Linux Advisory Watch - March 8th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  March 8th, 2002                          Volume 3, Number 10a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for php, cfs, cvs, xsane, openssh,
apache, ntop, squid, and radiud-cistron.  The vendors include Conectiva,
Debian, EnGarde, FreeBSD, Red Hat, Slackware, SuSE, and Yellow Dog.

Security and Simplicity - Are you looking for a solution that provides the
applications necessary to easily create thousands of virtual Web sites,
manage e-mail, DNS, firewalling database functions for an entire
organization, and supports high-speed broadband connections all using a
Web-based front-end? EnGarde Secure Professional provides those features
and more!


  http://store.guardiandigital.com/html/eng/493-AA.shtml 

FEATURE: Fingerprinting Web Server Attacks - In this article, zenomorph
discusses multiple ways attackers attempt to exploit port 80 to gain
control of a web server. Using this information, an administrator can
learn to detect potential attacks and steps that are necessary to protect
a server from them.

 
http://www.linuxsecurity.com/feature_stories/fingerprinting-http.html


FEATURE: Linux 802.11b and wireless (in)security - In this article,
Michael talks about Linux and background on wireless security, utilities
to interrogate wireless networks, and the top tips you should know to
improve wireless security of your network.

  http://www.linuxsecurity.com/feature_stories/wireless-kismet.html 

  

+---------------------------------+
|   php                           | ----------------------------//
+---------------------------------+

Stefan Esser, who is also a member of the PHP team, found several flaws in
the way PHP handles multipart/form-data POST requests (as described in
RFC1867) known as POST fileuploads.  Each of the flaws could allow an
attacker to execute arbitrary code on the victim's system. For PHP3 flaws
contain a broken boundary check and an arbitrary heap overflow.  For PHP4
they consist of a broken boundary check and a heap off by one error.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 
 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1925.html 

 Yellow Dog Linux Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1934.html 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1927.html



  
+---------------------------------+
|  cfs                            | ----------------------------//
+---------------------------------+ 

Zorgon found several buffer overflows in cfsd, a daemon that pushes
encryption services into the Unix(tm) file system.  We are not yet sure if
these overflows can successfully be exploited to gain root access to the
machine running the CFS daemon.  However, since cfsd can easily be forced
to die, a malicious user can easily perform a denial of service attack to
it.

 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/
 binary-i386/cfs_1.3.3- 8.1_i386.deb 
 MD5 checksum: 33651b606e1fa0dc15c9d7256580df84 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1926.html


  

+---------------------------------+
|  cvs                            | ----------------------------//
+---------------------------------+

Kim Nielsen recently found an internal problem with the CVS server and
reported it to the vuln-dev mailing list.  The problem is triggered by an
improperly initialized global variable.  A user exploiting this can crash
the CVS server, which may be accessed through the pserver service and
running under a remote user id.  It is not yet clear if the remote account
can be exposed, through.

 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/
 main/binary-i386/cvs_1.10.7-9_i386.deb 
 MD5 checksum: af8331fa78feee3029ebdde3e743adf5 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1931.html


  

+---------------------------------+
|  xsane                          | ----------------------------//
+---------------------------------+

Tim Waugh found several insecure uses of temporary files in the xsane
program, which is used for scanning.  This was fixed for Debian/stable by
moving those files into a securely created directory within the /tmp
directory.

 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/
 main/binary-i386/xsane_0.50-5.1_i386.deb 
 MD5 checksum: 069983f5340d5524a78b4bd896c6edb5 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1933.html


  

+---------------------------------+
|   openssh                       | ----------------------------//
+---------------------------------+

An authorized remote user (i.e. a user that can successfully authenticate
on the target system) may be able to cause sshd to execute arbitrary code
with superuser privileges. A malicious server may be able to cause a
connecting ssh client to execute arbitrary code with the privileges of the
client user.

 PLEASE SEE ADVISORY FOR UPDATE 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1938.html 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1937.html 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1940.html 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1939.html 
  
  
 

+---------------------------------+
|   apache                        | ----------------------------//
+---------------------------------+

A remote attacker could exploit this vulnerability and execute arbitrary
commands on the server running apache with this module enabled. A probable
way to explore this is via client certificate authentication, where the
attacker would use a specially crafted certificate to overflow this
buffer. Since this vulnerability happens only after the client certificate
has been checked, this means that it would have to be signed by a CA
accepted by the apache server.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 apache-1.3.22-1U70_3cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 apache-devel-1.3.22- 1U70_3cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
 apache-doc-1.3.22-1U70_3cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1928.html


  

+---------------------------------+
|   ntop                          | ----------------------------//
+---------------------------------+

ntop is a UNIX tool that shows the network usage, similar to what the
popular top UNIX command does on the system level. A format string
vulnerability has been discovered on the programmatic level and is
currently known to affect the UNIX version, however, the Windows port of
the program remains untested. The vulnerability allows for remote
arbitrary code execution.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 ntop Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1932.html


  

+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+

"Squid is a high-performance proxy caching server.  Various security
issues have been found in Squid up to and including version 2.4.STABLE2.  
These were:  1. a memory leak in the SNMP code 2. a crash on
specially-formatted data in FTP URL parsing 3. HTCP would still be active,
even if it was disabled in the config file.

 Yellow Dog Linux: 
 ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/ 
 yellowdog-2.1/ppc/squid-2.4.STABLE3-1.7.0.ppc.rpm 
 6f8f7c0c790de090b1a33ad08834f489 

 YellowDog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1935.html 

 SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
 squid-2.3.STABLE4-155.i386.rpm 
 4b1cff53fddcaf8930ec6738c6763a94 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
 squid-beta-2.4.STABLE2-94.i386.rpm 
 4ca7f3594ec82b703c6c36c08fb46ecb 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1929.html


  

+---------------------------------+
|   radiusd-cistron               | ----------------------------//
+---------------------------------+

The radiusd-cistron package contains a server daemon for the Remote
Authentication Dial-In User Server (RADIUS) client/server security
protocol.  Various vulnerabilities have been found in Cistron RADIUS as
well as other RADIUS servers and clients.

 Red Hat: i386: 
 ftp://updates.redhat.com/7.1/en/powertools/ 
 i386/radiusd-cistron-1.6.6-2.i386.rpm 
 b5c937f5e48d4d3484b64e20f8785b4a 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1930.html 
  
 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/7.0/RPMS/ 
 radiusd-cistron-1.6.6-1U70_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1936.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux