Linux Advisory Watch - May 10th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  May 10th, 2002                           Volume 3, Number 19a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were releaed for mod python, tcpdump, imlib,
sysconfig, webmin, netfilter, and dhcp.  The vendors include Conectiva,
Red Hat, and SuSE.

FTP Attack Case Study Part I: The Analysis This article presents a case
study of a company network server compromise. The attack and other
intruder's actions are analyzed. Computer forensics investigation is
undertaken and results are presented. The article provides an opportunity
to follow the trail of incident response for the real case.

http://www.linuxsecurity.com/feature_stories/ftp-analysis-part1.html 


* FREE SSL Guide from Thawte - Are you planning your Web Server Security?
Click here to get a FREE Thawte SSL guide and find the answers to all your
SSL security issues.

 --> http://www.gothawte.com/rd249.html 
  

+---------------------------------+
|  mod python                     | ----------------------------//
+---------------------------------+  

As stated[1] by Allan Saddi in the mailing list of mod_python, there was a
vulnerability which would allow a publisher to access an indirectly
imported module, thus allowing a remote attacker to call functions from
that module (which is an unexpected and potentially dangerous behavior).
 
 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 mod_python-2.7.8-1U8_1cl.i386.rpm 
 
 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2051.html 

 Red Hat 7.3 i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/ 
 mod_python-2.7.8-1.i386.rpm 
 9b9e4a43002cd22f9a8df7fd9784e925 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2056.html 
  
  
 


+---------------------------------+
|  tcpdump                        | ----------------------------//
+---------------------------------+  

tcpdump buffer overflows: during a tcpdump code auditing done by FreeBSD
developers, several buffer overflows were discovered[2] in tcpdump
versions prior to 3.5. New versions (including 3.6.2) are also vulnerable
to another buffer overflow[3] in AFS RPC decoding functions, as pointed
out by Nick Cleaton.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 libpcap-0.6.2-4U8_1cl.i386.rpm 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 libpcap-devel-0.6.2-4U8_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 libpcap-devel-static-0.6.2-4U8_1cl.i386.rpm  

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 tcpdump-3.6.2-3U8_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2052.html 
  
 

+---------------------------------+
|  imlib                          | ----------------------------//
+---------------------------------+  

Imlib could, under certain circumstances, revert to using a netpbm library
which is well known to have security problems and should not be used for
handling untrusted data. Furthermore a heap corruption could occur in the
imlib code.

 SuSE: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2053.html




+---------------------------------+
|  sysconfig                      | ----------------------------//
+---------------------------------+  

The ifup-dhcp script which is part of the sysconfig package is responsible
for setting up network-devices using configuration data obtained from a
DHCP server by the dhcpcd DHCP client. It is possible for remote attackers
to feed this script with evil data via spoofed DHCP replies for example.  
This way ifup-dhcp could be tricked into executing arbitrary commands as
root. The ifup-dhcp shellscript has been fixed to not source the file
containing the possible evil data anymore.

 SuSE-8.0 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/ 
 sysconfig-0.23.14-60.i386.rpm 
 4d6a9f1a3e1a461ebbea9a6e98f4e894 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2054.html




+---------------------------------+
|  webmin                         | ----------------------------//
+---------------------------------+  
 
A vulnerability lies in the communication between the parent process and
the child process of Webmin and Usermin, which could allow an attacker to
spoof a session ID as any user already logged in.  This results in the
possibility for users who are not logged in, to be able to use these
software tools.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Webmin Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2055.html 
 
 Webmin Vendor Advisory 2: 
 http://www.linuxsecurity.com/advisories/other_advisory-2064.html




+---------------------------------+
|  netfilter                      | ----------------------------//
+---------------------------------+  

When a NAT rule applies to the first packet of a connection and that
packet later causes the system to generate an ICMP error message, the ICMP
error message is sent out with translated addresses included. This address
information incorrectly gives the IP address to which the connection would
have been forwarded if the ICMP error message wasnot generated, which
exposes information about the netfilter configuration (which ports are
being translated) and about the network topology (which address the ports
are being forwarded to).  Also, the incorrect ICMP packets may be dropped
by other intervening stateful firewalls as malformed packets.

 Red Hat: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2057.html




+---------------------------------+
|   dhcp                          | ----------------------------//
+---------------------------------+  

Versions ranging from 3 to 3.0.1rc8 (inclusive) have a format string
vulnerability[1] that could be exploited remotely. Considering the usage
of the DHCP service, this usually means the local area network in this
case.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/
 dhcp-3.0-3U8_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/
 dhcp-doc-3.0-3U8_1cl.i386.rpm 
  
 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2058.html 

 DHCP Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2065.html




+---------------------------------+
|   OpenBSD                       | ----------------------------//
+---------------------------------+  

On current OpenBSD systems, any local user (being or not in the wheel
group) can fill the kernel file descriptors table, leading to a denial of
service. Because of a flaw in the way the kernel checks closed file
descriptors 0-2 when running a setuid program, it is possible to combine
these bugs and earn root access by winning a race condition.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 http://www.linuxsecurity.com/advisories/openbsd_advisory-2062.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux