October 22, 2004

Linux Advisory Watch - October 22, 2004

Author: Preston St. Pierre

This week, advisories were released for libtiff, libpng, ecartis, BNC, phpMyAdmin,
Squid, PostgreSQL, Ghostscript, glibc, CUPS, mod_ssl, mozilla, cvs, gaim, wxGTK2,
squid, wxGTK2, xpdf, gpdf, kdegraphics, ImageMagick, and mysql. The distributors
include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and Trustix.xlock and vlock

If you wander away from your machine from time to time, it is nice
to be able to "lock" your console so that no one tampers with or looks
at your work. Two programs that do this are: xlock and vlock.

Xlock is a X display locker. It should be included in any Linux
distributions that support X. Check out the man page for it for more
options, but in general you can run xlock from any xterm on your console
and it will lock the display and require your password to unlock.

vlock is a simple little program that allows you to lock some or all of
the virtual consoles on your Linux box. You can lock just the one you
are working in or all of them. If you just lock one, others can come in
and use the console, they will just not be able to use your virtual TTY
until you unlock it. vlock ships with Red Hat Linux, but your mileage may
vary.

Of course locking your console will prevent someone from tampering with
your work, but does not prevent them from rebooting your machine or
otherwise disrupting your work. It also does not prevent them from
accessing your machine from another machine on the network and causing
problems.

More importantly, it does not prevent someone from switching out of the X
Window System entirely, and going to a normal virtual console login prompt,
or to the VC that X11 was started from, and suspending it, thus obtaining
your privileges. For this reason, you might consider only using it while
under control of xdm. At the very least, start X in the background, and
log out of the console

Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@guardiandigital.com)


LinuxSecurity.com
Feature Extras:

Mass
deploying Osiris
- Osiris is a centralized file-integrity program
that uses a client/server architecture to check for changes on a system. A central
server maintains the file-integrity database and configuration for a client
and at a specified time, sends the configuration file over to the client, runs
a scan and sends the results back to the server to compare any changes. Those
changes are then sent via email, if configured, to a system admin or group of
people. The communication is all done over an encrypted communication channel.

AIDE
and CHKROOTKIT
-Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.

An
Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code

- Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at LinuxSecurity.com.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]


Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[
Subscribe

 
Distribution: Conectiva
  10/18/2004 gtk+ image loading vulnerabilities fix
    A vulnerability found in the gdk-pixbuf bmp loader could allow a specially crafted BMP image to hang applications in an infinite loop (CAN-2004-0753[2]).

http://www.linuxsecurity.com/advisories/conectiva_advisory-4965.html
 
 
Distribution: Debian
  10/15/2004 libtiff
    remote code execution fix

Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash.

http://www.linuxsecurity.com/advisories/debian_advisory-4960.html

 
  10/16/2004 cyrus-sasl-mit arbitrary code execution fix
    remote code execution fix

A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

http://www.linuxsecurity.com/advisories/debian_advisory-4961.html

 
  10/18/2004 netkit-telnet-ssl denial of service fix
    remote code execution fix

Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer.

http://www.linuxsecurity.com/advisories/debian_advisory-4963.html

 
  10/18/2004 netkit-telnet denial of service real fix
    remote code execution fix

Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer.

http://www.linuxsecurity.com/advisories/debian_advisory-4964.html

 
  10/20/2004 libpng
    several vulnerabilities fix

Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.

http://www.linuxsecurity.com/advisories/debian_advisory-4974.html

 
  10/20/2004 libpng3
    several vulnerabilities fix

Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.

http://www.linuxsecurity.com/advisories/debian_advisory-4975.html

 
  10/21/2004 ecartis
    unauthorised access to admin interface fix

A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.

http://www.linuxsecurity.com/advisories/debian_advisory-4986.html

 
  10/21/2004 cupsys
    arbitrary code execution fix

Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.

http://www.linuxsecurity.com/advisories/debian_advisory-4988.html

 
 
Distribution: Fedora
  10/15/2004 gimp-2.0.5-0.fc2.3 update
    arbitrary code execution fix

A brown paper bag release -- I missed that 1bpp and 24bpp are also valid for BMP.

http://www.linuxsecurity.com/advisories/fedora_advisory-4958.html

 
  10/18/2004 glib2-2.4.7-1.1 update
    arbitrary code execution fix

Glib 2.4.7 contains many bug fixes, notably a fix for bug 126666.

http://www.linuxsecurity.com/advisories/fedora_advisory-4966.html

 
  10/18/2004 gtk2-2.4.13-2.1 update
    arbitrary code execution fix

GTK+ 2.4.13 contains many bug fixes, with an emphasis on making the new file chooser work better.

http://www.linuxsecurity.com/advisories/fedora_advisory-4967.html

 
  10/21/2004 tzdata-2004e-1.fc2 update
    arbitrary code execution fix

Previous tzdata-2004e-1.fc2 announcement from 2004-10-12 had wrong md5sums (before signing).

http://www.linuxsecurity.com/advisories/fedora_advisory-4991.html

 
  10/21/2004 xpdf-3.00-3.4 update
    arbitrary code execution fix

Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened.

http://www.linuxsecurity.com/advisories/fedora_advisory-4992.html

 
  10/21/2004 openoffice.org-1.1.2-10.fc2 update
    arbitrary code execution fix

This update is equivalent to the Fedora Core 3 version of OpenOffice.org. The changes since the previous version of OpenOffice.org in Fedora Core 2 are too numerous to list here, but there are quite a few notable improvements.

