Linux Advisory Watch - August 9th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  August 9th, 2002                         Volume 3, Number 32a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
 
This week, advisories were released for openssl, bind/glibc, libpng,
openafs, kerberos 5, wwwofle, tinyproxy, dietlibc, kqueue, ffs, kfs,
sendmail, secureweb, and gaim. The vendors include Caldera, Conectiva,
Debian, EnGarde, FreeBSD, Mandrake, and Red Hat.

FEATURE: Best Practices guide for securing the Linux Workstation 
There is no silver bullet in security; rather, due diligence and knowledge
are the best foundations for solid management of risk. The focus of this
document is distinctively on workstations: those located in a corporate
environment, those situated at the house, and the myriad of situations
that fall somewhere in-between.

  http://www.linuxsecurity.com/feature_stories/feature_story-115.html


* Act Now!  Deadline August 10th! *
Guardian Digital Combats Proprietary Software Licensing Deadline Guardian
Digital, Inc., the first full-service open source Internet server security
company, has announced a special incentive program designed to provide
companies with an alternative to Windows-based servers and applications as
the July 31st deadline for Microsoft's new licensing program approaches.

 http://www.guardiandigital.com/company/press/
 EnGarde-Licensing-Promotion.pdf

 Save Now:
 http://store.guardiandigital.com/html/eng/493-AA.shtml

 
Find technical and managerial positions available worldwide.  Visit the
LinuxSecurity.com Career Center: http://careers.linuxsecurity.com
 
+---------------------------------+
|  Package: openssl               | ----------------------------//
|  Date: 08-02-2002               |
+---------------------------------+

Description: 
There are four remotely exploitable buffer overflows that affect various
OpenSSL client and server implementations. There are also encoding
problems in the ASN.1 library used by OpenSSL. Several of these
vulnerabilities could be used by a remote attacker to execute arbitrary
code on the target system. All could be used to create denial of service.

Vendor Alerts: 
 Caldera: 

 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
 Server/CSSA-2002-033.1/RPMS  
 openssl-0.9.6-19.i386.rpm  
 22df8bff398b736e1b38ba1aaa5bbaef   
 
 openssl-devel-0.9.6-19.i386.rpm  
 68c37446be713e85419f723b139cb64c  

 openssl-devel-static-0.9.6-19.i386.rpm  
 3d103c874131c41839326e8add1cc683  

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2259.html 
 

FreeBSD: 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2246.html

 Mandrake: 
 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2260.html


Conectiva: 
 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2265.html 
 
EnGarde: 
 i386/openssl-0.9.6-1.0.17.i386.rpm 
 MD5 Sum: 2be3d62740d8d95469470acb8ad868b3 
 i386/openssl-misc-0.9.6-1.0.17.i386.rpm 
 MD5 Sum: 0803e7486e837176ee791d4b26b78ffa 

 i386/openssl-devel-0.9.6-1.0.17.i386.rpm 
 MD5 Sum: 61f7354bd49c106f4171bb34da821ac5 

 i686/openssl-0.9.6-1.0.17.i686.rpm 
 MD5 Sum: 5500f9acea0513f8d00df85dd432d20e 

 i686/openssl-misc-0.9.6-1.0.17.i686.rpm 
 MD5 Sum: 33fb2323346f834a114265e527762f11 

 i686/openssl-devel-0.9.6-1.0.17.i686.rpm 
 MD5 Sum: deb6d48417fc34b8b5cabaca3f82a0cf 

 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/  

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2263.html 
 

Red Hat i386:  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 openssl095a-0.9.5a-18.i386.rpm  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 openssl096-0.9.6-13.i386.rpm  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 openssl-0.9.6b-28.i386.rpm  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 openssl-devel-0.9.6b-28.i386.rpm  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 openssl-perl-0.9.6b-28.i386.rpm 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2254.html


+---------------------------------+
|  Package: bind/glibc            | ----------------------------//
|  Date: 08-02-2002               |
+---------------------------------+

Description: 
A buffer overflow vulnerability exists in multiple implementations of DNS
resolver libraries. Operating systems and applications that utilize
vulnerable DNS resolver libraries may be affected. A remote attacker who
is able to send malicious DNS responses could potentially exploit this
vulnerability to execute arbitrary code or cause a denial of service on a
vulnerable system.

Vendor Alerts: 

 Caldera: 
 PLEASE SEE VENDOR ADVISORY UPDATES 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2256.html
 

  
  
+---------------------------------+
|  Package: libpng                | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
In addition to the advisory DSA 140-1 the packages below fix another
potential buffer overflow.  The PNG libraries implement a safety
margin which is also included in a newer upstream release.  Thanks to
Glenn Randers-Pehrson for informing us. 

Vendor Alerts: 

 Debian: 
 Intel IA-32 architecture: 
 http://security.debian.org/pool/updates/main/libp/libpng3/ 
 libpng-dev_1.2.1-1.1.woody.2_i386.deb 
 Size/MD5 checksum:   233094 f9889af54e78f47eebe1fa5a60ef33cb 

 http://security.debian.org/pool/updates/main/libp/libpng/ 
 libpng2_1.0.12-3.woody.2_i386.deb 
 Size/MD5 checksum:   106636 c9369f9eb9ae747365cdccf40acc3c2d 

 http://security.debian.org/pool/updates/main/libp/libpng/ 
 libpng2-dev_1.0.12-3.woody.2_i386.deb 
 Size/MD5 checksum:   227308 4c452324c7308dcd268128fbe4b6439f 

 http://security.debian.org/pool/updates/main/libp/libpng3/ 
 libpng3_1.2.1-1.1.woody.2_i386.deb 
 Size/MD5 checksum:   109802 8694e5afdb6f0c0c9e13b9f24aac8f63 
 

Mandrake: 

 Mandrake Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/debian_advisory-2242.html 
  
 
Caldera: 

 PLEASE SEE VENDOR ADVISORY UPDATES 
 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2256.html
 

  
+---------------------------------+
|  Package: openafs               | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
An integer overflow bug has been discovered in the RPC library used
by the OpenAFS database server, which is derived from the SunRPC
library. This bug could be exploited to crash certain OpenAFS servers
(volserver, vlserver, ptserver, buserver) or to obtain unauthorized
root access to a host running one of these processes.  No exploits
are known to exist yet. 

Vendor Alerts: 

Debian: 

 Intel IA-32 architecture: 
 http://security.debian.org/pool/updates/main/o/openafs/ 
 libopenafs-dev_1.2.3final2-6_i386.deb 
 Size/MD5 checksum:  1026278 010b72ad1e6611536d8d7af69c37f931 

 http://security.debian.org/pool/updates/main/o/openafs/ 
 openafs-client_1.2.3final2-6_i386.deb 
 Size/MD5 checksum:  1345484 fead4fb0df392ca7b092d4d53ff96c49 

 http://security.debian.org/pool/updates/main/o/openafs/ 
 openafs-dbserver_1.2.3final2-6_i386.deb 
 Size/MD5 checksum:   365466 c13358838819b019afc6c3de20678d3e 

 http://security.debian.org/pool/updates/main/o/openafs/ 
 openafs-fileserver_1.2.3final2-6_i386.deb 
 Size/MD5 checksum:   442334 426ab449fee8b0de03b310ba24e4100e 

 http://security.debian.org/pool/updates/main/o/openafs/ 
 openafs-kpasswd_1.2.3final2-6_i386.deb 
 Size/MD5 checksum:   185150 58d88fcef9f9cbf6a54cdfb849dd7229 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2243.html
 

  

+---------------------------------+
|  Package: Kerberos 5            | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
An integer overflow bug has been discovered in the RPC library used
by the Kerberos 5 administration system, which is derived from the
SunRPC library.  This bug could be exploited to gain unauthorized
root access to a KDC host.  It is believed that the attacker needs to
be able to authenticate to the kadmin daemon for this attack to be
successful. No exploits are known to exist yet. 

Vendor Alerts: 

Debian: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2247.html 
 

Conectiva: 
 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2262.html 

  
  
+---------------------------------+
|  Package: wwwoffle              | ----------------------------//
|  Date: 08-06-2002               |
+---------------------------------+

Description: 
A problem with wwwoffle has been discovered.  The web proxy didn't
handle input data with negative Content-Length settings properly
which causes the processing child to crash.  It is at this time not
obvious how this can lead to an exploitable vulnerability; however,
it's better to be safe than sorry, so here's an update. 

Vendor Alerts: 

Debian: 
 Intel IA-32 architecture: 
 http://security.debian.org/pool/updates/main/w/wwwoffle 
 /wwwoffle_2.5c-10.4_i386.deb 
 Size/MD5 checksum:   514316 9130724c8fe2d8af0f55acc1876c06a0 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2251.html
 

  
  
+---------------------------------+
|  Package: tinyproxy             | ----------------------------//
|  Date: 08-07-2002               |
+---------------------------------+

Description: 
The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug
in the handling of some invalid proxy requests.  Under some
circumstances, an invalid request may result in a allocated memory
being freed twice.  This can potentially result in the execution of
arbitrary code. 

