September 19, 2003

Linux Advisory Watch - September 19, 2003

Folks, there are a lot of advisories this week. Be sure to check your
distribution carefully, as many of them are significant.
This week, advisories were released for mana, pine, gtkhtml, openssh,
sendmail, MySQL, xfree86, buffer, kernel, and KDE.
The distributors include SCO, Conectiva, Debian, EnGarde, FreeBSD, Gentoo, Immunix, NetBSD, Red Hat, Slackware, SuSE, Trustix, TurboLinux, and Yellow Dog.
FREE Apache SSL Guide from Thawte - Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs.

LinuxSecurity Feature Extras:

A Practical Approach of Stealthy Remote Administration - This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS).

Expert vs. Expertise: Computer Forensics and the Alternative OS - No longer a dark and mysterious process, computer forensics have been significantly on the scene for more than five years now. Despite this, they have only recently gained the notoriety they deserve.

[ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]

Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. [ Subscribe ]

 
Distribution: SCO

 9/15/2003mana&nbsp&nbsp
local vulnerability

There are multiple local environment variable vulnerabilities in mana.

http://www.linuxsecurity.com/advisories/caldera_advisory-3622.html
  Distribution:Conectiva 9/12/2003pine&nbsp&nbsp
Multiple remote vulnerabilities

A buffer overflow and an integer overflow that can be exploited by remote attackers through the sending of specially crafted messages have been fixed.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3616.html
  9/12/2003gtkhtml&nbsp&nbsp

Buffer overflow vulnerability

Multiple buffer overflow vulnerabilities existed that could be exploited to at least crash programs linked to gtkhtml by using malformed HTML. In the case of Evolution, a remote attacker can use an HTML mail as an attack vector.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3617.html
  9/16/2003openssh&nbsp&nbsp
buffer management error

This update fixes a potential remote vulnerability in the buffer handling code of OpenSSH.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3623.html  9/17/2003openssh&nbsp&nbsp
Remote vulnerabilities

This update fixes new vulnerabilities found in the code that handles buffers in OpenSSH. These vulnerabilities are similiar to the ones fixed in the CLSA-2003:739 announcement and can be exploited by a remote attacker to cause a denial of service condition and potentially execute arbitrary code

http://www.linuxsecurity.com/advisories/connectiva_advisory-3648.html
  9/18/2003sendmail&nbsp&nbsp

buffer overflow vulnerabilities

Michal Zalewski reported a remote vulnerability in sendmail versions 8.12.9 and earlier.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3656.html
  9/18/2003MySQL&nbsp&nbsp
Multiple vulnerabilities

World writable configuration files, a double-free vulnerability, and a password handler buffer overflow have been fixed in this update.

http://www.linuxsecurity.com/advisories/connectiva_advisory-3658.html  Distribution:Debian 9/12/2003xfree86&nbsp&nbsp
Multiple vulnerabilities

Four vulnerabilities have been identified and fixed in XFree86 including potential denial of service vulnerability.

http://www.linuxsecurity.com/advisories/debian_advisory-3618.html
  9/15/2003mysql&nbsp&nbsp
buffer overflow vulnerability

MySQL contains a buffer overflow condition which could be exploited by a user who has permission to execute "ALTER TABLE" commands on the tables in the "mysql" database.

http://www.linuxsecurity.com/advisories/debian_advisory-3619.html
  9/16/2003ssh&nbsp&nbsp
buffer management error

A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.

http://www.linuxsecurity.com/advisories/debian_advisory-3624.html
  9/17/2003openssh&nbsp&nbsp
multiple vulnerabilities

This advisory is an addition to the earlier DSA-382-1 advisory: two more buffer handling problems have been found in addition to the one described in DSA-382-1

http://www.linuxsecurity.com/advisories/debian_advisory-3633.html
  9/17/2003openssh-krb5 buffer handling vulnerability&nbsp&nbsp
multiple vulnerabilities

Several bugs have been found in OpenSSH's buffer handling. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised.

http://www.linuxsecurity.com/advisories/debian_advisory-3634.html
  9/18/2003sendmail&nbsp&nbsp
buffer overlow vulnerabilities

There are multiple buffer overflow vulnerabilities in the sendmail package.

http://www.linuxsecurity.com/advisories/debian_advisory-3651.html
  Distribution:EnGarde 9/16/2003OpenSSH&nbsp&nbsp
buffer management error

The OpenSSH daemon shipped with all versions of EnGarde Secure Linux contains a potentially exploitable buffer management error.

http://www.linuxsecurity.com/advisories/engarde_advisory-3621.html
  9/18/2003Additional&nbsp&nbsp
'OpenSSH' buffer management bugs

After the release of ESA-20030916-023, the OpenSSH team discovered more buffer management bugs (fixed in OpenSSH 3.7.1) of the same type. Additionally, Solar Designer fixed additional bugs of this class. His fixes are included in this update.

http://www.linuxsecurity.com/advisories/engarde_advisory-3649.html
  9/18/2003'MySQL' buffer overflow&nbsp&nbsp
'OpenSSH' buffer management bugs

The MySQL daemon contains a buffer overflow which may be exploited by any user who has ALTER TABLE permissions on the "mysql" database

http://www.linuxsecurity.com/advisories/engarde_advisory-3650.html
  Distribution:FreeBSD 9/16/2003buffer&nbsp&nbsp

management error

A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.

http://www.linuxsecurity.com/advisories/freebsd_advisory-3625.html
  9/17/2003sendmail&nbsp&nbsp
Multiple overflow vulnerabilities

A buffer overflow that may occur during header parsing was identified. An attacker could create a specially crafted message that may cause sendmail to execute arbitrary code with the privileges of the user running sendmail, typically root.

http://www.linuxsecurity.com/advisories/freebsd_advisory-3647.html  Distribution:Gentoo 9/15/2003mysql&nbsp&nbsp
buffer overflow vulnerability

Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system account running the MySQL server.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3620.html
  9/16/2003exim&nbsp&nbsp
buffer overflow vulnerability

There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim daemon.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3626.html
  9/16/2003openssh&nbsp&nbsp
Buffer management error

ll versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3629.html
  9/17/2003sendmail&nbsp&nbsp

Buffer overflow vulnerabilities

Fix a buffer overflow in address parsing. Fix a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration.

http://www.linuxsecurity.com/advisories/gentoo_advisory-3646.html
  Distribution:Immunix 9/16/2003openssh&nbsp&nbsp
buffer management error

A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.

http://www.linuxsecurity.com/advisories/immunix_advisory-3627.html
  9/17/2003openssh&nbsp&nbsp
buffer management error

This advisory has been updated to reflect that the OpenSSH team has found more instances of the programming idiom in question in their codebase.

http://www.linuxsecurity.com/advisories/immunix_advisory-3635.html
  9/18/2003sendmail&nbsp&nbsp
buffer overflow vulnerabilities

Michal Zalewski discovered flaws in sendmail's prescan() function.

http://www.linuxsecurity.com/advisories/immunix_advisory-3652.html
  Distribution:NetBSD 9/17/2003openssh&nbsp&nbsp
buffer overflow vulnerability

A buffer overwrite with unknown consequences has been found in OpenSSH.

http://www.linuxsecurity.com/advisories/netbsd_advisory-3636.html
  9/17/2003kernel&nbsp&nbsp
memory disclosure vulnerability

The iBCS2 system call translator for statfs erroneously used the user-supplied length parameter when copying a kernel data structure into userland.

http://www.linuxsecurity.com/advisories/netbsd_advisory-3637.html
  9/17/2003sysctl&nbsp&nbsp

multiple vulnerabilities

Three unrelated problems with inappropriate argument handling were found in the kernel sysctl code, which could be exploited by malicious local user.

http://www.linuxsecurity.com/advisories/netbsd_advisory-3638.html
  Distribution:RedHat 9/16/2003openssh&nbsp&nbsp
buffer management error

A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.

http://www.linuxsecurity.com/advisories/redhat_advisory-3628.html
  9/16/2003KDE&nbsp&nbsp
Multiple vulnerabilities

Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available.

http://www.linuxsecurity.com/advisories/redhat_advisory-3631.html
  9/17/2003OpenSSH&nbsp&nbsp

Buffer manipulation vulnerabilities

Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1.

http://www.linuxsecurity.com/advisories/redhat_advisory-3644.html
  9/17/2003sendmail&nbsp&nbsp
Multiple overflow vulnerabilities

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. The sucessful exploitation of this bug can lead to heap and stack structure overflows.

http://www.linuxsecurity.com/advisories/redhat_advisory-3645.html
  Distribution:Slackware 9/16/2003openssh&nbsp&nbsp
Buffer management error

These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.

http://www.linuxsecurity.com/advisories/slackware_advisory-3630.html
  9/17/2003openssh&nbsp&nbsp

buffer management errors

These packages fix additional buffer management errors that were not corrected in the recent 3.7p1 release.

http://www.linuxsecurity.com/advisories/slackware_advisory-3639.html
  9/17/2003sendmail&nbsp&nbsp
multiple vulnerabilities

There are multiple vulnerabilities in the sendmail package.

http://www.linuxsecurity.com/advisories/slackware_advisory-3640.html  Distribution:SuSE 9/16/2003openssh&nbsp&nbsp
Buffer management vulnerability

A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands.

http://www.linuxsecurity.com/advisories/suse_advisory-3632.html
  9/18/2003openssh&nbsp&nbsp
management errors

A programming error has been found in code responsible for buffer management.

http://www.linuxsecurity.com/advisories/suse_advisory-3657.html
  Distribution:Trustix 9/17/2003openssh&nbsp&nbsp
buffer management error

All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors.

http://www.linuxsecurity.com/advisories/trustix_advisory-3641.html  9/17/2003mysql&nbsp&nbsp
buffer overflow vulnerability

Fixed buffer overflow in SET PASSWORD which could potentially be exploited by MySQL users with root privileges to execute random code or to gain shell access.

http://www.linuxsecurity.com/advisories/trustix_advisory-3642.html
  Distribution:TurboLinux 9/17/2003openssh&nbsp&nbsp
buffer management error

This vulnerability may allow a remote attacker to execute arbitrary code.

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3643.html
  9/18/2003sendmail&nbsp&nbsp
buffer overflow vulnerabilities

The potential buffer overflows are in ruleset parsing and address parsing for sendmail.

http://www.linuxsecurity.com/advisories/turbolinux_advisory-3653.html
  Distribution:YellowDog 9/18/2003openssh&nbsp&nbsp
buffer management errors

Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1.

http://www.linuxsecurity.com/advisories/yellowdog_advisory-3654.html
  9/18/2003sendmail&nbsp&nbsp
buffer overflow vulnerabilities

Michal Zalewski found a bug in the prescan() function of unpatched Sendmail versions prior to 8.12.10.

http://www.linuxsecurity.com/advisories/yellowdog_advisory-3655.html
 

mail_ad.gif

....

INTRODUCING: Secure Mail Suite from Guardian DigitalUnparalleled E-Mail Security. Secure Mail Suite is the most Dynamic, Rigorous Protection for Your Email System on the market today. It Clobbers Spam. Detects and Disables Viruses. And its Killer Firewall Keeps Your Data -- and Your System and Safe and Secure. All in an Easy-to-Manage Application that's Simple to Administer and Maintain.

Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security. It's based on Open-Source Engineering, so it's constantly Improving. And with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard for You -- for Many Reliable Years. Secure Mail Suite. Sweet! From the First Name in Open-Source Security. Guardian Digital.

Category:

  • Security
Click Here!