+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 4th, 2002 Volume 4, Number 14a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for sendmail, dietlibc, krb4, mutt, lpr, kernel, apcupsd, samba, eterm, evolution, dhcp, openssl, vsftp, kerberos, eog, enetbpm, and mysql. The distributors include Caldera, Conectiva, Gentoo, Immunix, Red Hat, SuSE, Slackware, Trustix, and Yellow Dog. * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 ----------------------------- LinuxSecurity Feature Extras: ----------------------------- Making It Big: Large Scale Network Forensics (Part 2 of 2) - Proper methodology for computer forensics would involve a laundry-list of actions and thought processes that an investigator needs to consider in order to have the basics covered. http://www.linuxsecurity.com/feature_stories/feature_story-140.html Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer forensics have hit the big time. A previously superniche technology, forensics have moved into the collective consciousness of IT sys. admins. and Corporate CSOs. http://www.linuxsecurity.com/feature_stories/feature_story-139.html +---------------------------------+ | Package: sendmail | ----------------------------// | Date: 03-28-2003 | +---------------------------------+ Description: >From CERT CA-2003-12: There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. Vendor Alerts: Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-016.0/RPMS/ sendmail-8.11.6-14.i386.rpm Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-3109.html Conectiva: ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ sendmail-8.11.6-1U60_3cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-2913.html Gentoo: Gentoo Vendot Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3088.html Immunix: Immunix Vendor Advisory: http://www.linuxsecurity.com/advisories/immunix_advisory-3093.html Red Hat: Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3097.html SuSE: SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-3095.html Slackware: Slackware Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-3086.html Turbo Linux: TurboLinux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3094.html Yellow Dog: Yellow Dog Linux: http://www.linuxsecurity.com/advisories/yellowdog_advisory-2935.html +---------------------------------+ | Package: dietlibc | ----------------------------// | Date: 03-28-2003 | +---------------------------------+ Description: eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR coder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/d/ dietlibc/dietlibc-dev_0.12-2.5_i386.deb Size/MD5 checksum: 230736 d6766661ce15e7d0bb981dd4283af35c Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3077.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3090.html +---------------------------------+ | Package: krb4 | ----------------------------// | Date: 03-28-2003 | +---------------------------------+ Description: A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate anyprincipal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure. Vendor Alerts: Debian: PLEASE SEE VENDOR ADVISORY FOR UPDATE Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3078.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-3089.html +---------------------------------+ | Package: mutt | ----------------------------// | Date: 03-28-2003 | +---------------------------------+ Description: Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/m/mutt/ mutt_1.3.28-2.2_i386.deb Size/MD5 checksum: 1301466 aa1b5f036516de1e6ffe434c71e53ea9 http://security.debian.org/pool/updates/main/m/mutt/ mutt-utf8_1.3.28-2.2_i386.deb Size/MD5 checksum: 360826 b8c3485a23be019515673825eb299589 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3081.html +---------------------------------+ | Package: lpr | ----------------------------// | Date: 03-28-2003 | +---------------------------------+ Description: A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/l/ lpr-ppd/lpr-ppd_0.72-2.1_i386.deb Size/MD5 checksum: 87626 67ae1097288920eac71f5fc8acad5873 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3104.html +---------------------------------+ | Package: kernel | ----------------------------// | Date: 04-3-2003 | +---------------------------------+ Description: A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/k/ kernel-patch-2.4.17-s390/ kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1_all.deb Size/MD5 checksum: 301464 691bc1a529cb6125bb04ca43d795c139 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3105.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3082.html http://www.linuxsecurity.com/advisories/mandrake_advisory-3083.html +---------------------------------+ | Package: apcupsd | ----------------------------// | Date: 04-3-2003 | +---------------------------------+ Description: The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on. Vendor Alerts: Debian: http://security.debian.org/pool/updates/main/a/apcupsd/ apcupsd_3.8.5-1.1.1_i386.deb Size/MD5 checksum: 879266 2cf3d527d12b8eb2a6644db08e81add4 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-3110.html +---------------------------------+ | Package: sambda | ----------------------------// | Date: 04-3-2003 | +---------------------------------+ Description: A buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address space. This could allow a skilled attacker to inject binary specific exploit code into smbd. Vendor Alerts: Immunix: PLEASE SEE VENDOR ADVISORY FOR UPDATE Immunix Vendor Advisory: http://www.linuxsecurity.com/advisories/immunix_advisory-3092.html Red Hat: Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3100.html +---------------------------------+ | Package: eterm | ----------------------------// | Date: 04-3-2003 | +---------------------------------+ Description: A buffer overrun condition exists in the SMB/CIFS packet fragment re-assembly code in smbd which would allow an attacker to cause smbd to overwrite arbitrary areas of memory in its own process address space. This could allow a skilled attacker to inject binary specific exploit code into smbd. Vendor Alerts: Mandrake: PLEASE SEE VENDOR ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-3106.html +---------------------------------+ | Package: evolution | ----------------------------// | Date: 04-1-2003 | +---------------------------------+ Description: Multiple vulnerabilities have been found in the Ximian Evolution email client. These vulnerabilities make it possible for a carefully crafted email to crash the program, cause general system instability through resource starvation, and get around security measures implemented within the program. Vendor Alerts: Red Hat: ftp://updates.redhat.com/9/en/os/i386/ evolution-1.2.2-5.i386.rpm bd29c1f05f08510072856f0b9fcbf858 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3096.html +---------------------------------+ | Package: dhcp | ----------------------------// | Date: 04-1-2003 | +---------------------------------+ Description: A potential remote denial of service attack affects version 3 of the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3098.html +---------------------------------+ | Package: openssl | ----------------------------// | Date: 04-1-2003 | +---------------------------------+ Description: Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3099.html +---------------------------------+ | Package: vsftp | ----------------------------// | Date: 04-1-2003 | +---------------------------------+ Description: In Red Hat Linux 9, the vsftpd FTP daemon switched from being run by xinetd to being run as a standalone service. In doing so, it was accidentally not compiled against tcp_wrappers. Vendor Alerts: Red Hat: ftp://updates.redhat.com/9/en/os/i386/ vsftpd-1.1.3-8.i386.rpm d2e807f808c45407f08528f50d29933b Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3101.html +---------------------------------+ | Package: kerberos | ----------------------------// | Date: 04-2-2003 | +---------------------------------+ Description: Vulnerabilities have been found in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared with another realm, to impersonate any principal in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3102.html +---------------------------------+ | Package: eog | ----------------------------// | Date: 04-02-2003 | +---------------------------------+ Description: A vulnerability was found in EOG version 2.2.0 and earlier. A carefully crafted filename passed to the program could lead to the execution of arbitrary code. An attacker could exploit this because various ackages (Mutt, for example) make use of EOG for image viewing. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3107.html +---------------------------------+ | Package: enetpbm | ----------------------------// | Date: 04-2-2003 | +---------------------------------+ Description: One way that an attacker could exploit these vulnerabilities would be to submit a carefully crafted image to be printed, as the LPRng print spooler used by default in Red Hat Linux releases uses netpb utilities to parse various types of image files. Vendor Alerts: Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-3108.html +---------------------------------+ | Package: mysql | ----------------------------// | Date: 04-2-2003 | +---------------------------------+ Description: This vulnerability is a configuration file being overwritten by using the "SELECT * INFO OUTFILE". Vendor Alerts: Turbo Linux: PLEASE SEE VENDOR ADVISORY FOR UPDATE Turbo Linux Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-3103.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------