September 17, 2004

Linux Advisory Watch - September 17, 2004

Author: Preston St. Pierre

This week, advisories were released for wv, kde, zlib, webmin, cupsys, samba, gtk2, gallery, samba, sus, cdrtools, squid, apache2, mod_ssl, httpd, mc, imlib, and multi. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.Security Through Obscurity

One type of security that
must be discussed is 'security through obscurity'. This means that by doing
something like changing the login name from 'root' to 'toor', for example, to
try and obscure someone from breaking into your system as root may be thought
of as a false sense of security, and can result in very unpleasant and unexpected

However, it can also be
used to your benefit if done properly. If you tell all the users who are authorized
to use the root account on your machines to use the root equivilent instead,
entries in the /var/log/secure for the real root user would surely indicate
an attempted break-in, giving you some advance notice. You'll have to decide
if this advantage outweighs the additional administration overhead.

In most cases, though, any
system attacker will quickly see through such empty security measures. Simply
because you may have a small site, or relatively low profile does not mean an
intruder won't be interested in what you have. We'll discuss what your protecting
in the next sections.

Excerpt from the LinuxSecurity Administrator's Guide:
Written by: Dave Wreski (

LinuxSecurity Feature Extras:

-Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.

Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code

- Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at

Expert Dave Wreski Discusses Open Source Security
- Dave Wreski,
CEO of Guardian Digital, Inc. and respected author of various hardened security
and Linux publications, talks about how Guardian Digital is changing the face
of IT security today. Guardian Digital is perhaps best known for their hardened
Linux solution EnGarde Secure Linux, touted as the premier secure, open-source
platform for its comprehensive array of general purpose services, such as web,
FTP, email, DNS, IDS, routing, VPN, firewalling, and much more.

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
] - [ Linux Security

Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[

Distribution: Conectiva

 9/10/2004wv   Fix for
buffer overflow vulnerability

iDefense discovered a buffer overflow vulnerability in the wv library.
  9/13/2004kde   Fix for
multiple security vulnerabilities

This announcement fixes several vulnerabilities.
  9/13/2004zlib   Fix for
denial of service vulnerabilities

A denial of service vulnerability was discovered in the zlib compression
library versions 1.2.x.
  Distribution:Debian 9/14/2004webmin   insecure
temporary directory

Ludwig Nussel discovered a problem in webmin, a web-based administration
toolkit. A temporary directory was used but without checking for the previous
owner. This could allow an attacker to create the directory and place dangerous
symbolic links inside.
  9/15/2004cupsys   denial
of service

Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX
Printing System. An attacker can easily disable browsing in CUPS by sending
a specially crafted UDP datagram to port 631 where cupsd is running.
  Distribution:Fedora 9/10/2004imlib-1.9.13-15.fc
Security update (core1)
of service

Several heap overflow vulnerabilities have been found in the imlib BMP image
handler. An attacker could create a carefully crafted BMP file in such a
way that it would cause an application linked with imlib to execute arbitrary
code when the file was opened by a victim.
  9/13/2004samba   DoS (Core

Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808.
  9/13/2004samba   DoS (Core

Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808.
vulnerabilities (Core 1)
   DoS (Core

Several vulnerabilities
  9/15/2004gtk2   vulnerabilities
(Core 2)

Several vulnerabilities.
vulnerabilities (Core 2)
(Core 2)

Several vulnerabilities.
  9/15/2004gtk2   vulnerabilities
(Core 2)

Several vulnerabilities.
  Distribution:Gentoo 9/15/2004gallery   arbitrary
command execution

An attacker could run arbitrary code as the user running PHP.
Firefox, Thunderbird, Galeon, Epiphany vulnerabilities
command execution

Security roll-up.
  9/10/2004samba   remote
printing vulnerability

After further verifications, it appears that a remote user can only deny
service to himself, so this bug does not induce any security issue at all.
usermin multiple vulnerabilities
printing vulnerability

There is an input validation bug in the webmail feature of Usermin. Additionally,
the Webmin and Usermin installation scripts write to /tmp/.webmin without
properly checking if it exists first.
  9/13/2004samba   denial
of service vulnerabilities

There is a defect in smbd's ASN.1 parsing. Another defect was found in nmbd's
processing of mailslot packets, where a bad NetBIOS request could crash
the nmbd process.
  9/14/2004sus   local
root vulnerability

Leon Juranic found a bug in the logging functionality of SUS that can lead
to local privilege escalation. A format string vulnerability exists in the
log() function due to an incorrect call to the syslog() function.
  9/14/2004cdrtools   local
root vulnerability

Max Vozeler discovered that the cdrecord utility, when set to SUID root,
fails to drop root privileges before executing a user-supplied RSH program.
  Distribution:Mandrake 9/13/2004samba   multiple

Two vulnerabilities were discovered in samba 3.0.x.
  9/15/2004squid   denial
of service

A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed
NTLMSSP packets to crash squid, resulting in a DoS. The provided packages
have been patched to prevent this problem.
of service

The foomatic-rip filter, which is part of foomatic-filters package, contains
a vulnerability that allows anyone with access to CUPS, local or remote,
to execute arbitrary commands on the server
image loading vulnerabilities
of service

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image
could send the bmp loader into an infinite loop. Chris Evans found a heap-based
overflow and a stack-based overflow in the xpm loader of gdk-pixbuf.
  9/15/2004apache2   multiple

Two Denial of Service conditions were discovered in the input filter of
mod_ssl, the module that enables apache to handle HTTPS requests.
  9/15/2004cups   denial
of service

Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print
server where an empty UDP datagram sent to port 631 would disable browsing.
 9/15/2004mod_ssl   security

Updated httpd packages that include a security fix for mod_ssl and various
enhancements are now available.
resolve security issue

Secunia Research reported an issue with the handling of temporary files.
A malicious local user could use this flaw to access the contents of another
user's open documents.
security flaws

Several vulnerabilities.
  9/15/2004cups   security

Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing
Protocol (IPP) implementation in versions of CUPS prior to 1.1.21.
  9/15/2004httpd   security

Updated httpd packages that include fixes for security issues are now available.
  9/15/2004mc   security

An updated mc package that resolves several shell escape security issues
is now available.
  9/15/2004imlib   security

An updated imlib package that fixes several heap overflows is now available.
  9/15/2004gtk2   security
flaws and bugs

Updated gtk2 packages that fix several security flaws and bugs are now available.
  Distribution:Slackware 9/13/2004samba   DoS

New samba packages are available for Slackware 10.0 and -current. These
fix two denial of service vulnerabilities reported by iDEFENSE.
  Distribution:Suse 9/15/2004cups   remote
code execution

Alvaro Martinez Echevarria has found a remote Denial of Service condition
within CUPS which allows remote users to make the cups server unresponsive.
Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip
print filter which is commonly installed along with cups.
  9/15/2004apache2   remote

The Red Hat ASF Security-Team and the Swedish IT Incident Center within
the National Post and Telecom Agency (SITIC) have found a bug in apache2
  Distribution:Trustix 9/14/2004multi   Multiple

Security roll-up

Click Here!