+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 5th, 2002 Volume 3, Number 14a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for the Linux kernel, openssh, cups,
nscd, kde, squid, mod_ssl, XFree86, rsync, and zlib. The vendors include
Caldera and Conectiva. Caldera users especially should pay particular
close attention to this newsletter. A total of nine specific Caldera
advisories were released this week.
--> Performance and Stability meet Security
EnGarde has everything necessary to create thousands of virtual Web sites,
manage e-mail, DNS, firewalling database functions for an entire
organization, and supports high-speed broadband connections all using a
Web-based front-end. EnGarde Secure Professional provides those features
and more!
http://store.guardiandigital.com/html/eng/promo1.shtml
Dsniff 'n the Mirror - This is a practical step by step guide showing how
to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others.
It also provides a discussion of how and why we should monitor network
traffic.
http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html
+---------------------------------+
| Linux kernel | ----------------------------//
+---------------------------------+
In case of excessively long path names d_path kernel internal function
returns truncated trailing components of a path name instead of an error
value. As this function is called by getcwd(2) system call and
do_proc_readlink() function, false information may be returned to
user-space processes.
PLEASE SEE VENDOR ADVISORY
Linux kernel Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1999.html
+---------------------------------+
| openssh | ----------------------------//
+---------------------------------+
A bug exists in the channel code of OpenSSH versions 2.0 though 3.0.2.
Existing users can use this bug to gain root privileges. The ability to
exploit this vulnerability without an existing user account has not yet
been proven, but it is considered possible. A malicious ssh server could
also use this bug to exploit a connecting vulnerable client.
Caldera OpenLinux Server:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS
RPMS/openssh-2.9p2-5.i386.rpm
f628846edca7e40cebf0174d4a02abb9
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2000.html
+---------------------------------+
| cups | ----------------------------//
+---------------------------------+
The authors of CUPS, the Common UNIX Printing System, have found a
potential buffer overflow bug in the code of the CUPS daemon where it
reads the names of attributes.
Caldera OpenLinux Sever:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
RPMS/cups-1.1.10-5.i386.rpm
54c460f1858c9ae1d3c4057812825cbd
RPMS/cups-client-1.1.10-5.i386.rpm
1caf530d29b5387d2da32e2bc31340c7
RPMS/cups-devel-1.1.10-5.i386.rpm
45b44112561c92cfbb7e8bd11840697e
RPMS/cups-ppd-1.1.10-5.i386.rpm
13cbec00ffd614f696f905c35ed63b7b
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2002.html
Conectiva:
PLEASE SEE VENDOR ADVISORY
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2007.html
+---------------------------------+
| nscd | ----------------------------//
+---------------------------------+
The Name Service Cache Daemon (nscd) has a default behavior that does not
allow applications to validate DNS "PTR" records against "A" records. In
particular, nscd caches a request for a "PTR" record, and when a request
comes later for the "A" record, nscd simply divulges the information from
the cached "PTR" record, instead of querying the authoritative DNS for
the "A" record.
Caldera Open Linux:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2001.html
+---------------------------------+
| kde | ----------------------------//
+---------------------------------+
In OpenLinux 3.1.1, the startkde script will set the LD_LIBRARY_PATH
environment variable to " /opt/kde2/lib:" which includes the current
working directory in the library search path. This exposes users to shared
library attacks.
Caldera OpenLinux:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/current/RPMS
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Workstation/current/RPMS
RPMS/kdeconfig-20011203-2.i386.rpm
080998dc9e5fc03b7b20f3644ae8b31b
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2003.html
+---------------------------------+
| squid | ----------------------------//
+---------------------------------+
If certain constructed ftp:// style URL's are received, then squid
crashes, causing a denial of service and possibly remote execution of
code.
Caldera OpenLinux:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
RPMS/squid-2.4.STABLE2-3.i386.rpm
29ca65972c56e9a35a2181ce75bf23a2
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2004.html
+---------------------------------+
| mod_ssl | ----------------------------//
+---------------------------------+
modssl uses underlying OpenSSL routines in a manner which could cause a
buffer overflow.
Caldera OpenLinux:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS
RPMS/mod_ssl-2.8.5_1.3.22-2.i386.rpm
64223d2995fd5501b440d14d9af35359
RPMS/mod_ssl-sxnet-2.8.5_1.3.22-2.i386.rpm
f45c83a03d7fa38825645d551d5a1489
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2005.html
+---------------------------------+
| XFree86 | ----------------------------//
+---------------------------------+
Any user with local X access can exploit the MIT-SHM extension and gain
read/write access to any shared memory segment on the system.
Caldera OpenLinux:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html
+---------------------------------+
| rsync | ----------------------------//
+---------------------------------+
Supplementary groups to which the rsync daemon belongs (such as root) were
not removed from the server process before it performed work as an
unprivileged uid and gid. The rsync daemon was also compiled with a
vulnerable version of the zlib library. This package corrects both these
issues.
Caldera OpenLinux:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/current/RPMS
rsync-2.5.0-5.i386.rpm
2c8f978df12dabf073361c86f7012210
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2008.html
+---------------------------------+
| zlib | ----------------------------//
+---------------------------------+
CERT CA-2002-07: There is a bug in the zlib compression library that may
manifest itself as a vulnerability in programs that are linked with zlib.
This may allow an attacker to conduct a denial-of-service attack, gather
information, or execute arbitrary code.
Caldera OpenLinux:
PLEASE SEE VENDOR ADVISORY
Candera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2010.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
