September 12, 2003

Linux Advisory Watch - September 12, 2003

- by Benjamin D.

This week advisories were released
for pam_smb, exim, stunnel, wu-ftpd, mah-jong, sane-backends, pine, GtkHTML, and
inetd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde
Secure Linux, Red Hat, Slackware, and SuSE.

LinuxSecurity Feature

Practical Approach of Stealthy Remote Administration

- This paper is written for those paranoid administrators who are looking
for a stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

vs. Expertise: Computer Forensics and the Alternative OS
- No longer
a dark and mysterious process, computer forensics have been significantly
on the scene for more than five years now. Despite this, they have only recently
gained the notoriety they deserve.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe


Distribution: Conectiva

 9/5/2003pam_smb   Remote
buffer overflow

A buffer overflow vulnerability has been discovered in the pam_smb module.
An attacker can execute arbitrary code in the context of the program using
the module by supplying a long password.
  9/5/2003exim   Remote
buffer overflow

A remote heap buffer overflow vulnerability[2] has been reported[3] in the
Exim server. Carefully constructed EHLO/HELO messages can cause a buffer
  9/5/2003stunnel   File descriptor
and DoS vulnerabilities

A file descriptor leak and denial of service vulnerability have been fixed.
  Distribution:Debian 9/5/2003'exim'
buffer overflow
   File descriptor
and DoS vulnerabilities

A buffer overflow exists in exim, which is the standard mail transport agent
in Debian. By supplying a specially crafted HELO or EHLO command, an attacker
could cause a constant string to be written past the end of a buffer allocated
on the heap. This vulnerability is not believed at this time to be exploitable
to execute arbitrary code.
insecure program execution
   File descriptor
and DoS vulnerabilities

wu-ftpd, an FTP server, implements a feature whereby multiple files can
be fetched in the form of a dynamically constructed archive file, such as
a tar archive. This feature may be abused to execute arbitrary programs
with the privileges of the wu-ftpd process.
  9/8/2003exim   buffer
overflow vulnerability

A buffer overflow exists in exim.
multiple vulnerabilities
overflow vulnerability

Nicolas Boullis discovered two vulnerabilities in mah-jong.
multiple vulnerabilities
overflow vulnerability

Thes problems allow a remote attacker to cause a segfault fault and/or consume
arbitrary amounts of memory.
  Distribution:EnGarde 9/11/2003'pine'
buffer overflows
overflow vulnerability

The pine e-mail client shipped with EnGarde Secure Linux contains buffer
overflows which may be exploited by a remote attacker by sending the victim
a specially crafted email.
overflow vulnerability

Updated httpd packages that fix several minor security issues are now available
for Red Hat Linux 8.0 and 9.
  9/11/2003GtkHTML   denial
of service vulnerability

Alan Cox discovered that certain malformed messages could cause the Evolution
mail component to crash due to a null pointer dereference in the GtkHTML
  9/11/2003pine   buffer
overflow vulnerability

A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the 'message/external-body' type.
  Distribution:Slackware 9/9/2003inetd   denial
of service vulnerability

These updates fix a previously hard-coded limit of 256 connections-per-minute,
after which the given service is disabled for ten minutes.
  9/11/2003pine   arbitrary
code execution vulnerability

Upgraded pine packages are available for Slackware 8.1, 9.0 and - -current.
  Distribution:SuSE 9/5/2003'pam_smb'
privilege escalation
code execution vulnerability

Dave Airlie informed us about a bug in the authentication
code of pam_smb that allows a remote attacker to gain access to a system
using pam_smb by issuing a too long password string.
  9/11/2003pine   arbitrary
code execution vulnerability

The well known and widely used mail client pine is vulnerable to a buffer
overflow. The vulnerability exists in the code processing 'message/external-body'
type messages.


  • Security
Click Here!