+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 28th, 2002 Volume 4, Number 13a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for openssl, apcupsd, bonsai, krb5, lpr, mutt, heimdal, kernel, ecartis, glibc, mysql, bitchx, mod_ssl, netpbm, rxvt, zlib, evolution, samba, kerberos, ethereal, and file. The distributors include, Caldera, Debian, Guardian Digital's EnGarde Secure Linux, Gentoo, Mandrake, NetBSD, Red Hat, SuSE, Trustix, and Turbolinux. * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail2 LinuxSecurity Feature Extras: Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer forensics have hit the big time. A previously superniche technology, forensics have moved into the collective consciousness of IT sys. admins. and Corporate CSOs. http://www.linuxsecurity.com/feature_stories/feature_story-139.html Remote Syslog with MySQL and PHP - Msyslog has the ability to log syslog messages to a database. This allows for easier monitoring of multiple servers and the ability to be display and search for syslog messages using PHP or any other programming language that can communicate with the database.by that, too. http://www.linuxsecurity.com/feature_stories/feature_story-138.html +---------------------------------+ | Package: openssl | ----------------------------// | Date: 03-22-2003 | +---------------------------------+ Description: Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Vendor Alerts: Caldera: openssl-0.9.6-21.i386.rpm cae226f7eb06d23837e4f253c024cc77 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-014.0/RPMS Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-3039.html FreeBSD: FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-3035.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3042.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3063.html NetBSD: NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-3069.html Trustix: Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/trustix_advisory-3074.html TurboLinux: TurboLInux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3075.html +---------------------------------+ | Package: apcupsd | ----------------------------// | Date: 03-22-2003 | +---------------------------------+ Description: Multiple vulnerabilities in apcupsd including a buffer overflow and format string vulnerability have been fixed. Vendor Alerts: Caldera: apcupsd-3.8.6-1.i386.rpm a2c0d41800f62383c65f77858f0c3898 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-014.0/RPMS Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html SuSE: SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-3060.html +---------------------------------+ | Package: bonsai | ----------------------------// | Date: 03-21-2003 | +---------------------------------+ Description: Several security related bugs have been fix in bonsai. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/b/bonsai/ bonsai_1.3+cvs20020224-1woody1_i386.deb Size/MD5 checksum: 154122 c2b39dfcfc33c3752afcb744323a91a2 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3025.html +---------------------------------+ | Package: krb5 | ----------------------------// | Date: 03-21-2003 | +---------------------------------+ Description: Several vulnerabilities have been discovered in krb5, an implementation of MIT Kerberos. Vendor Alerts: Debian: PLEASE SEE VENDOR ADVISORY FOR UPDATE Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3040.html +---------------------------------+ | Package: lpr | ----------------------------// | Date: 03-24-2003 | +---------------------------------+ Description: A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/l/ lpr/lpr_0.48-1.1_i386.deb Size/MD5 checksum: 85960 1758a9683ae487c20f46a73ba32d9c15 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3050.html TurboLinux: TurboLinux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3047.html +---------------------------------+ | Package: mutt | ----------------------------// | Date: 03-25-2003 | +---------------------------------+ Description: Core Security Technologies discovered a buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/m/ mutt/mutt_1.3.28-2.1_i386.deb Size/MD5 checksum: 1301398 f20f7221425af30530cc4c32fa93c5d9 http://security.debian.org/pool/updates/main/m/ mutt/mutt-utf8_1.3.28-2.1_i386.deb Size/MD5 checksum: 360742 c37eb100e007a5afa6fbcc6174f01266 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3064.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3041.html SuSE: SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-3045.html +---------------------------------+ | Package: heimdal | ----------------------------// | Date: 03-25-2003 | +---------------------------------+ Description: A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/h/heimdal/ heimdal-docs_0.4e-7.woody.6_all.deb Size/MD5 checksum: 1055480 e22766e034934ac5b6664468d1bd39c4 http://security.debian.org/pool/updates/main/h/heimdal/ heimdal-lib_0.4e-7.woody.6_all.deb Size/MD5 checksum: 19456 3be2de9ba824fd90ec6f0df606e9d716 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3065.html +---------------------------------+ | Package: kernel | ----------------------------// | Date: 03-27-2003 | +---------------------------------+ Description: The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible. Vendor Alerts: Debian: PLEASE SEE VENDOR ADVISORY FOR UPDATE Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3071.html SuSE: SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-3060.html +---------------------------------+ | Package: ecartis | ----------------------------// | Date: 03-27-2003 | +---------------------------------+ Description: A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/l/listar/ listar_0.129a-2.potato3_i386.deb Size/MD5 checksum: 301830 aa8d67d1f07cb0a769d2030708e3725c http://security.debian.org/pool/updates/main/l/listar/ listar-cgi_0.129a-2.potato3_i386.deb Size/MD5 checksum: 25342 efd78841548a3e97b0d0557e8b360a3d Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3076.html +---------------------------------+ | Package: glibc | ----------------------------// | Date: 03-21-2003 | +---------------------------------+ Description: This update fixes an integer overflow in the xdrmem_getbytes() function of glibc. Vendor Alerts: EnGarde: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ i386/glibc-2.1.3-1.0.7.i386.rpm MD5 Sum: 555c7d9d0f43887fe1c2ddf16eb1555b EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3051.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3059.html NetBSD: NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-3067.html Trustix: Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/trustix_advisory-3073.html +---------------------------------+ | Package: mysql | ----------------------------// | Date: 03-21-2003 | +---------------------------------+ Description: Versions of MySQL prior to 3.23.56 contained a vulnerability which could allow MySQL users to gain root privileges by using "SELECT * INFO OUTFILE" to overwrite a configuration file, causing MySQL to run as root upon its next restart. Vendor Alerts: EnGarde: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ i386/MySQL-3.23.56-1.0.23.i386.rpm MD5 Sum: 2e1d87123f531aa9f9db629b9791224b i386/MySQL-client-3.23.56-1.0.23.i386.rpm MD5 Sum: 732e50874839f55c0d45b8090eba28bb i386/MySQL-shared-3.23.56-1.0.23.i386.rpm MD5 Sum: cde31e38d9b2e421de6cf4a25ce8f041 i686/MySQL-3.23.56-1.0.23.i686.rpm MD5 Sum: acbba1bb7409fe800d2fc733446cb1d7 i686/MySQL-client-3.23.56-1.0.23.i686.rpm MD5 Sum: f3c98f5a75f4e5875aa5b248bb121999 i686/MySQL-shared-3.23.56-1.0.23.i686.rpm MD5 Sum: d0a2799942ad77b2cbdd1b0ccc5e7fc3 EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html +---------------------------------+ | Package: bitchx | ----------------------------// | Date: 03-24-2003 | +---------------------------------+ Description: Bitchx is full of sprintf() calls and relying on BIG_BUFFER_SIZE being large enough. Vendor Alerts: Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html +---------------------------------+ | Package: mod_ssl | ----------------------------// | Date: 03-22-2003 | +---------------------------------+ Description: "Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on." Vendor Alerts: Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3052.html +---------------------------------+ | Package: netpbm | ----------------------------// | Date: 03-25-2003 | +---------------------------------+ Description: Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. Vendor Alerts: Mandrake: PLEASE SEE VENDOR ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3058.html +---------------------------------+ | Package: rxvt | ----------------------------// | Date: 03-25-2003 | +---------------------------------+ Description: Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. Vendor Alerts: Mandrake: PLEASE SEE VENDOR ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3062.html TurboLinux: TurboLinux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3047.html +---------------------------------+ | Package: zlib | ----------------------------// | Date: 03-25-2003 | +---------------------------------+ Description: The gzprintf function in zlib did not do bounds checking on user supplied data. Depending on how the function is used in an application, malign source data can be designed to overflow a buffer and execute arbitrary code as the user of the application. Vendor Alerts: NetBSD: PLEASE SEE VENDOR ADVISORY FOR UPDATE NetBSD Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-3070.html +---------------------------------+ | Package: evolution | ----------------------------// | Date: 03-25-2003 | +---------------------------------+ Description: Updated Evolution packages are available which fix several vulnerabilities. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3028.html http://www.linuxsecurity.com/advisories/redhat_advisory-3053.html +---------------------------------+ | Package: samba | ----------------------------// | Date: 03-21-2003 | +---------------------------------+ Description: Updated samba packages are now available to fix security vulnerabilities found during a code audit. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3054.html +---------------------------------+ | Package: kerberos | ----------------------------// | Date: 03-26-2003 | +---------------------------------+ Description: Updated Kerberos packages fix a number of vulnerabilities found in MIT Kerberos. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3072.html +---------------------------------+ | Package: ethereal | ----------------------------// | Date: 03-26-2003 | +---------------------------------+ Description: Ethereal is a GUI for analyzing and displaying network traffic. Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code. These bugs can be abused to crash ethereal or maybe to execute arbitrary code on the machine running ethereal. Vendor Alerts: SuSE: ftp://ftp.suse.com/pub/suse/i386/update/8.1/ rpm/i586/ethereal-0.9.6-152.i586.rpm 1ea03e4f888f30bc37669ea4dd0cfe30 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-3031.html +---------------------------------+ | Package: file | ----------------------------// | Date: 03-21-2003 | +---------------------------------+ Description: The file command can be used to determine the type of files. iDEFENSE published a security report about a buffer overflow in the handling-routines for the ELF file-format. Vendor Alerts: SuSE: ftp://ftp.suse.com/pub/suse/i386/update/8.1/ rpm/i586/file-3.37-206.i586.rpm 06e1fa8c7e00fd848b9ccff104a096f0 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-3029.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------