+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| January 17th, 2002 Volume 4, Number 3a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for wget, xpdf, openldap, libmcrypt,
impsql, bugzilla, mod_php, cups, dhcpd, kde, leafnode, libpng, postgresql,
mysql, vim, and ethereal. The distributors include Caldera, Debian,
Mandrake, Red Hat, SuSE, and Yellow Dog..
* FREE SSL Guide from Thawte *
Are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security
issues.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte3
LINUXSECURITY.COM FEATURE: Newest Members of the Team
Just to give everyone an idea about who writes these articles and feature
stories that we spend so much of our time reading each day, I have decided
to ask Brian Hatch and Duane Dunston, the newest members of the
LinuxSecurity.com team, a few questions.
http://www.linuxsecurity.com/feature_stories/feature_story-134.html
---------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
---------------------------------------------------------------------
LINUXSECURITY.COM FEATURE: Secure Passwordless Logins with SSH Part 3
Setting up your accounts to allow identity-based authentication gives you
several new options to allow passwordless access to those accounts. This
week we'll see how well we can restrict the access granted to these
identities.
http://www.linuxsecurity.com/articles/documentation_article-6517.html
+---------------------------------+
| Package: wget | ----------------------------//
| Date: 01-16-2003 |
+---------------------------------+
Description:
The proper solution is to install the latest packages. Many customers find
it easier to use the Caldera System Updater, called cupdate (or kcupdate
under the KDE environment), to update these packages rather than
downloading and installing them by hand.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-003.0/RPMS
wget-1.7.1-3.i386.rpm
0adc5e5568cc589b9ab90ebb0e181e65
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2770.html
+---------------------------------+
| Package: xpdf | ----------------------------//
| Date: 01-10-2003 |
+---------------------------------+
Description:
The proper solution is to install the latest packages. Many customers find
it easier to use the Caldera System Updater, called cupdate (or kcupdate
under the KDE environment), to update these packages rather than
downloading and installing them by hand.
Vendor Alerts:
Caldera:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2746.html
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2743.html
+---------------------------------+
| Package: openldap2 | ----------------------------//
| Date: 01-13-2003 |
+---------------------------------+
Description:
The SuSE Security Team reviewed critical parts of openldap2, an
implementation of the Lightweight Directory Access Protocol (LDAP) version
2 and 3, and found several buffer overflows and other bugs remote
attackers could exploit to gain access on systems running vulnerable LDAP
servers. In addition to these bugs, various local exploitable bugs within
the OpenLDAP2 libraries have been fixed.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2749.html
+---------------------------------+
| Package: libmcrypt | ----------------------------//
| Date: 01-13-2003 |
+---------------------------------+
Description:
Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a
decryption and encryption library, that originates in from improper or
lacking input validation. By passing input which is longer then expected
to a number of functions (multiple functions are affected) the user can
successful make libmcrypt crash and may be able to insert arbitrary,
malicious, code which will be executed under the user libmcrypt runs as,
e.g. inside a web server.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/libm/
libmcrypt/libmcrypt-dev_2.5.0-1woody1_i386.deb
Size/MD5 checksum: 300576 940ad919f58bcf5e63aa2ae5d82dfc81
http://security.debian.org/pool/updates/main/libm/
libmcrypt/libmcrypt4_2.5.0-1woody1_i386.deb
Size/MD5 checksum: 109618 f7aca58ac7f137b9c4a5cb30c0aa3348
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2757.html
+---------------------------------+
| Package: impsql | ----------------------------//
| Date: 01-15-2003 |
+---------------------------------+
Description:
The impact of SQL injection depends heavily on the underlying database and
its configuration. If PostgreSQL is used, it's possible to execute
multiple complete SQL queries separated by semicolons. The database
contains session id's so the attacker might hijack sessions of people
currently logged in and read their mail.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/i/
imp/imp_2.2.6-5.1_all.deb
Size/MD5 checksum: 426826 134e3d543d2d32f1fe9f84664a819dd0
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2761.html
+---------------------------------+
| Package: bugzilla | ----------------------------//
| Date: 01-15-2003 |
+---------------------------------+
Description:
The provided data collection script intended to be run as a nightly cron
job changes the permissions of the data/mining directory to be
world-writable every time it runs. This would enable local users to alter
or delete the collected data.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/b/bugzilla/
bugzilla-doc_2.14.2-0woody4_all.deb
Size/MD5 checksum: 489720 ef08e1d090904b2a5c4ee7922a4dfb82
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2769.html
+---------------------------------+
| Package: mod_php | ----------------------------//
| Date: 01-13-2003 |
+---------------------------------+
Description:
"If you use the wordwrap() function on user-supplied input, a
specially-crafted input can overflow the allocated buffer and overwrite
the heap. Exploit looks very difficult, but still theoretically
possible."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2750.html
+---------------------------------+
| Package: cups | ----------------------------//
| Date: 01-13-2003 |
+---------------------------------+
Description:
iDefense reported several security problems in CUPS that can lead to local
and remote root compromise. An integer overflow in the HTTP interface can
be used to gain remote access with CUPS privilege. A local file race
condition can be used to gain root privilege, although the previous bug
must be exploited first. An attacker can remotely add printers to the
vulnerable system. A remote DoS can be accomplished due to negative
length in the memcpy() call.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2744.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2752.html
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2754.html
+---------------------------------+
| Package: dhcpd | ----------------------------//
| Date: 01-12-2003 |
+---------------------------------+
Description:
A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client
daemon. dhcpcd has the ability to execute an external script named
dhcpcd-.exe when an IP address is assigned to that network interface.
