Linux Advisory Watch - May 31st 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  May 31st, 2002                           Volume 3, Number 22a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for k5su, bzip2, kernel, rc, imap,
perl-Digest-MD5, fetchmail, dhcp, mailman, mozilla, nss_ldap, and tcpdump.  
The vendors include Conectiva, FreeBSD, Mandrake, Red Hat, and SuSE.

 
FEATURE: Flying Pigs: Snorting Next Generation Secure Remote Log Servers
over TCP:

A Comprehensive Guide to Building Encrypted, Secure Remote Syslog-ng
Servers with the Snort Intrusion Detection System.

   http://www.linuxsecurity.com/feature_stories/snortlog-part1.html


** Build Complete Internet Presence Quickly and Securely! **  
 
EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use!
  
 --> http://www.guardiandigital.com/promo/ls230502.html 


+---------------------------------+
|  k5su                           | ----------------------------//
+---------------------------------+  

Contrary to the expectations of many BSD system administrators, users not
in group `wheel' may use k5su to attempt to obtain superuser privileges.  
Note that this would require knowledge of the root account password, or an
explicit entry in the Kerberos 5 `.k5login' ACL for the root account.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2094.html




+---------------------------------+
|  bzip2                          | ----------------------------//
+---------------------------------+  

Files may be inadvertently overwritten without warning. Due to the race
condition between creating files and setting proper permissions, a local
user may be able to read the contents of files regardless of their
intended permissions. Decompressed files that were originally pointed to
by a symbolic link may end up with in incorrect permissions, allowing
local users to view their contents.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2095.html




+---------------------------------+
|  FreeBSD kernel                 | ----------------------------//
+---------------------------------+ 

By simply connecting to a socket using accept filtering and holding a few
hundred sockets open (~190 with the default backlog value), one may deny
access to a service.  In addition to malicious users, this affect has also
been reported to be caused by worms such as Code Red which generate URLs
that do not meet the http accept filter's criteria.

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/ 
 patches/SA-02:26/accept.patch 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2102.html




+---------------------------------+
|  rc                             | ----------------------------//
+---------------------------------+ 

Users may remove the contents of arbitrary directories if the
/tmp/.X11-unix directory does not already exist and the system can be
enticed to reboot (or the user can wait until the next system maintenance
window).

 FreeBSD: 
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/ 
 patches/SA-02:27/rc.patch 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2103.html



+---------------------------------+
|  imap                           | ----------------------------//
+---------------------------------+ 

A buffer overflow was discovered in the imap server that could allow a
malicious user to run code on the server with the uid and gid of the email
owner by constructing a malformed request that would trigger the buffer
overflow.  However, the user must successfully authenticate to the imap
service in order to exploit it, which limits the scope of the
vulnerability somewhat, unless you are a free mail provider or run a mail
service where users do not already have shell access to the system.

 Mandrake Linux 8.2: 
 8.2/RPMS/imap-2001a-5.1mdk.i586.rpm 
 6f76f364c6c5c9ba37a200bfec94021c 

 8.2/RPMS/imap-devel-2001a-5.1mdk.i586.rpm 
 43729a72c87d22c1b711f89c767be6f3 

 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2091.html 


 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/] 
 imap-2000c-12U8_2cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 imap-devel-2000c-12U8_2cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 imap-devel-static-2000c-12U8_2cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 imap-doc-2000c-12U8_2cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2087.html 
  

 Red Hat 7.2: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 imap-2001a-1.72.0.i386.rpm 
 d2d9a10cb6c8faed062da4f21d8fb7e5 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 imap-devel-2001a-1.72.0.i386.rpm 
 21feec5a469ff71e706173199ffc3856 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2088.html


+---------------------------------+
|  perl-Digest-MD5                | ----------------------------//
+---------------------------------+ 

A bug exists in the UTF8 interaction between the perl-Digest-MD5 module
and perl that results in UTF8 strings having improper MD5 digests.  The
2.20 version of the module corrects this problem.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2092.html




+---------------------------------+
|  fetchmail                      | ----------------------------//
+---------------------------------+ 

A problem was discovered with versions of fetchmail prior to 5.9.10 that
was triggered by retreiving mail from an IMAP server.  The fetchmail
client will allocate an array to store the sizes of the messages it is
attempting to retrieve. This array size is determined by the number of
messages the server is claiming to have, and fetchmail would not check
whether or not the number of messages the server was claiming was too
high.  This would allow a malicious server to make the fetchmail process
write data outside of the array bounds.

 Mandrake Linux 8.2: 
 8.2/RPMS/fetchmail-5.9.11-6.1mdk.i586.rpm 
 62ae12e980691928fb97a53665ea8aec 

 8.2/RPMS/fetchmail-daemon-5.9.11-6.1mdk.i586.rpm 
 2421a5a2606b79e9e0c2a4336d7314e2 

 8.2/RPMS/fetchmailconf-5.9.11-6.1mdk.i586.rpm 
 aa06981d47199bce1d67ae6dee07581e 

 http://www.mandrakesecure.net/en/ftp.php 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2093.html


  
+---------------------------------+
|  dhcp                           | ----------------------------//
+---------------------------------+ 

Fermin J. Serna discovered a problem in the dhcp server and client package
from versions 3.0 to 3.0.1rc8, which are affected by a format string
vulnerability that can be exploited remotely.  By default, these versions
of DHCP are compiled with the dns update feature enabled, which allows
DHCP to update DNS records.  The code that logs this update has an
exploitable format string vulnerability; the update message can contain
data provided by the attacker, such as a hostname.  A successful
exploitation could give the attacker elevated privileges equivalent to the
user running the DHCP daemon, which is the user dhcpd in Mandrake Linux
8.x, but root in earlier versions.

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2099.html

  

+---------------------------------+
|  mailman                        | ----------------------------//
+---------------------------------+ 

According to this announcement, "office" reported such a
vulnerability in the login page, and Tristan Roddis reported one in
the Pipermail index summaries. 

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 mailman-2.0.11-1U8_1cl.i386.rpm 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2089.html


  

+---------------------------------+
|  mozilla                        | ----------------------------//
+---------------------------------+ 

GreyMagic Security found[1] a vulnerability[2] in mozilla prior to version
1.0rc1 which allows a hostile site to read and list user files. The
vulnerability was related to the XMLHTTP, a component that is primarily
used for retrieving XML documents from a web server.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2098.html


  
+---------------------------------+
|  nss_ldap                       | ----------------------------//
+---------------------------------+ 

Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0,
7.1,7.2, and 7.3. These packages fix a string format vulnerability in the
pam_ldap module.

 Red Hat Linux 7.3  i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/ 
 nss_ldap-189-2.i386.rpm 
 d2b2402e6c59f886556872d6b2bc2f16 
 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2090.html


  
+---------------------------------+
|  tcpdump                        | ----------------------------//
+---------------------------------+ 

Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat
Linux 6.2 and 7.x. These updates close a buffer overflow when handling NFS
packets.

 Red Hat Linux 7.2 i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 tcpdump-3.6.2-11.7.2.0.i386.rpm 
 cc168b456fbde106ad1879fe7346c1ee 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 libpcap-0.6.2-11.7.2.0.i386.rpm 
 f26ebb5d1cbb91d4b5effd9174f1728d 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 arpwatch-2.1a11-11.7.2.0.i386.rpm 
 74863a3b3110d2dbb03a03c1ad213152 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2100.html 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2097.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux