Linux Advisory Watch - July 26th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  July  26th, 2002                         Volume 3, Number 30a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for glibc, php, and bind.  The vendors
include EnGarde and Red Hat. Although not many advisories were released
this week, it is important to ensure that your systems are up to date.  
If you are unsure about the packages installed on your system(s), browse
the listing of advisories for each distribution that you use:

 http://www.linuxsecurity.com/advisories/index.html 


FEATURE: Assessing Internet Security Risk, Part Two: an Internet
Assessment Methodology

This article is the second in a series that is designed to help readers to
assess the risk that their Internet-connected systems are exposed to. In
the first installment, we established the reasons for doing a technical
risk assessment. In this installment, we'll start discussing the
methodology that we follow in performing this kind of assessment.

http://www.linuxsecurity.com/feature_stories/feature_story-114.html


>> Guardian Digital Combats Proprietary Software Licensing Deadline <<

Guardian Digital, Inc., the first full-service open source Internet server
security company, has announced a special incentive program designed to
provide companies with an alternative to Windows-based servers and
applications as the July 31st deadline for Microsoft's new licensing
program approaches.
 
 Press Release:
 http://www.guardiandigital.com/company/press/
 EnGarde-Licensing-Promotion.pdf
 
 Save Now:
 http://store.guardiandigital.com/html/eng/493-AA.shtml
 

 
+---------------------------------+
|  Package: bind                  | ----------------------------//
|  Date: 07-24-2002               |
+---------------------------------+

Description: 
There is a buffer overflow vulnerability in BIND4-derived resolver
libraries which may be triggered by a malicious DNS server sending
multiple CNAME records in a response.  This may lead to arbitrary code
execution or a denial of service attack.
 
Vendor Alerts: 

 EnGarde: i386: 
 i386/bind-chroot-8.2.6-1.0.27.i386.rpm 
 MD5 Sum: 9e8a8d144d8e251dfa3d44b4281b1600

 i386/bind-chroot-utils-8.2.6-1.0.27.i386.rpm 
 MD5 Sum: 8411aabd49c431c42307bfaebd836d88 

 i386/glibc-2.1.3-1.0.5.i386.rpm 
 MD5 Sum: 83b18d442d62c7d2586ce42e0659759e  

 EnGarde i686: 
 i686/bind-chroot-8.2.6-1.0.27.i686.rpm 
 MD5 Sum: dab84baddfc8c7b12c378019faacf802 

 i686/bind-chroot-utils-8.2.6-1.0.27.i686.rpm 
 MD5 Sum: ee355b60a8b0cf77bdabc243140cbd45 

 Packages: 
 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2207.html

  

  
+---------------------------------+
|  Package: glibc                 | ----------------------------//
|  Date: 07-22-2002               |
+---------------------------------+

Description: 
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via
DNS (as per Internet RFC 1011).  Version 2.2.5 of glibc and earlier
versions are affected. A system would be vulnerable to this issue if
the "networks" database in /etc/nsswitch.conf includes the "dns"
entry. 

Vendor Alerts: 

 Red Hat: i386:  
 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-2.2.5-37.i386.rpm 
 b3e14c27d1f337107662cffe8111ffb4  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-common-2.2.5-37.i386.rpm 
 318a0e614f31b4ea63ea122ffc9b0abc 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-debug-2.2.5-37.i386.rpm 
 c11c152ffb7b98e3ada86ef89b21060b 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-debug-static-2.2.5-37.i386.rpm 
 8f7403eb789e624a91a5728c752ffb7e 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-devel-2.2.5-37.i386.rpm 
 1364e6e500af53789f94a845d7201745 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-profile-2.2.5-37.i386.rpm 
 977f0364e31ef240375d5dc3abce27c9 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 glibc-utils-2.2.5-37.i386.rpm 
 702c9e2f376d9d10829961b29d1e3fd3 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 nscd-2.2.5-37.i386.rpm 
 aa3e2f88f60ca8e8566d45a8e8bf6218 
  

 i686: 
 ftp://updates.redhat.com/7.3/en/os/i686/
 glibc-2.2.5-37.i686.rpm 
 854b21baba0b4b32963bc322fe59ffc 

 ftp://updates.redhat.com/7.3/en/os/i686/
 glibc-debug-2.2.5-37.i686.rpm 
 0d488fae1d4248bbd1727c402143d5f6

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2208.html 



+---------------------------------+
|  Package: php                   | ----------------------------//
|  Date: 07-22-2002               |
+---------------------------------+ 

Description: 
A malformed POST request can trigger an error condition, that is not
correctly handled. Due to this bug it could happen that an
uninitialised struct gets appended to the linked list of mime
headers. 

When the lists gets cleaned or destroyed PHP tries to free the pointers
that are expected in the struct. Because of the lack of initialisation
those pointers contain stuff that was left on the stack by previous
function calls.

On the IA32 architecture (aka. x86) it is not possible to control what
will end up in the uninitialised struct because of the stack layout. All
possible code paths leave illegal addresses within the struct and PHP will
crash when it tries to free them.

Unfortunately the situation is absolutely different if you look on a
solaris sparc installation. Here it is possible for an attacker to free
chunks of memory that are full under his control. This is most probably
the case for several more non IA32 architectures.
 
 
Vendor Alerts: 

 PHP Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2206.html 

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux