+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | September 6th, 2002 Volume 3, Number 36a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for pxe, ethereal, scrollkeeper, mailman, mantis, amavis, and glibc. The vendors include Conectiva, Debian, Gentoo, Red Hat, and SuSE. ** Build Complete Internet Presence Quickly and Securely! ** EnGarde Secure Linux has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling, and database functions for an entire organization, all using a secure Web-based front-end. Engineered to be secure and easy to use! Don't jeopardize your organization with an off-the-shelf Linux! -> http://www.guardiandigital.com/promo/ls150402.html FEATURE: PHP Secure Installation As we know that the vulnerabilities in PHP are increasing day by day there comes the need to secure the PHP installation to the highest level. Due to its popularity and its wide usage most of the developers and the administrators will be in trouble if they don't take appropriate steps on security issues during the installation. http://www.linuxsecurity.com/feature_stories/feature_story-117.html +---------------------------------+ | Package: pxe | ----------------------------// | Date: 08-30-2002 | +---------------------------------+ Description: It was found that the PXE server could be crashed using DHCP packets from some Voice Over IP (VOIP) phones. This bug could be used to cause a denial of service attack on remote systems by using malicious packets. Vendor Alerts: Red Hat Linux 7.3: i386: ftp://updates.redhat.com/7.3/en/os/i386/pxe-0.1-31.99.7.3.i386.rpm 391d65eb419642d2e5d57507b1b8546e Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2320.html +---------------------------------+ | Package: ethereal | ----------------------------// | Date: 09-02-2002 | +---------------------------------+ Description: It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems. Vendor Alerts: Gentoo PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2321.html +---------------------------------+ | Package: scrollkeeper | ----------------------------// | Date: 09-02-2002 | +---------------------------------+ Description: The scrollkeeper-get-cl command generates temporary files in the /tmp directory. These files are named scrollkeeper-tempfile.[0-4], and while creating these files scrollkeeper-get-cl follows symbolic links. These files are created when a user logs in to a GNOME session and are created as the user who logged in. This means an attacker with local access can easily create and overwrite files as another user. Vendor Alerts: Red Hat 7.3: ftp://updates.redhat.com/7.3/en/os/i386/scrollkeeper-0.3.4-5.i386.rpm 392a5149a4b0e8abce9c350c88ee827a Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2323.html Debian: http://security.debian.org/pool/updates/main/s/scrollkeeper/ scrollkeeper_0.3.6-3.1_i386.deb Size/MD5 checksum: 78818 a7e536042ebad89ed21fb27dcf41fc8f Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2324.html Gentoo Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2326.html +---------------------------------+ | Package: mailman | ----------------------------// | Date: 09-03-2002 | +---------------------------------+ Description: Using these vulnerabilities a remote attacker could obtain sensitive information, such as authentication cookies or even the administrative password of a specific mailing list, by crafting a special URL with javascript in it and somehow having a list administrator click on it. Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ mailman-2.0.13-1U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2325.html +---------------------------------+ | Package: mantis | ----------------------------// | Date: 09-04-2002 | +---------------------------------+ Description: A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/m/mantis/ mantis_0.17.1-2.5_all.deb Size/MD5 checksum: 250066 e1b6b6240c18fcdd943a85407a494779 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2327.html +---------------------------------+ | Package: amavis | ----------------------------// | Date: 09-04-2002 | +---------------------------------+ Description: The AMaViS shell script version (AMaViS 0.1.x / 0.2.x) uses securetar securetar removes the pathes of files in a tar archive and makes each file name a unique name. Links, character devices, block devices and named pipes will be removed from the archive. A special-crafted TAR file may hung securetar forever, using up to 100% CPU time. Vendor Alerts: Gentoo: http://security.debian.org/pool/updates/main/m/mantis/ mantis_0.17.1-2.5_all.deb Size/MD5 checksum: 250066 e1b6b6240c18fcdd943a85407a494779 Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2328.html +---------------------------------+ | Package: glibc | ----------------------------// | Date: 09-05-2002 | +---------------------------------+ Description: An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker. Vendor Alerts: SuSE: ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/ glibc-2.2.5-123.i386.rpm 57bb8eb5e4355539f01ee9dc2e1b790e ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/ glibc-devel-2.2.5-123.i386.rpm cf1a18510a8e78914500c10cc9b79bf0 ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/ glibc-profile-2.2.5-123.i386.rpm a03333bb8a0bd77def78b633d790fdb2 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2329.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------