May 23, 2003

Linux Advisory Watch - May 23rd, 2003

- by Benjamin D.

This week, advisories were released for bugzilla, lv, mysql, sendmail, bitchx,
PHP, gnupg, cdrtools, xinetd, fileutils, lpr, epic4, glibc, mod_ssl, and quotacheck.
The distributors include Conectiva, Debian, Guardian Digital, Gentoo, Immunix,
Mandrake, OpenPKG, RedHat, and Slackware. There were not any advisories that
particularly caught my attention. Perhaps the most serious are lpr, cdrecord,
and lv, all of which may result in a local root compromise. If you are using
these packages, they should be updated immediately.

Many of you probably have experience in general network security. Also, many
of you have probably worked with wireless equipment. In the last three years
I've seen hundreds of articles and whitepapers on how to improve the security
of wireless networks. Each paper usually falls into two categories. First, I
have found that about 80% of the papers are too broad and do not provide any
useful information. The other 20% of articles/whitepapers are helpful in that
they focus on specific issues.

Recently, I had the opportunity to read the O'Reilly book, 802.11
. It was written by Bruce Potter and Bob Fleck and published
early this year. If you are looking for a overall source for 802.11 security,
I highly recommend this book. Although it is only 176 pages long, it is cram-packed
with information. Like all O'Reilly books, it is suitable and interesting enough
to read from cover to cover or can be easily used as a reference.

The book begins with an introduction to wireless networking and quickly moves
into explaining types of attacks and potential risks. The second part book focuses
on locking down five types of wireless workstations. It includes specific chapters
that cover FreeBSD, Linux, OpenBSD, OS X, and Windows. Next, it covers aspects
pertaining to access point security and provides guidance on how to build a
Linux, FreeBSD, or OpenBSD gateway. The book concludes with a chapter on authentication
and encryption, and a chapter that discusses several wireless networking issues
and predicts what the future will hold. Although no one can claim that this
book is fully comprehensive, it does provide enough information to get started.
Some of you will probably be looking for more detailed information, while others
will think that it is the perfect dose. Once again, if you are looking for a
general book on 802.11 security, take a look at what O'Reilly has to offer.

Until next time,
Benjamin D. Thomas


LinuxSecurity Feature Extras:

Intrusion Detection Systems: An Introduction

Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels there
are two forms of Intrusion Detection Systems that you will encounter: Host
and Network based.

At the RealWorld Linux Expo in Toronto, Guardian
Digital launched the next generation of the Community edition of EnGarde Secure
- the secure and easy to manage system for building a complete Internet
presence while protecting your information assets. Download
the FREE trial today!

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability.

[ Subscribe

Distribution: Conectiva

 5/22/2003bugzilla   multiple vulnerabilities

There are multiple vulnerabilities in bugzilla.
  Distribution:Debian 5/16/2003lv   privilege escalation vulnerability

lv reads options from a configuration file in the current directory. Because
such a file could be placed there by a malicious user, and lv configuration
options can be used to execute commands, this represented a security vulnerability.
  5/16/2003mysql   privilege escalation vulnerability

There are multiple vulnerabilities in the mysql package.
  5/16/2003sendmail   insecure tmp file vulnerability

aul Szabo discovered bugs in three scripts included in the sendmail package
where temporary files were created insecurely (expn, checksendmail and
  5/19/2003bitchx   multiple vulnerabilities

Timo Sirainen discovered several overflow problems in BitchX.
  Distribution:EnGarde 5/20/2003'swatch' incorrect value in default configuration   multiple vulnerabilities

A bug was recently discovered in the default configuration of the daily
log summaries. The default address is set incorrectly causing daily summaries
to bounce until the system is ran through the initial configuration process
or the admin e-mail address is changed.
  5/21/2003PHP   debugging and PEAR fixes

This update disables debugging and enables support for PEAR in EnGarde's
PHP packages.
  Distribution:Gentoo 5/16/2003gnupg   key validation bug

As part of the development of GnuPG 1.2.2, a bug was discovered in the key
validation code.
  5/16/2003ut2003-demo passive DOS exploit   key validation bug

There is a negative sign bug in the unreal tournement engine.
  5/18/2003cdrtools   privilege escalation vulnerability

Incorrect link fixed. A vulnerability in cdrecord that could lead to a root
compromise was discovered. cdrecord is not installed suid by default in
  5/19/2003lv   arbitrary command execution vulnerability

Previous versions of lv read the file .lv in the current directory. Becuse
this file could be created by other users and could contain malicious commands
to execute upon viewing certain files this is considered a potential local
root exploit.
  5/19/2003xinetd   denial of service vulnerability

Steve Stubb has discovered that xinetd leaks 144 bytes for every connection
it rejects.
  Distribution:Immunix 5/16/2003fileutils   race condition vulnerability

Steve Stubb has discovered that xinetd leaks 144 bytes for every connection
it rejects.
  Distribution:Mandrake 5/22/2003cdrecord   privilege escalation vulnaerbility

A vulnerability in cdrecord was discovered that can be used to obtain root
access because Mandrake Linux ships with the cdrecord binary suid root and
sgid cdwriter.
  5/22/2003lpr   buffer overflow vulnerability

A buffer overflow was discovered in the lpr printer spooling system that
can be exploited by a local user to gain root privileges.
  Distribution:OpenPKG 5/16/2003gnupg   incorrect key validation vulnerability

The GNU Privacy Guard (GnuPG) development team discovered that the key validation
code in GnuPG 1.2.1 and older versions does not properly determine the validity
of keys with multiple user IDs
  Distribution:RedHat 5/16/2003lv   privilege escalation vulnerability

A bug has been found in versions of lv that read a .lv file in the current
directory. Local attackers can use this to place an .lv file in any directory
to which they have write access.
  5/21/2003gnupg   key validation bug

Updated gnupg packages correcting a bug in the GnuPG key validation functions
are now available.
  Distribution:Slackware 5/22/2003epic4   multiple vulnerabilities

New EPIC4 packages are available to fix security problems found by Timo
  5/22/2003bitchx   multiple vulnerabilities

Timo Sirainen discovered several overflow problems in BitchX.
  5/22/2003glibc   buffer overflow vulnerability

An integer overflow in the xdrmem_getbytes() function found in the glibc
library has been fixed.
  5/22/2003gnupg   key validation bug

A key validation bug which results in all user IDs on a given key being
treated with the validity of the most-valid user ID on that key has been
fixed with the release of GnuPG 1.2.2.
  5/22/2003mod_ssl   timing based attack vulnerability

This version provides RSA blinding by default which prevents an extended
timing analysis from revealing details of the secret key to an attacker.
  5/22/2003quotacheck   vulnerability

An upgraded sysvinit package is available which fixes a problem with the
use of quotacheck in /etc/rc.d/rc.M.


  • Security
Click Here!