Linux Advisory Watch - July 18th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  July 18th, 2003                          Volume 4, Number 28a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

This week, advisories were released for pam, gnupg, mpg123, ucd-snmp,
phpgroupware, traceroute-nanog, nfs-utils, falconseye, php4, unzip,
radius, gtksee, kernel, mozilla, xpdf, apache, and ypserv. The
distributors include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red
Hat, Slackware, SuSE, Trustix, and Turbo Linux.

One of the most reoccurring annoyances that I have had about vendor
vulnerability announcements is the lack of standardization. Week after
week software vendors continue to release advisories that outline various
vulnerabilities and announce major updates. What is wrong with these?
Why am I concerned about standards? As a seasoned Linux user, I have
become accustom to the various formatting techniques of each vendor.
Other less experienced users may have trouble determining exactly what to
update from poorly organized advisories.  One of the most consistently
good distributions is Red Hat.  Each week, advisories are released with an
informative but concise history of each vulnerability, links to all
updated packages, information on how to update, and MD5 checksums for each
updated file.

Another consistent distribution is Debian.  The presentation is similar to
Red Hat, however they choose to include the MD5 checksum below each URL.
This simple difference can save an administrator time when verifying each
file.  Rather than having to look the hash up in a table, it is easier to
find and identify. Other distributions such as Immunix and Gentoo provide
very little information in each advisory.  Only a very short description
and links to updated packages, or instructions how to update the software
is given.  Personally, I prefer the Red Hat/Debian style because I am
concerned about having an informed idea of what I am applying.  Others may
prefer shorter advisories because time is not wasted sifting through
mounds of information.

Is there a solution?  The closest to a standardization that I have found
is the VulnXML project.  What is it?  It is an open XML DTD to regulate
the creation of XML-type security advisories.  Rather than plaintext,
vendors will be encouraged to release advisories as an XML document
resulting in more consistency.  With this, users will ultimately have an
easier understanding of the advisories released.  Web sites will then have
the ability to format advisories for better readability and indexing.  I
commend the VulnXML development team for establishing this project.  I am
anxious to see how it progresses.  Probably the most difficult aspect will
be getting vendors to participate.  Initially, I see this getting started
by recruiting volunteers to 'translate' new advisories. As community
support and demand grows for VulnXML advisories, vendors will conform.

If you are interested in learning more about VulnXML, I recommend that you
visit:  http://www.owasp.org/vulnxml/


Until next time,

 Benjamin D. Thomas
 ben@xxxxxxxxxxxxxxxxx


INTRODUCING: Secure Mail Suite from Guardian Digital

Unparalleled E-Mail Security. Secure Mail Suite is the most Dynamic,
Rigorous Protection for Your Email System on the market today. It Clobbers
Spam.  Detects and Disables Viruses. And its Killer Firewall Keeps Your
Data -- and Your System and Safe and Secure. All in an Easy-to-Manage
Application that's Simple to Administer and Maintain.

Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security.
It's based on Open-Source Engineering, so it's constantly Improving.  And
with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard
for You -- for Many Reliable Years.

Secure Mail Suite. Sweet!
  From the First Name in Open-Source Security. Guardian Digital.

 --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews3



REVIEW: Linux Security Cookbook

There are rarely straightforward solutions to real world issues,
especially in the field of security. The Linux Security Cookbook is an
essential tool to help solve those real world problems.

http://www.linuxsecurity.com/feature_stories/feature_story-145.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

--------------------------------------------------------------------

>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.


 Click Command:
 http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 7/11/2003 - pam
   Local vulnerability

   Andreas Beck discovered[1] a vulnerability in the use of pam_xauth
   by the su utility. If the attacker can make one user run su from an
   X session, he can steal the X credentials and execute programs in the
   X display of the user running su. The worst scenario is the one where
   an administrator, logged as root, uses "su" to an account belonging
   to an attacker.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3453.html

 7/11/2003 - gnupg
   Key validity vulnerability

   During the development of GnuPG 1.2.2, a bug has been found in
   the key validation code

   http://www.linuxsecurity.com/advisories/connectiva_advisory-3454.html

 7/15/2003 - mpg123
   buffer overflow vulnerability

   A vulnerability[1] in the way mpg123 handles mp3 files with a
   bitrate of zero may allow attackers to execute arbitrary code
   using a specially crafted mp3 file.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3458.html

 7/15/2003 - ucd-snmp heap overflow vulnerability
   buffer overflow vulnerability

   There is a remote heap overflow vulnerability in snmpnetstat (a
   tool used to retrieve information about a remote host).
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3459.html

 7/16/2003 - ucd-snmp remote heap overflow vulnerability
   buffer overflow vulnerability

   There is a remote heap overflow vulnerability in snmpnetstat .
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3464.html

 7/16/2003 - phpgroupware
   mulitple XSS vulnerabilities

   There are several "cross-site-scripting" vulnerabilities in
   versions of phpgroupware <= 0.9.14.003.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3465.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 7/14/2003 - traceroute-nanog buffer overflow vulnerability
   mulitple XSS vulnerabilities

  traceroute-nanog, an enhanced version of the common traceroute
  program, contains an integer overflow bug which could be exploited to
  execute arbitrary code.  traceroute-nanog is setuid root, but drops
  root privileges immediately after obtaining raw ICMP and raw IP
  sockets.

  http://www.linuxsecurity.com/advisories/debian_advisory-3455.html

 7/14/2003 - nfs-utils buffer overflow vulnerability
   mulitple XSS vulnerabilities

   The logging code in nfs-utils contains an off-by-one buffer
   overrun when adding a newline to the string being logged.  This
   vulnerability may allow an attacker to execute arbitrary code or
   cause a denial of service condition by sending certain RPC requests.

   http://www.linuxsecurity.com/advisories/debian_advisory-3456.html

 7/15/2003 - falconseye
   buffer overflow vulnerability

   The falconseye package is vulnerable to a buffer overflow
   exploited via a long '-s' command line option.
   http://www.linuxsecurity.com/advisories/debian_advisory-3460.html

 7/17/2003 - php4
   XSS vulnerability

   http://www.linuxsecurity.com/advisories/debian_advisory-3468.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 7/11/2003 - unzip
   Directory traversal vulnerability

   By inserting invalid characters between ".." attackers can
   overwrite arbitrary files.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3448.html

 7/11/2003 - cistronradius
   Buffer overflow vulnerability

   Allows remote attackers to cause a denial of service and possibly
   execute arbitrary code via a large value in an NAS-Port attribute,
   which is interpreted as a negative number and causes a buffer overflow.

   http://www.linuxsecurity.com/advisories/gentoo_advisory-3449.html

 7/11/2003 - ypserv
   Remote denial of service

   Allows remote attackers to cause a denial of service via a TCP client
   request that does not respond to the server, which causes ypserv to
   block.

   http://www.linuxsecurity.com/advisories/gentoo_advisory-3450.html

 7/11/2003 - gtksee
   Buffer overflow vulnerability

   Attackers can use carefully crafted png pictures to execute arbitrary
   commands using a buffer overflow in when viewed in gtksee.

   http://www.linuxsecurity.com/advisories/gentoo_advisory-3451.html


+---------------------------------+
|  Distribution: Immunix          | ----------------------------//
+---------------------------------+

 7/16/2003 - nfs-utils off-by-one overflow vulnerability
   Buffer overflow vulnerability

    http://www.linuxsecurity.com/advisories/immunix_advisory-3466.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 7/17/2003 - kernel
   mulitple vulnerabilities

   Multiple vulnerabilities were discovered and fixed in the Linux
   kernel.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3469.html


+---------------------------------+
|  Distribution: RedHat           | ----------------------------//
+---------------------------------+

 7/14/2003 - nfs-utils denial of service vulnerability
   mulitple vulnerabilities

   Multiple vulnerabilities were discovered and fixed in the Linux
   kernel.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3457.html

 7/15/2003 - mozilla
   heap overflow vulnerability

   A heap-based buffer overflow in Netscape and Mozilla allows remote
   attackers to execute arbitrary code via a jar: URL referencing a
   malformed .jar file, which overflows a buffer during
   decompression.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3461.html

 7/17/2003 - xpdf
   arbitrary code execution vulnerability

   Updated Xpdf packages are available that fix a vulnerability
   where a malicious PDF document could run arbitrary code.

   http://www.linuxsecurity.com/advisories/redhat_advisory-3470.html


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

 7/15/2003 - nfs-utils denial of service vulnerability
   arbitrary code execution vulnerability

   This fixes an off-by-one buffer overflow in xlog.c which could be
   used by an attacker to produce a denial of NFS service, or to
   execute arbitrary code.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3462.html

 7/16/2003 - nfs-utils off-by-one overflow vulnerability
   arbitrary code execution vulnerability

   There is an off-by-one overflow in xlog() in the nfs-utils
   package.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3467.html


+---------------------------------+
|  Distribution: SuSe             | ----------------------------//
+---------------------------------+

 7/15/2003 - nfs-utils denial of service vulnerability
   arbitrary code execution vulnerability

   There is an off-by-one bug in the xlog() function used by the
   rpc.mountd. It is possible for remote attackers to use this
   off-by-one overflow to execute arbitrary code as root.
   http://www.linuxsecurity.com/advisories/suse_advisory-3463.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 7/11/2003 - apache
   Multiple vulnerabilities

   Multiple vulnerabilities including a possible buffer overflow have
   been fixed.
   http://www.linuxsecurity.com/advisories/trustix_advisory-3452.html


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

 7/17/2003 - ypserv
   denial of service vulnerability

   The vulnerability allow an attacker can cause to denial of service
   of the ypserv.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3471.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux