+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 1st, 2002 Volume 3, Number 9a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for ucd-snmp, cups, cyrus-sasl, squid-cron, Listar, php, mod_ssl, and the Red Hat Kernel. The vendors include Conectiva, EnGarde, Debian, Mandrake, Red Hat, SuSE, and Trustix. FEATURE: Building a VPN Using Yavipin - Yavipin is a package that can be used to build a VPN between two hosts using some of the most advanced and sophisticated cryptography available. Learn more about the VPN that focuses on network efficiency, usability, and is highly secure. http://www.linuxsecurity.com/feature_stories/yavipin-vpn.html Security & Simplicity, Finally! - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! --> http://store.guardiandigital.com FEATURE: Building a Virtual Honeynet - Hisham shares his experiences with building a virtual honeynet on his existing Linux box. He describes data capture and control techniques, the types of honeynets, and configuration changes to get one running on your system. http://www.linuxsecurity.com/feature_stories/feature_story-100.html +---------------------------------+ | ucd-snmp | ----------------------------// +---------------------------------+ Some of the changes made in the DSA-111-1 security fix for SNMP changed the API and ABI for the SNMP library which broke some other applications. Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/ binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb MD5 checksum: 63572db96270c729ea883bfef1ada86c http://security.debian.org/dists/stable/updates/main/ binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb MD5 checksum: b6282ebba72681ff8b2fe58995831df8 http://security.debian.org/dists/stable/updates/main/ binary-i386/snmp_4.1.1-2.2_i386.deb MD5 checksum: 77233f5bc593a94488a92cb19d4bede2 http://security.debian.org/dists/stable/updates/main/ binary-i386/snmpd_4.1.1-2.2_i386.deb MD5 checksum: f7f9847bac6be03e19fb5fef39166859 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1920.html +---------------------------------+ | cups | ----------------------------// +---------------------------------+ The well known Common Unix Printing System (CUPS) was found vulnerable to a buffer overflow in the Internet Printing Protocol (IPP) handling code. The buffer overflow could be exploited by a remote attacker as long as their IP address is allowed to connect to the CUPS server. i386 Intel Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d3/ cups-devel-1.1.10-83.i386.rpm 8d5053ad177a11625184d0758487fc44 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ cups-1.1.10-83.i386.rpm d13c2a15aec1e32d33e67e3c5dfbfcbe ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ cups-client-1.1.10-83.i386.rpm f6869afd7a3ca8d25094e8beb685be69 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ cups-libs-1.1.10-83.i386.rpm cabe0639064f8d8f4e0966b52f11d879 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1916.html +---------------------------------+ | cyrus-sasl | ----------------------------// +---------------------------------+ Kari Hurtta discovered that a format bug exists in the Cyrus SASL library, which is used to provide an authentication API for mail clients and servers, as well as other services such as LDAP. The format bug was found in one of the logging functions which could be used by an attacker to obtain acces to a machine or to possibly acquire elevated privileges. Thanks to the SuSE security team for providing the fix. PLEASE SEE VENDOR ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1921.html +---------------------------------+ | squid-cron | ----------------------------// +---------------------------------+ A memory leak in the optional SNMP interface to Squid, allowing an malicious user who can send packets to the Squid SNMP port to possibly perform an denial of service attack on the Squid proxy service if the SNMP interface has been enabled (disabled by default). Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1908.html Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1913.html Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1911.html +---------------------------------+ | Listar | ----------------------------// +---------------------------------+ The Ecartis Core Team has been made aware of of a potential security issue that affects all versions of Listar, and all but the most recent snapshots of Ecartis. The issue involves the use of sprintf's in mystring.c which could cause user-input buffers to be overflowed. With a properly configured Ecartis/Listar install, it would be contained within the setuid/setgid. Binary (i386) RPM: ftp://ftp.ecartis.org/pub/ecartis/snapshots/ rpm/ecartis-1.0.0-snap20020125.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1909.html +---------------------------------+ | php | ----------------------------// +---------------------------------+ PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable. PHP Users, Please see advisory: http://www.linuxsecurity.com/advisories/other_advisory-1914.html Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1918.html Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1917.html SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1922.html EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1924.html +---------------------------------+ | mod_ssl | ----------------------------// +---------------------------------+ mod_ssl (www.modssl.org) is a commonly used Apache module that provides strong cryptography for the Apache web server. The module utilizes OpenSSL (formerly SSLeay) for the SSL implementation. modssl versions prior to 2.8.7-1.3.23 (Feb 23, 2002) make use of the underlying OpenSSL routines in a manner which could overflow a buffer within the implementation. This situation appears difficult to exploit in a production environment, however, for reasons detailed below. Mod_SSL Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1915.html Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1919.html EnGarde Linux Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1923.html +---------------------------------+ | Red Hat Kernel | ----------------------------// +---------------------------------+ The Linux Netfilter team has found a problem in the "IRC connection tracking" component of the firewall within the linux kernel. This problem affects Red Hat Linux versions 7.1 and 7.2. i386: Red Hats ftp://updates.redhat.com/7.2/en/os/i386/ kernel-2.4.9-31.i386.rpm 64705698f9f5eaf1e79185863382f941 ftp://updates.redhat.com/7.2/en/os/i386/ kernel-source-2.4.9-31.i386.rpm cba833ad4e2b45392e4de085ca0e920f ftp://updates.redhat.com/7.2/en/os/i386/ kernel-BOOT-2.4.9-31.i386.rpm b239ceebf5b5c28a348cd960d3195f03 ftp://updates.redhat.com/7.2/en/os/i386/ kernel-headers-2.4.9-31.i386.rpm dae89931407ae5832e374e49d8347234 ftp://updates.redhat.com/7.2/en/os/i386/ kernel-doc-2.4.9-31.i386.rpm 6883d71ffe17dff75514ac38228cd5f0 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1912.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------