+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 2nd, 2002 Volume 4, Number 17a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for apcupsd, sendmail, apache, balsa,
pptp, kdebase, snort, tcpdump, monkeyd, mgetty, ethereal, squirrelmail,
lprng, micq, zlib, man, and xinetd. The distributors include Caldera,
Conectiva, Debian, EnGarde, Gentoo, Mandrake, Red Hat, and Turbo Linux.
Free SSL guide from Thawte - Security is of the utmost importance when
doing business on the Web. Using a Thawte SSL Web Server Certificate
demonstrates a commitment to security and will provide your business with
a competitive advantage by establishing a relationship of trust with your
customers.
Download your Free SSL Guide from Thawte Now!
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte16
EnGarde Secure Linux Community Edition now available for download!
http://www.linuxsecurity.com/feature_stories/feature_story-142.html
--------------------------------------------------------------------
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
--------------------------------------------------------------------
Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out
there. While placing a network IDS outside one's firewall might also
provide a similar flood of alerts, a honeypot provides a unique
prospective on what will be going on when a related server is compromised
used by the intruders.
http://www.linuxsecurity.com/feature_stories/feature_story-141.html
+---------------------------------+
| apcupsd | ----------------------------//
+---------------------------------+
Description:
Multiple buffer overflows in apcupsd may allow attackers to cause a denial
of service or execute arbitrary code, related to usage of the vsprintf
function.
Vendor Alerts:
Caldera:
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html
+---------------------------------+
| sendmail | ----------------------------//
+---------------------------------+
Description:
>From CERT CA-2003-12: There is a vulnerability in sendmail that can be
exploited to cause a denial-of-service condition and could allow a remote
attacker to execute arbitrary code with the privileges of the sendmail
daemon, typically root.
Vendor Alerts:
Caldera:
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html
Conectiva:
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3220.html
+---------------------------------+
| apache | ----------------------------//
+---------------------------------+
Description:
There is a memory leak in these apache versions which can be remotely
triggered by sending large chunks of consecutive linefeed characters. Each
linefeed will cause the server to allocate 80 bytes of memory.
Vendor Alerts:
Conectiva:
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3219.html
+---------------------------------+
| balsa | ----------------------------//
+---------------------------------+
Description:
An attacker who is able to control an IMAP server accessed by balsa can
exploit this vulnerability to remotely crash the client or execute
arbitrary code with the privileges of the user running it. This update
fixes this vulnerability.
Vendor Alerts:
Conectiva:
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3221.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3216.html
+---------------------------------+
| pptp | ----------------------------//
+---------------------------------+
Description:
Timo Sirainen discovered a vulnerability in pptpd, a Point to Point
Tunneling Server, which implements PPTP-over-IPSEC and is commonly used to
create Virtual Private Networks (VPN). By specifying a small packet length
an attacker is able to overflow a buffer and execute code under the user
id that runs pptpd, probably root. An exploit for this problem is already
circulating.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3214.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3209.html
+---------------------------------+
| kdebase | ----------------------------//
+---------------------------------+
Description:
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript
software for processing of PostScript (PS) and PDF files. An attacker
could provide a malicious PostScript or PDF file via mail or websites that
could lead to executing arbitrary commands under the privileges of the
user viewing the file or when the browser generates a directory listing
with thumbnails.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3215.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3201.html
+---------------------------------+
| snort | ----------------------------//
+---------------------------------+
Description:
Two vulnerabilities have been discoverd in Snort, a popular network
intrusion detection system. Snort comes with modules and plugins that
perform a variety of functions such as protocol analysis.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3223.html
EnGarde:
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-3217.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3207.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3212.html
+---------------------------------+
| tcpdump | ----------------------------//
+---------------------------------+
Description:
There are several vulnerabilities in the tcpdump package shipped with
EnGarde Secure Linux.
Vendor Alerts:
EnGarde:
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-3218.html
+---------------------------------+
| monkeyd | ----------------------------//
+---------------------------------+
Description:
A buffer overflow vulnerability exists in Monkey's handling of forms
submitted with the POST request method. The unchecked buffer lies in the
PostMethod() procedure.
Vendor Alerts:
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3208.html
+---------------------------------+
| mgetty | ----------------------------//
+---------------------------------+
Description:
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote
attackers to cause a denial of service and possibly execute arbitrary code
via a Caller ID string with a long CallerName argument.
Vendor Alerts:
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3210.html
+---------------------------------+
| ethereal | ----------------------------//
+---------------------------------+
Description:
A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a
remote attacker to use specially crafted SOCKS packets to cause a denial
of service (DoS) and possibly execute arbitrary code.
Vendor Alerts:
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3203.html
+---------------------------------+
| squirrelmail | ----------------------------//
+---------------------------------+
Description:
Cross-site scripting vulnerabilities in SquirrelMail version 1.2.10 and
earlier allow remote attackers to execute script as other Web users via
mailbox displays, message displays, or search results displays. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0160 to these issues.
Vendor Alerts:
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3204.html
+---------------------------------+
| lprng | ----------------------------//
+---------------------------------+
Description:
A vulnerability has been found in psbanner, which creates a temporary file
with a known filename in an insecure manner. An attacker could create a
symbolic link and cause arbitrary files to be written as the 'lp' user.
Vendor Alerts:
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3205.html
+---------------------------------+
| micq | ----------------------------//
+---------------------------------+
Description:
mICQ versions 0.4.9 and earlier allow remote attackers to cause a denial
of service (crash) using malformed ICQ message types without a 0xFE
separator character.
Vendor Alerts:
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3206.html
+---------------------------------+
| zlib | ----------------------------//
+---------------------------------+
Description:
Updated zlib packages are now available which fix a buffer overflow
vulnerability.
Vendor Alerts:
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3211.html
+---------------------------------+
| mysql | ----------------------------//
+---------------------------------+
Description:
A double-free vulnerability in mysqld, for MySQL before version 3.23.55,
allows attackers with MySQL access to cause a denial of service (crash) by
creating a carefully crafted client application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0073 to this issue.
Vendor Alerts:
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3211.html
+---------------------------------+
| man | ----------------------------//
+---------------------------------+
Description:
Updated man packages fix a minor security vulnerability.
Vendor Alerts:
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3224.html
+---------------------------------+
| xinetd | ----------------------------//
+---------------------------------+
Description:
The remote attackers can create DoS condition on the xined server.
Vendor Alerts:
Turbo Linux:
Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3202.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
