+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | December 6th, 2002 Volume 3, Number 49a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for RPC XDR, ypserv, pine, freeswan, im, smb2www, xinetd, webalizer, kde, kdelibs, and windowmaker. The distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, and Red Hat. Concerned about the next threat? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 Network Security Audit - "Information for the right people at right time and from anywhere" has been the driving force for providing access to the most of the vital information on the network of an organization over the Internet. This is a simple guide on conducting a network security audit. http://www.linuxsecurity.com/feature_stories/feature_story-131.html Security: MySQL and PHP (3 of 3) - This is the third installation of a 3 part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a MySQL server to the basic level, one has to abide by the following guidelines. http://www.linuxsecurity.com/feature_stories/feature_story-130.html +---------------------------------+ | Package: RPC XDR | ----------------------------// | Date: 12-04-2002 | +---------------------------------+ Description: The implementation of xdr_array can be tricked into writing beyond the buffers it allocated when deserializing the XDR stream. Vendor Alerts: Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/ CSSA-2002-055.0/RPMS glibc-2.2.4-25.i386.rpm 0c879b13edf9d0ad38421432184b7749 Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2637.html +---------------------------------+ | Package: ypserv | ----------------------------// | Date: 12-04-2002 | +---------------------------------+ Description: Requesting a map that doesn't exist will cause a memory leak in the server. Vendor Alerts: Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/ CSSA-2002-054.0/RPMS nis-client-2.0-23.i386.rpm f416f2e39a29d419832f3b18c04491a2 nis-server-2.0-23.i386.rpm b86300ae67587b447262d31f123bc12e Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2638.html +---------------------------------+ | Package: pine | ----------------------------// | Date: 12-04-2002 | +---------------------------------+ Description: By exploiting this, an attacker can prevent the pine user of starting the program to manage his/her mailbox. It was not confirmed if it is possible to execute arbitrary code by exploiting this vulnerability, but such a possibility exists. Vendor Alerts: Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ pico-4.50L-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ pilot-4.50L-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ pine-4.50L-1U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-2639.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2618.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2631.html +---------------------------------+ | Package: freeswan | ----------------------------// | Date: 12-02-2002 | +---------------------------------+ Description: Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debain is affected by this and is said to cause a kernel panic. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/f/freeswan/ kernel-patch-freeswan_1.96-1.4_all.deb Size/MD5 checksum: 889918 30c73e274e84b62125136ec96160d23a Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2628.html +---------------------------------+ | Package: im | ----------------------------// | Date: 12-03-2002 | +---------------------------------+ Description: The impwagent program creates a temporary directory in an insecure manner in /tmp using predictable directory names without checking the return code of mkdir, so it's possible to seize a permission of the temporary directory by local access as another user. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/i/im/ im_141-18.1_all.deb Size/MD5 checksum: 217416 41a6ad3bc0b0591ba180dd5d646387f9 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2630.html +---------------------------------+ | Package: smb2www | ----------------------------// | Date: 12-04-2002 | +---------------------------------+ Description: Robert Luberda found a security problem in smb2www, a Windows Network client that is accessible through a web browser. This could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/s/smb2www/ smb2www_980804-16.1_all.deb Size/MD5 checksum: 79050 6d443251ebe2389c26ac163e739ee80e Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2636.html +---------------------------------+ | Package: kdelibs | ----------------------------// | Date: 12-05-2002 | +---------------------------------+ Description: The KDE team has discovered a vulnerability in the support for various network protocols via the KIO The implementation of the rlogin and protocol allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using the victim's account on the vulnerable machine. Vendor Alerts: Debian: PLEASE SEE VENDOR ADVISORY FOR UPDATE Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2640.html +---------------------------------+ | Package: windowmaker | ----------------------------// | Date: 12-05-2002 | +---------------------------------+ Description: Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. Vendor Alerts: Mandrake: PLEASE SEE VENDOR ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2632.html +---------------------------------+ | Package: xinetd | ----------------------------// | Date: 12-05-2002 | +---------------------------------+ Description: Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal pipe to services that are launched by xinetd. This could allow an attacker to execute a DoS attack via the pipe. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0871 to this issue. Vendor Alerts: Red Hat: ftp://updates.redhat.com/8.0/en/os/i386/xinetd-2.3.7-5.i386.rpm 26e6f6faec33503f3538a4ac80c82ce2 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2629.html +---------------------------------+ | Package: webalizer | ----------------------------// | Date: 12-02-2002 | +---------------------------------+ Description: A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. Vendor Alerts: Red Hat: ftp://updates.redhat.com/7.2/en/os/i386/ webalizer-2.01_09-1.72.i386.rpm f3d16a9fa3c202031a6cda1da2944e3d Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2634.html +---------------------------------+ | Package: kdelibs | ----------------------------// | Date: 12-02-2002 | +---------------------------------+ Description: A number of vulnerabilities have been found that affect various versions of KDE. This errata provides updates which resolve these issues. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2635.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------