Linux Advisory Watch - October 25th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  October 25th, 2002                       Volume 3, Number 43a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.  
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for webalizer, ethereal, ggv, mod-ssl,
tetex, NetBSD kernel, heimdal, groff, new, Linux kernel, unzip, xinetd,
php, nss_ldap, gaim, fetchmail, glibc, apache, xfree, zope, ypserv,
postgresql, and kdegraphics.  The vendors include Caldera, Debian,
EnGarde, Gentoo, Mandrake, NetBSD, Red Hat, SuSE, and Yellow Dog.

** FREE SSL Guide from Thawte ** Are you planning your Web Server
Security? Click here to get a FREE Thawte SSL guide and find the answers
to all your SSL security issues.

  --> http://www.gothawte.com/rd410.html 

FEATURE:   Designing Shellcode Demystified 
This paper is about the fundamentals of shellcode design and totally
Linux 2.2 on IA-32 specific architectures. The base principles apply
to all architectures, whereas the details might obviously not. 

http://www.linuxsecurity.com/feature_stories/feature_story-122.html 
  

Concerned about the next threat? EnGarde is the undisputed winner!  
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 
  
  
  
+---------------------------------+
|  Package: webalizer             | ----------------------------//
|  Date: 10-22-2002               |
+---------------------------------+  
 
Description: 
The webalizer program will perform reverse DNS lookups. Using a
buffer overflow in this reverse lookup code, an attacker with a rogue
DNS server can gain root access to the machine running webalizer. 

Vendor Alerts: 

 Caldera:  
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/
  CSSA-2002-036.0/RPMS/webalizer-2.01_09-2.i386.rpm	  
  258245a154ba0b220b56cde31b2e3c7d  

  Caldera Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/caldera_advisory-2496.html
 

  

+---------------------------------+
|  Package: ethereal              | ----------------------------//
|  Date: 10-22-2002               |
+---------------------------------+  

Description: 
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers
to cause a denial of service (crash) or execute arbitrary code via
malformed packets that cause Ethereal to dereference a NULL pointer. 


 Vendor Alerts: 

 Caldera:  
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/
  CSSA-2002-036.0/RPMS/ethereal-0.9.4-1.i386.rpm 
  258245a154ba0b220b56cde31b2e3c7d  

  Caldera Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/caldera_advisory-2496.html 

  

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2486.html
 

  

+---------------------------------+
|  Package: ggv                   | ----------------------------//
|  Date: 10-22-2002               |
+---------------------------------+  

Description: 
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF
viewer for X11.  The same code is present in gnome-gv.	This problem
is triggered by scanning the PostScript file and can be exploited by
an attacker sending a malformed PostScript or PDF file.  The attacker
is able to cause arbitrary code to be run with the privileges of the
victim. 

Vendor Alerts: 

 Debian:  
 http://security.debian.org/pool/updates/main/g/gnome-gv/ 
 gnome-gv_0.82-2.1_i386.deb 
 Size/MD5 checksum:   131118 7d2712b05b78e757568efabee83c9bc0 
  
 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2472.html 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2493.html 


 Gentoo Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2470.html 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2483.html
 

  
  
+---------------------------------+
|  Package: nis                   | ----------------------------//
|  Date: 10-21-2002               |
+---------------------------------+  

Description: 
Thorsten Kukuck discovered a problem in the ypserv program which is
part of the Network Information Services (NIS).  A memory leak in all
versions of ypserv prior to 2.5 is remotely exploitable.  When a
malicious user could request a non-existing map the server will leak
parts of an old domainname and mapname. 

Vendor Alerts:	

 Debian:  
  http://security.debian.org/pool/updates/main/n/nis/
  nis_3.8-2.1_i386.deb 
  Size/MD5 checksum:   165064 bae6f9b96c61c2dea0f23acb96795e3a 

  Debian Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/debian_advisory-2476.html
 

  

+---------------------------------+
|  Package: mod-ssl               | ----------------------------//
|  Date: 10-21-2002               |
+---------------------------------+  

Description: 
Joe Orton discovered a cross site scripting problem in mod_ssl, an
Apache module that adds Strong cryptography (i.e. HTTPS support) to
the webserver.	The module will return the server name unescaped in
the response to an HTTP request on an SSL port.  

Vendor Alerts: 

 Debian:  
 
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/ 

  libapache-mod-ssl_2.4.10-1.3.9-1potato4_i386.deb 
  Size/MD5 checksum:   199266 6c89113c7cf5d0e82c436fe967c7b2f3 
  
  Debian Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/debian_advisory-2492.html 
 
 Mandrake: 

  Mandrake Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/mandrake_advisory-2503.html


  

+---------------------------------+
|  Package: tetex                 | ----------------------------//
|  Date: 10-23-2002               |
+---------------------------------+  

Description: 
A vulnerability was discovered in dvips by Olaf Kirch that would
allow remote users with access to the printer to execute commands as
the lp user through sending special print jobs to the printer. 

Vendor Alerts: 

 Mandrake:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2495.html 

 

 Gentoo: 

  Gentoo Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2473.html 
 
 Yellow Dog: 

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2480.html 

  
  

+---------------------------------+
|  Package: kdegraphics           | ----------------------------//
|  Date: 10-24-2002               |
+---------------------------------+  

Description: 
A vulnerability exists in KGhostview, part of the kdegraphics
package.  It includes a DSC 3.0 parser from GSview then is vulnerable
to a buffer overflow while parsing a specially crafted .ps file.  It
also contains code from gv which is vulnerable to a similar buffer
overflow triggered by malformed PostScript and PDF files.  This has
been fixed in KDE 3.0.4 and patches have been applied to correct
these packages. 

Vendor Alerts: 

 Mandrake:  
  8.2/RPMS/kdegraphics-2.2.2-15.1mdk.i586.rpm 
  d96f35aa8104d6cfe342a7eec7547a77  

  8.2/RPMS/kdegraphics-devel-2.2.2-15.1mdk.i586.rpm 
  4b4649c446fd2651902c01381f96b9d9  

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2502.html
 

  
  

+---------------------------------+
|  Package: NetBSD kernel         | ----------------------------//
|  Date: 10-23-2002               |
+---------------------------------+  

Description: 
The KAME-based IPsec implementation included in NetBSD was missing
some packet length checks, and could be tricked into passing negative
value as buffer length.  By transmiting a specially-formed (very
short) ESP packet, a malicious sender can cause a cause kernel pan
icon the victim node. 

Vendor Alerts: 

 NetBSD:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  NetBSD Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/netbsd_advisory-2490.html
 

  

+---------------------------------+
|  Package: heimdal               | ----------------------------//
|  Date: 10-21-2002               |
+---------------------------------+  

Description: 
All versions prior to Heimdal 0.5.1 and 0.4enb1 are vulnerable. 
NetBSD 1.5, 1.6, and -current (prior to October 21, 2002) ship with a
vulnerable version. The problem is a buffer overflow in the kerberos
version 4 compatibility layer of kadmind. 
  
Vendor Alerts: 

 NetBSD:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  NetBSD Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/netbsd_advisory-2491.html
 

  

+---------------------------------+
|  Package: groff                 | ----------------------------//
|  Date: 10-19-2002               |
+---------------------------------+  

Description: 
The groff preprocessor contains an exploitable buffer overflow. If
groff can be invoked within the LPRng printing system, an attacker
can gain rights as the "lp" user. Remote exploitation may be possible
if lpd is running and is accessible remotely, and the attacker knows
the name of the printer and spoolfile. 

Vendor Alerts: 

 Gentoo:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Gentoo Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2474.html
 

  


+---------------------------------+
|  Package: kernel                | ----------------------------//
|  Date: 10-19-2002               |
+---------------------------------+  

Description: 
There are several potentially exploitable local vulnerabilities in
the Linux kernel.  During a code audit several sign handling, math
overflow, and other vulnerabilities were fixed.  These fixes were
made in 2.2.22-rc1 and have been backported to our kernel. 

Vendor Alerts: 

 EnGarde:  
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2477.html
 

  

+---------------------------------+
|  Package: unzip                 | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
"The unzip and tar utilities contain vulnerabilities which can allow
arbitrary files to be overwritten during archive extraction. The
unzip and tar utilities are used for manipulating archives, which are
multiple files stored inside of a single file. 

Vendor Alerts: 

 Yellow Dog:  
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ 
  ppc/tar-2.3.9-0.73.3a.ppc.rpm 
  1de42ffa96d6bdf268da5fc0fdb7c848 

  ppc/unzip-5.50-2.ppc.rpm 
  779b7bf8aa001663666675c56a432287   

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2478.html
 

  

+---------------------------------+
|  Package: xinetd                | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
Versions 2.3.4 through 2.3.7 of Xinetd leak file descriptors for the
signal pipe to services that are launched by xinetd. This could allow
an attacker to execute a DoS attack via the pipe.  All users are
advised to upgrade to the errata packages containing xinetd version
2.3.9 which is not vulnerable to this issue. 
  
Vendor Alerts: 

 Yellow Dog:  
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ 
  ppc/xinetd-2.3.9-0.73.3a.ppc.rpm 
  218b1aa59c80092225f9d14eaf75676e   

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2479.html
 

  

+---------------------------------+
|  Package: php                   | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
PHP is an HTML-embedded scripting language commonly used with Apache.
PHP versions 4.0.5 through 4.1.0 in safe mode do not properly cleanse
the 5th parameter to the mail() function. This vulnerability allows
local users and possibly remote attackers to execute arbitrary
commands via shell metacharacters. 

Vendor Alerts: 

 Yellow Dog:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2481.html
 

  

+---------------------------------+
|  Package: nss_ldap              | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
Versions of pam_ldap prior to version 144 include a format string bug
in the logging function. The packages included in this erratum update
pam_ldap to version 144, fixing this bug. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-0374 to this issue. 

Vendor Alerts: 

 Yellow Dog:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  YellowDog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2482.html
 

  


+---------------------------------+
|  Package: gaim                  | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
Versions of gaim prior to 0.59.1 contain a bug in the URL handler of
the manual browser option. A link can be carefully crafted to contain
an arbitrary shell script which will be executed if the user clicks
on the link. 

Vendor Alerts: 

 Yellow Dog:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2484.html
 

  
  

+---------------------------------+
|  Package: fetchmail             | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
The first bug allows a remote attacker to crash Fetchmail by sending
a carefully crafted DNS packet. The second bug allows a remote
attacker to carefully craft an email in such a way that when it is
parsed by Fetchmail a heap overflow occurs, allowing remote arbitrary
code execution. 

Vendor Alerts: 

 Yellow Dog:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2485.html
 

  
  
+---------------------------------+
|  Package: glibc                 | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
A read buffer overflow vulnerability exists in the glibc resolver
code in versions of glibc up to and including 2.2.5. The
vulnerability is triggered by DNS packets larger than 1024 bytes and
can cause applications to crash. 

Vendor Alerts: 

 Yellow Dog:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Yellow Dog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2487.html
 

  
  
+---------------------------------+
|  Package: apache                | ----------------------------//
|  Date: 10-20-2002               |
+---------------------------------+  

Description: 
Please check whether you are affected by running "/bin/rpm -q
apache". If you have an affected version of the "apache" package (see
above), upgrade it according to the solution below. Remember to also 
rebuild and reinstall any dependent OpenPKG packages.  

Vendor Alerts: 

 Yellow Dog:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  YellowDog Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2494.html
 

  

+---------------------------------+
|  Package: xfree                 | ----------------------------//
|  Date: 10-24-2002               |
+---------------------------------+  

Description: 
Roberto Zunino discovered a vulnerability in the MIT-SHM extension of
XFree86 prior to versions 4.2.1. The vulnerability allows a local
user who can run XFree86 to gain read/write access to any shared
memory segment in the system. Although the use of shared memory
segments to store trusted data is not a common practice, by
exploiting this vulnerability the attacker potentially can get and/or
change sensitive information. 
  
Vendor Alerts: 

 Gentoo:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Gentoo Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2499.html
 

  

+---------------------------------+
|  Package: zope                  | ----------------------------//
|  Date: 10-24-2002               |
+---------------------------------+  

Description: 
Zope (www.zope.org) will reveal the complete physical location where
the server and its components are installed if it receives
"incorrect" XML-RPC requests. In some cases it will reveal also
information about the serves in the protected LAN (10.x.x.x for
example) on which current server is relaying.  

Vendor Alerts: 

 Gentoo:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Gentoo Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/other_advisory-2500.html
 

  

+---------------------------------+
|  Package: ypserv                | ----------------------------//
|  Date: 10-24-2002               |
+---------------------------------+  

Description: 
ypserv is an NIS authentication server. ypserv versions before 2.5
contain a memory leak that can be triggered remotely. 

Vendor Alerts: 

 Red Hat:  
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  Red Hat Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/redhat_advisory-2497.html
 

  

+---------------------------------+
|  Package: postgresql            | ----------------------------//
|  Date: 10-21-2002               |
+---------------------------------+  

Description: 
The PostgreSQL Object-Relational DBMS was found vulnerable to several
security related buffer overflow problems.    

Vendor Alerts: 

 SuSE: 
  PLEASE SEE VENDOR ADVISORY FOR UPDATE 

  SuSE Vendor Advisory: 
  http://www.linuxsecurity.com/advisories/suse_advisory-2475.html
 

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux