Linux Advisory Watch – September 24, 2004

This week, advisories were
released for lukemftpd, cvs, Heimdal, mpg123, SnipSnap, Foomatic, CUPS, and
login_radius. The distributors include Debian, FreeBSD, Gentoo, Mandrake, OpenBSD,
and S/MIME

Often times users ask about the
differences between the various security and encryption protocols, and how to
use them. While this isn’t an encryption document, it is a good idea to explain
briefly what each are, and where to find more information.

SSL: SSL, or Secure Sockets
Layer, is an encryption method developed by Netscape to provide security over
the Internet. It supports several different encryption protocols, and provides
client and server authentication. SSL operates at the transport layer, creates
a secure encrypted channel of data, and thus can seamlessly encrypt data of
many types. This is most commonly seen when going to a secure site to view a
secure online document with Communicator, and serves as the basis for secure
communications with Communicator, as well as many other Netscape Communications
data encryption. More information can be found at
Information on Netscape’s other security implementations, and a good starting
point for these protocols is available at

S-HTTP: S-HTTP is another protocol
that provides security services across the Internet. It was designed to provide
confidentiality, authenticity, integrity, and non-repudiability (cannot be mistaken
for someone else, and I cannot deny my actions later) while supporting multiple
key management mechanisms and cryptographic algorithms via option negotiation
between the parties involved in each transaction. S-HTTP is limited to the specific
software that is implementing it, and encrypts each message individually. [
From RSA Cryptography FAQ, page 138]

S/MIME: S/MIME, or Secure
Multipurpose Internet Mail Extension, is an encryption standard used to encrypt
electronic mail, or other types of messages on the Internet. More information
on S/MIME can be found at

Excerpt from the
LinuxSecurity Administrator’s Guide:
Written by: Dave Wreski (

Feature Extras:

-Network security is continuing to be a big problem
for companies and home users. The problem can be resolved with an accurate security
analysis. In this article I show how to approach security using aide and chkrootkit.

Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code

– Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software (Addison-Wesley,
2002). More recently, he has co-written with Greg Hoglund a companion volume,
Exploiting Software, which details software security from the vantage point
of the other side, the attacker. He has graciously agreed to share some of his
insights with all of us at

Expert Dave Wreski Discusses Open Source Security
– Dave Wreski,
CEO of Guardian Digital, Inc. and respected author of various hardened security
and Linux publications, talks about how Guardian Digital is changing the face
of IT security today. Guardian Digital is perhaps best known for their hardened
Linux solution EnGarde Secure Linux, touted as the premier secure, open-source
platform for its comprehensive array of general purpose services, such as web,
FTP, email, DNS, IDS, routing, VPN, firewalling, and much more.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
] – [ Linux Security

Linux Advisory Watch is
a comprehensive newsletter that outlines the security vulnerabilities that have
been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.[

Distribution: Debian
  9/21/2004 lukemftpd
    fix arbitrary
code execution

Przemyslaw Frasunek discovered a vulnerability in tnftpd or lukemftpd respectively,
the enhanced ftp daemon from NetBSD. An attacker could utilise this to execute
arbitrary code on the server.

Distribution: FreeBSD
  9/20/2004 cvs
of vulnerabilities

A number of vulnerabilities were discovered in CVS by Stefan Esser, Sebastian
Krahmer, and Derek Price.

Distribution: Gentoo
  9/19/2004 Heimdal
    ftpd root

Several bugs exist in the Heimdal ftp daemon which could allow a remote
attacker to gain root privileges.

  9/21/2004 mpg123
overflow vulnerability

mpg123 decoding routines contain a buffer overflow bug that might lead to
arbitrary code execution.

  9/17/2004 SnipSnap
    HTTP response

SnipSnap is vulnerable to HTTP response splitting attacks such as web cache
poisoning, cross-user defacement, and cross-site scripting.

  9/20/2004 Foomatic
command execution

The foomatic-rip filter in foomatic-filters contains a vulnerability which
may allow arbitrary command execution on the print server.

  9/20/2004 CUPS
of service vulnerability

A vulnerability in CUPS allows remote attackers to cause a denial of service
when sending a carefully-crafted UDP packet to the IPP port.

  9/20/2004 Mozilla,
Firefox, Thunderbird, Epiphany New releases fix vulnerabilities
of service vulnerability

New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox
fix several vulnerabilities, including the remote execution of arbitrary

Distribution: Mandrake
  9/17/2004 gdk-pixbuf/gtk+2
image loading vulnerabilities
of service vulnerability

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image
could send the bmp loader into an infinite loop (CAN-2004-0753).

  9/17/2004 gdk-pixbuf/gtk+2
image loading vulnerabilities
of service vulnerability

A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image
could send the bmp loader into an infinite loop (CAN-2004-0753).

Distribution: OpenBSD
  9/21/2004 login_radius

Eilko Bos has reported that radius authentication, as implemented by login_radius(8),
was not checking the shared secret used for replies sent by the radius server.

Distribution: Suse
  9/17/2004 gtk2,
gdk-pixbuf remote code execution

Chris Evans has discovered a heap based, a stack based and an integer overflow
in the XPM and ICO loaders of those libraries.

  9/17/2004 XFree86-libs,
xshared remote command execution

Chris Evans reported three vulnerabilities in libXpm which can be exploited
remotely by providing malformed XPM image files.