Linux Advisory Watch - March 15th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  March 15th, 2002                         Volume 3, Number 11a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for zlib, mod_ssl, xtel, pam_pgsql,
cyrus-sasl, netscape, mod_frontpage, openssh, rsync, gzip, NetBSD kernel,
php, fileutils, and cvs.  The vendors include Conectiva, Debian, EnGarde,
FreeBSD, Immunix, Mandrake, NetBSD, Red Hat, Slackware, SuSE, Trustix, and
Yellow Dog Linux.  Many serious advisories affecting nearly all Linux
vendors were released this week, it is advisable that you patch your
systems immediately.

ALERT: Significant Vulnerability Afflicts Linux Systems - Recently in a
coordinated effort between all major Linux vendors, a vulnerability in the
zlib library was announced, potentially affecting every installed Linux
system in existance.

Find out more: 
http://www.linuxsecurity.com/articles/security_sources_article-4582.html 


Security and Simplicity - Are you looking for a solution that provides the
applications necessary to easily create thousands of virtual Web sites,
manage e-mail, DNS, firewalling database functions for an entire
organization, and supports high-speed broadband connections all using a
Web-based front-end? EnGarde Secure Professional provides those features
and more!
 

  http://store.guardiandigital.com/html/eng/493-AA.shtml


FEATURE: Linux Data Hiding and Recovery - Just when you thought your data
was removed forever, Anton Chuvakin shows us how to recover data and even
how data can surruptitiously be hidden within space on the filesystem.

http://www.linuxsecurity.com/feature_stories/data-hiding-forensics.html


FEATURE: Fingerprinting Web Server Attacks - In this article, zenomorph
discusses multiple ways attackers attempt to exploit port 80 to gain
control of a web server. Using this information, an administrator can
learn to detect potential attacks and steps that are necessary to protect
a server from them.

http://www.linuxsecurity.com/feature_stories/fingerprinting-http.html



+---------------------------------+
|  zlib                           | ----------------------------//
+---------------------------------+

The compression library zlib has a flaw in which it attempts to free
memory more than once under certain conditions. This can possibly be
exploited to run arbitrary code in a program that includes zlib. If a
network application running as root is linked to zlib, this could
potentially lead to a remote root compromise. No exploits are known at
this time.

 Debian: 
 PLEASE SEE VENDOR ADVISORY 
 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1968.html 
  
 Mandrake Linux 8.1: 
 8.1/RPMS/zlib1-1.1.3-16.1mdk.i586.rpm 
 6dca9c0ff7dac9759d735150139182da 

 8.1/RPMS/zlib1-devel-1.1.3-16.1mdk.i586.rpm 
 320d06d5f1acc841965ad6c16db396cf 

 http://www.mandrakesecure.net/en/ftp.php 
 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1976.html 

 Mandrake Vendor Advisory [UPDATE]: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1983.html 

 SuSE Vendor Advisory I: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1967.html 

 SuSE Vendor Advisory II: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1966.html 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1960.html 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1982.html 

 Red Hat Vendor Advisory I: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1965.html 

 Red Hat Vendor Advisory II: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1973.html


+---------------------------------+
|  mod_ssl, apache_ssl            | ----------------------------//
+---------------------------------+

To exploit the overflow, the server must be configured to require client
certificates, and an attacker must obtain a carefully crafted client
certificate that has been signed by a Certificate Authority which is
trusted by the server. If these conditions are met, it would be possible
for an attacker to execute arbitrary code on the server.


 Debian Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/apache-ssl_1.3.9.13-4_i386.deb 
 MD5 checksum: 5085998b8751242a7e9c59b4806a7b24 
  
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libapache-mod-ssl_2.4.10-1.3.9-1potato1_i386.deb 
 MD5 checksum: e9a64fab4b7891f00b7e66f524ec0ec9 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1951.html 
  

 Mandrake Linux 8.1: 
 8.1/RPMS/mod_ssl-2.8.5-2.1mdk.i586.rpm 
 020058f4fd26dc78480804caf5cd0044 
 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1947.html 

  

 Red Hat: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/mod_ssl-2.8.5-4.i386.rpm 
 b7c91618cfb9110ce1ad620b9df05ab7 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1941.html 
 


  
+---------------------------------+
|  xtel                           | ----------------------------//
+---------------------------------+

Several security related problems have been found in the xtell package, a
simple messaging client and server. In detail, these problems contain
several buffer overflows, a problem in connection with symbolic links,
unauthorized directory traversal when the path contains "..". These
problems could lead into an attacker being able to execute arbitrary code
on the server machine.  The server runs with nobody privileges by default,
so this would be the account to be exploited.

 Debian  Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/ 
 main/binary-i386/xtell_1.91.1_i386.deb 
 MD5 checksum: 15dba43eec2b9b24a04523b27e621bbd 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1964.html


  
+---------------------------------+
|  pam-pgsql                      | ----------------------------//
+---------------------------------+

The affected versions of the pam-pgsql port contain a vulnerability that
may allow a remote user to cause arbitrary SQL code to be executed.  
pam-pgsql constructs a SQL statement to be executed by the PostgreSQL
server in order to lookup user information, verify user passwords, and
change user passwords.  The username and password given by the user is
inserted into the SQL statement without any quoting or other safety
checks.

