Linux Advisory Watch – September 12, 2003

By
-
16
– by Benjamin D.
Thomas
This week advisories were released
for pam_smb, exim, stunnel, wu-ftpd, mah-jong, sane-backends, pine, GtkHTML, and
inetd. The distributors include Conectiva, Debian, Guardian Digital’s EnGarde
Secure Linux, Red Hat, Slackware, and SuSE.

LinuxSecurity Feature
Extras:

A
Practical Approach of Stealthy Remote Administration
– This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

Expert
vs. Expertise: Computer Forensics and the Alternative OS – No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.
[ Subscribe
]

 

 
Distribution: Conectiva
  9/5/2003 pam_smb
    Remote
buffer overflow

A buffer overflow vulnerability has been discovered in the pam_smb module.
An attacker can execute arbitrary code in the context of the program using
the module by supplying a long password.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3601.html
 
  9/5/2003 exim
    Remote
buffer overflow

A remote heap buffer overflow vulnerability[2] has been reported[3] in the
Exim server. Carefully constructed EHLO/HELO messages can cause a buffer
overflow.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3602.html
 
  9/5/2003 stunnel
    File descriptor
and DoS vulnerabilities

A file descriptor leak and denial of service vulnerability have been fixed.


http://www.linuxsecurity.com/advisories/connectiva_advisory-3603.html
 
 
Distribution: Debian
  9/5/2003 ‘exim’
buffer overflow
    File descriptor
and DoS vulnerabilities

A buffer overflow exists in exim, which is the standard mail transport agent
in Debian. By supplying a specially crafted HELO or EHLO command, an attacker
could cause a constant string to be written past the end of a buffer allocated
on the heap. This vulnerability is not believed at this time to be exploitable
to execute arbitrary code.

http://www.linuxsecurity.com/advisories/debian_advisory-3598.html
 
  9/5/2003 ‘wu-ftpd’
insecure program execution
    File descriptor
and DoS vulnerabilities

wu-ftpd, an FTP server, implements a feature whereby multiple files can
be fetched in the form of a dynamically constructed archive file, such as
a tar archive. This feature may be abused to execute arbitrary programs
with the privileges of the wu-ftpd process.

http://www.linuxsecurity.com/advisories/debian_advisory-3599.html
 
  9/8/2003 exim
    buffer
overflow vulnerability

A buffer overflow exists in exim.

http://www.linuxsecurity.com/advisories/debian_advisory-3604.html
 
  9/8/2003 mah-jong
multiple vulnerabilities
    buffer
overflow vulnerability

Nicolas Boullis discovered two vulnerabilities in mah-jong.

http://www.linuxsecurity.com/advisories/debian_advisory-3605.html
 
  9/11/2003 sane-backends
multiple vulnerabilities
    buffer
overflow vulnerability

Thes problems allow a remote attacker to cause a segfault fault and/or consume
arbitrary amounts of memory.

http://www.linuxsecurity.com/advisories/debian_advisory-3611.html
 
 
Distribution: EnGarde
  9/11/2003 ‘pine’
buffer overflows
    buffer
overflow vulnerability

The pine e-mail client shipped with EnGarde Secure Linux contains buffer
overflows which may be exploited by a remote attacker by sending the victim
a specially crafted email.

http://www.linuxsecurity.com/advisories/engarde_advisory-3607.html
 
 
Distribution: Red
Hat
  9/5/2003 ‘httpd’
vulnerabilities
    buffer
overflow vulnerability

Updated httpd packages that fix several minor security issues are now available
for Red Hat Linux 8.0 and 9.

http://www.linuxsecurity.com/advisories/redhat_advisory-3600.html
 
  9/11/2003 GtkHTML
    denial
of service vulnerability

Alan Cox discovered that certain malformed messages could cause the Evolution
mail component to crash due to a null pointer dereference in the GtkHTML
library.

http://www.linuxsecurity.com/advisories/redhat_advisory-3612.html
 
  9/11/2003 pine
    buffer
overflow vulnerability

A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the ‘message/external-body’ type.

http://www.linuxsecurity.com/advisories/redhat_advisory-3613.html
 
 
Distribution: Slackware
  9/9/2003 inetd
    denial
of service vulnerability

These updates fix a previously hard-coded limit of 256 connections-per-minute,
after which the given service is disabled for ten minutes.

http://www.linuxsecurity.com/advisories/slackware_advisory-3606.html
 
  9/11/2003 pine
    arbitrary
code execution vulnerability

Upgraded pine packages are available for Slackware 8.1, 9.0 and – -current.

http://www.linuxsecurity.com/advisories/slackware_advisory-3614.html
 
 
Distribution: SuSE
  9/5/2003 ‘pam_smb’
privilege escalation
    arbitrary
code execution vulnerability

Dave Airlie informed us about a bug in the authentication
code of pam_smb that allows a remote attacker to gain access to a system
using pam_smb by issuing a too long password string.

http://www.linuxsecurity.com/advisories/suse_advisory-3597.html
 
  9/11/2003 pine
    arbitrary
code execution vulnerability

The well known and widely used mail client pine is vulnerable to a buffer
overflow. The vulnerability exists in the code processing ‘message/external-body’
type messages.

http://www.linuxsecurity.com/advisories/suse_advisory-3615.html
 

Category:

  • Security

RELATED ARTICLESMORE FROM AUTHOR