The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains
shell variables and DHCP assignment information.
Vendor Alerts:
Mandrake:
9.0/RPMS/dhcpcd-1.3.22pl4-1.1mdk.i586.rpm
f2b6212121ea3edbed6f6e62ebb0e20d
http://www.mandrakesecure.net/en/ftp.php
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2745.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2766.html
+---------------------------------+
| Package: kde | ----------------------------//
| Date: 01-12-2003 |
+---------------------------------+
Description:
Multiple instances of improperly quoted shell command execution exist in
KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote
parameters of instructions passed to the shell for execution. These
parameters may contain data such as filenames, URLs, email address, and so
forth; this data may be provided remotely to a victim via email, web
pages, files on a network filesystem, or other untrusted sources.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
http://www.mandrakesecure.net/en/ftp.php
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2758.html
+---------------------------------+
| Package: leafnode | ----------------------------//
| Date: 01-14-2003 |
+---------------------------------+
Description:
A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown
pointed out could be used in a Denial of Service attack. This
vulnerability causes leafnode to go into an infinite loop with 100% CPU
use when an article that has been crossposed to several groups, one of
which is the prefix of another, is requested by it's Message-ID.
Vendor Alerts:
Mandrake:
9.0/RPMS/leafnode-1.9.31-1.1mdk.i586.rpm
4749ee927caa55f15adddadd473a3d12
http://www.mandrakesecure.net/en/ftp.php
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2763.html
+---------------------------------+
| Package: openldap | ----------------------------//
| Date: 01-14-2003 |
+---------------------------------+
Description:
A review was completed by the SuSE Security Team on the OpenLDAP server
software, and this audit revealed several buffer overflows and other bugs
that remote attackers could exploit to gain unauthorized access to the
system running the vulnerable OpenLDAP servers. Additionally, various
locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as
well.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
http://www.mandrakesecure.net/en/ftp.php
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2768.html
+---------------------------------+
| Package: libpng | ----------------------------//
| Date: 01-13-2003 |
+---------------------------------+
Description:
Unpatched versions of libpng 1.2.1 and earlier do not correctly calculate
offsets, which leads to a buffer overflow and the possibility of arbitrary
code execution. This could be exploited by an attacker creating a
carefully crafted PNG file which could execute arbitrary code when the
victim views it.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
libpng-1.2.2-8.i386.rpm
65f374f46b9b03de4c162ef0052a6fe1
ftp://updates.redhat.com/8.0/en/os/i386/
libpng-devel-1.2.2-8.i386.rpm
55f87f85687d29e92a6cc4e9bc7dd5cd
RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2751.html
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2756.html
Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2755.html
+---------------------------------+
| Package: postgresql | ----------------------------//
| Date: 01-13-2003 |
+---------------------------------+
Description:
Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of
service and possibly execute arbitrary code via long arguments to the lpad
or rpad functions. CAN-2003-0972
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2760.html
+---------------------------------+
| Package: mysql | ----------------------------//
| Date: 01-14-2003 |
+---------------------------------+
Description:
MySQL is a multi-user, multi-threaded SQL database server. While auditing
MySQL, Stefan Esser found security vulnerabilities that can be used to
crash the server or allow MySQL users to gain privileges.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2764.html
+---------------------------------+
| Package: vim | ----------------------------//
| Date: 01-16-2003 |
+---------------------------------+
Description:
VIM allows a user to set the modeline differently for each edited text
file by placing special comments in the files. Georgi Guninski found that
these comments can be carefully crafted in order to call external
programs. This could allow an attacker to create a text file such that
when it is opened arbitrary commands are executed.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2767.html
+---------------------------------+
| Package: ethereal | ----------------------------//
| Date: 01-16-2003 |
+---------------------------------+
Description:
Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7
and earlier allow remote attackers to cause a denial of service (infinite
loop) via malformed messages. This problem was discovered by Silvio
Cesare. CAN-2003-1355
Vendor Alerts:
YellowDog Linux:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
YellowDog Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2753.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
