+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| November 29th, 2002 Volume 3, Number 48a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for pine, samba, python, sendmail,
kernel, and mod_php. The distributors include Conectiva, Debian, Guardian
Digital's EnGarde Secure Linux, Mandrake, Red Hat, Slackware, SuSE, and
Trustix.
Concerned about the next threat? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice
award thanks to the depth of its security strategy..." Find out what the
other Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following
guidelines.
http://www.linuxsecurity.com/feature_stories/feature_story-130.html
FEATURE: Security: Physical and Service (1 of 3) - The first installation
of a 3 part article covering everything from physical security and service
security to LAMP security (Linux Apache MySQL PHP).
http://www.linuxsecurity.com/feature_stories/feature_story-128.html
+---------------------------------+
| Package: pine | ----------------------------//
| Date: 11-22-2002 |
+---------------------------------+
Description:
It is possible for an attacker to bypass the restrictions imposed by The
Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his
choosing by inserting a special character sequence into his .forward file.
SMRSH is an application intended as a replacement for sh for use in
Sendmail.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/
i586/pine-4.44-224.i586.rpm
8c32d5571d7488e31f693a884dedb81e
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2607.html
EnGarde:
i386/pine-4.50-1.0.9.i386.rpm
MD5 Sum: ff1db113dcddb5b64f5e62231deb44bc
i686/pine-4.50-1.0.9.i686.rpm
MD5 Sum: a82c4318b516f0a2990e4ad286e01646
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
+---------------------------------+
| Package: samba | ----------------------------//
| Date: 11-22-2002 |
+---------------------------------+
Description:
Steve Langasek found an exploitable bug in the password handling code in
samba: when converting from DOS code-page to little endian UCS2 unicode a
buffer length was not checked and a buffer could be overflowed. There is
no known exploit for this, but an upgrade is strongly recommended.
Vendor Alerts:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2606.html
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2604.html
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2601.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2605.html
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2612.html
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2610.html
+---------------------------------+
| Package: python | ----------------------------//
| Date: 11-25-2002 |
+---------------------------------+
Description:
A vulnerability was discovered in python by Zack Weinberg in the way that
the execvpe() method from the os.py module uses a temporary file name.
The file is created in an unsafe manner and execvpe() tries to execute it,
which can be used by a local attacker to execute arbitrary code with the
privilege of the user running the python code that is using this method.
Vendor Alerts:
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
9.0/RPMS/libpython2.2-2.2.1-14.1mdk.i586.rpm
68816873ca418b97541ab7b817659f6d
9.0/RPMS/libpython2.2-devel-2.2.1-14.1mdk.i586.rpm
b563b5a12f11f65463e21e5035b5bff6
9.0/RPMS/python-2.2.1-14.1mdk.i586.rpm
1fd791067dd84dc2f7ed0b9d1d67348d
9.0/RPMS/python-base-2.2.1-14.1mdk.i586.rpm
3e011ff7fb03797803b129341ff7f087
9.0/RPMS/python-docs-2.2.1-14.1mdk.i586.rpm
09d9075dc6cf328b4815a01642cee8c3
9.0/RPMS/tkinter-2.2.1-14.1mdk.i586.rpm
aad20ece68004cc82d62afd161d855a0
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2611.html
+---------------------------------+
| Package: sendmail | ----------------------------//
| Date: 11-22-2002 |
+---------------------------------+
Description:
It is possible for an attacker to bypass the restrictions imposed by The
Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his
choosing by inserting a special character sequence into his .forward file.
SMRSH is an application intended as a replacement for sh for use in
Sendmail.
Vendor Alerts:
Caldera:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2600.html
+---------------------------------+
| Package: EnGarde kernel | ----------------------------//
| Date: 11-22-2002 |
+---------------------------------+
Description:
Solar Designer kindly pointed out to us that our last kernel update
(ESA-20021022-026) was incomplete because 2.2.22-rc1 did not contain all
the critical security fixes. This update backports the remaining fixes.
Vendor Alerts:
EnGarde:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2602.html
+---------------------------------+
| Package: Red Hat kernel | ----------------------------//
| Date: 11-25-2002 |
+---------------------------------+
Description:
The Linux kernel handles the basic functions of the operating system. A
vulnerability in the Linux kernel has been discovered in which a non-root
user can cause the machine to freeze. This kernel addresses the
vulnerability.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2609.html
+---------------------------------+
| Package: mod_php | ----------------------------//
| Date: 11-22-2002 |
+---------------------------------+
Description:
This update upgrades PHP in EnGarde 1.0.1, 1.1, and 1.2 to version 4.2.3.
This update also fixes a recent vulnerability where a script could bypass
safe mode restrictions.
Vendor Alerts:
EnGarde:
PLEASE SEE VENDOR ADIVSORY FOR UPDATE
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2603.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
