+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | February 7th, 2002 Volume 3, Number 6a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for pine, rsync, FreeBSD kernel, wmtv, and telnet. The vendors include Conectiva, Debian, FreeBSD, and Red Hat. Also this week, LinuxSecurity.com has released the latest version of the EnGarde Linux Postfix Howto. It can be found at: http://www.linuxsecurity.com/feature_stories/feature_story-91.html LinuxSecurity.com Feature: Approaches to choosing the strength of your security measures - Anton Chuvakin discusses the known approaches to choosing the level of security for your organization, risk assessment, and finding the balance between effective security practices and the existing budget. http://www.linuxsecurity.com/feature_stories/feature_story-98.html Why be vulnerable? Its your choice. - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! http://store.guardiandigital.com +---------------------------------+ | pine | ----------------------------// +---------------------------------+ A vulnerability[2] in the pine URL handler was discovered that allows remote attackers to execute arbitrary shell commands in the user's machine by encapsulating them in a URL using environment variables. This vulnerability only affects users whith the msg-view-url option enabled (which is not the default). ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ pico-4.44L-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ pine-4.44L-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ pilot-4.44L-1U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1877.html +---------------------------------+ | rsync | ----------------------------// +---------------------------------+ In Debian Security Advisory DSA-106-1 we reported a exploitable problem in rsync. For details please see that advisory. Unfortunately the patch used to fix that problem broke rsync. This has been fixed in version 2.3.2-1.5 and we recommend you upgrade to that version immediately. Debian Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/ main/binary-i386/rsync_2.3.2-1.5_i386.deb MD5 checksum: 41891f496f0b38b176de1bd3df04945c Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1878.html +---------------------------------+ | FreeBSD Kernel | ----------------------------// +---------------------------------+ On vulnerable FreeBSD systems where procfs is mounted, unprivileged local users may be able to cause a kernel panic. A race condition existed where a file could be removed between calling fstatfs() and the point where the file is accessed causing the file descriptor to become invalid. This may allow unprivileged local users to cause a kernel panic. Currently only the procfs filesystem is known to be vulnerable. FreeBSD: fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ CERT/patches/SA-02:09/fstatfs.patch FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1879.html +---------------------------------+ | wmtv | ----------------------------// +---------------------------------+ Nicolas Boullis found some security problems in the wmtv package (a dockable video4linux TV player for windowmaker) which is distributed in Debian GNU/Linux 2.2. With the current version of wmtv, the configuration file is written back as the superuser, and without any further checks. A mailicious user might use that to damage important files. Debian Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/ binary-i386/wmtv_0.6.5-2potato2_i386.deb MD5 checksum: 270d8553f9d732d612154dd0927ceece Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1880.html +---------------------------------+ | telnet | ----------------------------// +---------------------------------+ New telnet, telnet-server packages are available for Red Hat Linux 5.2, 5.2, 7.0 and 7.1. These packages fix a problem where buffer overflows can provide root access to local users. It is recommended that all users update to the fixed packages. Red Hat: 7.1 i386: ftp://updates.redhat.com/7.1/en/os/i386/ telnet-0.17-18.1.i386.rpm d4c6ea58c27504771887ada7f89646dd ftp://updates.redhat.com/7.1/en/os/i386/ telnet-server-0.17-18.1.i386.rpm 3165c07852274f4303c1acebde8ded06 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1881.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------