Linux Advisory Watch – October 8, 2004

18

Author: Preston St. Pierre

This week, advisories were released
for syscons, shareutils, netpbm, kdelibs, PHP, samba, kernel, XFree86, samba,
getmail, zlib, mozilla, and squid. The distributors include Debian, Slackware,
SuSE, Trustix, and Turbolinux.Password Cracking

If for some reason your passwd program
is not enforcing non easily guessable passwords, you might want to run a password
cracking program and make sure your users passwords are secure.

Password cracking programs work
on a simple idea. They try every word in the dictionary, and then variations
on those words. They encrypt each one and check it against your encrypted password.
If they get a match they are in. Also, the “dictionary” may include usernames,
Star Trek ships, foreign words, keyboard patterns, etc.

There are a number of programs out
there…the two most notable of which are “Crack” and “John the Ripper”

http://www.false.com/security/john/index.html

They will take up a lot
of your CPU time, but you should be able to tell if an attacker could get in
using them by running them first yourself and notifying users with weak passwords.
Note that an attacker would have to use some other hole first in order to get
your passwd (Unix /etc/passwd) file, but these are more common than you might
think.


Excerpt from the LinuxSecurity Administrator’s Guide:

http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@guardiandigital.com)


LinuxSecurity
Feature Extras:

AIDE
and CHKROOTKIT
-Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.

An
Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code

– Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at LinuxSecurity.com.

Security
Expert Dave Wreski Discusses Open Source Security
– Dave Wreski,
CEO of Guardian Digital, Inc. and respected author of various hardened security
and Linux publications, talks about how Guardian Digital is changing the face
of IT security today. Guardian Digital is perhaps best known for their hardened
Linux solution EnGarde Secure Linux, touted as the premier secure, open-source
platform for its comprehensive array of general purpose services, such as web,
FTP, email, DNS, IDS, routing, VPN, firewalling, and much more.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]


Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[
Subscribe
]

 
Distribution: Debian
  10/2/2004 netkit-telnet
invalid free(3)
   

Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby
a remote attacker could cause the telnetd process to free an invalid pointer.


http://www.linuxsecurity.com/advisories/debian_advisory-4886.html

 
  10/4/2004 rp-pppoe,
pppoe missing privilegue dropping
   

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver
from Roaring Penguin. When the program is running setuid root (which is
not the case in a default Debian installation), an attacker could overwrite
any file on the file system.

http://www.linuxsecurity.com/advisories/debian_advisory-4887.html

 
  10/6/2004 libapache-mod-dav
potential denial of service
   

Julian Reschke reported a problem in mod_dav of Apache 2 in connection with
a NULL pointer dereference. When running in a threaded model, especially
with Apache 2, a segmentation fault can take out a whole process and hence
create a denial of service for the whole server.

http://www.linuxsecurity.com/advisories/debian_advisory-4910.html

 
  10/6/2004 net-acct
insecure temporary file creation
   

Stefan Nordhausen has identified a local security hole in net-acct, a user-mode
IP accounting daemon. Old and redundant code from some time way back in
the past created a temporary file in an insecure fashion.

http://www.linuxsecurity.com/advisories/debian_advisory-4913.html

 
 
Distribution: Fedora
  10/5/2004 cups-1.1.20-11.4
Update
   

This update fixes an information leakage problem when printing to SMB shares
requiring authentication. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0923 to this issue.

http://www.linuxsecurity.com/advisories/fedora_advisory-4908.html

 
 
Distribution: FreeBSD
  10/4/2004 syscons
    Boundary
checking errors in syscons

The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input
arguments. In particular, negative coordinates or large coordinates may
cause unexpected behavior.

http://www.linuxsecurity.com/advisories/freebsd_advisory-4904.html

 
 
Distribution: Gentoo
  10/1/2004 sharutils
    Buffer
overflows

sharutils contains two buffer overflow vulnerabilities that could lead to
arbitrary code execution.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4883.html

 
  10/4/2004 netpbm
    Multiple
temporary file issues

Utilities included in old Netpbm versions are vulnerable to multiple temporary
files issues, potentially allowing a local attacker to overwrite files with
the rights of the user running the utility.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4898.html

