+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 29st, 2002 Volume 3, Number 13a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for zlib, php, mtr, squid, analog, and imlib. The vendors include Conectiva, Debian, FreeBSD, and Red Hat. If you have not had a chance to download the LinuxSecurity quick reference card, it is available at the following URL: http://www.linuxsecurity.com/docs/QuickRefCard.pdf FEATURE: Dsniff 'n the Mirror - This is a practical step by step guide showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also provides a discussion of how and why we should monitor network traffic. http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html Performance and Stability meet Security - EnGarde has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end. EnGarde Secure Professional provides those features and more! --> http://store.guardiandigital.com/html/eng/promo.shtml +---------------------------------+ | zlibs | ----------------------------// +---------------------------------+ It is also possible that an attacker could manage a more significant exploit, since the result of a double free is the corruption of the malloc() implementation's data structures. This could include running arbitrary code on local or remote systems. Red Hat Update: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1989.html FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1994.html +---------------------------------+ | php | ----------------------------// +---------------------------------+ PHP is an HTML-embeddable scripting language. A number of flaws have been found in the way PHP handles multipart/form-data POST requests. Each of these flaws could allow an attacker to execute arbitrary code on the remote system. Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1990.html +---------------------------------+ | mtr | ----------------------------// +---------------------------------+ The authors of mtr released a new upstream version, noting a non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek, however, found an easy way to exploit this bug, which allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible. Debian Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/ binary-i386/mtr_0.41-6_i386.deb MD5 checksum: 4ba7815729e243669e8d825f5b8373a2 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1991.html +---------------------------------+ | squid | ----------------------------// +---------------------------------+ A security issue has recently been found and fixed in the Squid-2.X releases up to and including 2.4.STABLE4. Error and boundary conditions were not checked when handling compressed DNS answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV. Squid: http://www.squid-cache.org/Versions/v2/2.4/ Squid Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1992.html FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1995.html +---------------------------------+ | analog | ----------------------------// +---------------------------------+ It is easy for an attacker to insert arbitrary strings into any web server logfile. If these strings are then analysed by analog, they can appear in the report. By this means an attacker can introduce arbitrary Javascript code, for example, into an analog report produced by someone else and read by a third person. Analog already attempted to encode unsafe characters to avoid this type of attack, but the conversion was incomplete. Debian Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/ binary-i386/analog_5.22-0potato1_i386.deb MD5 checksum: 6ffd39c59948d83d2a7fd890be846360 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1996.html +---------------------------------+ | imlib | ----------------------------// +---------------------------------+ Alan Cox discovered some situations where a heap corruption[1] may occur when processing some malformed image. Al Viro found that imlib was falling back to the NetPBM library[2] when processing some kind of images, but NetPBM is not suitable to process untrusted image input. An attacker could use a crafted image to exploit a program linked to imlib (like a mailer program or an image viewer) and cause a DoS or even remote code execution. Conectiva: ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ imlib-1.9.13-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ imlib-cfgeditor-1.9.13-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ imlib-devel-1.9.13-1U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS /imlib-devel-static-1.9.13-1U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1997.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------