Linux Advisory Watch - January 11th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  January 11th, 2002                       Volume 3, Number  2a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for exim, libgtop, mutt, pkg_install,
pw, pine, mod_auth_pgsql, bind, proftpd, LIDS, stunnel, and namazu.  The
vendors include Conectiva, Debian, FreeBSD, Mandrake, Red Hat, SuSE, and
Trustix.

 ** FREE  SSL Guide from Thawte - Are you planning your Web Server
 Security? Click here to get a FREE Thawte  SSL guide and find the
 answers to all your  SSL security issues. 

 http://www.gothawte.com/rd175.html
  
Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!

 Want to learn more?   
 http://store.guardiandigital.com/html/eng/493-AA.shtml


  
+---------------------------------+
| exim                            | ----------------------------//
+---------------------------------+

This problem has been fixed in Exim version 3.12-10.2 for the stable
distribution Debian GNU/Linux 2.2 and 3.33-1.1 for the testing and
unstable distribution. We recommend that you upgrade your exim package.

 Debian  Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/exim_3.12-10.2_i386.deb 
 MD5 checksum: d5a2fc41c32504d9982416fbabc53629 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/eximon_3.12-10.2_i386.deb 
 MD5 checksum: 02ed4af9505089b21ccbe2d3391c4e51 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1776.html 

 Red Hat: PLEASE SEE VENDOR ADVISORY 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1792.html


  
+---------------------------------+
|   libgtop                       | ----------------------------//
+---------------------------------+

The laboratory intexxia found a format string problem in the logging code
from libgtop_daemon. There were two logging functions which are called
when authorizing a client which could be exploited by a remote user.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386 
 /libgtop-daemon_1.0.6-1.1_i386.deb 
 MD5 checksum: 169c014d0fff9d24045ed733fb26aacc 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libgtop-dev_1.0.6-1.1_i386.deb 
 MD5 checksum: 9ed2aea64be71cf4c4e5dc6274d9c774 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libgtop1_1.0.6-1.1_i386.deb 
 MD5 checksum: 321badb855ed000452f0180a2e557388 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1787.html 

 Trustix: 
 http://www.trustix.net/pub/Trustix/updates/ 
 ./1.5/RPMS/mutt-1.2.5i.1-1tr.i586.rpm 
 a0181fdebd24a64cec3ab62949a8cdc4 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1784.html


  
  
+---------------------------------+
|  pkg_install                    | ----------------------------//
+---------------------------------+

A local attacker may be able to modify the package contents and
potentially elevate privileges or otherwise compromise the system. There
are no known exploits as of the date of this advisory.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/ 
 pkg_add.patch 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1778.html


  
  
+---------------------------------+
|  pw                             | ----------------------------//
+---------------------------------+

A local attacker can read the temporary file created by pw(8) and use the
encrypted passwords to conduct an off-line dictionary attack. A successful
attack would result in the recovery of one or more passwords.  Because the
temporary file is short-lived (it is removed almost immediately after
creation), this can be difficult to exploit: an attacker must `race' to
read the file before it is removed.

 FreeBSD: 
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1779.html


  

+---------------------------------+
|   mutt                          | ----------------------------//
+---------------------------------+

An attacker may send an email message with a specially crafted email
address in any of several message headers to the victim.  When the victim
reads the message using mutt and encounters that email address, the buffer
overflow is triggered and may result in arbitrary code being executed with
the privileges of the victim.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ 
 mail/mutt-1.2.5_1.tgz 

 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ 
 mail/mutt-devel-1.3.24_2.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1780.html 

 Updated FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1781.html 

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 mutt-doc-1.3.17-8U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 mutt-help-1.3.17-8U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 mutt-1.3.17-8U70_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1786.html 
  

 Red Hat 7.2: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/mutt-1.2.5.1-1.i386.rpm 
 d362ea15a13e305e1e9a360715c55fee 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1790.html 
  

 Slackware: 
 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1788.html


 SuSE: 
 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1785.html 
  

 Debian Sun Sparc architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-sparc/mutt_1.2.5-5_sparc.deb 
 MD5 checksum: 8bb33cd0efac0aeb345e87d58188e905 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1777.html 
  
  
 

+---------------------------------+
|  pine                           | ----------------------------//
+---------------------------------+

An attacker can supply commands enclosed in single quotes ('') in a URL
embedded in a message sent to the victim.  If the user then decides to
view the URL, PINE will launch a command shell which will then execute the
attacker's commands with the victim's privileges.  It is possible to
obfuscate the URL so that it will not necessarily seem dangerous to the
victim.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/mail/pine-4.43.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1782.html 

 FreeBSD Advisory Update: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1797.html 
  
  
  
 

+---------------------------------+
|  mod_auth_pgsql                 | ----------------------------//
+---------------------------------+

A remote user may insert arbitrary SQL code into the username during
authentication, leading to several exploit opportunities.  In particular,
the attacker may cause mod_auth_pgsql to use a known fixed password hash
for user verification, allowing him to authenticate as any user and obtain
unauthorized access to web server data.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current 
 /www/mod_auth_pgsql-0.9.9.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1783.html


  

+---------------------------------+
|  bind                           | ----------------------------//
+---------------------------------+

There are some insecure permissions on configuration files and executables
with the bind 9.x packages shipped with Mandrake Linux 8.0 and 8.1.  This
update provides stricter permissions by making the /etc/rndc.conf and
/etc/rndc.key files read/write by the named user and by making
/sbin/rndc-confgen and /sbin/rndc read/write/executable only by root.
  

 Mandrake Linux 8.0: 
 http://www.mandrakesecure.net/en/ftp.php 
 8.0/RPMS/bind-9.1.1-1.1mdk.i586.rpm 
 a086335b56151269c252428df794e154 

 8.0/RPMS/bind-devel-9.1.1-1.1mdk.i586.rpm 
 080d61511f43ecbfc07809221e0e70b7 

 8.0/RPMS/bind-utils-9.1.1-1.1mdk.i586.rpm 
 05ba599912dd98bdc328c715c4ebdf81 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1794.html


  
  
+---------------------------------+
|   proftpd                       | ----------------------------//
+---------------------------------+

ProFTPD was not forward resolving reverse-resolved hostnames. A remote
attacker could explore this vulnerability[1] to bypass ProFTPD access
control lists or have false information (client hostname) logged. It was
discovered by Matthew S. Hallacy

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 proftpd-1.2.5rc1-1U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 proftpd-doc-1.2.5rc1-1U70_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1793.html


  

+---------------------------------+
|   LIDS                          | ----------------------------//
+---------------------------------+

The use of LD_PRELOAD can make a program with privileges given by LIDS
execute attackers code. This mean that a root intruder can get every
capability or fs access you configured LIDS to grant. Moreover, if you
granted CAP_SYS_RAWIO or CAP_SYS_MODULE to a program, an attacker could
deactivate LIDS and thus, access any file.

 PLEASE SEE LIDS ADVISORY 
 LIDS Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1795.html


  
+---------------------------------+
|  stunnel                        | ----------------------------//
+---------------------------------+

Updated stunnel packages are now available for Red Hat Linux 7.2.  These
updates close a format-string vulnerability which is present in some
earlier versions of stunnel.

 Red Hat 7.2: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/stunnel-3.22-1.i386.rpm 
 b62a3f6c4418550873602147697213b0 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1791.html


  
  
+---------------------------------+
|  namazu                         | ----------------------------//
+---------------------------------+

Namazu is a full-text search engine. Namazu 2.0.9 and earlier may
inadvertently include malicious HTML tags or scripts in a dynamically
generated page, based on unvalidated input from untrustworthy sources.
Also, a buffer overflow vulnerability exists in the buffer size of an
environment variable.

 Red Hat 7.0J i386: 
 ftp://updates.redhat.com/7.0/ja/os/i386 
 /namazu-2.0.10-0j1.i386.rpm 

 ftp://updates.redhat.com/7.0/ja/os/i386/ 
 namazu-devel-2.0.10-0j1.i386.rpm 

 ftp://updates.redhat.com/7.0/ja/os/i386/ 
 namazu-cgi-2.0.10-0j1.i386.rpm 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1796.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux