlink. Red Hat advisory 4300

	5/10/2004	libpng
		Denial of service vulnerability An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. Red Hat advisory 4301

	5/10/2004	OpenOffice
		Format string vulnerability An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using OpenOffice. Red Hat advisory 4302

	5/10/2004	mc
		Multiple vulnerabilities This patch corrects many vulnerabilities of Midnight Commander. Red Hat advisory 4303

	5/12/2004	kernel
		Multiple vulnerabilities This patches the 2.4.x kernel for a wide variety of platforms to fix a large number of bugs, including several with security implications. Red Hat advisory 4324

	5/12/2004	ipsec-tools Multiple vulnerabilities
		Multiple vulnerabilities This patch fixes three seperate vulnerabilities in IPSec under Red Hat. Red Hat advisory 4325


Distribution:			Slackware
	5/10/2004	rsync
		Improper write access vulnerability When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Slackware advisory 4306

	5/10/2004	sysklogd
		Denial of service vulnerability New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Slackware advisory 4307

	5/10/2004	xine-lib Arbitrary code execution vulnerability
		Denial of service vulnerability Playing a specially crafted Real RTSP stream could run malicious code as the user playing the stream. Slackware advisory 4308

	5/10/2004	libpng
		Denial of service vulnerability libpng could be caused to crash, creating a denial of service issue if network services are linked with it. Slackware advisory 4309

	5/10/2004	lha
		Multiple vulneraiblities Fixes buffer overflows and directory traversal vulnerabilities. Slackware advisory 4310

	5/13/2004	apache
		Multiple vulnerabilities Patch corrects denial of service and shell escape vulnerabilities. Slackware advisory 4333


Distribution:			Suse
	5/10/2004	kernel
		Multiple vulnerabilities This patch fixes a large number of minor vulnerabilities and bugs related to the SuSE 8.1 and SuSE 9.0 kernels. SUSE advisory 4304

	5/10/2004	Live
		CD 9.1 Passwordless superuser A configuration error on the Live CD allows for a passwordless, remote root login to the system via ssh, if the computer has booted from the Live CD and if it is connected to a network. SUSE advisory 4305

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR