Linux Advisory Watch - September 6th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  September 6th, 2002                      Volume 3, Number 36a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.  
It includes pointers to updated packages and descriptions of each
vulnerability.
 
This week, advisories were released for pxe, ethereal, scrollkeeper,
mailman, mantis, amavis, and glibc.  The vendors include Conectiva,
Debian, Gentoo, Red Hat, and SuSE.

** Build Complete Internet Presence Quickly and Securely! ** 
 
EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use!
 
Don't jeopardize your organization with an off-the-shelf Linux!
 
  -> http://www.guardiandigital.com/promo/ls150402.html

FEATURE: PHP Secure Installation 

 As we know that the vulnerabilities in PHP are increasing day by day
 there comes the need to secure the PHP installation to the highest
 level. Due to its popularity and its wide usage most of the
 developers and the administrators will be in trouble if they don't
 take appropriate steps on security issues during the installation. 

 http://www.linuxsecurity.com/feature_stories/feature_story-117.html

+---------------------------------+
|  Package: pxe                   | ----------------------------//
|  Date: 08-30-2002               |
+---------------------------------+  

Description: 
It was found that the PXE server could be crashed using DHCP packets
from some Voice Over IP (VOIP) phones. This bug could be used to
cause a denial of service attack on remote systems by using malicious
packets. 

Vendor Alerts: 

 Red Hat Linux 7.3: i386:  
 ftp://updates.redhat.com/7.3/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm 
 391d65eb419642d2e5d57507b1b8546e  

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2320.html 
 
 

  
+---------------------------------+
|  Package: ethereal              | ----------------------------//
|  Date: 09-02-2002               |
+---------------------------------+  

Description: 
It may be possible to make Ethereal crash or hang by injecting a
purposefully malformed packet onto the wire, or by convincing someone

to read a malformed packet trace file. It may be possible to make
Ethereal run arbitrary code by exploiting the buffer and pointer
problems. 

Vendor Alerts: 
Gentoo 

 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Gentoo Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/other_advisory-2321.html 

  

+---------------------------------+
|  Package: scrollkeeper          | ----------------------------//
|  Date: 09-02-2002               |
+---------------------------------+  

Description: 
The scrollkeeper-get-cl command generates temporary files in the /tmp
directory.  These files are named scrollkeeper-tempfile.[0-4], and
while creating these files scrollkeeper-get-cl follows symbolic links.
These files are created when a user logs in to a GNOME session and
are created as the user who logged in. This means an attacker with 
local access can easily create and overwrite files as another user. 

Vendor Alerts: 

Red Hat 7.3: 


ftp://updates.redhat.com/7.3/en/os/i386/scrollkeeper-0.3.4-5.i386.rpm

 392a5149a4b0e8abce9c350c88ee827a

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2323.html

Debian: 

 http://security.debian.org/pool/updates/main/s/scrollkeeper/  
 scrollkeeper_0.3.6-3.1_i386.deb 

 Size/MD5 checksum:    
 78818 a7e536042ebad89ed21fb27dcf41fc8f 

 Debian Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/debian_advisory-2324.html 
 

Gentoo 
  
 Gentoo Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2326.html 

  


+---------------------------------+
|  Package: mailman               | ----------------------------//
|  Date: 09-03-2002               |
+---------------------------------+  

Description: 
Using these vulnerabilities a remote attacker could obtain sensitive
information, such as authentication cookies or even the 
administrative password of a specific mailing list, by crafting a
special URL with javascript in it and somehow having a list
administrator click on it. 

Vendor Alerts: 

Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/
 mailman-2.0.13-1U80_1cl.i386.rpm

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2325.html 

  

+---------------------------------+
|  Package: mantis                | ----------------------------//
|  Date: 09-04-2002               |
+---------------------------------+  

Description: 
A problem with user privileges has been discovered in the Mantis
package, a PHP based bug tracking system.  The Mantis system didn't
check whether a user is permitted to view a bug, but displays it
right away if the user entered a valid bug id. 

Vendor Alerts: 

Debian: 

 http://security.debian.org/pool/updates/main/m/mantis/ 
 mantis_0.17.1-2.5_all.deb 

 Size/MD5 checksum:   
 250066 e1b6b6240c18fcdd943a85407a494779

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2327.html 

  

+---------------------------------+
|  Package: amavis                | ----------------------------//
|  Date: 09-04-2002               |
+---------------------------------+  

Description: 
The AMaViS shell script version (AMaViS 0.1.x / 0.2.x) uses securetar
securetar removes the pathes of files in a tar archive and makes each

file name a unique name. Links, character devices, block devices and
named pipes will be removed from the archive. A special-crafted TAR
file may hung securetar forever, using up to 100% CPU time. 
  
Vendor Alerts: 

Gentoo: 

 http://security.debian.org/pool/updates/main/m/mantis/ 
 mantis_0.17.1-2.5_all.deb 

 Size/MD5 checksum:   
 250066 e1b6b6240c18fcdd943a85407a494779

 Gentoo Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2328.html 

  

+---------------------------------+
|  Package: glibc                 | ----------------------------//
|  Date: 09-05-2002               |
+---------------------------------+  

Description: 
An integer overflow has been discovered in the xdr_array() function,
contained in the Sun Microsystems RPC/XDR library, which is part of
the glibc library package on all SuSE products. This overflow allows
a remote attacker to overflow a buffer, leading to remote execution
of arbitrary code supplied by the attacker. 

Vendor Alerts: 

SuSE: 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/ 
 glibc-2.2.5-123.i386.rpm 
 57bb8eb5e4355539f01ee9dc2e1b790e 

 ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/  
 glibc-devel-2.2.5-123.i386.rpm 
 cf1a18510a8e78914500c10cc9b79bf0 

 ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/ 
 glibc-profile-2.2.5-123.i386.rpm 
 a03333bb8a0bd77def78b633d790fdb2 
    

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2329.html 


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux