+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 4th, 2002 Volume 4, Number 26a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisoiry Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for kopete, kde, unzip, acm, xgalaga, mantis, kernel, proftpd, gtksee, proftpd, xpdf, acroread, tcptraceroute, phpbb, noweb, gnocatan, mikmod, XFree86, PHP, ethereal, and ypserv. The distributors include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red Hat, TurboLinux, and YellowDog. A number of advisories were released for Debian and Gentoo. Red Hat released a moderate amount, and Immunix, Turbo Linux, and Yellow Dog released only a few. There were several new vulnerabilities found, but a majority of the advisories released were patches to old issues. Last week, many of you enjoyed the insightful comments submitted by others readers. This week, many of our American readers are preparing for a long holiday weekend. Other readers across the world are also on holiday enjoying time with family and friends. Last weekend, I was quite busy because I got married. What do we do with our servers during this time? Many of us would like to shut them off and restart when we return. This option is never feasible. Others have no worries and leave their systems alone while away. No matter camp you're in, it is a great time to go 'back-to-the-basics.' Today, many of us concern ourselves with complex security mechanisms and newer technologies. However, many of us need to remember and return to the basics. Are all accounts on the system legitimate and used regularly? What is my password policy? Are only the minimum necessary applications on the system? No matter how many times a system is patched, if a disgruntled former employee still has an account on a system, it remains extremely vulnerable. People ask me almost daily, "I am new to Linux, how can I make sure that my system is secure?" I always point new users to several resources. First, the Linux Security Quick Reference card: http://www.linuxsecurity.com/docs/QuickRefCard.pdf Although it was written several years ago, almost all of it is sill relevant. Topics on the quick reference card includes permissions, kernel security, apache security, tcpwrappers, NIDS, critical system files, and others. It is advisable to print it on a single sheet double sided. Also, several other documents include the Linux Security Administrator's Guide, and the Linux Security Howto: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/ Both documents can provide you with a strong foundation in Linux security. Often systems remain vulnerable because the basics have been ignored or forgotten. In this season of vacationing, it is a good time to remember the basics of security administration. Double check your firewall rules, check for unnecessary applications and users, and verify critical file permissions. Until next time, Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25 FEATURE: Real-Time Alerting with Snort Real-time alerting is a feature of an IDS or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable is different for every person. http://www.linuxsecurity.com/feature_stories/feature_story-144.html -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- LINSECURITY.COM FEATURE: Intrusion Detection Systems: An Introduction By: Alberto Gonzalez Intrusion Detection is the process and methodology of inspecting data for malicious, inaccurate or anomalous activity. At the most basic levels there are two forms of Intrusion Detection Systems that you will encounter: Host and Network based. http://www.linuxsecurity.com/feature_stories/feature_story-143.html +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 7/1/2003 - radiusd-cistron buffer overflow vulnerability David Luyer reported[1] a buffer overflow vulnerability in radiusd-cistron versions <= 1.6.6 that could allow remote attackers to cause a denial of service (DoS) and possibly execute arbitrary code in the server context. http://www.linuxsecurity.com/advisories/connectiva_advisory-3407.html 7/1/2003 - kopete arbitrary command execution vulnerability A vulnerability in the GnuPG plugin in kopete versions prior to 0.6.2 allows remote attackers to execute arbitrary commands in the client context by sending specially crafted messages to it. http://www.linuxsecurity.com/advisories/connectiva_advisory-3408.html 7/1/2003 - kde mulitple vulnerabilities There are multiple vulnerabilities in KDE. http://www.linuxsecurity.com/advisories/connectiva_advisory-3409.html 7/3/2003 - unzip directory traversal vulnerability A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. http://www.linuxsecurity.com/advisories/connectiva_advisory-3426.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 6/28/2003 - acm Integer overflow A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. http://www.linuxsecurity.com/advisories/debian_advisory-3402.html 6/28/2003 - xgalaga Buffer overflow vulnerability A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. http://www.linuxsecurity.com/advisories/debian_advisory-3403.html 6/28/2003 - kernel-2.4.17 Multiple vulnerabilities Buffer overflow vulnerability A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. http://www.linuxsecurity.com/advisories/debian_advisory-3404.html 6/28/2003 - imagemagick temporary file A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. http://www.linuxsecurity.com/advisories/debian_advisory-3405.html 6/28/2003 - mantis Incorrect permissions vulnerability A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. http://www.linuxsecurity.com/advisories/debian_advisory-3406.html 7/1/2003 - proftpd SQL injection vulnerability ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack. http://www.linuxsecurity.com/advisories/debian_advisory-3411.html 7/1/2003 - gtksee buffer overflow vulnerability Viliam Holub discovered a bug in gtksee whereby, when loading PNG images of certain color depths, gtksee would overflow a heap-allocated buffer. http://www.linuxsecurity.com/advisories/debian_advisory-3412.html 7/1/2003 - 2.2 kernel multiple vulnerabilities buffer overflow vulnerability This advisory is being released as a factual correction to DSA-336-1. http://www.linuxsecurity.com/advisories/debian_advisory-3413.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 6/27/2003 - proftpd sql inject vulnerability A SQL Inject exists in ProFTPD server using the mod_sql module to authenticate against PostgreSQL database server. This vulnerability may allow a remote user to login whithout user and password. http://www.linuxsecurity.com/advisories/gentoo_advisory-3397.html 6/27/2003 - xpdf arbitrary code execution vulnerability Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers. http://www.linuxsecurity.com/advisories/gentoo_advisory-3398.html 6/27/2003 - acroread arbitrary code execution vulnerability Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers. http://www.linuxsecurity.com/advisories/gentoo_advisory-3399.html 6/27/2003 - ethereal arbitrary code execution vulnerability It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. http://www.linuxsecurity.com/advisories/gentoo_advisory-3400.html 7/1/2003 - tcptraceroute privilege escalation vulnerability tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. http://www.linuxsecurity.com/advisories/gentoo_advisory-3414.html 7/1/2003 - phpbb SQL injection vulnerability QL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. http://www.linuxsecurity.com/advisories/gentoo_advisory-3415.html 7/1/2003 - noweb insecure tmp file vulnerability Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script. http://www.linuxsecurity.com/advisories/gentoo_advisory-3416.html 7/1/2003 - gnocatan multiple vulnerabilities Bas Wijnen discovered that the gnocatan server is vulnerable to several buffer overflows which could be exploited to execute arbitrary code on the server system. http://www.linuxsecurity.com/advisories/gentoo_advisory-3417.html 7/3/2003 - mikmod arbitrary code execution vulnerability Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename. http://www.linuxsecurity.com/advisories/gentoo_advisory-3427.html +---------------------------------+ | Distribution: Immunix | ----------------------------// +---------------------------------+ 7/3/2003 - unzip directory traversal vulnerabilities Jelmer has discovered it is possible to bypass unzip's ".." protections by including garbage characters between the two periods. http://www.linuxsecurity.com/advisories/immunix_advisory-3428.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 6/30/2003 - xpdf arbitrary code execution vulnerability Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. http://www.linuxsecurity.com/advisories/mandrake_advisory-3418.html 6/30/2003 - ypserv denial of service vulnerability A vulnerability was found in versions of ypserv prior to version 2.7. http://www.linuxsecurity.com/advisories/mandrake_advisory-3419.html +---------------------------------+ | Distribution: RedHat | ----------------------------// +---------------------------------+ 6/27/2003 - XFree86 multiple vulnerabilities Since the last XFree86 update for Red Hat Linux 7.1 and 7.2, a number of security vulnerabilities have been found and fixed. http://www.linuxsecurity.com/advisories/redhat_advisory-3401.html 7/1/2003 - unzip trojan vulnerability A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to overwrite arbitrary files during archive extraction by placing invalid (non-printable) characters between two "." characters. http://www.linuxsecurity.com/advisories/redhat_advisory-3420.html 7/2/2003 - PHP multiple vulnerabilities his update contains fixes for a number of bugs discovered in the version of PHP included in Red Hat Linux 8.0 and 9. http://www.linuxsecurity.com/advisories/redhat_advisory-3425.html 7/3/2003 - ethereal multiple vulnerabilities A number of security issues affect Ethereal. http://www.linuxsecurity.com/advisories/redhat_advisory-3429.html +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ 7/2/2003 - radiusd-cistron arbitrary code execution vulnerability multiple vulnerabilities This may allow remote attackers to cause a denial of service or even execute arbitrary code. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3421.html 7/2/2003 - kernel multiple vulnerabilities Local users may be able to gain read or write access to certain I/O ports. Attackers may be able to cause a denial of service . http://www.linuxsecurity.com/advisories/turbolinux_advisory-3422.html +---------------------------------+ | Distribution: YellowDog | ----------------------------// +---------------------------------+ 7/2/2003 - ypserv denial of service vulnerability A vulnerability has been discovered in the ypserv NIS server prior to version 2.7. http://www.linuxsecurity.com/advisories/yellowdog_advisory-3423.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------