Linux Advisory Watch - February 1st 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  February 1st, 2002                       Volume 3, Number  5a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for rsync, k5su, enscript, gzip,
ptrace, sudo, x-chat, sane-backends, pine, at, uucp, mutt, openldap,
squid, and xinetd.  The vendors include Caldera, Conectiva, Debian,
EnGarde, FreeBSD, Mandrake, FreeBSD, Red Hat, Slackware, SuSE, TurboLinux,
and YellowDog.
 
LinuxSecurity.com Feature: Approaches to choosing the strength of your
security measures - Anton Chuvakin discusses the known approaches to
choosing the level of security for your organization, risk assessment, and
finding the balance between effective security practices and the existing
budget.

 http://www.linuxsecurity.com/feature_stories/feature_story-98.html 


*** FREE Apache SSL Guide from Thawte - Are you worried about your web
server security?  Click here to get a FREE Thawte Apache SSL Guide and
find the answers to all your Apache SSL security needs.
 
  http://www.gothawte.com/rd178.html  
  
Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
 
 http://store.guardiandigital.com
 

+---------------------------------+
| rsync                           | ----------------------------//
+---------------------------------+

Sebastian Krahmer found several places in rsync (a popular tool to
synchronise files between machines) where signed and unsigned numbers were
mixed which resulted in insecure code. This could be abused by remote
users to write 0-bytes in rsync's memory and trick rsync into executing
arbitrary code.
  
 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/ 
 main/binary-i386/rsync_2.3.2-1.3_i386.deb 
 MD5 checksum: c1e9d2e9d1ed014dd2a3992902a66477 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1857.html 
  

 Mandrake Linux 8.1: 
 8.1/RPMS/rsync-2.4.6-3.1mdk.i586.rpm 
 048f479dbf9be95eb7e1bf59790d0b22 
 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1862.html 

  

 EnGarde Binary Packages: 
 i386/rsync-2.4.6-1.0.3.i386.rpm 
 MD5 Sum: 130608e7f4d1600d8ceb47ad7fe7c4ce 
 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
  
 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1853.html  

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1856.html 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1860.html 

 Red Hat Vendor Advisory (UPDATE): 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1875.html 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1858.html


 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1855.html

 


+---------------------------------+
|   k5su                          | ----------------------------//
+---------------------------------+

The setlogin system call, the use of which is restricted to the superuser,
is used to associate a user name with a login session.  The getlogin
system call is used to retrieve that user name.  The setlogin system call
is typically used by applications such as login and sshd.

 [i386] 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/security/heimdal-0.4e_2.tgz 
 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1849.html 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1865.html


  

+---------------------------------+
|   enscrypt                      | ----------------------------//
+---------------------------------+

The enscript program does not create temporary files in a secure fashion
and as such could be abused if enscript is run as root.

 Mandrake Linux 8.1: 
 8.1/RPMS/enscript-1.6.1-22.1mdk.i586.rpm 
 f30e305cd6b7050ab2088098a4ac0997 
 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1863.html 


 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1867.html


  

+---------------------------------+
|  gzip                           | ----------------------------//
+---------------------------------+

There are two problems with the gzip archiving program; the first is a
crash when an input file name is over 1020 characters, and the second is a
buffer overflow that could be exploited if gzip is run on a server such as
an FTP server.  The patch applied is from the gzip developers and the
problems have been fixed in the latest beta.

 Mandrake Linux 8.1: 
 8.1/RPMS/gzip-1.2.4a-9.1mdk.i586.rpm 
 0c4bd47c8314d2df3b5dd98476a75c80 
 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1876.html

  


+---------------------------------+
|  ptrace                         | ----------------------------//
+---------------------------------+

A process could exec a setuid binary, while gaining ptrace control
over it for a short period before the process was activated. The 
ptrace controller process could then modify the address space of the
controlled process and abuse its elevated privileges. 

 Mandrake: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1826.html


  
  
+---------------------------------+
|  sudo                           | ----------------------------//
+---------------------------------+

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity.

 NetBSD [i386] 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-4-stable/security/sudo-1.6.4.1.tgz 

 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
 packages-5-current/security/sudo-1.6.4.1.tgz 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1827.html 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1869.html


  

+---------------------------------+
|   xchat                         | ----------------------------//
+---------------------------------+

Versions of xchat prior to version 1.8.7 contain a vulnerability which
allows an attacker to cause a vulnerable client to execute arbitrary IRC
server commands as if the vulnerable user had typed them.

 ftp://ftp.yellowdoglinux.com/pub/yellowdog/ 
 updates/yellowdog-2.1/ppc/ 
 xchat-1.8.7-1.72.0.ppc.rpm 
 75a3959a60589c2b06464a4afdc84150 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1864.html


  

+---------------------------------+
|  sane-backends                  | ----------------------------//
+---------------------------------+

XSane is an X-based interface providing access to scanners, digital
cameras, and other capture devices. When XSane creates temporary files, it
does so with predictable filenames in a manner that would follow symbolic
links. This could allow a local user to overwrite files written by the
user running XSane.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1868.html 
 



+---------------------------------+
|  pine                           | ----------------------------//
+---------------------------------+

The purpose of this release is to fix a security bug with the treatment of
quotes in the URL-handling code. The bug allows a malicious sender to
embed commands in a URL. This bug is present in all versions of UNIX Pine
4.43 or earlier.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1870.html



+---------------------------------+
|  at                             | ----------------------------//
+---------------------------------+

A server running the latest version of at could have commands that depend
on the current environment (for example, the PATH) which would then fail
or run incorrectly because the environment would not be accessible when
the command was executed at a later time.
 
 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1871.html



+---------------------------------+
|  uucp                           | ----------------------------//
+---------------------------------+

uuxqt in Taylor UUCP package does not properly remove dangerous long
options, which allows local users to gain uid and gid uucp privileges by
calling uux and specifying an alternate configuration file with the
--config option

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1872.html



+---------------------------------+
|  mutt                           | ----------------------------//
+---------------------------------+

An overflow exists in mutt's RFC822 address parser. A remote attacker
could send a carefully crafted email message which when read by mutt would
be able to overwrite arbitrary bytes in memory. The updated mutt-1.2.5.1
release fixes the problem. Thanks go to Joost Pol for discovering the bug
and the Mutt team for the fixed release.
 
 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1866.html

  

+---------------------------------+
| openldap                        | ----------------------------//
+---------------------------------+

Authenticated users (in openldap versions 2.0.8 up to 2.0.19) could issue
a REPLACE command for an attribute where the new value is an empty one,
thus effectively removing the attribute if allowed by the current schema,
that is, if the attribute in question is not mandatory. In versions prior
to 2.0.8, anonymous users could do this as well, regardless of ACLs
protecting this attribute.

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1861.html




+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+

Squid has a flaw in the code to handle FTP PUT commands: when a mkdir-only
request was done squid would detect an internal error and exit.  Squid
script cannot use the restart command. Because when stop command isn't
finished, start command is started.

 TurboLinux Vendor Advisory: 
 ftp://ftp.turbolinux.com/pub/updates/6.0/security/ 
 squid-2.4.STABLE2-3.i386.rpm 
 8d163dfdb90a42c46a5c169b2dc0d4f4 

 TurboLinux Vendor Advisory: 

http://www.linuxsecurity.com/advisories/turbolinux_advisory-1851.html



  
  
+---------------------------------+
|   xinetd                        | ----------------------------//
+---------------------------------+

Exploitation of the conditions discovered during the audit could lead to a
denial of service or remote root compromise.

 TurboLinux Vendor Advisory: 
 ftp://ftp.turbolinux.com/pub/updates/6.0/security/ 
 xinetd-2.3.3-3.i386.rpm 
 00c15d36ce412917672826c7d9ffd69e  

 TurboLinux Vendor Advisory: 

http://www.linuxsecurity.com/advisories/turbolinux_advisory-1852.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux