+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 4th, 2002 Volume 4, Number 14a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for sendmail, dietlibc, krb4, mutt,
lpr, kernel, apcupsd, samba, eterm, evolution, dhcp, openssl, vsftp,
kerberos, eog, enetbpm, and mysql. The distributors include Caldera,
Conectiva, Gentoo, Immunix, Red Hat, SuSE, Slackware, Trustix, and Yellow
Dog.
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
-----------------------------
LinuxSecurity Feature Extras:
-----------------------------
Making It Big: Large Scale Network Forensics (Part 2 of 2) - Proper
methodology for computer forensics would involve a laundry-list of actions
and thought processes that an investigator needs to consider in order to
have the basics covered.
http://www.linuxsecurity.com/feature_stories/feature_story-140.html
Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer
forensics have hit the big time. A previously superniche technology,
forensics have moved into the collective consciousness of IT sys. admins.
and Corporate CSOs.
http://www.linuxsecurity.com/feature_stories/feature_story-139.html
+---------------------------------+
| Package: sendmail | ----------------------------//
| Date: 03-28-2003 |
+---------------------------------+
Description:
>From CERT CA-2003-12: There is a vulnerability in sendmail that can be
exploited to cause a denial-of-service condition and could allow a remote
attacker to execute arbitrary code with the privileges of the sendmail
daemon, typically root.
Vendor Alerts:
Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-016.0/RPMS/
sendmail-8.11.6-14.i386.rpm
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3109.html
Conectiva:
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
sendmail-8.11.6-1U60_3cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2913.html
Gentoo:
Gentoo Vendot Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3088.html
Immunix:
Immunix Vendor Advisory:
http://www.linuxsecurity.com/advisories/immunix_advisory-3093.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3097.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3095.html
Slackware:
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-3086.html
Turbo Linux:
TurboLinux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3094.html
Yellow Dog:
Yellow Dog Linux:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2935.html
+---------------------------------+
| Package: dietlibc | ----------------------------//
| Date: 03-28-2003 |
+---------------------------------+
Description:
eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function of glibc, that is also present in dietlibc, a
small libc useful especially for small and embedded systems. This
function is part of the XDR coder/decoder derived from Sun's RPC
implementation. Depending upon the application, this vulnerability can
cause buffer overflows and could possibly be exploited to execute arbitray
code.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/d/
dietlibc/dietlibc-dev_0.12-2.5_i386.deb
Size/MD5 checksum: 230736 d6766661ce15e7d0bb981dd4283af35c
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3077.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3090.html
+---------------------------------+
| Package: krb4 | ----------------------------//
| Date: 03-28-2003 |
+---------------------------------+
Description:
A cryptographic weakness in version 4 of the Kerberos protocol allows
an attacker to use a chosen-plaintext attack to impersonate
anyprincipal in a realm. Additional cryptographic weaknesses in the
krb4 implementation permit the use of cut-and-paste attacks to
fabricate krb4 tickets for unauthorized client principals if
triple-DES keys are used to key krb4 services. These attacks can
subvert a site's entire Kerberos authentication infrastructure.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3078.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3089.html
+---------------------------------+
| Package: mutt | ----------------------------//
| Date: 03-28-2003 |
+---------------------------------+
Description:
Byrial Jensen discovered a couple of off-by-one buffer overflow in
the IMAP code of Mutt, a text-oriented mail reader supporting IMAP,
MIME, GPG, PGP and threading. This problem could potentially allow a
remote malicious IMAP server to cause a denial of service (crash) and
possibly execute arbitrary code via a specially crafted mail folder.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/m/mutt/
mutt_1.3.28-2.2_i386.deb
Size/MD5 checksum: 1301466 aa1b5f036516de1e6ffe434c71e53ea9
http://security.debian.org/pool/updates/main/m/mutt/
mutt-utf8_1.3.28-2.2_i386.deb
Size/MD5 checksum: 360826 b8c3485a23be019515673825eb299589
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3081.html
+---------------------------------+
| Package: lpr | ----------------------------//
| Date: 03-28-2003 |
+---------------------------------+
Description:
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
printer spooling system. This problem can be exploited by a local
user to gain root privileges, even if the printer system is set up
properly.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/l/
lpr-ppd/lpr-ppd_0.72-2.1_i386.deb
Size/MD5 checksum: 87626 67ae1097288920eac71f5fc8acad5873
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3104.html
+---------------------------------+
| Package: kernel | ----------------------------//
| Date: 04-3-2003 |
+---------------------------------+
Description:
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
printer spooling system. This problem can be exploited by a local
user to gain root privileges, even if the printer system is set up
properly.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/k/
kernel-patch-2.4.17-s390/
kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1_all.deb
Size/MD5 checksum: 301464 691bc1a529cb6125bb04ca43d795c139
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3105.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3082.html
http://www.linuxsecurity.com/advisories/mandrake_advisory-3083.html
+---------------------------------+
| Package: apcupsd | ----------------------------//
| Date: 04-3-2003 |
+---------------------------------+
Description:
The controlling and management daemon apcupsd for APC's Unbreakable
Power Supplies is vulnerable to several buffer overflows and format
string attacks. These bugs can be exploited remotely by an attacker
to gain root access to the machine apcupsd is running on.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/a/apcupsd/
apcupsd_3.8.5-1.1.1_i386.deb
Size/MD5 checksum: 879266 2cf3d527d12b8eb2a6644db08e81add4
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3110.html
+---------------------------------+
| Package: sambda | ----------------------------//
| Date: 04-3-2003 |
+---------------------------------+
Description:
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
Vendor Alerts:
Immunix:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Immunix Vendor Advisory:
http://www.linuxsecurity.com/advisories/immunix_advisory-3092.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3100.html
+---------------------------------+
| Package: eterm | ----------------------------//
| Date: 04-3-2003 |
+---------------------------------+
Description:
A buffer overrun condition exists in the SMB/CIFS packet fragment
re-assembly code in smbd which would allow an attacker to cause smbd
to overwrite arbitrary areas of memory in its own process address
space. This could allow a skilled attacker to inject binary specific
exploit code into smbd.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3106.html
+---------------------------------+
| Package: evolution | ----------------------------//
| Date: 04-1-2003 |
+---------------------------------+
Description:
Multiple vulnerabilities have been found in the Ximian Evolution
email client. These vulnerabilities make it possible for a carefully
crafted email to crash the program, cause general system instability
through resource starvation, and get around security measures
implemented within the program.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/9/en/os/i386/
evolution-1.2.2-5.i386.rpm
bd29c1f05f08510072856f0b9fcbf858
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3096.html
+---------------------------------+
| Package: dhcp | ----------------------------//
| Date: 04-1-2003 |
+---------------------------------+
Description:
A potential remote denial of service attack affects version 3 of the
ISC DHCPD server. This advisory provides fixed packages for Red Hat
Linux 8.0.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3098.html
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 04-1-2003 |
+---------------------------------+
Description:
Updated OpenSSL packages are available that fix a potential
timing-based attack and a modified Bleichenbacher attack.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3099.html
+---------------------------------+
| Package: vsftp | ----------------------------//
| Date: 04-1-2003 |
+---------------------------------+
Description:
In Red Hat Linux 9, the vsftpd FTP daemon switched from being run by
xinetd to being run as a standalone service. In doing so, it was
accidentally not compiled against tcp_wrappers.
Vendor Alerts:
Red Hat:
ftp://updates.redhat.com/9/en/os/i386/
vsftpd-1.1.3-8.i386.rpm
d2e807f808c45407f08528f50d29933b
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3101.html
+---------------------------------+
| Package: kerberos | ----------------------------//
| Date: 04-2-2003 |
+---------------------------------+
Description:
Vulnerabilities have been found in the Kerberos IV authentication
protocol which allow an attacker with knowledge of a cross-realm key,
which is shared with another realm, to impersonate any principal in
that realm to any service in that realm. This vulnerability can only
be closed by disabling cross-realm authentication in Kerberos IV
(CAN-2003-0138).
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3102.html
+---------------------------------+
| Package: eog | ----------------------------//
| Date: 04-02-2003 |
+---------------------------------+
Description:
A vulnerability was found in EOG version 2.2.0 and earlier. A
carefully crafted filename passed to the program could lead to the
execution of arbitrary code. An attacker could exploit this because
various ackages (Mutt, for example) make use of EOG for image
viewing.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3107.html
+---------------------------------+
| Package: enetpbm | ----------------------------//
| Date: 04-2-2003 |
+---------------------------------+
Description:
One way that an attacker could exploit these vulnerabilities would be
to submit a carefully crafted image to be printed, as the LPRng print
spooler used by default in Red Hat Linux releases uses netpb
utilities to parse various types of image files.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3108.html
+---------------------------------+
| Package: mysql | ----------------------------//
| Date: 04-2-2003 |
+---------------------------------+
Description:
This vulnerability is a configuration file being overwritten by using
the "SELECT * INFO OUTFILE".
Vendor Alerts:
Turbo Linux:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3103.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