 
 
Distribution: RedHat
  10/4/2004 kdelibs
    and kdebase
security issues

Updated kdelib and kdebase packages that resolve multiple security issues
are now available.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4899.html

 
 
Distribution: Gentoo
  10/5/2004 NetKit-telnetd
buffer overflows in telnet and telnetd
    and kdebase
security issues

Buffer overflows exist in the telnet client and daemon provided by netkit-telnetd,
which could possibly allow a remote attacker to gain root privileges and
compromise the system.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4909.html

 
  10/5/2004 PHP
    Memory
disclosure and arbitrary location file upload

Two bugs in PHP may allow the disclosure of portions of memory and allow
remote attackers to upload files to arbitrary locations.

http://www.linuxsecurity.com/advisories/gentoo_advisory-4911.html

 
 
Distribution: Mandrake
  10/1/2004 samba
    fix vulnerability

Karol Wiesek discovered a bug in the input validation routines used to convert
DOS path names to path names on the Samba host’s file system. This bug can
be exploited to gain access to files outside of the share’s path as defined
in the smb.conf configuration file.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4888.html

 
  10/5/2004 kernel
    various
enhancements

New kernels are available for Mandrakelinux 10.0 that fix a few bugs and/or
adds enhancements.

http://www.linuxsecurity.com/advisories/mandrake_advisory-4906.html

 
 
Distribution: Red
Hat
  10/4/2004 XFree86
    security
issues and bugs

Updated XFree86 packages that fix several security flaws in libXpm, as well
as other bugs, are now available for Red Hat Enterprise Linux 3.

http://www.linuxsecurity.com/advisories/redhat_advisory-4900.html

 
  10/4/2004 samba
    security
issue

Updated samba packages that fix an input validation vulnerability are now
available.

http://www.linuxsecurity.com/advisories/redhat_advisory-4901.html

 
  10/6/2004 XFree86
    security
issues and bugs

Updated XFree86 packages that fix several security issues in libXpm, as
well as other bug fixes, are now available for Red Hat Enterprise Linux
2.1.

http://www.linuxsecurity.com/advisories/redhat_advisory-4914.html

 
 
Distribution: Slackware
  10/4/2004 getmail
    security
issue

New getmail packages are available for Slackware 9.1, 10.0 and -current
to fix a security issue. If getmail is used as root to deliver to user owned
files or directories, it can be made to overwrite system files.

http://www.linuxsecurity.com/advisories/slackware_advisory-4902.html

 
  10/4/2004 zlib
    DoS

New zlib packages are available for Slackware 10.0 and -current to fix a
possible denial of service security issue.

http://www.linuxsecurity.com/advisories/slackware_advisory-4903.html

 
 
Distribution: Suse
  10/5/2004 samba
    remote
file disclosure

The Samba server, which allows to share files and resources via the SMB/CIFS
protocol, contains a bug in the sanitation code of path names which allows
remote attackers to access files outside of the defined share.

http://www.linuxsecurity.com/advisories/suse_advisory-4907.html

 
  10/6/2004 mozilla
    various
vulnerabilities

During the last months a number of security problems have been fixed in
Mozilla and Mozilla based brwosers.

http://www.linuxsecurity.com/advisories/suse_advisory-4912.html

 
 
Distribution: Trustix
  10/1/2004 samba
    access
files outside of defined path

A security vulnerability has been located in Samba 2.2.x
http://www.linuxsecurity.com/advisories/trustix_advisory-4884.html

 
  10/1/2004 mod_php4,
hwdata bugfix update
    access
files outside of defined path

This update contains bug fixes and additional features for mod_php4 and
hwdata.

http://www.linuxsecurity.com/advisories/trustix_advisory-4885.html

 
 
Distribution: Turbolinux
  10/5/2004 squid
    DoS vulnerability

A vulnerability in the NTLM helpers in squid. The vulnerabilities allow
remote attackers to cause a denial of service of sauid server services.


http://www.linuxsecurity.com/advisories/turbolinux_advisory-4905.html