+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| June 20th, 2002 Volume 4, Number 24a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for apache2, webmin, mikmod,
typespeed, noweb, jnethack, ethereal, lprng, gzip, man, kon2, ghostscript,
cups, gzip, BitchX, Xpdf, kernel, and mgetty. The distributors include
Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSe, and
TurboLinux. Like last week, many of the advisories are fixes to older
issues and minor problems. The Gentoo and Debian security teams were most
active.
Recently, there has been a lot of noise in the community about Gartner's
latest report (Information Security Hype Cycle) suggesting that IDS
technology fails to provide value relative to its costs and "will be
obsolete by 2005." The report indicates that IDS' do not add an extra of
security and they are a product of vendor puffery. Gartner's
recommendation is to direct any budgeted IDS funds into better firewalls.
"Functionality is moving into firewalls, which will perform deep packet
inspection for content and malicious traffic blocking, as well as
antivirus activities." According to the research, IDS technology fails
because the typical IT department does not have the resources to sift
through all of the false positives and false negatives generated by normal
traffic. If you've ever administered an IDS, I'm sure that you would
agree with that. One conclusion that I have made over the past few years
is that an IDS is not for the faint of heart. To reap benefit, a very
skilled administrator is required and onethat has the ability to write
custom signatures and configure in such a way that false
positives/negatives can be minimized.
Although this may be considered my <SOAPBOX> topic, I feel compelled to
mention it. <SOAPBOX> No matter how many intrusion detection/prevention
systems, firewalls, scanners, and applications are installed to improve
security, systems will ultimately remain insecure until sysadmins start
regularly patching vulnerabilities in a timely matter. I find it
appalling that scriptkiddies are able to find an insecure application
fingerprint, search on Google to find vulnerable hosts, then exploit it.
Negligence is the greatest cause of problems today. </SOAPBOX> I apologize
for lecturing, it is the "don't care" mindset that frustrates me.
The ironic part about all of this is that if you're reading this, you
probably agree with me and your systems are up-to-date. Education and
awareness are very important. One must realize that there is no magic
bullet.
Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get
a FREE Thawte Apache SSL Guide and find the answers to all your
Apache SSL security needs.
Click Command:
http://gothawte.com/rd763.html
FEATURE: Real-Time Alerting with Snort
Real-time alerting is a feature of an IDS or any other monitoring
application that notifies a person of an event in an acceptably short
amount of time. The amount of time that is acceptable is different for
every person.
http://www.linuxsecurity.com/feature_stories/feature_story-144.html
--------------------------------------------------------------------
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
--------------------------------------------------------------------
LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez
Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will
encounter: Host and Network based.
http://www.linuxsecurity.com/feature_stories/feature_story-143.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
6/17/2003 - apache2
arbitrary command execution vulnerability
The APR library contains a vulnerability in the apr_psprintf()
function which could be used to make apache reference invalid
memory.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3366.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
6/16/2003 - lyskom-server denial of service vulnerability
arbitrary command execution vulnerability
Calle Dybedahl discovered a bug in lyskom-server which could
result in a denial of service where an unauthenticated user could
cause the server to become unresponsive as it processes a large
query.
http://www.linuxsecurity.com/advisories/debian_advisory-3360.html
6/16/2003 - webmin
session ID spoofing vulnerability
miniserv.pl in the webmin package does not properly handle
metacharacters, such as line feeds and carriage returns, in
Base64-encoded strings used in Basic authentication.
http://www.linuxsecurity.com/advisories/debian_advisory-3361.html
6/16/2003 - mikmod
buffer overflow vulnerability
Ingo Saitz discovered a bug in mikmod whereby a long filename
inside an archive file can overflow a buffer when the archive is
being read by mikmod.
http://www.linuxsecurity.com/advisories/debian_advisory-3362.html
6/16/2003 - radiusd-cistron buffer overflow vulnerability
buffer overflow vulnerability
radiusd-cistron contains a bug allowing a buffer overflow when a
long NAS-Port attribute is received.
http://www.linuxsecurity.com/advisories/debian_advisory-3363.html
6/17/2003 - typespeed
buffer overflow vulnerability
radiusd-cistron contains a bug allowing a buffer overflow when a
long NAS-Port attribute is received.
http://www.linuxsecurity.com/advisories/debian_advisory-3367.html
6/17/2003 - noweb
insecure tmp file vulnerability
Jakob Lell discovered a bug in the 'noroff' script included in
noweb whereby a temporary file was created insecurely.
http://www.linuxsecurity.com/advisories/debian_advisory-3368.html
6/18/2003 - jnethack
Multiple vulnerabilities
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/debian_advisory-3376.html
6/18/2003 - ethereal
Multiple remote vulnerabilities
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/debian_advisory-3377.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
6/14/2003 - lprng
Symlink attack
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3355.html
6/14/2003 - gzip
Insecure temp files
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3356.html
6/14/2003 - man
Format string vulnerability
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3357.html
6/14/2003 - kon2
Buffer overflow vulnerability
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3358.html
6/14/2003 - ghostscript
Insecure temp file
Multiple vulnerabilities including a buffer overflow and potential
malicious code execution vulnerabilities have been fixed.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3359.html
6/16/2003 - cups
denial of service vulnerability
CUPS allows remote attackers to cause a denial of service via a
partial printing request to the IPP port (631), which does not
time out.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3364.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
6/17/2003 - ethereal
multiple vulnerabilities
Several vulnerabilities in ethereal were discovered by Timo
Sirainen.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3369.html
6/17/2003 - gzip
insecure tmp file vulnerability
A vulnerability exists in znew, a script included with gzip, that
would create temporary files without taking precautions to avoid a
symlink attack.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3370.html
6/17/2003 - BitchX
Denial of Service Vulnerability
A vulnerability exists in znew, a script included with gzip, that
would create temporary files without taking precautions to avoid a
symlink attack.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3373.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
6/18/2003 - Xpdf
Arbitrary code execution vulnerability
A vulnerability exists in znew, a script included with gzip, that
would create temporary files without taking precautions to avoid a
symlink attack.
http://www.linuxsecurity.com/advisories/redhat_advisory-3374.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
6/18/2003 - kernel
Multiple vulnerabilities
A vulnerability exists in znew, a script included with gzip, that
would create temporary files without taking precautions to avoid a
symlink attack.
http://www.linuxsecurity.com/advisories/slackware_advisory-3375.html
+---------------------------------+
| Distribution: SuSe | ----------------------------//
+---------------------------------+
6/16/2003 - radiusd-cistron denial of service vulnerability
Multiple vulnerabilities
radiusd-cistron contains a bug allowing a buffer overflow when a
long NAS-Port attribute is received.
http://www.linuxsecurity.com/advisories/suse_advisory-3365.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
6/17/2003 - mgetty
multiple vulnerabilities
These vulnerabilities allow remote attackers to cause a denial of
service and possibly execute arbitrary code via a Caller ID
string with a long CallerName argument as well as allow local
users to modify fax transmission privilege.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3371.html
6/17/2003 - gzip
insecure tmp file vulnerability
A vulnerability znew in the gzip package that could allow local
users to overwrite arbitrary files via a symlink attack on
temporary files.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3372.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