 Vendor Alerts: 

Debian: 
 Intel IA-32 architecture: 
 http://security.debian.org/pool/updates/main/t/tinyproxy/ 
 tinyproxy_1.4.3-2woody2_i386.deb 
 Size/MD5 checksum:    38758 591c6aa83eb191bd53f4f76caea330a4 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2261.html
 

  
+---------------------------------+
|  Package: Dietlibc              | ----------------------------//
|  Date: 08-08-2002               |
+---------------------------------+

Description: 
An integer overflow bug has been discovered in the RPC library used
by dietlibc, a libc optimized for small size, which is derived from
the SunRPC library.  This bug could be exploited to gain unauthorized
root 
access to software linking to this code.  The packages below also fix
integer overflows in the calloc, fread and fwrite code.  They are
also more strict regarding hostile DNS packets that could lead to a
vulnerability otherwise. 

Vendor Alerts: 
Debian: 
 Intel IA-32 architecture: 
 http://security.debian.org/pool/updates/main/d/ 
 dietlibc/dietlibc-dev_0.12-2.2_i386.deb 
 Size/MD5 checksum:   230532 f671532aae3e1d70726ebd9109e7a1a4 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2264.html 

 Debian Vendor Advisory Update: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2266.html
 


+---------------------------------+
|  Package: kqueue                | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
If a pipe was created with the pipe(2) system call, and one end of
the pipe was closed, registering an EVFILT_WRITE filter on the other
end would cause a kernel panic. A common scenario in which this could
occur is when a process uses a pipe to communicate with a child and
uses kqueue to monitor the pipe, and the child dies shortly after the
fork(2) call, before the parent has had time to register the filter. 


Vendor Alerts: 

FreeBSD: 
 PLEASE SEE VENDOR ADIVSORY FOR UPDATE

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2248.html 

  

+---------------------------------+
|  Package: ffs                   | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
A bug in the calculation of the maximum permitted FFS file size
allows users to create files that are larger than FreeBSD's virtual
memory system can handle. The integer overflows that result when such
files are accessed may map filesystem metadata into the user file,
permitting access to arbitrary filesystem blocks. 

Vendor Alerts: 

FreeBSD: 
 PLEASE SEE VENDOR ADIVSORY FOR UPDATE

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2249.html 



+---------------------------------+
|  Package: nfs                   | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
Certain Linux implementations of NFS produce zero-length RPC messages
in some cases. A FreeBSD system running an NFS server may lock up
when such clients connect. An attacker in a position to send RPC
messages to an affected FreeBSD system can construct a sequence of
malicious RPC messages that cause the target system to lock up. 

Vendor Alerts: 

FreeBSD: 
 PLEASE SEE VENDOR ADIVSORY FOR UPDATE

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2250.html 

  

+---------------------------------+
|  Package: sendmail              | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
As publicized[1] by lumpy  and reported in the sendmail website, a
local user can stop the mail service (in the sense of "freezing" some
operations) by holding an exclusive reading lock on some specific
sendmail files (using a system call like flock()). In order to do
that, the user must have permission to read the file. One example of
such a file is /var/log/sendmail.st, which is world readable by
default. 

Vendor Alerts: 

Conectiva: 
 PLEASE SEE VENDOR ADIVSORY FOR UPDATE

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2245.html 

  

+---------------------------------+
|  Package: secureweb             | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
The MM library provides an abstraction layer which allows related
processes to easily share data.  On systems where shared memory or
other inter-process communication mechanisms are not available, the
MM library will emulate them using temporary files.  MM is used in
Red Hat Secure Web Server to provide shared memory pools to Apache
modules. 

Vendor Alerts: 
Red Hat: 
 i386: 
 ftp://updates.redhat.com/other_prod/secureweb/3.2/i386/ 
 secureweb-3.2.8-1.i386.rpm.rhmask  
 313617c2625c6e3e585d15869b8cefa6 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2255.html
 


+---------------------------------+
|  Package: gaim                  | ----------------------------//
|  Date: 08-05-2002               |
+---------------------------------+

Description: 
Gaim is an instant messaging client based on the published TOC
protocol from AOL.  Versions of gaim prior to 0.58 contain a buffer
overflow in the Jabber plug-in module. Users of gaim should update to
these errata packages containing gaim 0.59 which is not vulnerable to
this issue. 
  
Vendor Alerts: 
Red Hat: i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/gaim-0.59-0.7.3.i386.rpm 
 27d0b02251407982ee2b0c9affac5a93 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2253.html
 


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux