+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 27th, 2002 Volume 3, Number 39a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for xchat, kdelibs, openssl, tcl/tk,
glibc, tomcat, and zope. The vendors include Conectiva, Debian, Gentoo,
Mandrake, NetBSD, Red Hat, and SuSE.
** Guardian Digital Launches Next Generation
** EnGarde Enterprise Security Platform
EnGarde Secure Linux is the perfect platform for developing an online
presence that requires a high degree of security. EnGarde is a unique
collection of the best open source tools available, coupled with the
security and networking expertise of Guardian Digital.
http://www.guardiandigital.com/products/software/professional/
+---------------------------------+
| Package: xchat | ----------------------------//
| Date: 09-23-2002 |
+---------------------------------+
Description:
XChat prior to version 1.8.9 has a vulnerability[1] that may allow a
remote attacker to execute arbitrary commands in the IRC client
context. The vulnerability resides in the way xchat handles the IRC
server response for the /dns command. It passes the response directly
to a shell without filtering it. An attacker with administration
privileges in the IRC server can insert escaped commands in such a
response, which will be executed by the client's shell.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
xchat-1.8.10-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
xchat-gtk-1.8.10-1U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://linuxsecurity.com/advisories/other_advisory-2380.html
+---------------------------------+
| Package: kdelibs | ----------------------------//
| Date: 09-20-2002 |
+---------------------------------+
Description:
This vulnerability could allow an attacker to steal cookies and
perform other types of cross site scripting attacks on applications
which use the KHTML rendering engine, such as Konqueror.
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://linuxsecurity.com/advisories/other_advisory-2377.html
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 09-20-2002 |
+---------------------------------+
Description:
This advisory is issued in an attempt to clarify any issues
surrounding the recently discovered Apache/mod_ssl worm.
Vendor Alerts:
SuSE:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
SuSE Vendor Advisory:
http://linuxsecurity.com/advisories/suse_advisory-2378.html
NetBSD:
NetBSD Vendor Advisory:
http://linuxsecurity.com/advisories/netbsd_advisory-2379.html
+---------------------------------+
| Package: tcl/tk | ----------------------------//
| Date: 09-20-2002 |
+---------------------------------+
Description:
Some problems were discovered with the Tcl/Tk development
environment. The expect application would search for its libraries in
/var/tmp prior to searching in other directories, which could allow a
local user to gain root privilege by writing a trojan library and
waiting for the root user to run the mkpasswd utility. This is fixed
in version 5.32 of expect. A similiar vulnerability has been fixed
in the tcltk package which searched for its libraries in the current
working directory prior to searching in other directories. This
could be used to execute arbitrary code by local users through the
use of a trojan library.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://linuxsecurity.com/advisories/mandrake_advisory-2381.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 09-23-2002 |
+---------------------------------+
Description:
A heap buffer overflow exists in the XDR decoder in glibc version
2.2.5 and earlier. XDR is a mechanism for encoding data structures
for use with RPC, which is derived from Sun's RPC implementation
which is likewise vulnerable to a heap overflow. Depending on the
application, this vulnerability may be exploitable and could lead to
arbitrary code execution. Thanks to Solar Designer for the patches
used to correct this vulnerability.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://linuxsecurity.com/advisories/mandrake_advisory-2382.html
Debian Vendor Advisory:
http://linuxsecurity.com/advisories/debian_advisory-2385.html
+---------------------------------+
| Package: tomcat | ----------------------------//
| Date: 09-25-2002 |
+---------------------------------+
Description:
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also)
are vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://linuxsecurity.com/advisories/other_advisory-2383.html
+---------------------------------+
| Package: zope | ----------------------------//
| Date: 09-25-2002 |
+---------------------------------+
Description:
The "through the web code" capability for Zope 2.0 through 2.5.1 b1
allows untrusted users to shut down the Zope server via certain
headers. (CAN-2002-0687) ZCatalog plug-in index support capability
for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted
code to bypass access restrictions and call arbitrary methods of
catalog indexes. (CAN-2002-0688) Zope 2.2.0 through 2.5.1 does not
properly verify the access for objects with proxy roles, which could
allow some users to access documents in violation of the intended
configuration. (CAN-2002-0170) Users should upgrade to these errata
packages that have the Zope Hotfixes 2002-03-01, 2002-04-15, and
2002-06-14 applied, and are therefore not vulnerable to these issues.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://linuxsecurity.com/advisories/redhat_advisory-2384.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
