May 21, 2004

Linux Advisory Watch - May 21, 2004

Author: Benjamin D. Thomas

This week, advisories were
released for heimdal, cvs, neon, cadaver, libpng, iproute, lha, mailman, kdelibs,
tcpdump, utempter, subversion, exim, Pound, ProFTPD, Icecast, libuser, passwd,
apache, kdelibs, cadaver, mc, rsync, the and kernel. The distributors include
Debian, Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.

Security Failure

Over the years computer
systems and networks of all types have been the object of attack and compromise.
Generally, systems that are compromised have similar characteristics. I will
focus on some of the more common shortcomings. First, failure to have adequate
security policies and procedures. What information assets should be protected?
Who and what are they being protected from, and how should they be protected?
All these questions should be addressed formally. A security policy provides
direction and justification. Next, poor system logging and auditing. On many
occasions, system administrators fail to review log files. If the job is too
big to do it manually, there are many automated tools that will do a fine job.
Knowing the network and its traffic patterns intimately can have many advantages.

Failure to patch vulnerable services or applications in a timely
fashion is a major contributor. Begin testing patches as soon as they are publicly
available. After it has been determined stable, roll the changes out to production.
Also, don't forget to verify those MD5s! Next, poor password generation and
management can be troublesome. It is important to be sure that users are choosing
and using strong passwords. Often, this is the only form of control used. Remember,
weak passwords or bad key management practices can circumvent even the strongest
cryptography schemes.

Unused software/tools/commands should be removed, and network
services should be disabled. If it is not there, it can't be exploited. You'll
find that this is one technique that many hardened distributions (such as EnGarde
Linux) use. A Web server does not need X11, games, etc. The system should be
built for one purpose, exposing it to the least amount of risk. It is also important
to ensure that all configurations are correct. On many distributions, the default
settings are generally calibrated for usability, rather than high security.
It is up to you to do the necessary research to find out what changes must be
made. This also brings up the point of removing or disabling any pre-installed
accounts or default passwords.

Finally, it is imperative that the system is protected from
remote network attacks. A properly configured, restrictive, firewall can go
a long way in improving a systems security posture. In several situations, I've
seen companies with firewalls that virtually allow all traffic through. Over
time, service by service, new rules are added after each complaint. Rather than
provide strong security, it only gives false assurance. By taking simple precautions,
security can greatly be improved. Give your valuable information the protection
it deserves.

Until next time, cheers!
Benjamin D. Thomas

 

LinuxSecurity
Feature Extras:

Guardian
Digital Security Solutions Win Out At Real World Linux

- Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian Digital's
enterprise and small business applications were stand-out successes.

Interview
with Siem Korteweg: System Configuration Collector

- In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open source,
and information on future developments.

Security:
MySQL and PHP

- This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Debian
  5/18/2004 heimdal
    Buffer
overflow vulnerability

This problem could perhaps be exploited to cause the daemon to read a negative
amount of data which could lead to unexpected behaviour.

Debian advisory 4347

 
  5/19/2004 cvs
    Heap overflow
vulnerability

Stefan Esser discovered a heap overflow in the CVS server, which serves
the popular Concurrent Versions System.

Debian advisory 4375

 
  5/19/2004 neon
    Heap overflow
vulnerability

User input is copied into variables not large enough for all cases. This
can lead to an overflow of a static heap variable.

Debian advisory 4376

 
  5/19/2004 cadaver
    Heap overflow
vulnerability

User input is copied into variables not large enough for all cases. This
can lead to an overflow of a static heap variable.

Debian advisory 4377

 
 
Distribution: Fedora
  5/14/2004 libpng
    1.2.2
Information leak vulnerability

Fixes a possible out-of-bounds read in the error message handler.

Fedora advisory 4340

 
  5/14/2004 libpng
    1.0.13
Information leak

Fixes a possible out-of-bounds read in the error message handler.

Fedora advisory 4341

 
  5/14/2004 iproute
    Denial
of service vulnerability

iproute 2.4.7 and earlier allows local users to cause a denial of service
via spoofed messages as other users to the kernel netlink interface.

Fedora advisory 4342

 
  5/14/2004 lha
    Multiple
vulnerabilities

Ulf Hþrnhammar discovered two stack buffer overflows and two directory traversal
flaws in LHA.

Fedora advisory 4343

 
  5/18/2004 mailman
    Cross-site
scripting vulnerability

A cross-site scripting (XSS) vulnerability exists in the admin CGI script
for Mailman before 2.1.4.

Fedora advisory 4353

 
  5/18/2004 neon
    Format
string vulnerabilities

Exploiting these bugs may allow remote malicious WebDAV servers to execute
arbitrary code.

Fedora advisory 4354

 
  5/18/2004 cvs
    Chroot
escape vulnerability

The client for CVS before 1.11.15 allows a remote malicious CVS server to
create arbitrary files by using absolute pathnames during checkouts or updates.


Fedora advisory 4355

 
  5/18/2004 kdelibs
    Multiple
vulnerabilities

An attacker could create a carefully crafted link such that when opened
by a victim it creates or overwrites a file in the victims home directory.


Fedora advisory 4356

 
 
Distribution: Fedora:
1
  5/19/2004 tcpdump
    Denial
of service vulnerability

Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read
beyond the end of the packet capture buffer and subsequently crash.

Fedora advisory 4368

 
 
Distribution: Fedora:
Legacy
  5/19/2004 utempter
    Insecure
temporary file vulnerability

An updated utempter package that fixes a potential symlink vulnerability
is now available.

Fedora advisory 4369

 
 
Distribution: Fedora:
2
  5/19/2004 kdelibs
    Insufficient
input sanitation

An attacker could create a carefully crafted link such that when opened
by a victim it creates or overwrites a file in the victims home directory.


Fedora advisory 4370

 
 
Distribution: Fedora:
2,1
  5/19/2004 cvs
    Heap overflow
vulnerability

Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could
cause a heap overflow.

Fedora advisory 4371

 
  5/19/2004 neon
    Heap overflow
vulnerability

An attacker could create a malicious WebDAV server in such a way as to allow
arbitrary code execution on the client, such as cadaver.

Fedora advisory 4372

 
  5/19/2004 subversion
    Buffer
overflow vulnerability

An attacker could send malicious requests to a Subversion server and perform
arbitrary execution of code.

Fedora advisory 4373

 
 
Distribution: Fedora:
2
  5/19/2004 ipsec-tools
Denial of service vulnerability
    Buffer
overflow vulnerability

A crafted ISAKMP header can cause racoon to crash.

Fedora advisory 4374

 
 
Distribution: FreeBSD
  5/19/2004 cvs
    Heap overflow
vulnerability

Malformed data can cause a heap buffer to overflow, allowing the client
to overwrite arbitrary portions of the server's memory.

FreeBSD advisory 4367

 
 
Distribution: Gentoo
  5/14/2004 exim
    Buffer
overflow vulnerabiity

When the verify=header_syntax option is set, there is a buffer overflow
in Exim that allows remote execution of arbitrary code.

Gentoo advisory 4344

 
  5/14/2004 libpng
    Denial
of service vulnerability

A bug in the libpng library can be abused using a crafted .png to crash
programs making use of that library.

Gentoo advisory 4345

 
  5/19/2004 Pound
    Format
string vulnerability

There is a format string flaw in Pound, allowing remote execution of arbitrary
code with the rights of the Pound process.

Gentoo advisory 4363

 
  5/19/2004 ProFTPD
    ACL bypass
vulnerability

Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based
Access Control Lists automatically allow remote users full access to available
files.

Gentoo advisory 4364

 
  5/19/2004 Icecast
    Denial
of service vulnerability

Icecast is vulnerable to a denial of service attack allowing remote users
to crash the application.

Gentoo advisory 4365

 
  5/19/2004 KDE
    Insufficient
input sanitation

Vulnerabilities in KDE URI handlers makes your system vulnerable to various
attacks.

Gentoo advisory 4366

 
 
Distribution: Mandrake
  5/18/2004 libuser
    Denial
of service vulnerability

Steve Grubb discovered a number of problems in the libuser library that
can lead to a crash in applications linked to it, or possibly write 4GB
of garbage to the disk.

Mandrake advisory 4350

 
  5/18/2004 passwd
    Multiple
vulnerabilities

Passwords given to passwd via stdin are one character shorter than they
are supposed to be. He also discovered that pam may not have been sufficiently
initialized to ensure safe and proper operation.

Mandrake advisory 4351

 
  5/18/2004 apache
    Multiple
vulnerabilities

Patch fixes four seperate apache vulnerabilities.

Mandrake advisory 4352

 
  5/19/2004 kdelibs
    Insufficient
input sanitation

This vulnerability can allow remote attackers to create or truncate arbitrary
files.

Mandrake advisory 4360

 
  5/19/2004 cvs
    Buffer
overflow vulnerability

Stefan Esser discovered that malformed "Entry" lines can be used to overflow
malloc()ed memory in a way that can be remotely exploited.

Mandrake advisory 4361

 
  5/19/2004 libneon
    Heap overflow
vulnerability

It was discovered that in portions of neon can be used to overflow a static
heap variable.

Mandrake advisory 4362

 
 
Distribution: Red
Hat
  5/18/2004 kdelibs
    Multiple
vulnerabilities

Updated kdelibs packages that fix telnet URI handler and mailto URI handler
file vulnerabilities are now available.

Red Hat advisory 4348

 
  5/19/2004 cvs
    Buffer
overflow vulnerability

An updated cvs package that fixes a server vulnerability that could be exploited
by a malicious client is now available.

Red Hat advisory 4358

 
  5/19/2004 cadaver
    Heap overflow
vulnerability

An updated cadaver package is now available that fixes a vulnerability in
neon which could be exploitable by a malicious DAV server.

Red Hat advisory 4359

 
  5/19/2004 mc
    Multiple
vulnerabilities

Updated mc packages that resolve several buffer overflow vulnerabilities,
one format string vulnerability and several temporary file creation vulnerabilities
are now available.

Red Hat advisory 4378

 
  5/19/2004 rsync
    Chroot
escape vulnerability

An updated rsync package that fixes a directory traversal security flaw
is now available.

Red Hat advisory 4379

 
  5/19/2004 libpng
    Denial
of service vulnerability

An attacker could carefully craft a PNG file in such a way that it would
cause an application linked to libpng to crash when opened by a victim.


Red Hat advisory 4380

 
 
Distribution: Slackware
  5/17/2004 mc
    Multiple
vulnerabilities

These could lead to a denial of service or the execution of arbitrary code
as the user running mc.

Slackware advisory 4346

 
  5/18/2004 kdelibs
    Multiple
vulnerabilities

The telnet, rlogin, ssh and mailto URI handlers in KDE do not do sufficient
argument checking, allowing improper passing of arguments.

Slackware advisory 4349

 
 
Distribution: Suse
  5/14/2004 mc
    Multiple
vulnerabilities

This patch fixes buffer overflows, temporary file problems and format string
bugs associated with Midnight Commander.

SUSE advisory 4339

 
  5/19/2004 cvs
    Buffer
overflow vulnerability

Stefan Esser reported buffer overflow conditions within the cvs program.


SUSE advisory 4357

 
 
Distribution: Trustix
  5/14/2004 apache
    Multiple
vulnerabilities

This patch addresses a wide variety of known apache vulnerabilities.

Trustix advisory 4337

 
  5/14/2004 kernel
    Privilege
escalation vulnerability

Patch corrects a local root exploit.

Trustix advisory 4338

 

Category:

  • Linux