+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 13th, 2002 Volume 3, Number 37a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for ethereal, python, cacti,
postgresql, kdelibs, krb5, php, wordtrans, gaim, glibc, util-linux. The
vendors include Contiva, Debian, Gentoo, Mandrake, and Red Hat.
FEATURE: NFS Security - NFS (Network File System) is a widely used and
primitive protocol that allows computers to share files over a network.
The main problems with NFS are that it relies on the inherently insecure
UDP protocol, transactions are not encrypted and hosts and users cannot be
easily authenticated. Below we will show a number of issues that one can
follow to heal those security problems.
http://www.linuxsecurity.com/feature_stories/feature_story-118.html
ENCRYPTION + AUTHENTICATION = TRUST
You may think people will regard your business as trustworthy because
you've got a 128-bit encryption certificate, but encryption does not
guarantee trust. Thawte believes in rigorous authentication
-> http://www.gothawte.com/rd365.html
EnGarde Secure Linux: Editor's Choice & Undisputed Leader
Concerned about the next threat? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
+---------------------------------+
| Package: ethereal | ----------------------------//
| Date: 09-06-2002 |
+---------------------------------+
Description:
Ethereal developers discovered a buffer overflow in the ISIS protocol
dissector. It may be possible to make Ethereal crash or hang by
injecting a purposefully malformed packet onto the wire, or by
convincing someone to read a malformed packet trace file. It may be
possible to make Ethereal run arbitrary code by exploiting the buffer
and pointer problems.
Vendor Alerts:
Debian: i386:
http://security.debian.org/pool/updates/main/e/ethereal/
ethereal_0.8.0-4potato.1_i386.deb
Size/MD5 checksum: 520452 c04c0c6253dc91ea8f773cb1607258df
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2330.html
+---------------------------------+
| Package: python | ----------------------------//
| Date: 09-09-2002 |
+---------------------------------+
Description:
The bugfix we distributed in DSA 159-1 unfortunately caused Python to
sometimes behave improperly when a non-executable file existed
earlier in the path and an executable file of the same name existed
later in the path. Zack Weinberg fixed this in the Python source.
Vendor Alerts:
Debian: i386:
http://security.debian.org/pool/updates/main/p/python/
python-base_1.5.2-10potato13_i386.deb
Size/MD5 checksum: 825292 3fd77f5f0f90ee904908c3af612b9268
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2331.html
+---------------------------------+
| Package: cacti | ----------------------------//
| Date: 09-09-2002 |
+---------------------------------+
Description:
A problem in cacti, a PHP based frontend to rrdtool for monitoring
systems and services, has been discovered. This could lead into
cacti executing arbitrary program code under the user id of the web
server. This problem, however, is only persistant to users who
already have administrator privileges in the cacti system.
Vendor Alerts:
Debian: i386:
http://security.debian.org/pool/updates/main/c/cacti/
cacti_0.6.7-2.1_all.deb
Size/MD5 checksum: 209658 d63265f2a6606893ac9d1e3a6539c20d
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2332.html
+---------------------------------+
| Package: postgresql | ----------------------------//
| Date: 09-09-2002 |
+---------------------------------+
Description:
Mordred Labs and others found several vulnerabilities in PostgreSQL,
an object-relational SQL database. They are inherited from several
buffer overflows and integer overflows. Specially crafted long date
and time input, currency, repeat data and long timezone names could
cause the PostgreSQL server to crash as well as specially crafted
input data for lpad() and rpad(). More buffer/integer overflows were
found in circle_poly(), path_encode() and path_addr().
Vendor Alerts:
Debian: i386:
http://security.debian.org/pool/updates/main/p/postgresql/
postgresql_6.5.3-27.2_i386.deb
Size/MD5 checksum: 687334 8b448ec3a6c1e6cd52bca10b5cc48cc3
http://security.debian.org/pool/updates/main/p/postgresql/
postgresql-client_6.5.3-27.2_i386.deb
Size/MD5 checksum: 88128 4d3b874a135665ff355001fada0fddef
http://security.debian.org/pool/updates/main/p/postgresql/
postgresql-contrib_6.5.3-27.2_i386.deb
Size/MD5 checksum: 95942 0ebcebc831c984a7b18d61cbed5875a0
http://security.debian.org/pool/updates/main/p/postgresql/
postgresql-dev_6.5.3-27.2_i386.deb
Size/MD5 checksum: 233256 a15449922f2ac541b2ef6c5d108c9e80
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2345.html
+---------------------------------+
| Package: kdelibs | ----------------------------//
| Date: 09-12-2002 |
+---------------------------------+
Description:
A vulnerability was discovered in KDE's SSL implementation in that it
does not check the basic constraints on a certificate and as a result
may accept certificates as valid that were signed by an issuer who is
not authorized to do so. This can lead to Konqueror and other SSL-
enabled KDE software falling victim to a man-in-the-middle attack
without being aware of the invalid certificate. This will trick
users into thinking they are on a secure connection with a valid site
when in fact the site is different from that which they intended to
connect to.
Vendor Alerts:
Mandrake: i386:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2337.html
+---------------------------------+
| Package: krb5 | ----------------------------//
| Date: 09-10-2002 |
+---------------------------------+
Description:
A vulnerability was discovered in KDE's SSL implementation in that it
does not check the basic constraints on a certificate and as a result
may accept certificates as valid that were signed by an issuer who is
not authorized to do so. This can lead to Konqueror and other SSL-
enabled KDE software falling victim to a man-in-the-middle attack
without being aware of the invalid certificate. This will trick
users into thinking they are on a secure connection with a valid site
when in fact the site is different from that which they intended to
connect to.
Vendor Alerts:
Mandrake: i386:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2339.html
+---------------------------------+
| Package: php | ----------------------------//
| Date: 09-10-2002 |
+---------------------------------+
Description:
A fifth parameter was added to PHP's mail() function in 4.0.5 that is
not properly sanitized when the server is running in safe mode. This
vulnerability would allow local users and, possibly, remote attackers
to execute arbitrary commands using shell metacharacters.
Vendor Alerts:
Mandrake: i386:
8.1/RPMS/php-4.0.6-6.1mdk.i586.rpm
50358bb3a3702b61c57b657e9129fe07
8.1/RPMS/php-common-4.0.6-6.1mdk.i586.rpm
f2a81f7b2196082fa46966d8d30efb6a
8.1/RPMS/php-devel-4.0.6-6.1mdk.i586.rpm
8d194449ba33c3dbdab0fb081e7e3ba1
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2344.html
+---------------------------------+
| Package: wordtrans | ----------------------------//
| Date: 09-10-2002 |
+---------------------------------+
Description:
The wordtrans-web package provides an interface to query multilingual
dictionaries via a web browser. Guardent discovered vulnerabilities
which affect versions of wordtrans up to and including 1.1pre8.
Vendor Alerts:
Red Hat: i386:
ftp://updates.redhat.com/7.3/en/os/i386/
wordtrans-1.1pre8-11.i386.rpm
34c2ee6708276f6b84f179797fdf0bcc
ftp://updates.redhat.com/7.3/en/os/i386/
wordtrans-kde-1.1pre8-11.i386.rpm
e6cc175c2075fd0817453b1be64f8ff8
ftp://updates.redhat.com/7.3/en/os/i386/
wordtrans-qt-1.1pre8-11.i386.rpm
9f73987fcbf92dbedd7a44f22b39d5e4
ftp://updates.redhat.com/7.3/en/os/i386/
wordtrans-web-1.1pre8-11.i386.rpm
8f7c36661f82413ca0bbedf53d6dcaa9
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2333.html
+---------------------------------+
| Package: gaim | ----------------------------//
| Date: 09-09-2002 |
+---------------------------------+
Description:
Gaim is an all-in-one instant messaging client that lets you use a
number of messaging protocols such as AIM, ICQ, and Yahoo, all at
once. Versions of gaim prior to 0.59.1 contain a bug in the URL
handler of the manual browser option. A link can be carefully
crafted to contain an arbitrary shell script which will be executed
if the user clicks on the link.
Vendor Alerts:
Red Hat: i386:
ftp://updates.redhat.com/7.3/en/os/i386/gaim-0.59.1-0.7.3.i386.rpm
b49e9b07d9e449221bd210e5a6bd9474
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2340.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 09-09-2002 |
+---------------------------------+
Description:
There is an integer overflow present in the xdr_array() function
distributed as part of the Sun Microsystems XDR library. This
overflow has been shown to lead to remotely exploitable buffer
overflows in multiple applications, leading to the execution of
arbitrary code. Although the library was originally distributed by
Sun Microsystems, multiple vendors have included the vulnerable code
in their own implementations.
Vendor Alerts:
Gentoo: i386:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2334.html
+---------------------------------+
| Package: util-linux | ----------------------------//
| Date: 09-12-2002 |
+---------------------------------+
Description:
Michal Zalewski found a race condition vulnerability[1] in the way
chfn locks files when changing /etc/passwd. In order to sucessfully
exploit this vulnerability, some administrator interaction is needed
and there are some prerequisites to fulfill. Full details can be
found in the Bindview advisory[2].
Vendor Alerts:
Conectiva: i386:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
util-linux-2.11n-4U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2346.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
