Linux Advisory Watch - April 5th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  April 5th, 2002                          Volume 3, Number 14a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for the Linux kernel, openssh, cups,
nscd, kde, squid, mod_ssl, XFree86, rsync, and zlib.  The vendors include
Caldera and Conectiva. Caldera users especially should pay particular
close attention to this newsletter.  A total of nine specific Caldera
advisories were released this week.

--> Performance and Stability meet Security

EnGarde has everything necessary to create thousands of virtual Web sites,
manage e-mail, DNS, firewalling database functions for an entire
organization, and supports high-speed broadband connections all using a
Web-based front-end. EnGarde Secure Professional provides those features
and more!

  http://store.guardiandigital.com/html/eng/promo1.shtml

  
Dsniff 'n the Mirror - This is a practical step by step guide showing how
to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others.
It also provides a discussion of how and why we should monitor network
traffic.

http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html




+---------------------------------+
|  Linux kernel                   | ----------------------------//
+---------------------------------+

In case of excessively long path names d_path kernel internal function
returns truncated trailing components of a path name instead of an error
value. As this function is called by getcwd(2) system call and
do_proc_readlink() function, false information may be returned to
user-space processes.

 PLEASE SEE VENDOR ADVISORY 
 Linux kernel Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1999.html 
  
 

+---------------------------------+
|  openssh                        | ----------------------------//
+---------------------------------+

A bug exists in the channel code of OpenSSH versions 2.0 though 3.0.2.
Existing users can use this bug to gain root privileges. The ability to
exploit this vulnerability without an existing user account has not yet
been proven, but it is considered possible. A malicious ssh server could
also use this bug to exploit a connecting vulnerable client.

 Caldera OpenLinux Server: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 

 RPMS/openssh-2.9p2-5.i386.rpm 
 f628846edca7e40cebf0174d4a02abb9 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2000.html


  

+---------------------------------+
|  cups                           | ----------------------------//
+---------------------------------+

The authors of CUPS, the Common UNIX Printing System, have found a
potential buffer overflow bug in the code of the CUPS daemon where it
reads the names of attributes.

 Caldera OpenLinux Sever: 

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

 RPMS/cups-1.1.10-5.i386.rpm 
 54c460f1858c9ae1d3c4057812825cbd 

 RPMS/cups-client-1.1.10-5.i386.rpm 
 1caf530d29b5387d2da32e2bc31340c7 

 RPMS/cups-devel-1.1.10-5.i386.rpm 
 45b44112561c92cfbb7e8bd11840697e 

 RPMS/cups-ppd-1.1.10-5.i386.rpm 
 13cbec00ffd614f696f905c35ed63b7b 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2002.html 
  
 Conectiva: 
 PLEASE SEE VENDOR ADVISORY 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2007.html


  

+---------------------------------+
|  nscd                           | ----------------------------//
+---------------------------------+

The Name Service Cache Daemon (nscd)  has a default behavior that does not
allow applications to validate DNS "PTR" records against "A" records.  In
particular, nscd caches a request for a "PTR" record, and when a request
comes later for the "A"  record, nscd simply divulges the information from
the cached "PTR"  record, instead of querying the authoritative DNS for
the "A" record.

 Caldera Open Linux: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Caldera Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/caldera_advisory-2001.html


  

+---------------------------------+
|  kde                            | ----------------------------//
+---------------------------------+

In OpenLinux 3.1.1, the startkde script will set the LD_LIBRARY_PATH
environment variable to " /opt/kde2/lib:" which includes the current
working directory in the library search path. This exposes users to shared
library attacks.

 Caldera OpenLinux: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
 Server/current/RPMS 

 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
 Workstation/current/RPMS 
 RPMS/kdeconfig-20011203-2.i386.rpm 
 080998dc9e5fc03b7b20f3644ae8b31b 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2003.html


  
+---------------------------------+
|  squid                          | ----------------------------//
+---------------------------------+

If certain constructed ftp:// style URL's are received, then squid
crashes, causing a denial of service and possibly remote execution of
code.

 Caldera OpenLinux: 

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

 RPMS/squid-2.4.STABLE2-3.i386.rpm 
 29ca65972c56e9a35a2181ce75bf23a2 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2004.html


  
+---------------------------------+
|  mod_ssl                        | ----------------------------//
+---------------------------------+

modssl uses underlying OpenSSL routines in a manner which could cause a
buffer overflow.

 Caldera OpenLinux: 

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

 RPMS/mod_ssl-2.8.5_1.3.22-2.i386.rpm 
 64223d2995fd5501b440d14d9af35359 

 RPMS/mod_ssl-sxnet-2.8.5_1.3.22-2.i386.rpm 
 f45c83a03d7fa38825645d551d5a1489 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2005.html


  
+---------------------------------+
|  XFree86                        | ----------------------------//
+---------------------------------+

Any user with local X access can exploit the MIT-SHM extension and gain
read/write access to any shared memory segment on the system.

 Caldera OpenLinux: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html


  
+---------------------------------+
|  rsync                          | ----------------------------//
+---------------------------------+

Supplementary groups to which the rsync daemon belongs (such as root) were
not removed from the server process before it performed work as an
unprivileged uid and gid. The rsync daemon was also compiled with a
vulnerable version of the zlib library. This package corrects both these
issues.

 Caldera OpenLinux: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
 Server/current/RPMS 

 rsync-2.5.0-5.i386.rpm 
 2c8f978df12dabf073361c86f7012210 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2008.html


  
  
+---------------------------------+
|  zlib                           | ----------------------------//
+---------------------------------+

CERT CA-2002-07: There is a bug in the zlib compression library that may
manifest itself as a vulnerability in programs that are linked with zlib.
This may allow an attacker to conduct a denial-of-service attack, gather
information, or execute arbitrary code.

 Caldera OpenLinux: 
 PLEASE SEE VENDOR ADVISORY 

 Candera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2010.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux