+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 26th, 2002 Volume 3, Number 30a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for glibc, php, and bind. The vendors include EnGarde and Red Hat. Although not many advisories were released this week, it is important to ensure that your systems are up to date. If you are unsure about the packages installed on your system(s), browse the listing of advisories for each distribution that you use: http://www.linuxsecurity.com/advisories/index.html FEATURE: Assessing Internet Security Risk, Part Two: an Internet Assessment Methodology This article is the second in a series that is designed to help readers to assess the risk that their Internet-connected systems are exposed to. In the first installment, we established the reasons for doing a technical risk assessment. In this installment, we'll start discussing the methodology that we follow in performing this kind of assessment. http://www.linuxsecurity.com/feature_stories/feature_story-114.html >> Guardian Digital Combats Proprietary Software Licensing Deadline << Guardian Digital, Inc., the first full-service open source Internet server security company, has announced a special incentive program designed to provide companies with an alternative to Windows-based servers and applications as the July 31st deadline for Microsoft's new licensing program approaches. Press Release: http://www.guardiandigital.com/company/press/ EnGarde-Licensing-Promotion.pdf Save Now: http://store.guardiandigital.com/html/eng/493-AA.shtml +---------------------------------+ | Package: bind | ----------------------------// | Date: 07-24-2002 | +---------------------------------+ Description: There is a buffer overflow vulnerability in BIND4-derived resolver libraries which may be triggered by a malicious DNS server sending multiple CNAME records in a response. This may lead to arbitrary code execution or a denial of service attack. Vendor Alerts: EnGarde: i386: i386/bind-chroot-8.2.6-1.0.27.i386.rpm MD5 Sum: 9e8a8d144d8e251dfa3d44b4281b1600 i386/bind-chroot-utils-8.2.6-1.0.27.i386.rpm MD5 Sum: 8411aabd49c431c42307bfaebd836d88 i386/glibc-2.1.3-1.0.5.i386.rpm MD5 Sum: 83b18d442d62c7d2586ce42e0659759e EnGarde i686: i686/bind-chroot-8.2.6-1.0.27.i686.rpm MD5 Sum: dab84baddfc8c7b12c378019faacf802 i686/bind-chroot-utils-8.2.6-1.0.27.i686.rpm MD5 Sum: ee355b60a8b0cf77bdabc243140cbd45 Packages: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2207.html +---------------------------------+ | Package: glibc | ----------------------------// | Date: 07-22-2002 | +---------------------------------+ Description: A buffer overflow vulnerability has been found in the way the glibc resolver handles the resolution of network names and addresses via DNS (as per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are affected. A system would be vulnerable to this issue if the "networks" database in /etc/nsswitch.conf includes the "dns" entry. Vendor Alerts: Red Hat: i386: ftp://updates.redhat.com/7.3/en/os/i386/ glibc-2.2.5-37.i386.rpm b3e14c27d1f337107662cffe8111ffb4 ftp://updates.redhat.com/7.3/en/os/i386/ glibc-common-2.2.5-37.i386.rpm 318a0e614f31b4ea63ea122ffc9b0abc ftp://updates.redhat.com/7.3/en/os/i386/ glibc-debug-2.2.5-37.i386.rpm c11c152ffb7b98e3ada86ef89b21060b ftp://updates.redhat.com/7.3/en/os/i386/ glibc-debug-static-2.2.5-37.i386.rpm 8f7403eb789e624a91a5728c752ffb7e ftp://updates.redhat.com/7.3/en/os/i386/ glibc-devel-2.2.5-37.i386.rpm 1364e6e500af53789f94a845d7201745 ftp://updates.redhat.com/7.3/en/os/i386/ glibc-profile-2.2.5-37.i386.rpm 977f0364e31ef240375d5dc3abce27c9 ftp://updates.redhat.com/7.3/en/os/i386/ glibc-utils-2.2.5-37.i386.rpm 702c9e2f376d9d10829961b29d1e3fd3 ftp://updates.redhat.com/7.3/en/os/i386/ nscd-2.2.5-37.i386.rpm aa3e2f88f60ca8e8566d45a8e8bf6218 i686: ftp://updates.redhat.com/7.3/en/os/i686/ glibc-2.2.5-37.i686.rpm 854b21baba0b4b32963bc322fe59ffc ftp://updates.redhat.com/7.3/en/os/i686/ glibc-debug-2.2.5-37.i686.rpm 0d488fae1d4248bbd1727c402143d5f6 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2208.html +---------------------------------+ | Package: php | ----------------------------// | Date: 07-22-2002 | +---------------------------------+ Description: A malformed POST request can trigger an error condition, that is not correctly handled. Due to this bug it could happen that an uninitialised struct gets appended to the linked list of mime headers. When the lists gets cleaned or destroyed PHP tries to free the pointers that are expected in the struct. Because of the lack of initialisation those pointers contain stuff that was left on the stack by previous function calls. On the IA32 architecture (aka. x86) it is not possible to control what will end up in the uninitialised struct because of the stack layout. All possible code paths leave illegal addresses within the struct and PHP will crash when it tries to free them. Unfortunately the situation is absolutely different if you look on a solaris sparc installation. Here it is possible for an attacker to free chunks of memory that are full under his control. This is most probably the case for several more non IA32 architectures. Vendor Alerts: PHP Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2206.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------