 FreeBSD: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1969.html



+---------------------------------+
|   cyrus-sasl                    | ----------------------------//
+---------------------------------+

Affected versions of the cyrus-sasl port contain a format string
vulnerability. The format string vulnerability occurs during a call to the
syslog(3) function.

 FreeBSD: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1970.html


  

+---------------------------------+
|  netscape                       | ----------------------------//
+---------------------------------+

The GIF89a and JPEG standards permit images to have embedded comments, in
which any kind of textual data may be stored. Versions 4.76 and earlier of
the Netscape browser will execute JavaScript contained in such a comment
block, if execution of JavaScript is enabled in the configuration of the
browser.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ 

 linux-netscape-communicator-4.79.tgz 
 linux-netscape-navigator-4.79.tgz 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1971.html




+---------------------------------+
|  mod_frontpage                  | ----------------------------//
+---------------------------------+

Affected versions of the mod_frontpage port contains several exploitable
buffer overflows in the fpexec wrapper, which is installed setuid root. A
local attacker may obtain superuser privileges by exploiting the buffer
overflow bugs in fpexec.

 FreeBSD: 
 PLEASE SEE VENDOR ADVISORY 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1972.html 
  

 Mandrake Linux 8.1: 
 http://www.mandrakesecure.net/en/ftp.php 
 8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm 
 8c2baeebb796353035f8816ed6cdfbed 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1945.html


  
+---------------------------------+
|  openssh                        | ----------------------------//
+---------------------------------+

Joost Pol found a bug in the channel code of all versions of OpenSSH from
2.0 to 3.0.2.  This bug can allow authenticated users with an existing
account on the vulnerable system to obtain root privilege or by a
malicious server attacking a vulnerable client.  OpenSSH 3.1 is not
vulnerable to this problem.  The provided packages fix this vulnerability.

 Mandrake Linux 8.1: 
 8.1/RPMS/openssh-3.1p1-1.1mdk.i586.rpm 
 44ff50aad9a9696ee747d201b9a3bd5f 

 8.1/RPMS/openssh-askpass-3.1p1-1.1mdk.i586.rpm 
 a8d4315ed3b5fab0e8d8f3abcae36ce7 

 8.1/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.i586.rpm 
 4df4ec7a72c4c5dbda179799738b8bd7 

 8.1/RPMS/openssh-clients-3.1p1-1.1mdk.i586.rpm 
 a332044cf9eaeaaae0af923d55678e2b 

 8.1/RPMS/openssh-server-3.1p1-1.1mdk.i586.rpm 
 a2a39c0c29d0c3a7660d8c58023edbe4 

 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1946.html 
  
 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1978.html 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1943.html 

 YellowDog Linux Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1950.html 

 Immunix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1961.html 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1948.html 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1944.html



+---------------------------------+
|   rsync                         | ----------------------------//
+---------------------------------+

Ethan Benson discovered a bug in rsync where the supplementary groups that
the rsync daemon runs as (such as root) would not be removed from the
server process after changing to the specified unprivileged uid and gid.

 Mandrake Linux 8.1: 
 8.1/RPMS/rsync-2.5.4-1.1mdk.i586.rpm 
 e3733dc91021b997e656fafe86915fe9 

 Mandrake Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1981.html 

 
 Slackware 8.0:
 ftp://ftp.slackware.com/pub/slackware/
 slackware-8.0/patches/packages/rsync.tgz  
 e88390bae124be2af4b707ad3fbfc791 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1974.html


+---------------------------------+
|  gzip                           | ----------------------------//
+---------------------------------+

There are ftp daemon programs that invoke gzip on demand (like wu-ftpd).
If your systems run these daemons, depending on the configuration it could
lead to a remote root compromise.

 NetBSD: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1977.html


  
+---------------------------------+
|   NetBSD kernel                 | ----------------------------//
+---------------------------------+

There was a bug in the IPv4 forwarding path, and the inbound SPD (security
policy database) was not consulted on forwarding.  As a result, NetBSD
routers configured to be a VPN gateway failed to reject unencrypted
packets.

 NetBSD: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1979.html


  
+---------------------------------+
|   php                           | ----------------------------//
+---------------------------------+

Stefan Esser of E-matters security discovered and published[2,3] several
vulnerabilities[4] in the php_mime_split function used for file uploads
that could allow an attacker to execute arbitrary commands on the server.
This affects both PHP4 and PHP3.

 Conectiva: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1942.html


  
+---------------------------------+
|   fileutils                     | ----------------------------//
+---------------------------------+

The GNU File Utilities are the basic file-manipulation utilities of the
GNU operating system.  Race condition in various utilities from fileutils
GNU package may cause root user to delete the whole filesystem.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1959.html



+---------------------------------+
|  cvs                            | ----------------------------//
+---------------------------------+

Package updated: Patched to link to the shared zlib on the system instead
of statically linking to the included zlib source.  Also, use mktemp to
create files in /tmp files more safely.

 Slackware 8.0: 
 ftp://ftp.slackware.com/pub/slackware/
 slackware-8.0/patches/packages/cvs.tgz
 6758d0f323e9ebbd9aa1272c6c9dc482 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-1974.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux