Linux Advisory Watch - May 23rd 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  May 23rd, 2002                           Volume 4, Number 20a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

Linux Advisoiry Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for bugzilla, lv, mysql, sendmail,
bitchx, PHP, gnupg, cdrtools, xinetd, fileutils, lpr, epic4, glibc,
mod_ssl, and quotacheck. The distributors include Conectiva, Debian,
Guardian Digital, Gentoo, Immunix, Mandrake, OpenPKG, RedHat, and
Slackware. There were not any advisories that particularly caught my
attention. Perhaps the most serious are lpr, cdrecord, and lv, all of
which may result in a local root compromise. If you are using these
packages, they should be updated immediately.

Many of you probably have experience in general network security. Also,
many of you have probably worked with wireless equipment. In the last
three years I've seen hundreds of articles and whitepapers on how to
improve the security of wireless networks. Each paper usually falls into
two categories. First, I have found that about 80% of the papers are too
broad and do not provide any useful information. The other 20% of
articles/whitepapers are helpful in that they focus on specific issues.

Recently, I had the opportunity to read the O'Reilly book, "802.11
Security."  It was written by Bruce Potter and Bob Fleck and published
early this year. If you are looking for a overall source for 802.11
security, I highly recommend this book. Although it is only 176 pages
long, it is cram-packed with information. Like all O'Reilly books, it is
suitable and interesting enough to read from cover-to-cover or can be
easily used as a reference.

The book begins with an introduction to wireless networking and quickly
moves into explaining types of attacks and potential risks. The second
part book focuses on locking down five types of wireless workstations. It
includes specific chapters that cover FreeBSD, Linux, OpenBSD, OS X, and
Windows. Next, it covers aspects pertaining to access point security and
provides guidance on how to build a Linux, FreeBSD, or OpenBSD gateway.
The book concludes with a chapter on authentication and encryption, and a
chapter that discusses several wireless networking issues and predicts
what the future will hold. Although no one can claim that this book is
fully comprehensive, it does provide enough information to get started.
Some of you will probably be looking for more detailed information, while
others will think that it is the perfect dose. Once again, if you are
looking for a general book on 802.11 security, take a look at what
O'Reilly has to offer.

Until next time,
 Benjamin D. Thomas
 ben@xxxxxxxxxxxxxxxxx


LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez

Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will
encounter: Host and Network based.

http://www.linuxsecurity.com/feature_stories/feature_story-143.html

----

At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next
generation of the Community edition of EnGarde Secure Linux - the secure
and easy to manage system for building a complete Internet presence while
protecting your information assets.

Download the FREE trial today!
http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=freetrial

--------------------------------------------------------------------

* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.

 --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2

--------------------------------------------------------------------

Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out
there. While placing a network IDS outside one's firewall might also
provide a similar flood of alerts, a honeypot provides a unique
prospective on what will be going on when a related server is compromised
used by the intruders.

http://www.linuxsecurity.com/feature_stories/feature_story-141.html

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 5/22/2003 - bugzilla
   multiple vulnerabilities

   There are multiple vulnerabilities in bugzilla.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3280.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 5/16/2003 - lv
   privilege escalation vulnerability

   lv reads options from a configuration file in the current
   directory. Because such a file could be placed there by a
   malicious user, and lv configuration options can be used to
   execute commands, this represented a security vulnerability.
   http://www.linuxsecurity.com/advisories/debian_advisory-3263.html

 5/16/2003 - mysql
   privilege escalation vulnerability

   There are multiple vulnerabilities in the mysql package.
   http://www.linuxsecurity.com/advisories/debian_advisory-3264.html

 5/16/2003 - sendmail
   insecure tmp file vulnerability

   aul Szabo discovered bugs in three scripts included in the
   sendmail package where temporary files were created insecurely
   (expn, checksendmail and doublebounce.pl).
   http://www.linuxsecurity.com/advisories/debian_advisory-3265.html

 5/19/2003 - bitchx
   multiple vulnerabilities

   Timo Sirainen discovered several overflow problems in BitchX.
   http://www.linuxsecurity.com/advisories/debian_advisory-3274.html


+---------------------------------+
|  Distribution: EnGarde          | ----------------------------//
+---------------------------------+

 5/20/2003 - 'swatch' incorrect value in default configuration
   multiple vulnerabilities

   A bug was recently discovered in the default configuration of the
   daily log summaries.  The default address is set incorrectly
   causing daily summaries to bounce until the system is ran through
   the initial configuration process or the admin e-mail address is
   changed.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3277.html

 5/21/2003 - PHP
   debugging and PEAR fixes

   This update disables debugging and enables support for PEAR in
   EnGarde's PHP packages.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3278.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 5/16/2003 - gnupg
   key validation bug

   As part of the development of GnuPG 1.2.2, a bug was discovered in
   the key validation code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html

 5/16/2003 - ut2003-demo passive DOS exploit
   key validation bug

   There is a negative sign bug in the unreal tournement engine.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3267.html

 5/18/2003 - cdrtools
   privilege escalation vulnerability

   Incorrect link fixed. A vulnerability in cdrecord that could lead
   to a root compromise was discovered. cdrecord is not installed
   suid by default in Gentoo.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3272.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 5/19/2003 - lv
   arbitrary command execution vulnerability

   Previous versions of lv read the file .lv in the current
   directory.  Becuse this file could be created by other users and
   could contain malicious commands to execute upon viewing certain
   files this is considered a potential local root exploit.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3275.html

 5/19/2003 - xinetd
   denial of service vulnerability

   Steve Stubb has discovered that xinetd leaks 144 bytes for every
   connection it rejects.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3276.html


+---------------------------------+
|  Distribution: Immunix          | ----------------------------//
+---------------------------------+

 5/16/2003 - fileutils
   race condition vulnerability

   Steve Stubb has discovered that xinetd leaks 144 bytes for every
   connection it rejects.
   http://www.linuxsecurity.com/advisories/immunix_advisory-3270.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 5/22/2003 - cdrecord
   privilege escalation vulnaerbility

   A vulnerability in cdrecord was discovered that can be used to
   obtain root access because Mandrake Linux ships with the cdrecord
   binary suid root and sgid cdwriter.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3281.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 5/22/2003 - lpr
   buffer overflow vulnerability

   A buffer overflow was discovered in the lpr printer spooling
   system that can be exploited by a local user to gain root
   privileges.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3282.html


+---------------------------------+
|  Distribution: OpenPKG          | ----------------------------//
+---------------------------------+

 5/16/2003 - gnupg
   incorrect key validation vulnerability

   The GNU Privacy Guard (GnuPG) development team discovered that the
   key validation code in GnuPG 1.2.1 and older versions does not
   properly determine the validity of keys with multiple user IDs
   http://www.linuxsecurity.com/advisories/other_advisory-3273.html


+---------------------------------+
|  Distribution: RedHat           | ----------------------------//
+---------------------------------+

 5/16/2003 - lv
   privilege escalation vulnerability

   A bug has been found in versions of lv that read a .lv file in the
   current directory.  Local attackers can use this to place an .lv
   file in any directory to which they have write access.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3269.html

 5/21/2003 - gnupg
   key validation bug

   Updated gnupg packages correcting a bug in the GnuPG key
   validation functions are now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3279.html


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

 5/22/2003 - epic4
   multiple vulnerabilities

   New EPIC4 packages are available to fix security problems found by
   Timo Sirainen.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3283.html

 5/22/2003 - bitchx
   multiple vulnerabilities

   Timo Sirainen discovered several overflow problems in BitchX.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3284.html

 5/22/2003 - glibc
   buffer overflow vulnerability

   An integer overflow in the xdrmem_getbytes() function found in the
   glibc library has been fixed.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3285.html

 5/22/2003 - gnupg
   key validation bug

   A key validation bug which results in all user IDs on a given key
   being treated with the validity of the most-valid user ID on that
   key has been fixed with the release of GnuPG 1.2.2.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3286.html

 5/22/2003 - mod_ssl
   timing based attack vulnerability

   This version provides RSA blinding by default which prevents an
   extended timing analysis from revealing details of the secret key
   to an attacker.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3287.html

 5/22/2003 - quotacheck
   vulnerability

   An upgraded sysvinit package is available which fixes a problem
   with the use of quotacheck in /etc/rc.d/rc.M.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3288.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux