+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 7th, 2002 Volume 4, Number 10a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for sendmail, php, slocate, mhc,
eterm, tcpdump, snort, OpenSSL, tg3, squirrelmail, and im. The
distributors include Conectiva, Debian, FreeBSD, Gentoo, Mandrake, NetBSD,
Red Hat, Slackware, SuSE, and Yellow Dog.
* Comprehensive SPAM Protection! - Open source technology constantly
adapts to new threats. Email firewall, simplified administration,
automatically updated. Complete enterprise email solution.
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail1
LINUX SECURITY ARTICLES:
------------------------
Get out of a BIND - install DJBDNS - DJBDNS eases DNS management and
improves security over BIND alternatives by taking a different approach to
serving and caching DNS answers.
http://www.linuxsecurity.com/articles/documentation_article-6857.html
Remote Syslog with MySQL and PHP
Msyslog has the ability to log syslog messages to a database. This allows
for easier monitoring of multiple servers and the ability to be display
and search for syslog messages using PHP or any other programming language
that can communicate with the database.by that, too.
http://www.linuxsecurity.com/feature_stories/feature_story-138.html
+---------------------------------+
| Package: php | ----------------------------//
| Date: 03-04-2003 |
+---------------------------------+
Description:
Two vulnerabilities exists in the mail() PHP function. The first one
allows execution of any program/script, bypassing the safe_mode
restriction. The second one may allow an open-relay if the mail() function
is not carefully used in PHP scripts.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-008.0/RPMS
php-4.0.6-4.i386.rpm
3305349cfaa56ff000040fbd46aad75c
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2931.html
+---------------------------------+
| Package: slocate | ----------------------------//
| Date: 03-06-2003 |
+---------------------------------+
Description:
The proper solution is to install the latest packages. Many customers
find it easier to use the Caldera System Updater, called cupdate (or
kcupdate under the KDE environment), to update these packages rather
than downloading and installing them by hand.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-009.0/RPMS
slocate-2.6-3.i386.rpm
d357c2ee6bd94601dc6be091ddf8082e
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2931.html
+---------------------------------+
| Package: sendmail | ----------------------------//
| Date: 03-03-2003 |
+---------------------------------+
Description:
This vulnerability can be exploited by creating and sending to a
vulnerable sendmail server a carefully crafted email message. This
message will trigger the vulnerability and arbitrary commands can be
executed with administrative privileges.
Vendor Alerts:
Conectiva:
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2913.html
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2918.html
http://www.linuxsecurity.com/advisories/debian_advisory-2932.html
FreeBSD:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2919.html
http://www.linuxsecurity.com/advisories/freebsd_advisory-2930.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2920.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2916.html
NetBSD:
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-2922.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2914.html
Slackware:
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2923.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2915.html
YellowDog:
YellowDog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2935.html
+---------------------------------+
| Package: mhc | ----------------------------//
| Date: 02-28-2003 |
+---------------------------------+
Description:
It has been discovered that adb2mhc from the mhc-utils package. The
default temporary directory uses a predictable name. This adds a
vulnerability that allows a local attacker to overwrite arbitrary
files the users has write permissions for.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/
m/mhc/mhc_0.25+20010625-7.1_all.deb
Size/MD5 checksum: 147808 c5f128fe3d1d2a9b643874f78d40a5ab
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2910.html
+---------------------------------+
| Package: eterm | ----------------------------//
| Date: 03-03-2003 |
+---------------------------------+
Description:
Many of the features supported by popular terminal emulator software
can be abused when un-trusted data is displayed on the screen. The
impact of this abuse can range from annoying screen garbage to a
complete system compromise. All of the issues below are actually
documented features, anyone who takes the time to read over the man
pages or source code could use them to carry out an attack.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2911.html
http://www.linuxsecurity.com/advisories/gentoo_advisory-2912.html
+---------------------------------+
| Package: tcpdump | ----------------------------//
| Date: 03-05-2003 |
+---------------------------------+
Description:
A vulnerability exists in the parsing of ISAKMP packets (UDP port
500) that allows an attacker to force TCPDUMP into an infinite loop
upon receipt of a specially crafted packet.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2933.html
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2917.html
+---------------------------------+
| Package: snort | ----------------------------//
| Date: 03-06-2003 |
+---------------------------------+
Description:
Remote attackers may exploit the buffer overflow condition to run
arbitrary code on a Snort sensor with the privileges of the Snort IDS
process, which typically runs as the superuser. The vulnerable
preprocessor is enabled by default. It is not necessary to establish
an actual connection to a RPC portmapper service to exploit this
vulnerability.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2936.html
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 03-06-2003 |
+---------------------------------+
Description:
Block cipher padding errors and MAC verification errors were handled
differently in the SSL/TLS parts of the OpenSSL library. This leaks
information in the case of incorrect SSL streams and allows for an
adaptive timing attack.
Vendor Alerts:
NetBSD:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-2921.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2939.html
+---------------------------------+
| Package: tg3 | ----------------------------//
| Date: 03-03-2003 |
+---------------------------------+
Description:
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are
now available that fix a deadlock with the tg3 driver on certain
revisions of the Broadcom 570x gigabit ethernet series.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2934.html
+---------------------------------+
| Package: squirrelmail | ----------------------------//
| Date: 03-06-2003 |
+---------------------------------+
Description:
SquirrelMail is a webmail package written in PHP. Two
vulnerabilities have been found that affect versions of SquirrelMail
shipped with Red Hat Linux 8.0.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/noarch/
squirrelmail-1.2.10-1.noarch.rpm
9f9bdb1263306d8ffffef6c030c8fe29
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2937.html
+---------------------------------+
| Package: im | ----------------------------//
| Date: 03-06-2003 |
+---------------------------------+
Description:
A vulnerability has been discovered by Tatsuya Kinoshita in the way
two IM utilities create temporary files. By anticipating the names
used to create files and directories stored in /tmp, it may be
possible for a local attacker to corrupt or modify data as another
user.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/mew-2.2-6.i386.rpm
3c6c2174a0bc0f0a1569af9d36f3c68d
ftp://updates.redhat.com/8.0/en/os/i386/mew-common-2.2-6.i386.rpm
47b9bbd126fdd03298ebabe5a15f7806
ftp://updates.redhat.com/8.0/en/os/i386/mew-xemacs-2.2-6.i386.rpm
41c228d865760c2a092fe1916c28d1d9
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2938.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