http://www.linuxsecurity.com/advisories/fedora_advisory-4996.html

 
 
Distribution: Gentoo
  10/15/2004 BNC
    Input validation flaw

BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4957.html

 
  10/18/2004 phpMyAdmin
    Vulnerability in MIME-based transformation system

A vulnerability has been found in the MIME-based transformation system of phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's "safe mode" is disabled.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4962.html

 
  10/18/2004 Squid
    Remote DoS vulnerability

Squid contains a vulnerability in the SNMP module which may lead to a denial of service.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4968.html

 
  10/18/2004 PostgreSQL
    Insecure temporary file use in make_oidjoins_check

The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4969.html

 
  10/20/2004 OpenOffice.org Temporary files disclosure
    Insecure temporary file use in make_oidjoins_check

OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4982.html

 
  10/20/2004 Ghostscript
    Insecure temporary file use in multiple scripts

Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4983.html

 
  10/21/2004 glibc
    Insecure tempfile handling in catchsegv script

The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4989.html

 
  10/21/2004 CUPS
    Multiple integer overflows

Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4990.html

 
  10/21/2004 mod_ssl
    Bypass of SSLCipherSuite directive

In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4995.html

 
 
Distribution: Mandrake
  10/20/2004 mozilla
    update fix

A number of vulnerabilities were fixed in mozilla 1.7.3.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4971.html

 
  10/20/2004 libtiff
    update fix

Several vulnerabilities have been discovered in the libtiff package.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4972.html

 
  10/20/2004 cvs
    update fix

iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4973.html

 
  10/20/2004 libtiff
    multiple vulnerabilities fix

Several vulnerabilities have been discovered in the libtiff package.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4976.html

 
  10/21/2004 cvs
    vulnerability fix

iDEFENSE discovered a flaw in CVS versions prior to 1.1.17 in an undocumented switch implemented in CVS' history command. The -X switch specifies the name of the history file which allows an attacker to determine whether arbitrary system files and directories exist and whether or not the CVS process has access to them.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4984.html

 
  10/21/2004 mozilla
    vulnerabilities fix

A number of vulnerabilities were fixed in mozilla 1.7.3.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4985.html

 
  10/21/2004 gaim
    vulnerabilities fix

More vulnerabilities in gaim include nstalling smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. There is also a buffer overflow in the way gaim handles receiving very long URLs.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4993.html

 
  10/21/2004 wxGTK2
    vulnerabilities fix

Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4994.html

 
  10/21/2004 squid
    SNMP processing vulnerability fix

iDEFENSE discovered a Denial of Service vulnerability in squid version 2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error where certain header length combinations can slip through the validations performed by the ASN1 parser, leading to the server assuming there is heap corruption or some other exceptional condition, and closing all current connections then restarting.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4997.html

 
  10/21/2004 wxGTK2
    vulnerabilities fix

Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4998.html

 
  10/21/2004 gaim
    vulnerabilities fix

More vulnerabilities have been discovered in the gaim instant messenger client.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4999.html

 
  10/22/2004 xpdf
    vulnerabilities fix

Chris Evans discovered numerous vulnerabilities in the xpdf package which can result in DOS or possibly arbitrary code execution.

http://www.linuxsecurity.com/advisories/mandrake_advisory-5000.html

 
  10/22/2004 gpdf
    DoS vulnerability fix

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as gpdf.

http://www.linuxsecurity.com/advisories/mandrake_advisory-5001.html

 
  10/22/2004 cups
    DoS vulnerabilities fix

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code.

http://www.linuxsecurity.com/advisories/mandrake_advisory-5002.html

 
  10/22/2004 kdegraphics
    DoS vulnerability fix

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as kpdf.

http://www.linuxsecurity.com/advisories/mandrake_advisory-5003.html

 
 
Distribution: Red Hat
  10/20/2004 ImageMagick
    security vulnerabilities fix

Updated ImageMagick packages that fix various security vulnerabilities are now available.

http://www.linuxsecurity.com/advisories/redhat_advisory-4977.html

 
  10/20/2004 mysql
    minor security issues and bugs fix

Updated mysql packages that fix various temporary file security issues, as well as a number of bugs, are now available.

http://www.linuxsecurity.com/advisories/redhat_advisory-4978.html

 
  10/20/2004 squid
    vulnerability fix

An updated squid package that fixes a remote denial of service vulnerability is now avaliable.

http://www.linuxsecurity.com/advisories/redhat_advisory-4979.html

 
  10/20/2004 mysql
    security issues and bugs fixes

Updated mysql packages that fix various security issues, as well as a number of bugs, are now available for Red Hat Enterprise Linux 2.1.

http://www.linuxsecurity.com/advisories/redhat_advisory-4980.html

 
  10/20/2004 gaim
    security issues and bugs fixes

An updated gaim package that fixes security issues, fixes various bugs, and includes various enhancements for Red Hat Enterprise Linux 3 is now avaliable.

http://www.linuxsecurity.com/advisories/redhat_advisory-4981.html

 
 
Distribution: Suse
  10/21/2004 kernel
    remote denial of service

An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.

http://www.linuxsecurity.com/advisories/suse_advisory-4987.html

 
 
Distribution: Trustix
  10/15/2004 libtiff, mysql, squid, cyrus-sasl Multiple security vulnerabilities
    remote denial of service

Multiple security vulnerabilities in mysql, squid, cyrus-sasl and libtiff.

http://www.linuxsecurity.com/advisories/trustix_advisory-4959.html

 
Click Here!