+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 2nd, 2002 Volume 3, Number 31a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for libmm, openssl, gallery, super,
libpng, FreeBSD kernel, pppd, openssh, and util-linux. The vendors
include Caldera, Conectiva, Debian, EnGarde, FreeBSD, Gentoo, Mandrake,
Red Hat, SuSE, and Trustix.
* Alert: OpenSSH Trojaned! *
OpenSSH was trojaned yesterday. The original file was exchanged with a
trojaned file and was discovered because it had a different MD5 checksum.
http://www.linuxsecurity.com/articles/vendors_products_article-5444.html
)) Guardian Digital Combats Proprietary Software Licensing Deadline ((
Guardian Digital, Inc., the first full-service open source Internet server
security company, has announced a special incentive program designed to
provide companies with an alternative to Windows-based servers and
applications as the July 31st deadline for Microsoft's new licensing
program approaches.
Press Release:
http://www.guardiandigital.com/company/press/
EnGarde-Licensing-Promotion.pdf
Save Now:
http://store.guardiandigital.com/html/eng/493-AA.shtml
FEATURE: Best Practices guide for securing the Linux Workstation
There is no silver bullet in security; rather, due diligence and knowledge
are the best foundations for solid management of risk. The focus of this
document is distinctively on workstations: those located in a corporate
environment, those situated at the house, and the myriad of situations
that fall somewhere in-between.
http://www.linuxsecurity.com/feature_stories/feature_story-115.html
Find technical and managerial positions available worldwide. Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
+---------------------------------+
| Package: libmm | ----------------------------//
| Date: 07-30-2002 |
+---------------------------------+
Description:
The OSSP mm library (libmm) allows a local Apache user to gain
privileges via temporary files, possibly via a symbolic link.
Vendor Alerts:
Caldera:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2224.html
Debian: Intel ia32 architecture:
http://security.debian.org/pool/updates/main/m/mm/
libmm10_1.0.11-1.2_i386.deb
Size/MD5 checksum: 12100 52a6b793c890790319b5d328ee1b7a0d
http://security.debian.org/pool/updates/main/m/mm/
libmm10-dev_1.0.11-1.2_i386.deb
Size/MD5 checksum: 28924 888a040a28f6c942424b609bb92ddc88
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2220.html
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2212.html
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 07-30-2002 |
+---------------------------------+
Description:
The OpenSSL development team has announced that a security audit by
A.L. Digital Ltd and The Bunker, under the DARPA CHATS program, has
revealed remotely exploitable buffer overflow conditions in the
OpenSSL code. Additionaly, the ASN1 parser in OpenSSL has a
potential DoS attack independently discovered by Adi Stav and James
Yonan.
Vendor Alerts:
Debian: i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openssl/
openssl_0.9.6c-2.woody.0_i386.deb
Size/MD5 checksum: 731384 101d86cf6e2e274e5a811a38f5956b2d
http://security.debian.org/pool/updates/main/o/openssl094/
libssl09_0.9.4-6.woody.0_i386.deb
Size/MD5 checksum: 357908 49dd8e2dc866b9bd7639c5e7576e7519
http://security.debian.org/pool/updates/main/o/openssl/
libssl0.9.6_0.9.6c-2.woody.0_i386.deb
Size/MD5 checksum: 462026 859c8e6439943d597db12d47ec1ee496
http://security.debian.org/pool/updates/main/o/openssl/
libssl-dev_0.9.6c-2.woody.0_i386.deb
Size/MD5 checksum: 1293384 3e605b6e1abc0b0f40c6ec3ddf2b9419
http://security.debian.org/pool/updates/main/o/openssl095/
libssl095a_0.9.5a-6.woody.0_i386.deb
Size/MD5 checksum: 400048 7495feff7cbcae0f816641b8d7537ad1
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2214.html
FreeBSD:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2221.html
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/openssl-0.9.6-1.0.16.i386.rpm
MD5 Sum: 9f7bd4009f352a3a3a3519c97ebe988d
i386/openssl-misc-0.9.6-1.0.16.i386.rpm
MD5 Sum: 281794e60d923df695f6bcf8aa17055b
i386/openssl-devel-0.9.6-1.0.16.i386.rpm
MD5 Sum: 18b3ecd6b9d210180457caeb50a1331e
i686/openssl-0.9.6-1.0.16.i686.rpm
MD5 Sum: 872eadde6cb52bcf93fae967c72949b1
i686/openssl-misc-0.9.6-1.0.16.i686.rpm
MD5 Sum: 3baf870cbc35f3425cbd3110714ca3ed
i686/openssl-devel-0.9.6-1.0.16.i686.rpm
MD5 Sum: 718f5a6c89fac22f338177134fd5e6bd
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2213.html
Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/
./1.5/RPMS/openssl-support-0.9.6-10tr.i586.rpm
eb8a64dba138584b8085aec8d9ccaf0c
./1.5/RPMS/openssl-python-0.9.6-10tr.i586.rpm
9db293f035fbd82a3482ab87d3465eb2
./1.5/RPMS/openssl-devel-0.9.6-10tr.i586.rpm
582d08bb63676a33da1aa89a33a05914
./1.5/RPMS/openssl-0.9.6-10tr.i586.rpm
2d05569684b868cbacca9e389ded3f0f
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2218.html
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2227.html
SuSE
PLEASE SEE VENDOR ADVISORY FOR UPDATE
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2223.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
openssl-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
openssl-devel-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
openssl-devel-static-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
openssl-doc-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
openssl-progs-0.9.6c-2U8_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2226.html
+---------------------------------+
| Package: gallery | ----------------------------//
| Date: 08-01-2002 |
+---------------------------------+
Description:
A problem was found in gallery (a web-based photo album toolkit): it
was possible to pass in the GALLERY_BASEDIR variable remotely. This
made it possible to execute commands under the uid of web-server.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/g/gallery/
gallery_1.2.5-7.woody.0_all.deb
Size/MD5 checksum: 132290 8f6f152a45bdd3f632fa1cee5e994132
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2229.html
+---------------------------------+
| Package: super | ----------------------------//
| Date: 08-01-2002 |
+---------------------------------+
Description:
The included program super is intended to provide access to certain
system users for particular users and programs, similar to the
program super. Exploiting this format string vulnerability a local
user can gain unauthorized root accesss.
Vendor Alerts:
Debian: Intel ia32 architecture:
http://security.debian.org/pool/updates/main/s/super/
super_3.12.2-2.1_i386.deb
Size/MD5 checksum: 97404 fddd44e7a6a73143bf6ca1127ec5f7df
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2230.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 08-01-2002 |
+---------------------------------+
Description:
Developers of the PNG library have fixed a buffer overflow in the
progressive reader when the PNG datastream contains more IDAT data
than indicated by the IHDR chunk. Such deliberately malformed
datastreams would crash applications which could potentially allow an
attacker to execute malicious code. Programs such as Galeon,
Konquerer and various others make use of these libraries.
Vendor Alerts:
Debian: Intel ia32 architecture:
http://security.debian.org/pool/updates/main/libp/libpng/
libpng2_1.0.12-3.woody.1_i386.deb
Size/MD5 checksum: 106362 51afc4e74c966611d09c86cd7618232a
http://security.debian.org/pool/updates/main/libp/libpng/
libpng2-dev_1.0.12-3.woody.1_i386.deb
Size/MD5 checksum: 227330 9d5ea3fb4a4f574bbca0b36d1bb920b0
http://security.debian.org/pool/updates/main/libp/libpng3/
libpng3_1.2.1-1.1.woody.1_i386.deb
Size/MD5 checksum: 109626 fd82990366d175a321770f06a61a6f26
http://security.debian.org/pool/updates/main/libp/libpng3/
libpng-dev_1.2.1-1.1.woody.1_i386.deb
Size/MD5 checksum: 233096 29e7049076edc296c61efb686e5c4b9c
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2231.html
+---------------------------------+
| Package: FreeBSD kernel | ----------------------------//
| Date: 08-01-2002 |
+---------------------------------+
Description:
Some programs are set-user-id or set-group-id, and therefore run with
increased privileges. If such a program is started with some of the
stdio file descriptors closed, the program may open a file and
inadvertently associate it with standard input, standard output, or
standard error. The program may then read data from or write data to
the file inappropriately. If the file is one that the user would
normally not have privileges to open, this may result in an
opportunity for privilege escalation.
Vendor Alerts:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2222.html
+---------------------------------+
| Package: pppd | ----------------------------//
| Date: 07-30-2002 |
+---------------------------------+
Description:
A malicious local user may exploit the race condition to acquire
write permissions to a critical system file, such as /etc/crontab,
and leverage the situation to acquire escalated privileges.
Vendor Alerts:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2225.html
+---------------------------------+
| Package: openssh | ----------------------------//
| Date: 08-01-2002 |
+---------------------------------+
Description:
Anyone who has installed OpenSSH from the OpenBSD ftp server or any
mirror within that time frame should consider his system compromised.
The trojan allows the attacker to gain control of the system as the
user compiling the binary. Arbitrary commands can be executed.
Vendor Alerts:
OpenSSH Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2232.html
+---------------------------------+
| Package: util-linux | ----------------------------//
| Date: 07-30-2002 |
+---------------------------------+
Description:
The chfn feature of the util-linux package shipped with all versions
of TSL suffers from a locally exploitable file locking problem. With
some interference from the system administrator a attacker could gain
escalated privilegies.
Vendor Alerts:
Trustix:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2219.html
Red Hat 7.3: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
util-linux-2.11n-12.7.3.i386.rpm
da8c81ee48c180694b89c9c99f543256
ftp://updates.redhat.com/7.3/en/os/i386/
mount-2.11n-12.7.3.i386.rpm
496ec0a9c0720ba5bed7baa917114aac
ftp://updates.redhat.com/7.3/en/os/i386/
losetup-2.11n-12.7.3.i386.rpm
b1b6d7852f75d1014204b7853f656427
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/
redhat_advisory-2211.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
