November 8, 2002

Linux Advisory Watch - November 8th 2002

By:  Benjamin D.
Thomas

Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability.This week, advisories were released for log2mail, apache, luxman, wmaker,
squirrelmail, IPFilter, perl-MailTools, glibc, kerberos, heartbeat, dvips,
krb5, gv, tar/unzip, ypserv, and linuxconf.  The distributors include
Conectiva, Debian, Gentoo, NetBSD, Red Hat, and SuSE.

LinuxSecurity Feature Extras:

FEATURE:
Security - Physical and Service
The first installation of a 3 part
article covering everything from physical security and service security
to LAMP security (Linux Apache MySQL PHP).

FEATURE:
Remote Syslogging - A Primer
The syslog daemon is a very versatile
tool that should never be overlooked under any circumstances. The facility
itself provides a wealth of information regarding the local system that
it monitors.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]


 
Package: log2mail
Date: 11-01-2002
Description: Enrico
Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles
and sending lines with matching patterns via mail. The log2mail daemon
is started upon system boot and runs as root.  A specially crafted
(remote) log message could overflow a static buffer, potentially leaving
log2mail to execute arbitrary code as root.
Vendor Alerts: Debian: 
http://security.debian.org/pool/updates/main/l/log2mail/
log2mail_0.2.5.1_i386.deb
Size/MD5 checksum:   
38532 ca7b3f97063ee1de06eb2ec97c3c4f52
 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2525.html

 

 

Package: apache
Date: 11-04-2002
Description: According
to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely
exploitable vulnerabilities have been found in the Apache package, a commonly
used webserver.  These vulnerabilities could allow an attacker to
enact a denial of service against a server or execute a cross scripting
attack. 
Vendor Alerts: Debian: 
http://security.debian.org/pool/updates/main/a/apache/
apache_1.3.9-14.3_i386.deb
Size/MD5 checksum:  
359946 aae786f44f00d4c62b09ccd33fbef609

http://security.debian.org/pool/updates/main/a/apache/
apache-common_1.3.9-14.3_i386.deb
Size/MD5 checksum:  
718786 33046433f742f4bf5628d82afad4c18e

http://security.debian.org/pool/updates/main/a/apache/
apache-dev_1.3.9-14.3_i386.deb
Size/MD5 checksum:  
548902 86fd170a541de8c70d5abff2fca8d544
 

 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2526.html

Debian Vendor Advisory:
(apache-ssl)

http://www.linuxsecurity.com/advisories/debian_advisory-2527.html
 

Conectiva:

Conectiva Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2531.html

 

Package: luxman
Date: 11-06-2002
Description: iDEFENSE
reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar
to the PacMan arcade game.  When successfully exploited it a local
attacker with read write access to the Memory, leading to a local root
compromise in many ways, examples of which include scanning the file for
fragments of the master password file and modifying kernel memory to re-map
system calls.
Vendor Alerts: Debian: 
http://security.debian.org/pool/updates/main/l/
luxman/luxman_0.41-17.1_i386.deb
Size/MD5 checksum:  
290680 e9aa37d421068e828307ef5c816ad72d
 

 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2538.html

 

 

Package: wmaker
Date: 11-07-2002
Description: iDEFENSE
reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar
to the PacMan arcade game.  When successfully exploited it a local
attacker with read write access to the Memory, leading to a local root
compromise in many ways, examples of which include scanning the file for
fragments of the master password file and modifying kernel memory to re-map
system calls.
Vendor Alerts: Debian: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2541.html

 

 

Package: squirrelmail
Date: 11-07-2002
Description: Several
cross site scripting vulnerabilities have been found in squirrelmail, a
feature-rich webmail package written in PHP4. 
Vendor Alerts: Debian: 
http://security.debian.org/pool/updates/main/s/
squirrelmail/squirrelmail_1.2.6-1.1_all.deb
Size/MD5 checksum: 
1839498 9e9c7ff1f5b42aaea021af563b76deaa
 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2543.html

 

 

Package: IPFilter
(FTP)
Date: 11-05-2002
Description: FTP
proxy module in IPFilter package may not adequately maintain the state
of FTP commands and responses. As a result, an attacker could establish
arbitrary TCP connections to FTP servers or clients located behind a vulnerable
firewall.
Vendor Alerts: NetBSD: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-2528.html

 

 

Package: perl-MailTools
Date: 11-05-2002
Description: This
package contains a security hole which allows remote attackers to execute
arbitrary commands in certain circumstances. This is due to the usage of
mailx as default mailer which allows commands to be embedded in the mail
body. 
Vendor Alerts: SuSE: 
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
perl-MailTools-1.47-29.i586.rpm
d41d8cd98f00b204e9800998ecf8427e
 

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2529.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2530.html

 

 

Package: glibc
Date: 11-07-2002
Description: A
read buffer overflow vulnerability exists in the glibc resolver code in
versions of glibc up to and including 2.2.5.  The vulnerability is
triggered by DNS packets larger than 1024 bytes and can cause applications
to crash.
Vendor Alerts: Red Hat: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2542.html
 

Conectiva:

Contectiva Vendor
Advisory:

http://www.linuxsecurity.com/advisories/other_advisory-2537.html

 

 

 

Package: kerberos
Date: 11-07-2002
Description: A
remotely exploitable stack buffer overflow has been found in the Kerberos
v4 compatibility administration daemon distributed with the Red Hat Linux
krb5 packages.
Vendor Alerts: Red Hat: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2544.html

 

 

 

Package: heartbeat
Date: 11-03-2002
Description: Nathan
Wallwork reported several format string vulnerabilities[2] in heartbeat
that could possibly be used by a remote attacker to execute arbitrary code
with root privileges.
Vendor Alerts: Conectiva: 
ftp://atualizacoes.conectiva.com.br/8/RPMS/
heartbeat-0.4.9.1-2U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/
heartbeat-ldirectord-0.4.9.1-2U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/
heartbeat-stonith-0.4.9.1-2U80_1cl.i386.rpm
 

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2532.html

 

 

 

Package: dvips
Date: 11-03-2002
Description: Olaf
Kirch from SuSE discovered a vulnerability in the dvips utility, 
which is used to convert .dvi files to PostScript. dvips is calling the
system() function in an insecure way when handling font names. An attacker
can exploit this by creating a carefully crafted dvi file which, when opened
by dvips, will cause the execution of arbitrary commands. 
Vendor Alerts: Conectiva: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2533.html

 

 

Package: krb5
Date: 11-07-2002
Description: There
is a buffer overflow vulnerability[2][3] in the Kerberos 4 remote administration
service (kadmind4) that could be used by a remote attacker to execute arbitrary
commands on the server with root privileges. 
Vendor Alerts: Conectiva: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2534.html

 

 

Package: gv
Date: 11-07-2002
Description: Zen
Parse found[1] a buffer overflow vulnerability in gv version 3.5.8 and
earlier. kghostview (from kdegraphics versions prior to 3.0.4) is also
affected, since it has some code derived from the same
 project.
An attacker can exploit this vulnerability by creating a carefully crafted
pdf file that, when opened by gv or kghostview, causes the execution of
arbitrary code.
Vendor Alerts: Conectiva: 
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2535.html

 

 

Package: tar/unzip
Date: 11-07-2002
Description: Both
tar and unzip have directory transversal vulnerabilities in the way they
extract filenames containning ".." or "/" characteres at the beginning.
By exploiting these vulnerabilities, a malicious user can overwrite arbitrary
files if the user unpacking such an archive has sufficient filesystem permissions
to do so. 
Vendor Alerts: Conectiva: 
ftp://atualizacoes.conectiva.com.br/8/RPMS/
tar-1.13.25-2U80_1cl.i386.rpm 

ftp://atualizacoes.conectiva.com.br/8/RPMS/
unzip-5.50-1U80_1cl.i386.rpm 

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2536.html

 

 

Package: ypserv
Date: 11-07-2002
Description: Thorsten
Kukuk identified and fixed a memory leak vulnerability[2] in the ypserv
daemon. Requests for non-existing maps would cause the ypserv daemon to
consume more and more memory. An attacker in the local network could flood
the service with such requests until the memory is exhausted, characterizing
a DoS condition.
Vendor Alerts: Conectiva: 
ftp://atualizacoes.conectiva.com.br/8/RPMS/
ypserv-1.3.12-4U80_1cl.i386.rpm
 

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2539.html

 

 

Package: linuxconf
Date: 11-06-2002
Description: There
is a problem[1] in the sendmail.cf file generated by the mailconf module
that allows sendmail to be used as an open relay. By exploiting this vulnerability,
a malicious user could send SPAM
 through
the sendmail server without being in its served network. In order to do
that, the recipient address of the messages must be in the format "user%domain@". 
Vendor Alerts: Conectiva: 
ftp://atualizacoes.conectiva.com.br/8/RPMS/
linuxconf-mailconf-1.25r3-39U80_1cl.i386.rpm 

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2540.html

 

Category:

  • Security
Click Here!