+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 18th, 2003 Volume 4, Number 28a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
This week, advisories were released for pam, gnupg, mpg123, ucd-snmp,
phpgroupware, traceroute-nanog, nfs-utils, falconseye, php4, unzip,
radius, gtksee, kernel, mozilla, xpdf, apache, and ypserv. The
distributors include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red
Hat, Slackware, SuSE, Trustix, and Turbo Linux.
One of the most reoccurring annoyances that I have had about vendor
vulnerability announcements is the lack of standardization. Week after
week software vendors continue to release advisories that outline various
vulnerabilities and announce major updates. What is wrong with these?
Why am I concerned about standards? As a seasoned Linux user, I have
become accustom to the various formatting techniques of each vendor.
Other less experienced users may have trouble determining exactly what to
update from poorly organized advisories. One of the most consistently
good distributions is Red Hat. Each week, advisories are released with an
informative but concise history of each vulnerability, links to all
updated packages, information on how to update, and MD5 checksums for each
updated file.
Another consistent distribution is Debian. The presentation is similar to
Red Hat, however they choose to include the MD5 checksum below each URL.
This simple difference can save an administrator time when verifying each
file. Rather than having to look the hash up in a table, it is easier to
find and identify. Other distributions such as Immunix and Gentoo provide
very little information in each advisory. Only a very short description
and links to updated packages, or instructions how to update the software
is given. Personally, I prefer the Red Hat/Debian style because I am
concerned about having an informed idea of what I am applying. Others may
prefer shorter advisories because time is not wasted sifting through
mounds of information.
Is there a solution? The closest to a standardization that I have found
is the VulnXML project. What is it? It is an open XML DTD to regulate
the creation of XML-type security advisories. Rather than plaintext,
vendors will be encouraged to release advisories as an XML document
resulting in more consistency. With this, users will ultimately have an
easier understanding of the advisories released. Web sites will then have
the ability to format advisories for better readability and indexing. I
commend the VulnXML development team for establishing this project. I am
anxious to see how it progresses. Probably the most difficult aspect will
be getting vendors to participate. Initially, I see this getting started
by recruiting volunteers to 'translate' new advisories. As community
support and demand grows for VulnXML advisories, vendors will conform.
If you are interested in learning more about VulnXML, I recommend that you
visit: http://www.owasp.org/vulnxml/
Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
INTRODUCING: Secure Mail Suite from Guardian Digital
Unparalleled E-Mail Security. Secure Mail Suite is the most Dynamic,
Rigorous Protection for Your Email System on the market today. It Clobbers
Spam. Detects and Disables Viruses. And its Killer Firewall Keeps Your
Data -- and Your System and Safe and Secure. All in an Easy-to-Manage
Application that's Simple to Administer and Maintain.
Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security.
It's based on Open-Source Engineering, so it's constantly Improving. And
with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard
for You -- for Many Reliable Years.
Secure Mail Suite. Sweet!
From the First Name in Open-Source Security. Guardian Digital.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews3
REVIEW: Linux Security Cookbook
There are rarely straightforward solutions to real world issues,
especially in the field of security. The Linux Security Cookbook is an
essential tool to help solve those real world problems.
http://www.linuxsecurity.com/feature_stories/feature_story-145.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
--------------------------------------------------------------------
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
7/11/2003 - pam
Local vulnerability
Andreas Beck discovered[1] a vulnerability in the use of pam_xauth
by the su utility. If the attacker can make one user run su from an
X session, he can steal the X credentials and execute programs in the
X display of the user running su. The worst scenario is the one where
an administrator, logged as root, uses "su" to an account belonging
to an attacker.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3453.html
7/11/2003 - gnupg
Key validity vulnerability
During the development of GnuPG 1.2.2, a bug has been found in
the key validation code
http://www.linuxsecurity.com/advisories/connectiva_advisory-3454.html
7/15/2003 - mpg123
buffer overflow vulnerability
A vulnerability[1] in the way mpg123 handles mp3 files with a
bitrate of zero may allow attackers to execute arbitrary code
using a specially crafted mp3 file.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3458.html
7/15/2003 - ucd-snmp heap overflow vulnerability
buffer overflow vulnerability
There is a remote heap overflow vulnerability in snmpnetstat (a
tool used to retrieve information about a remote host).
http://www.linuxsecurity.com/advisories/connectiva_advisory-3459.html
7/16/2003 - ucd-snmp remote heap overflow vulnerability
buffer overflow vulnerability
There is a remote heap overflow vulnerability in snmpnetstat .
