+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 19th, 2002 Volume 3, Number 29a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were relased for tcpdump, ktrace, bind, squid, modssl, openssh, and libpng. The vendors include Caldera, Conectiva, FreeBSD, Mandrake, Red Hat, and Trustix. NEW HTML VERSION OF NEWSLETTER AVAILABLE: http://www.linuxsecurity.com/vuln-newsletter.html - Guardian Digital Combats Proprietary Software Licensing Deadline - Guardian Digital, Inc., the first full-service open source Internet server security company, has announced a special incentive program designed to provide companies with an alternative to Windows-based servers and applications as the July 31st deadline for Microsoft's new licensing program approaches. Press Release: http://www.guardiandigital.com/company/press/ EnGarde-Licensing-Promotion.pdf Save Now: http://store.guardiandigital.com/html/eng/493-AA.shtml Threat Becomes Vulnerability Becomes Exploit - The recent situation regarding the Apache Chunk Encoding Vulnerability has caused plenty of controversy in the security industry. It initially began with the community dislike of the release of information. http://www.linuxsecurity.com/feature_stories/feature_story-113.html +---------------------------------+ | Package: tcpdump | ----------------------------// | Date: 07-12-2002 | +---------------------------------+ Description: It is not currently known whether this buffer overflow is exploitable. If it were, an attacker could inject specially crafted packets into the network which, when processed by tcpdump, could lead to arbitrary code execution with the privileges of the user running tcpdump (typically `root'). Vendor Alerts: FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-2195.html +---------------------------------+ | Package: ktrace | ----------------------------// | Date: 07-12-2002 | +---------------------------------+ Description: In theory, local users on systems where ktrace is enabled through the KTRACE kernel option might obtain sensitive information, such as password files or authentication keys. No specific utility is currently known to be vulnerable to this particular problem. Vendor Alerts: FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-2196.html +---------------------------------+ | Package: bind | ----------------------------// | Date: 07-15-2002 | +---------------------------------+ Description: "A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system." Vendor Alerts: Trustix: http://www.trustix.net/pub/Trustix/updates/ ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm d00de9cc58d179d1aea5a2a76f1f3369 ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm 646eabafe4c77ed3b60ebb1d2e3e0292 ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm 25ab9b38033cdff4b4236340dd9dbb8e Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2197.html Mandrake 7.2: http://www.mandrakesecure.net/en/ftp.php 7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm 85334842b02275f9ebea86821a9f4300 7.2/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm 47e4c8afba3147f8035d8579d98764a1 7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm 9f0803a609e9a734182850f966085ba3 Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2200.html +---------------------------------+ | Package: squid | ----------------------------// | Date: 07-15-2002 | +---------------------------------+ Description: Numerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft. Vendor Alerts: Mandrake Linux 8.2: http://www.mandrakesecure.net/en/ftp.php 8.2/RPMS/squid-2.4.STABLE7-1.1mdk.i586.rpm 56c4827d13017f984833825912ebe937 Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2204.html Trustix: http://www.trustix.net/pub/Trustix/updates/ ./1.5/RPMS/squid-2.4.STABLE7-1tr.i586.rpm a0c9828ccb33c5a41b39a21174eaa02b Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2198.html +---------------------------------+ | Package: modssl | ----------------------------// | Date: 07-16-2002 | +---------------------------------+ Description: The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Versions of mod_ssl prior to 2.8.10 are subject to a single NULL overflow that can cause arbitrary code execution. In order to exploit this vulnerability, the Apache Web server has to be configured to allow overriding of configuration settings on a per-directory basis, and untrusted local users must be able to modify a directory in which the server is configured to allow overriding. The local attacker maythen become the user that Apache is running as (usually 'www' or 'nobody'). Vendor Alerts: Red Hat Linux 7.3: i386: ftp://updates.redhat.com/7.3/en/os/i386/ mod_ssl-2.8.7-6.i386.rpm 8c9e4f55866bd16df07bc945766bc680 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2201.html Caldera: PLEASE SEE VENDOR ADVISORY FOR UPDATE Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2202.html +---------------------------------+ | Package: openssh | ----------------------------// | Date: 07-15-2002 | +---------------------------------+ Description: An remote attacker using an SSH client modified to send carefully crafted SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain superuser privileges on the server. Vendor Alerts: FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-2199.html +---------------------------------+ | Package: libpng | ----------------------------// | Date: 07-17-2002 | +---------------------------------+ Description: The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow vulnerability[1] in some functions related to progressive image loading. Programs such as mozilla and various others use these functions. An attacker could exploit this to remotely run arbitrary code or crash an application by using a specially crafted png image. Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ libpng-1.0.14-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ libpng3-1.2.4-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ libpng-devel-1.2.4-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ libpng-devel-static-1.2.4-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ libpng-doc-1.2.4-1U8_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2203.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------