+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| December 27th, 2002 Volume 3, Number 52a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for bind, perl, canna, klisa,
cyrus-imapd, wget, kde, and fetchmail. The distributors include Caldera,
Debian, Gentoo, and SuSE.
No 'A' Word In Time - Maintaining accurate time is required for security.
Many tools and devices exist to ensure that accurate time is maintained on
an organization's system. It makes the job of analysis and system
administration much easier to deal with, as well.
http://www.linuxsecurity.com/feature_stories/feature_story-133.html
---------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
---------------------------------------------------------------------
If It Ain't Broke See If It's Fixed - Attackers are still compromising
servers with well-known attacks. General awareness can assist the busy
administrators and users to protect their systems from these kinds of
attacks. SANS provides a list of the Top 20 most common security
vulnerabilities, how to identify each, and what can be done to protect
against these vulnerabilities.
http://www.linuxsecurity.com/feature_stories/feature_story-132.html
+---------------------------------+
| Package: bind | ----------------------------//
| Date: 12-20-2002 |
+---------------------------------+
Description:
A vulnerability in the DNS resolver library may allow remote attackers to
execute arbitrary code with the privileges of applications that issue
network name or address requests.
Vendor Alerts:
Caldera:
bind-8.3.4-1.i386.rpm
dbade93f9de80c9d05dafdb010c51f0f
bind-doc-8.3.4-1.i386.rpm
077c5888f3c3f3074bcb12c79c9c97ec
bind-utils-8.3.4-1.i386.rpm
dfad9dd9bea8a88ba1958e68b6b255a7
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2002-059.0/RPMS
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2691.html
+---------------------------------+
| Package: perl | ----------------------------//
| Date: 12-20-2002 |
+---------------------------------+
Description:
A security hole has been discovered in Safe.pm. When a Safe compartment
has already been used, there's no guarantee that it's safe any longer,
because there's a way for code executed within the Safe compartment to
alter its operation mask. (Thus, programs that use a Safe compartment only
once aren't affected by this bug
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2692.html
+---------------------------------+
| Package: canna | ----------------------------//
| Date: 12-20-2002 |
+---------------------------------+
Description:
hsj of Shadow Penguin Security discovered a heap overflow vulnerability in
the irw_through function in canna server version 3.6 and earlier."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2694.html
+---------------------------------+
| Package: klisa | ----------------------------//
| Date: 12-20-2002 |
+---------------------------------+
Description:
The lisa daemon contains a buffer overflow vulnerability which potentially
enables any local user, as well any any remote attacker on the LAN who is
able to gain control of the LISa port (7741 by default), to obtain root
privileges. In addition, a remote attacker potentially may be able to
gain access to a victim's account by using an "rlan://" URL in an HTML
page or via another KDE application.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2695.html
+---------------------------------+
| Package: cyrus-imapd | ----------------------------//
| Date: 12-20-2002 |
+---------------------------------+
Description:
The cyrus imapd contains a buffer overflow which could be exploited by
remote attackers prior to logging in. Attackers could generate oversized
error messages and overflow buffers inside imapd.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
cyrus-imapd-2.1.9-41.i586.rpm
47785bc84eeebbddcd50a267684d6500
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/
cyrus-sasl2-2.1.7-52.i586.rpm
b740ad1a675f2c14ffc33097a1c41ee5
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2696.html
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2698.html
+---------------------------------+
| Package: wget | ----------------------------//
| Date: 12-20-2002 |
+---------------------------------+
Description:
A malicious server could potentially overwrite key files to cause a denial
of service or, in some cases, gain privileges by modifying executable
files. The risk is mitigated because non-default configurations are
primarily affected, and the user must be convinced to access the malicious
server. However, web-based clients may be more easily exploited.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2693.html
+---------------------------------+
| Package: kde | ----------------------------//
| Date: 12-22-2002 |
+---------------------------------+
Description:
In some instances KDE fails to properly quote parameters of instructions
passed to a command shell for execution.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2697.html
+---------------------------------+
| Package: fetchmail | ----------------------------//
| Date: 12-22-2002 |
+---------------------------------+
Description:
When fetchmail retrieves a mail all headers that contain addresses are
searched for local addresses. If a hostname is missing, fetchmail appends
it but doesn't reserve enough space for it. This heap overflow can be
used by remote attackers to crash it or to execute arbitrary code with the
privileges of the user running fetchmail.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/f/
fetchmail/fetchmail_5.3.3-4.3_i386.deb
Size/MD5 checksum: 342328 51380d2821f2837a7aaf3f14850fce83
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2699.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