http://www.linuxsecurity.com/advisories/connectiva_advisory-3464.html
7/16/2003 - phpgroupware
mulitple XSS vulnerabilities
There are several "cross-site-scripting" vulnerabilities in
versions of phpgroupware <= 0.9.14.003.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3465.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
7/14/2003 - traceroute-nanog buffer overflow vulnerability
mulitple XSS vulnerabilities
traceroute-nanog, an enhanced version of the common traceroute
program, contains an integer overflow bug which could be exploited to
execute arbitrary code. traceroute-nanog is setuid root, but drops
root privileges immediately after obtaining raw ICMP and raw IP
sockets.
http://www.linuxsecurity.com/advisories/debian_advisory-3455.html
7/14/2003 - nfs-utils buffer overflow vulnerability
mulitple XSS vulnerabilities
The logging code in nfs-utils contains an off-by-one buffer
overrun when adding a newline to the string being logged. This
vulnerability may allow an attacker to execute arbitrary code or
cause a denial of service condition by sending certain RPC requests.
http://www.linuxsecurity.com/advisories/debian_advisory-3456.html
7/15/2003 - falconseye
buffer overflow vulnerability
The falconseye package is vulnerable to a buffer overflow
exploited via a long '-s' command line option.
http://www.linuxsecurity.com/advisories/debian_advisory-3460.html
7/17/2003 - php4
XSS vulnerability
http://www.linuxsecurity.com/advisories/debian_advisory-3468.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
7/11/2003 - unzip
Directory traversal vulnerability
By inserting invalid characters between ".." attackers can
overwrite arbitrary files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3448.html
7/11/2003 - cistronradius
Buffer overflow vulnerability
Allows remote attackers to cause a denial of service and possibly
execute arbitrary code via a large value in an NAS-Port attribute,
which is interpreted as a negative number and causes a buffer overflow.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3449.html
7/11/2003 - ypserv
Remote denial of service
Allows remote attackers to cause a denial of service via a TCP client
request that does not respond to the server, which causes ypserv to
block.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3450.html
7/11/2003 - gtksee
Buffer overflow vulnerability
Attackers can use carefully crafted png pictures to execute arbitrary
commands using a buffer overflow in when viewed in gtksee.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3451.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
7/16/2003 - nfs-utils off-by-one overflow vulnerability
Buffer overflow vulnerability
http://www.linuxsecurity.com/advisories/immunix_advisory-3466.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
7/17/2003 - kernel
mulitple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux
kernel.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3469.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
7/14/2003 - nfs-utils denial of service vulnerability
mulitple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux
kernel.
http://www.linuxsecurity.com/advisories/redhat_advisory-3457.html
7/15/2003 - mozilla
heap overflow vulnerability
A heap-based buffer overflow in Netscape and Mozilla allows remote
attackers to execute arbitrary code via a jar: URL referencing a
malformed .jar file, which overflows a buffer during
decompression.
http://www.linuxsecurity.com/advisories/redhat_advisory-3461.html
7/17/2003 - xpdf
arbitrary code execution vulnerability
Updated Xpdf packages are available that fix a vulnerability
where a malicious PDF document could run arbitrary code.
http://www.linuxsecurity.com/advisories/redhat_advisory-3470.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
7/15/2003 - nfs-utils denial of service vulnerability
arbitrary code execution vulnerability
This fixes an off-by-one buffer overflow in xlog.c which could be
used by an attacker to produce a denial of NFS service, or to
execute arbitrary code.
http://www.linuxsecurity.com/advisories/slackware_advisory-3462.html
7/16/2003 - nfs-utils off-by-one overflow vulnerability
arbitrary code execution vulnerability
There is an off-by-one overflow in xlog() in the nfs-utils
package.
http://www.linuxsecurity.com/advisories/slackware_advisory-3467.html
+---------------------------------+
| Distribution: SuSe | ----------------------------//
+---------------------------------+
7/15/2003 - nfs-utils denial of service vulnerability
arbitrary code execution vulnerability
There is an off-by-one bug in the xlog() function used by the
rpc.mountd. It is possible for remote attackers to use this
off-by-one overflow to execute arbitrary code as root.
http://www.linuxsecurity.com/advisories/suse_advisory-3463.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
7/11/2003 - apache
Multiple vulnerabilities
Multiple vulnerabilities including a possible buffer overflow have
been fixed.
http://www.linuxsecurity.com/advisories/trustix_advisory-3452.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
7/17/2003 - ypserv
denial of service vulnerability
The vulnerability allow an attacker can cause to denial of service
of the ypserv.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3471.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
