+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | November 30th, 2001 Volume 2, Number 48a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for wu-ftp, imp, rpm, postfix, sasl, and sendmail. The vendors include Caldera, Conectiva, Immunix, Red Hat, Slackware and SuSE. * Do you need more free time? Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd92.html Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject. +---------------------------------+ | wu-ftp | ----------------------------// +---------------------------------+ An overflowable buffer exists in earlier versions of wu-ftpd. An attacker could gain access to the machine by sending malicious commands. Red Hat Linux 7.2: i386: ftp://updates.redhat.com/7.2/en/os/i386/ wu-ftpd-2.6.1-20.i386.rpm 7306f24d3d7d518068c5e08959d43bdd Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1711.html SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ wuftpd-2.6.0-344.i386.rpm d1b549b8c2d91d66a8b35fe17a1943b3 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1718.html Caldera: ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS RPMS/wu-ftpd-2.6.1-13OL.i386.rpm d6a618f9fe6a3ae99a1c54a405ab169a Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1719.html Conectiva: ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ wu-ftpd-2.6.1-6U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1720.html Immunix: http://download.immunix.org/ImmunixOS/7.0/updates/ RPMS/wu-ftpd-2.6.1-6_imnx_4.i386.rpm c6c2fa2fa60f2cfe5b496ad0281fa486 Immunix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1721.html +---------------------------------+ | imp | ----------------------------// +---------------------------------+ The webmail frontend IMP has a cross site scripting problem, allowing a remote attacker to send you an E-mail with a malformed URL that when clicked on will open your mail session to the attacker, allowing him to read and delete your E-mails. Caldera: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/ Server/current/RPMS RPMS/horde-1.2.7-1.i386.rpm 53a9d75c760851f79fa72cb451416f96 RPMS/imp-2.2.7-1.i386.rpm 4bb1af4dcd98af6f168543476f691b95 Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1715.html +---------------------------------+ | rpm | ----------------------------// +---------------------------------+ A malicious user could exploit this vulnerability by sending a carefully crafted rpm package to the printing system, which will query the package to extract the information to print and will execute arbitrary code choosen by the attacker with the privileges of the lp user. PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1712.html +---------------------------------+ | postfix | ----------------------------// +---------------------------------+ Wietse Venema reported[1] a vulnerability[2] in Postfix where a remote attacker could cause a DoS (denial of service) condition on the server. The SMTP session log could grow to an unreasonable size and possibly exhaust the server's memory if no other limits were in place. Conectiva: ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ postfix-doc-20010228pl02-7U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ postfix-20010228pl02-7U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1709.html Red Hat Powertools 7.1: i386: ftp://updates.redhat.com/7.1/en/powertools/i386/ postfix-20011125- 1SASL.i386.rpm 60402b08bd489052146eec437838a829 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1714.html +---------------------------------+ | sasl | ----------------------------// +---------------------------------+ There is a format string bug in the Cyrus SASL library, and the library is used by sendmail. We are not sure whether this vulnerability can be exploited remotely just by connecting to sendmail, but if it is, the attacker would gain root access. Caldera: ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/ Server/current/RPMS RPMS/libsasl-1.5.24-4.i386.rpm 67e101e2ff0a259e57bbcc9eee616a1f Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1716.html Red Hat: PLEASE SEE ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1722.html http://www.linuxsecurity.com/advisories/redhat_advisory-1723.html +---------------------------------+ | sendmail | ----------------------------// +---------------------------------+ An input validation error in sendmail has been discovered by Cade Cairns of SecurityFocus. This problem can be exploited by local users to gain root access. It is not exploitable by remote attackers without shell access. New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 and 8.0. Slackware 8.0: ftp://ftp1.sourceforge.net/pub/slackware/slackware-8.0/ patches/packages/procmail.tgz 56099f1bce9643e44342711878a7ceb0 ftp://ftp1.sourceforge.net/pub/slackware/slackware-8.0/ patches/packages/sendmail.tgz 3d03fd648ecf40eed56ff915780fb8ab ftp://ftp1.sourceforge.net/pub/slackware/slackware-8.0/ patches/packages/smailcfg.tgz 1a13d98a11d0af853893a640909d8958 Slackware Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-1573.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------