September 12, 2003

Linux Advisory Watch - September 12, 2003

- by Benjamin D.
Thomas
-

This week advisories were released
for pam_smb, exim, stunnel, wu-ftpd, mah-jong, sane-backends, pine, GtkHTML, and
inetd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde
Secure Linux, Red Hat, Slackware, and SuSE.

LinuxSecurity Feature
Extras:

A
Practical Approach of Stealthy Remote Administration

- This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

Expert
vs. Expertise: Computer Forensics and the Alternative OS
- No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 

 
Distribution: Conectiva

 9/5/2003pam_smb   Remote
buffer overflow

A buffer overflow vulnerability has been discovered in the pam_smb module.
An attacker can execute arbitrary code in the context of the program using
the module by supplying a long password.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3601.html
  9/5/2003exim   Remote
buffer overflow

A remote heap buffer overflow vulnerability[2] has been reported[3] in the
Exim server. Carefully constructed EHLO/HELO messages can cause a buffer
overflow.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3602.html
  9/5/2003stunnel   File descriptor
and DoS vulnerabilities

A file descriptor leak and denial of service vulnerability have been fixed.


http://www.linuxsecurity.com/advisories/connectiva_advisory-3603.html
  Distribution:Debian 9/5/2003'exim'
buffer overflow
   File descriptor
and DoS vulnerabilities

A buffer overflow exists in exim, which is the standard mail transport agent
in Debian. By supplying a specially crafted HELO or EHLO command, an attacker
could cause a constant string to be written past the end of a buffer allocated
on the heap. This vulnerability is not believed at this time to be exploitable
to execute arbitrary code.

http://www.linuxsecurity.com/advisories/debian_advisory-3598.html
  9/5/2003'wu-ftpd'
insecure program execution
   File descriptor
and DoS vulnerabilities

wu-ftpd, an FTP server, implements a feature whereby multiple files can
be fetched in the form of a dynamically constructed archive file, such as
a tar archive. This feature may be abused to execute arbitrary programs
with the privileges of the wu-ftpd process.

http://www.linuxsecurity.com/advisories/debian_advisory-3599.html
  9/8/2003exim   buffer
overflow vulnerability

A buffer overflow exists in exim.

http://www.linuxsecurity.com/advisories/debian_advisory-3604.html
  9/8/2003mah-jong
multiple vulnerabilities
   buffer
overflow vulnerability

Nicolas Boullis discovered two vulnerabilities in mah-jong.

http://www.linuxsecurity.com/advisories/debian_advisory-3605.html
  9/11/2003sane-backends
multiple vulnerabilities
   buffer
overflow vulnerability

Thes problems allow a remote attacker to cause a segfault fault and/or consume
arbitrary amounts of memory.

http://www.linuxsecurity.com/advisories/debian_advisory-3611.html
  Distribution:EnGarde 9/11/2003'pine'
buffer overflows
   buffer
overflow vulnerability

The pine e-mail client shipped with EnGarde Secure Linux contains buffer
overflows which may be exploited by a remote attacker by sending the victim
a specially crafted email.

http://www.linuxsecurity.com/advisories/engarde_advisory-3607.html
  Distribution:Red
Hat
 9/5/2003'httpd'
vulnerabilities
   buffer
overflow vulnerability

Updated httpd packages that fix several minor security issues are now available
for Red Hat Linux 8.0 and 9.

http://www.linuxsecurity.com/advisories/redhat_advisory-3600.html
  9/11/2003GtkHTML   denial
of service vulnerability

Alan Cox discovered that certain malformed messages could cause the Evolution
mail component to crash due to a null pointer dereference in the GtkHTML
library.

http://www.linuxsecurity.com/advisories/redhat_advisory-3612.html
  9/11/2003pine   buffer
overflow vulnerability

A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the 'message/external-body' type.

http://www.linuxsecurity.com/advisories/redhat_advisory-3613.html
  Distribution:Slackware 9/9/2003inetd   denial
of service vulnerability

These updates fix a previously hard-coded limit of 256 connections-per-minute,
after which the given service is disabled for ten minutes.

http://www.linuxsecurity.com/advisories/slackware_advisory-3606.html
  9/11/2003pine   arbitrary
code execution vulnerability

Upgraded pine packages are available for Slackware 8.1, 9.0 and - -current.

http://www.linuxsecurity.com/advisories/slackware_advisory-3614.html
  Distribution:SuSE 9/5/2003'pam_smb'
privilege escalation
   arbitrary
code execution vulnerability

Dave Airlie informed us about a bug in the authentication
code of pam_smb that allows a remote attacker to gain access to a system
using pam_smb by issuing a too long password string.

http://www.linuxsecurity.com/advisories/suse_advisory-3597.html
  9/11/2003pine   arbitrary
code execution vulnerability

The well known and widely used mail client pine is vulnerable to a buffer
overflow. The vulnerability exists in the code processing 'message/external-body'
type messages.

http://www.linuxsecurity.com/advisories/suse_advisory-3615.html
 

Category:

  • Security
Click Here!