+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | December 14th, 2001 Volume 2, Number 50a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for secureweb, OpenSSH, passwd, sasl, libgtop server, thhttpd, mailman, and postfix. The vendors include Caldera, Conectiva, Debian, FreeBSD, Mandrake, and Red Hat. LinuxSecurity.com Feature: Know Your Enemy: Honeynets Over the past several years the Honeynet Project has been dedicated to learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned. The primary tool used to gather this information is the Honeynet. The purpose of this paper is to discuss what a Honeynet is, its value, how it works, and the risks/issues involved. http://www.linuxsecurity.com/feature_stories/feature_story-95.html ** Why be vulnerable? Its your choice. Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! Be Secure with EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml +---------------------------------+ | secureweb | ----------------------------// +---------------------------------+ Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a potential security hole which would present clients with a listing of the contents of a directory instead of the contents of an index file or the proper error message. Red Hat Secure Web Server 3.2: i386: ftp://updates.redhat.com/3.2/en/secureweb/i386/ secureweb-3.2.4-1.i386.rpm.rhmask 3097ba872708a54b64354a54a3e38771 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1739.html +---------------------------------+ | OpenSSH | ----------------------------// +---------------------------------+ OpenSSH includes a feature by which a user can arrange for environmental variables to be set depending upon the key used for authentication. These environmental variables are specified in the`authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the user's home directory on the server. This is normally safe, as this environment is passed only to the user's shell, which is invoked with user privileges. PLEASE SEE ADVISORY FOR UPDATE FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1740.html Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1746.html Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1747.html +---------------------------------+ | passwd | ----------------------------// +---------------------------------+ The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5 passwords. Mandrake Linux 8.1: 8.1/RPMS/passwd-0.64.1-9.1mdk.i586.rpm 244f21e02057cd03a28de7d3d684fc55 http://www.linux-mandrake.com/en/ftp.php3 Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1748.html +---------------------------------+ | sasl | ----------------------------// +---------------------------------+ Cyrus-SASL is an open-source implementation of SASL, the "Simple Authentication and Security Layer", which is an useful API for adding authentication, authorization, and security to network protocols. Examples of applications linked to sasl include sendmail, OpenLDAP and several mail clients. PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1741.html +---------------------------------+ | libgtop server | ----------------------------// +---------------------------------+ A successful exploit of this stack buffer overflow would allow an attacker arbitrary access to kernel memory, possibly acquiring information allowing further increases in privileges. [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ devel/libgtop-1.0.12_1.tar.gz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ devel/libgtop-1.0.12_1.tar.gz FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1742.html +---------------------------------+ | thhttpd | ----------------------------// +---------------------------------+ Due to the location of the affected buffer on the stack, this bug can be exploited using ``The poisoned NUL byte'' technique (see references). A remote attacker can hijack the thttpd process, obtaining whatever privileges it has. By default, the thttpd process runs as user `nobody'. [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ packages-4-stable/www/thttpd-2.22.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ packages-5-current/www/thttpd-2.22.tgz FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1743.html +---------------------------------+ | Mailman | ----------------------------// +---------------------------------+ Cgisecurity.com released an advisory[1] related to a cross-site scripting vulnerability[2] in mailman. By exploiting this vulnerability, an attacker could collect information about a web user or possibly gain access to cookie-based authentication credentials. Conectiva: i386 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ mailman-2.0.8-2U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1744.html +---------------------------------+ | postfix | ----------------------------// +---------------------------------+ Wietse Venema reported he found a denial of service vulnerability in postfix. The SMTP session log that postfix keeps for debugging purposes could grow to an unreasonable size. Debian Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/ postfix_0.0.19991231pl11-2_i386.deb MD5 checksum: abe5ae7acbd0decde71c79f3bfaac6e7 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1745.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------