+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 19th, 2002 Volume 3, Number 29a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were relased for tcpdump, ktrace, bind, squid,
modssl, openssh, and libpng. The vendors include Caldera, Conectiva,
FreeBSD, Mandrake, Red Hat, and Trustix.
NEW HTML VERSION OF NEWSLETTER AVAILABLE:
http://www.linuxsecurity.com/vuln-newsletter.html
- Guardian Digital Combats Proprietary Software Licensing Deadline -
Guardian Digital, Inc., the first full-service open source Internet server
security company, has announced a special incentive program designed to
provide companies with an alternative to Windows-based servers and
applications as the July 31st deadline for Microsoft's new licensing
program approaches.
Press Release:
http://www.guardiandigital.com/company/press/
EnGarde-Licensing-Promotion.pdf
Save Now:
http://store.guardiandigital.com/html/eng/493-AA.shtml
Threat Becomes Vulnerability Becomes Exploit - The recent situation
regarding the Apache Chunk Encoding Vulnerability has caused plenty of
controversy in the security industry. It initially began with the
community dislike of the release of information.
http://www.linuxsecurity.com/feature_stories/feature_story-113.html
+---------------------------------+
| Package: tcpdump | ----------------------------//
| Date: 07-12-2002 |
+---------------------------------+
Description:
It is not currently known whether this buffer overflow is exploitable. If
it were, an attacker could inject specially crafted packets into the
network which, when processed by tcpdump, could lead to arbitrary code
execution with the privileges of the user running tcpdump (typically
`root').
Vendor Alerts:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2195.html
+---------------------------------+
| Package: ktrace | ----------------------------//
| Date: 07-12-2002 |
+---------------------------------+
Description:
In theory, local users on systems where ktrace is enabled through the
KTRACE kernel option might obtain sensitive information, such as password
files or authentication keys. No specific utility is currently known to be
vulnerable to this particular problem.
Vendor Alerts:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2196.html
+---------------------------------+
| Package: bind | ----------------------------//
| Date: 07-15-2002 |
+---------------------------------+
Description:
"A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Operating systems and applications that utilize
vulnerable DNS resolver libraries may be affected. A remote attacker who
is able to send malicious DNS responses could potentially exploit this
vulnerability to execute arbitrary code or cause a denial of service on a
vulnerable system."
Vendor Alerts:
Trustix:
http://www.trustix.net/pub/Trustix/updates/
./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm
d00de9cc58d179d1aea5a2a76f1f3369
./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm
646eabafe4c77ed3b60ebb1d2e3e0292
./1.5/RPMS/bind-8.2.6-1tr.i586.rpm
25ab9b38033cdff4b4236340dd9dbb8e
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2197.html
Mandrake 7.2:
http://www.mandrakesecure.net/en/ftp.php
7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm
85334842b02275f9ebea86821a9f4300
7.2/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm
47e4c8afba3147f8035d8579d98764a1
7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm
9f0803a609e9a734182850f966085ba3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2200.html
+---------------------------------+
| Package: squid | ----------------------------//
| Date: 07-15-2002 |
+---------------------------------+
Description:
Numerous security problems were fixed in squid-2.4.STABLE7. This releases
has several bugfixes to the Gopher client to correct some security issues.
Security fixes to how squid parses FTP directory listings into HTML have
been implemented. A security fix to how squid forwards proxy
authentication credentials has been applied, as well as the MSNT auth
helper has been updated to fix buffer overflows in the helper. Finally,
FTP data channels are now sanity checked to match the address of the
requested FTP server, which prevents injection of data or theft.
Vendor Alerts:
Mandrake Linux 8.2:
http://www.mandrakesecure.net/en/ftp.php
8.2/RPMS/squid-2.4.STABLE7-1.1mdk.i586.rpm
56c4827d13017f984833825912ebe937
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2204.html
Trustix:
http://www.trustix.net/pub/Trustix/updates/
./1.5/RPMS/squid-2.4.STABLE7-1tr.i586.rpm
a0c9828ccb33c5a41b39a21174eaa02b
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2198.html
+---------------------------------+
| Package: modssl | ----------------------------//
| Date: 07-16-2002 |
+---------------------------------+
Description:
The mod_ssl module provides strong cryptography for the Apache Web server
via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols. Versions of mod_ssl prior to 2.8.10 are subject to a single
NULL overflow that can cause arbitrary code execution.
In order to exploit this vulnerability, the Apache Web server has to be
configured to allow overriding of configuration settings on a
per-directory basis, and untrusted local users must be able to modify a
directory in which the server is configured to allow overriding. The
local attacker maythen become the user that Apache is running as (usually
'www' or 'nobody').
Vendor Alerts:
Red Hat Linux 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
mod_ssl-2.8.7-6.i386.rpm
8c9e4f55866bd16df07bc945766bc680
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2201.html
Caldera:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2202.html
+---------------------------------+
| Package: openssh | ----------------------------//
| Date: 07-15-2002 |
+---------------------------------+
Description:
An remote attacker using an SSH client modified to send carefully crafted
SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain superuser
privileges on the server.
Vendor Alerts:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2199.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 07-17-2002 |
+---------------------------------+
Description:
The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow
vulnerability[1] in some functions related to progressive image loading.
Programs such as mozilla and various others use these functions. An
attacker could exploit this to remotely run arbitrary code or crash an
application by using a specially crafted png image.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
libpng-1.0.14-1U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
libpng3-1.2.4-1U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
libpng-devel-1.2.4-1U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
libpng-devel-static-1.2.4-1U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
libpng-doc-1.2.4-1U8_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2203.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
