+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| December 20th, 2002 Volume 3, Number 51a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for wget, kernel, fetchmail, mysql,
openldap, micq, libpng, squirrelmail, net-snmp, exim, apache, lynx-ssl,
perl, and tcpdump. The distributors include Conectiva, Debian, EnGarde,
Gentoo, Mandrake, Red Hat, and Trustix.
If It Ain't Broke See If It's Fixed - Attackers are still compromising
servers with well-known attacks. General awareness can assist the busy
administrators and users to protect their systems from these kinds of
attacks. SANS provides a list of the Top 20 most common security
vulnerabilities, how to identify each, and what can be done to protect
against these vulnerabilities.
http://www.linuxsecurity.com/feature_stories/feature_story-132.html
---------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
---------------------------------------------------------------------
Network Security Audit - "Information for the right people at right time
and from anywhere" has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.
http://www.linuxsecurity.com/feature_stories/feature_story-131.html
+---------------------------------+
| Package: wget | ----------------------------//
| Date: 12-13-2002 |
+---------------------------------+
Description:
The vulnerability resides in the way wget handles server answers to LIST
and multiple GET requests. If the filenames in the answer begin with
characters pointing to parent directories (like "../" or "/"), wget can
download files to that location, thus overwritting arbitrary files.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
wget-1.8.2-1U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2664.html
Debian:
http://security.debian.org/pool/updates/main/
w/wget/wget_1.5.3-3.1_i386.deb
Size/MD5 checksum: 227812 fc7c576836d26cebc397c07f3bbd1488
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2661.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2689.html
+---------------------------------+
| Package: kernel | ----------------------------//
| Date: 12-13-2002 |
+---------------------------------+
Description:
Christophe Devine reported[1] a vulnerability in versions prior to 2.4.20
of the linux kernel that could be exploited by a local non-root user to
completely "freeze" the machine. A local attacker could exploit this
vulnerability to cause a Denial of Service (DoS) condition. This update
fixes this problem.
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2673.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2685.html
+---------------------------------+
| Package: fetchmail | ----------------------------//
| Date: 12-16-2002 |
+---------------------------------+
Description:
Stefan Esser discovered[1] a buffer overflow vulnerability in fetchmail
versions prior to 6.1.3 (inclusive) that can be exploited remotelly with
the use of specially crafted mail messages. By exploiting this the
attacker can crash fetchmail or execute arbitrary code with the privileges
of the user running it.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
fetchmail-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
fetchmailconf-5.9.12-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
fetchmail-doc-5.9.12-1U80_3cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2674.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2666.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2676.html
+---------------------------------+
| Package: mysql | ----------------------------//
| Date: 12-17-2002 |
+---------------------------------+
Description:
The server vulnerabilities can be exploited to crash the MySQL server,
bypass password restrictions or even execute arbitrary code with the
privileges of the user running the server process. The library ones
consist in an arbitrary size heap overflow and a memory addressing problem
that can be both exploited to crash or execute arbitrary code in programs
linked against libmysql.
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2678.html
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2675.html
EnGarde:
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Mandrake:
Mandrake Vendor Adivsory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2681.html
OpenPKG:
http://www.linuxsecurity.com/advisories/other_advisory-2670.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2665.html
+---------------------------------+
| Package: openldap | ----------------------------//
| Date: 12-19-2002 |
+---------------------------------+
Description:
The vulnerabilities consists mainly in buffer overflows in both the
OpenLDAP server and in the libraries provided with the OpenLDAP package.
Some of these vulnerabilities can be exploited by attackers remotely or
locally to compromise the OpenLDAP server or applications linked against
the vulnerable libraries.
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2682.html
+---------------------------------+
| Package: lynx | ----------------------------//
| Date: 12-19-2002 |
+---------------------------------+
Description:
lynx (a text-only web browser) did not properly check for illegal
characters in all places, including processing of command line options,
which could be used to insert extra HTTP headers in a request.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/l/lynx/
lynx_2.8.3-1.1_i386.deb
Size/MD5 checksum: 973310 9f591d8c7e97b1bd84da2f841397a75c
http://security.debian.org/pool/updates/main/l/lynx-ssl/
lynx-ssl_2.8.3.1-1.1_i386.deb
Size/MD5 checksum: 980678 ef6cf5f0e4a8781b14876639fafa78be
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2662.html
+---------------------------------+
| Package: micq | ----------------------------//
| Date: 12-13-2002 |
+---------------------------------+
Description:
Rdiger Kuhlmann, upstream developer of mICQ, a text based ICQ client,
discovered a problem in mICQ. Receiving certain ICQ message types that do
not contain the required 0xFE seperator causes all versions to crash.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/m/
micq/micq_0.4.3-4.1_i386.deb
Size/MD5 checksum: 42682 1ed0c823d4ccc05bc9e2070c15a687be
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2663.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 12-19-2002 |
+---------------------------------+
Description:
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG (Portable
Network Graphics) format files. The starting offsets for the loops are
calculated incorrectly which causes a buffer overrun beyond the beginning
of the row buffer.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/libp/libpng/
libpng2_1.0.5-1.1_i386.deb
Size/MD5 checksum: 93642 adaf7a70c5c96cc86dd37e3e97662749
http://security.debian.org/pool/updates/main/libp/libpng/
libpng2-dev_1.0.5-1.1_i386.deb
Size/MD5 checksum: 174272 55f53fa4fd4c4f4c56a9b6d89e466f21
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2683.html
+---------------------------------+
| Package: squirrelmail | ----------------------------//
| Date: 12-15-2002 |
+---------------------------------+
Description:
read_body.php didn't filter out user input for 'filter_dir' and 'mailbox',
making a xss attack possible.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2668.html
+---------------------------------+
| Package: exim | ----------------------------//
| Date: 12-16-2002 |
+---------------------------------+
Description:
There is a format string bug in daemon.c.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2669.html
+---------------------------------+
| Package: net-SNMP | ----------------------------//
| Date: 12-16-2002 |
+---------------------------------+
Description:
The Net-SNMP packages shipped with Red Hat Linux 8.0 contain several bugs
including a remote denial of service vulnerability. This errata release
corrects those problems.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
net-snmp-5.0.6-8.80.2.i386.rpm
756809c05de41a612dd39f175c545816
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2677.html
+---------------------------------+
| Package: apache | ----------------------------//
| Date: 12-18-2002 |
+---------------------------------+
Description:
A number of vulnerabilities were discovered in Apache versions prior to
1.3.27. The first is regarding the use of shared memory (SHM) in Apache.
An attacker that is able to execute code as the UID of the webserver
(typically "apache") is able to send arbitrary processes a USR1 signal as
root. Using this vulnerability, the attacker can also cause the Apache
process to continously span more children processes, thus causing a local
DoS. Another vulnerability was discovered by Matthew Murphy regarding a
cross site scripting vulnerability in the standard 404 error page.
Finally, some buffer overflows were found in the "ab" benchmark program
that is included with Apache.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2680.html
+---------------------------------+
| Package: lynx-ssl | ----------------------------//
| Date: 12-19-2002 |
+---------------------------------+
Description:
This SSL patch package for Lynx provides the ability to make use of SSL
over HTTP for secure access to web sites (HTTPS) and over NNTP for secure
access to news servers (SNEWS). SSL is handled transparently, allowing
users to continue accessing web sites and news services from within Lynx
through the same interface for both secure and standard transfers.
Vendor Alerts:
Trustix:
./1.5/RPMS/lynx-ssl-2.8.4-1tr.i586.rpm
b9a901ce8b48c6fd77ca996c6f998540
http://www.trustix.net/pub/Trustix/updates/
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2686.html
+---------------------------------+
| Package: perl | ----------------------------//
| Date: 12-19-2002 |
+---------------------------------+
Description:
Perl allows for socalled "safe compartmemts" where code can be evalutated
without access to variables outside this environment. There was, however,
a bug with regards to applications using this safe compartment more than
once.
Vendor Alerts:
Trustix:
./1.5/RPMS/perl-5.00503-14tr.i586.rpm
6e864051fab21be22c8e295dbff00df2
http://www.trustix.net/pub/Trustix/updates/
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2687.html
+---------------------------------+
| Package: tcpdump | ----------------------------//
| Date: 12-19-2002 |
+---------------------------------+
Description:
Tcpdump tries to decode packages it sees on the network to provide some
information to the user. In the decoding of BGP packages, it failed to do
proper bounds checking. The impact is not known, but it could at least be
used to crash tcpdump. This is fixed in the 3.7.1 release of tcpdump.
Vendor Alerts:
Trustix:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2688.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
