Linux Advisory Watch - January 18th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  January 11th, 2002                       Volume 3, Number  3a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for imp, horde, x-chat, gzip, glibc,
cipe, sudo, at, stunnel, NetBSD kernel, slashcode, pine, lids, groff,
bugzilla, and uuxqt.  The vendors include Caldera, Conectiva, Debian,
EnGarde, Mandrake, NetBSD, Red Hat, Slackware, and SuSE.

FREE Apache SSL Guide from Thawte Certification - Do your online customers
demand the best available protection of their personal information?
Thawte's guide explains how to give this to your customers by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide

  http://www.gothawte.com/rd176.html 
  

Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!

 Save 10% and Free Shipping on all Guardian Digital Secure Servers! 
 http://store.guardiandigital.com


  
+---------------------------------+
| imp / horde                     | ----------------------------//
+---------------------------------+

The webmail frontend IMP has a cross site scripting problem, allowing a
remote attacker to send you an E-mail with a malformed URL that when
clicked on will open your mail session to the attacker, allowing him to
read and delete your E-mails.

 Caldera OpenLinux: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 

 RPMS/horde-1.2.7-1.i386.rpm 
 53a9d75c760851f79fa72cb451416f96 

 RPMS/imp-2.2.7-1.i386.rpm 
 4bb1af4dcd98af6f168543476f691b95 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1798.html


  
+---------------------------------+
| X-Chat                          | ----------------------------//
+---------------------------------+

It is possible to trick XChat IRC clients into sending arbitrary commands
to the IRC server they are on, potentially allowing social engineering
attacks, channel takeovers, and denial of service. This problem exists in
versions 1.4.2 and 1.4.3.

 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 xchat-gnome_1.4.3-1_i386.deb 
 MD5 checksum: 2eb90d6a77af6c2475a976d282d76377 
  
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/xchat-text_1.4.3-1_i386.deb 
 MD5 checksum: 9701ca60219d4ac8981293763474f14c 

 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/xchat_1.4.3-1_i386.deb 
 MD5 checksum: 1a45ebe67bd4b495cbbd9b9e1517239e 

 XChat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1802.html


  
+---------------------------------+
| gzip                            | ----------------------------//
+---------------------------------+

GOBBLES found a buffer overflow in gzip that occurs when compressing files
with really long filenames.  Even though GOBBLES claims to have developed
an exploit to take advantage of this bug, it has been said by others that
this problem is not likely to be exploitable as other security incidents.

 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/gzip_1.2.4-33.1_i386.deb 

 MD5 checksum: b61176ee1953b528e50268995e6c2505 
 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1803.html


  

+---------------------------------+
|  glibc                          | ----------------------------//
+---------------------------------+

A buffer overflow has been found in the globbing code for glibc. This code
which is used to glob patterns for filenames and is commonly used in
applications like shells and FTP servers.

 PLEASE SEE VENDOR ADVISORY 
 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1804.html 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1800.html



  
+---------------------------------+
| cipe                            | ----------------------------//
+---------------------------------+

Larry McVoy found a bug in the packet handling code for the CIPE VPN
package: it did not check if a received packet was too short and could
crash.

 Debian Architecture independent archives: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-all/cipe-common_1.3.0-3_all.deb 
 MD5 checksum: bbfe46765a76bce4f4ce6f9855eee717 
  
 http://security.debian.org/dists/stable/updates/main/ 
 binary-all/cipe-source_1.3.0-3_all.deb 
 MD5 checksum: c380864ae382aff742f08869f89848f6 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1805.html



+---------------------------------+
|  sudo                           | ----------------------------//
+---------------------------------+

Sebastian Krahmer from SuSE found a vulnerability in sudo which could
easily lead into a local root exploit. This problem has been fixed in
upstream version 1.6.4 as well as in version 1.6.2p2-2.1 for the stable
release of Debian GNU/Linux.

 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/sudo_1.6.2p2-2.1_i386.deb 
 MD5 checksum: 793c815263a64e63108628ed31537dfe 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1807.html 
  
 Mandrake 8.0: 
 http://www.mandrakesecure.net/en/ftp.php 

 8.0/RPMS/sudo-1.6.4-1.1mdk.i586.rpm 
 6485ad4e345eb0e4920f856d65808235 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1816.html 


 NetBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/security/sudo-1.6.4.1.tgz 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1827.html 
  

 EnGarde sudo: 
 i386/sudo-1.6.4-1.0.6.i386.rpm 
 MD5 Sum: 83fceade44a6d263647653351c2acade 

 i686/sudo-1.6.4-1.0.6.i686.rpm 
 MD5 Sum: 8b8c9344cbc950cd9fd4f2fc1c3136f8 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1809.html 
  

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 sudo-1.6.4p1-1U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 sudo-doc-1.6.4p1-1U70_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1813.html 
  

 SuSE i386 Intel Platform: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/ 
 ap1/sudo-1.6.3p7-71.i386.rpm 
 b98f00f761274530bfad3486253bed53 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1806.html 
  

 Red Hat i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 sudo-1.6.4-0.7x.2.i386.rpm 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1812.html


  
+---------------------------------+
| at                              | ----------------------------//
+---------------------------------+

zen-parse found a bug in the current implementation of at which leads into
a heap corruption vulnerability which in turn could potentially lead into
an exploit of the daemon user.

 Debain Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/ 
 main/binary-i386/at_3.1.8-10.1_i386.deb 
 MD5 checksum: 8af8ea462718b6bee748b2a809834d2e 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1818.html 
  
 i386 Intel Platform: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/ 
 7.3/ap1/at-3.1.8-459.i386.rpm 
 db3d2bd38f81667dcece38d1c4a86725 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1817.html


  
+---------------------------------+
|  stunnel                        | ----------------------------//
+---------------------------------+

All versions of stunnel from 3.15 to 3.21c are vulnerable to format string
bugs in the functions which implement smtp, pop, and nntp client
negotiations.  Using stunnel with the "-n service" option and the "-c"
client mode option, a malicious server could use the format sting
vulnerability to run arbitrary code as the owner of the current stunnel
process.  Version 3.22 is not vulnerable to this bug.

 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Linux 8.1: 
 8.1/RPMS/stunnel-3.22-1.1mdk.i586.rpm 
 08204f11728f2c6b6152de9ebb562ac5 

 8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm 
 e85fbd3435759fa7b94bb5c371738b30  

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1828.html


  
+---------------------------------+
|  netbsd-kernel                  | ----------------------------//
+---------------------------------+

A process could exec a setuid binary, while gaining ptrace control over it
for a short period before the process was activated. The ptrace controller
process could then modify the address space of the controlled process and
abuse its elevated privileges.

 PLEASE SEE VENDOR ADVISORY 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1826.html


  
+---------------------------------+
| slashcode                       | ----------------------------//
+---------------------------------+

Slash, the code that runs Slashdot and many other web sites, has a
vulnerability in recent versions that allows any logged-in user to log in
as any other user.  This allows users to take nearly full control of a
Slash system (post and delete stories, posting stories, edit users, post
as other users, etc., and do anything that a Slash user can do) by logging
in to an adminstrator's Slash account.

 PLEASE SEE VENDOR ADVISORY 

 Slashcode Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1799.html


  
+---------------------------------+
|  pine                           | ----------------------------//
+---------------------------------+

There is a vulnerability in pine which can allow an attacker to execute
arbitrary commands on a victims machine by sending them a
specially-crafted URL which is then mishandled by pine's URL handling
code.

 EnGarde: 
 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
 i386/pine-4.33-1.0.6.i386.rpm 
 MD5 Sum: 4b1d60e1e7ccb3a8a511db42877f0b15 

 i686/pine-4.33-1.0.6.i686.rpm 
 MD5 Sum: 995ed060b84adb05b5b274d353becd91 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1810.html 
  
 Slackware Updated pine package for Slackware 8.0: 
 ftp://ftp.slackware.com/pub/slackware/ 
 slackware-8.0/patches/packages/pine.tgz 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1801.html



  
+---------------------------------+
|  lids                           | ----------------------------//
+---------------------------------+

Recently there were several local vulnerabilities discovered in the LIDS
system used by EnGarde Secure Linux which could allow an attacker to gain
root, and even disable LIDS completely.

 EnGarde: 
 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
 PLEASE SEE VENDOR ADVISORY 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1811.html


  
+---------------------------------+
| groff                           | ----------------------------//
+---------------------------------+

New groff packages have been made available that fix an overflow in groff.
If the printing system running this is a security issue, it is recommended
to update to the new, fixed packages.

 Red Hat i386: 7.2 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 groff-1.17.2-7.0.2.i386.rpm 
 f3181dd6c32ffc9478721244b77c89af 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1808.html


  
  
+---------------------------------+
|  bugzilla                       | ----------------------------//
+---------------------------------+

This new version fixes several security issues discovered since version
2.14 was released, which are too serious to wait for the upcoming 2.16
release.

 Red Hat Powertools 7.1: 
 noarch: 
 ftp://updates.redhat.com/7.1/en/powertools/noarch/ 
 bugzilla-2.14.1-2.noarch.rpm 
 dd9607075ee2e4186f153b5587fb8ec0 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1814.html


  

+---------------------------------+
|  uuxqt                          | ----------------------------//
+---------------------------------+

uuxqt in Taylor UUCP package does not properly remove dangerous long
options, which allows local users to gain uid and gid uucp privileges by
calling uux and specifying an alternate configuration file with the
--config option.

 Red Hat Linux 7.2: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 uucp-1.06.1-32.i386.rpm 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1829.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux