November 1, 2002

Linux Advisory Watch - November 1st 2002

- By: Benjamin D.
Thomas
-

This week, advisories were released for chrn, bzip2, pam_ldap, uudecode, inn,
kdegraphics, krb5, heimdal, mozilla, ypserv, mod_ssl, syslog-ng, and lprng.  The vendors include Caldera, Debian, EnGarde, Gentoo, Mandrake, and SuSE.

 

Package: chfn
Date: 10-30-2002
Description: The
util-linux package vulnerable to privilege escalation when the "ptmptmp"
file is not removed properly when using "chfn" utility.
Vendor Alerts: Caldera: 
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-043.0/RPMS
util-linux-2.11l-5.1.i386.rpm
bea4d3169f518c9ce5453befdc6c2372 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2518.html

 

 

Package: bzip2
Date: 10-29-2002
Description: bzip2
decompresses files with world-readable permissions before setting the permissions
to what is specified in the bzip2 archive, which could allow local users
to read the files as they are being decompressed.
Vendor Alerts: Caldera: 
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-039.0/RPMS

bzip2-1.0.0-7MR.i386.rpm
d54e80dafe3006f18d1d9498078f4bce 

bzip2-devel-1.0.0-7MR.i386.rpm
7eb4a45c2aa65aafd69fd1ef047e1bfd 

bzip2-devel-static-1.0.0-7MR.i386.rpm
b4f91ed45d1e94b2547ce0950b0f49be 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2516.html

 

Package: pam_ldap
Date: 10-29-2002
Description: The
pam_ldap module provides authentication for user access to a system by
consulting a directory using LDAP. Versions of pam_ldap prior to version
144 include a format string bug in the logging function.
Vendor Alerts: Caldera: 
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-041.0/RPMS

pam_ldap-144-1.i386.rpm
8e772565f5fd9933c938cbc7a4a9f229 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2514.html

 

 

Package: uudecode
Date: 10-28-2002
Description: The
uudecode utility would create an output file without checking to see if
it was about to write to a symlink or a pipe. If a user uses uudecode to
extract data into open shared directories, such as /tmp, this vulnerability
could be used by a local attacker to overwrite files or lead to privilege
escalation.
Vendor Alerts: Caldera: 
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-040.0/RPMS

sharutils-4.2.1-7MR.1.i386.rpm
98a9348513f981d0c919de67c7a3fd44 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2510.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2519.html

 

 

Package: inn
Date: 10-25-2002
Description: There
are several format string coding bugs as well as unsecure open() calls
in the inn program.
Vendor Alerts: Caldera: 
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-038.0/RPMS

inn-2.2.3-13.i386.rpm
f707c8840d70ffb02e6377a4f1adb539 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2504.html

 

 

Package: kdegraphics
Date: 10-28-2002
Description: Zen-parse
discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. 
The same code is present in kghostview which is part of the KDE-Graphics
package.  This problem is triggered by scanning the PostScript file
and can be exploited by an attacker sending a malformed PostScript or PDF
file.  The attacker is able to cause arbitrary code to be run with
the privileges of the victim. 
Vendor Alerts: Debian: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2509.html

 

 

Package: krb5
Date: 10-29-2002
Description: Tom
Yu and Sam Hartman of MIT discovered another stack buffer overflow in the
kadm_ser_wrap_in function in the Kerberos v4 administration server. 
This kadmind bug has a working exploit code circulating, hence it is considered
serious.  The MIT krb5 implementation includes support for version
4, including a complete v4 library, server side support for krb4, and limited
client support for v4.
Vendor Alerts: Debian: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2515.html
 

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2517.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2508.html

 

 

Package: heimdal
Date: 10-31-2002
Description: A
stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos
v4 administration server was discovered, which is provided by Heimdal as
well.  A working exploit for this kadmind bug is already circulating,
hence it is considered serious.  The roken library also contains a
vulnerability which could lead to another root exploit.
Vendor Alerts: Debian: 
http://security.debian.org/pool/updates/main/h/heimdal/
heimdal-docs_0.2l-7.6_all.deb
Size/MD5 checksum:   
61812 8800ca27900faa13d5491ab85b8ca743

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2523.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2505.html

 

 

 

Package: mozilla
Date: 10-31-2002
Description: Numerous
security fixes are available in Mozilla 1.0.1.  For a detailed list,
refer to the "Recently fixed security issues" page on the Mozilla website
(see the first reference).  All users are encouraged to upgrade to
this latest stable 1.0.x release of Mozilla. 
Vendor Alerts: Mandrake: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2524.html

 

 

 

Package: ypserv
Date: 10-28-2002
Description: Thorsten
Kukuck discovered a problem in the ypserv program which is part of the
Network Information Services (NIS).  A memory leak in all versions
of ypserv prior to 2.5 is remotely exploitable.  When a malicious
user could request a non-existing map the server will leak parts of an
old domainname and mapname. 
Vendor Alerts: Gentoo: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2507.html

 

 

Package: mod_ssl
Date: 10-27-2002
Description: Thorsten
Kukuck discovered a problem in the ypserv program which is part of the
Network Information Services (NIS).  A memory leak in all versions
of ypserv prior to 2.5 is remotely exploitable.  When a malicious
user could request a non-existing map the server will leak parts of an
old domainname and mapname. 
Vendor Alerts: Gentoo: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2507.html
 

 

EnGarde:

EnGarde Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2512.html

 

 

Package: syslog-ng
Date: 10-31-2002
Description: While
reviewing the syslog-ng fixes made in ESA-20021016-025, Sebastian Krahmer
discovered that the fixes were not sufficient.  This update does a
better job of fixing the buffer overflow and supersedes ESA-20021016-025.
Vendor Alerts: EnGarde: 
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/syslog-ng-1.4.10-1.0.26.i386.rpm
MD5 Sum: 087cfa30bf258810d33041486654d116

i686/syslog-ng-1.4.10-1.0.26.i686.rpm
MD5 Sum: 15f351ea811f27934c9795342ce731c6

  
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2513.html
 

SuSE:

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2521.html

 

 

Package: lprng
Date: 10-31-2002
Description: The
lprng package contains the "runlpr" program which allows the lp user to
execute the lpr program as root. Local attackers can pass certain commandline
arguments to lpr running as root, fooling it to execute arbitrary commands
as root. This has been fixed.  Note that this vulnerability can only
be exploited if the attacker has previously gained access to the lp account.
Vendor Alerts: SuSE: 
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
html2ps-1.0b3-458.i586.rpm
c1990d8139e33176fb02745f3e5b0a05
 

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2522.html

 

Category:

  • Security
Click Here!