+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | August 15th, 2003 Volume 4, Number 32a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilitiaes that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for lynx, zblast, perl, kernel, signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix, and php. The distributors include Conectiva, Debian, FreeBSD, Gentoo, Red Hat, SuSe, Trustix, and TurboLinux. >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache For many, it has been an eventful week. Blaster has affected nearly every windows server on the net. Although I'm sure many Linux administrators smirked while saying "not my servers," an equal number had "to deal with it." Whether you maintain Windows boxes or not, there are several lessons to be learned. First, as most readers of this newsletter are already aware, patching is critical. Also, incident preparation is extremely important. It is important to develop a weekly schedule where time can be allocated for regular server maintenance. Also, a documented set of incident procedures should be written. It is important to have emergency contacts and system procedures documented before an incident so that damage can be minimized. Last week I reviewed the O'Reilly book, Secure Coding: Principles & Practices. I received several emails about the book including one from David Wheeler, author of the "Secure Programming for Linux and Unix HOWTO." Because I've found this document helpful in the past, I thought that I should share it with you. The latest PDF version of the document is 168 pages, written in twelve chapters. It is distributed under the GNU Free Documentation License, therefore copying and distributing is perfectly legal. In the past, I've sent previous versions of this document to friends who are full time software developers. Everyone that has read this document has been impressed. The HOWTO includes chapters on input validation, avoiding buffer overflows, using system resources, as well as special topics that include passwords, random numbers, cryptography, and authentication. The book also includes a chapter with specific information for popular languages such as C/C++, PERL, python, shell, Ada, Java, Tcl, and PHP. This HOWTO is worth the bandwidth! Download it! It is a great addition to last week's book because it focuses on many specific issues. If you have a problem related to secure program to solve, this is definitely one of the first places you should check. http://www.dwheeler.com/secure-programs/ Until next time, Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx Expert vs. Expertise: Computer Forensics and the Alternative OS No longer a dark and mysterious process, computer forensics have been significantly on the scene for more than five years now. Despite this, they have only recently gained the notoriety they deserve. http://www.linuxsecurity.com/feature_stories/feature_story-147.html -------------------------------------------------------------------- REVIEW: Linux Security Cookbook There are rarely straightforward solutions to real world issues, especially in the field of security. The Linux Security Cookbook is an essential tool to help solve those real world problems. By covering situations that apply to everyone from the seasoned Systems Administrator to the security curious home user, the Linux Security Cookbook distinguishes itself as an indispensible reference for security oriented individuals. http://www.linuxsecurity.com/feature_stories/feature_story-145.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 8/11/2003 - lynx CRLF injection vulnerability Ulf Harnhammar reported a CRLF injection vulnerability in lynx. http://www.linuxsecurity.com/advisories/connectiva_advisory-3552.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 8/8/2003 - 'man-db' vulnerability CRLF injection vulnerability The previous man-db update (DSA-364-1) introduced an error whichresulted in a segmentation fault in the "mandb" command, which runspart of the daily cron job. This error was caused by allocating a memory region which was one byte too small to hold the data written into it. http://www.linuxsecurity.com/advisories/debian_advisory-3542.html 8/8/2003 - 'xtokkaetama' buffer overflow CRLF injection vulnerability Another buffer overflow was discovered in xtokkaetama, involving the"-nickname" command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'. http://www.linuxsecurity.com/advisories/debian_advisory-3543.html 8/8/2003 - 'xpcd' buffer overflow CRLF injection vulnerability Steve Kemp discovered a buffer overflow in xpcd-svga which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain root privileges. http://www.linuxsecurity.com/advisories/debian_advisory-3544.html 8/11/2003 - zblast buffer overflow vulnerability Steve Kemp discovered a buffer overflow in zblast-svgalib, when saving the high score file. http://www.linuxsecurity.com/advisories/debian_advisory-3545.html 8/11/2003 - pam-pgsql format string vulnerability buffer overflow vulnerability There is a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. http://www.linuxsecurity.com/advisories/debian_advisory-3546.html 8/9/2003 - kdelibs-crypto multiple vulnerabilities buffer overflow vulnerability There are multiple vulnerabilities in kdelibs. http://www.linuxsecurity.com/advisories/debian_advisory-3547.html 8/11/2003 - perl CGI.pm XSS vulnerability A cross-site scripting vulnerability exists in the start_form()function in CGI.pm. http://www.linuxsecurity.com/advisories/debian_advisory-3553.html 8/14/2003 - kernel oops This advisory provides a correction to the previous kernel updates, which contained an error introduced in kernel-source-2.4.18 version2.4.18-10. http://www.linuxsecurity.com/advisories/debian_advisory-3554.html +---------------------------------+ | Distribution: FreeBSD | ----------------------------// +---------------------------------+ 8/11/2003 - signal kernel vulnerability Some mechanisms for causing a signal to be sent did not properly validate the signal number, in some cases allowing the kernel to attempt to deliver a negative or out-of-range signal number. http://www.linuxsecurity.com/advisories/freebsd_advisory-3548.html 8/11/2003 - iBCS2 kernel vulnerability The iBCS2 system call translator for statfs erroneously used the user-supplied length parameter when copying a kernel data structure into userland. If the length parameter were larger than required, then instead of copying only the statfs-related data structure, additional kernel memory would also be made available to the user. http://www.linuxsecurity.com/advisories/freebsd_advisory-3549.html 8/12/2003 - kernel signal vulnerability Some mechanisms for causing a signal to be sent did not properly validate the signal number, in some cases allowing the kernel to attempt to deliver a negative or out-of-range signal number. http://www.linuxsecurity.com/advisories/freebsd_advisory-3555.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 8/14/2003 - multiple vulnerabilities There are multiple vulnerabilities in Gentoo Linux source tree. http://www.linuxsecurity.com/advisories/gentoo_advisory-3556.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 8/8/2003 - 'up2date' gpg signature verification vulnerability vulnerabilities up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG signatures. These are the versions found in Red Hat Linux 8.0 and 9. http://www.linuxsecurity.com/advisories/redhat_advisory-3539.html 8/11/2003 - ddskk tmp file vulnerability ddskk does not take appropriate security precautions when creating temporary files. http://www.linuxsecurity.com/advisories/redhat_advisory-3550.html 8/11/2003 - konquerer information disclosure vulnerability Konqueror may inadvertently send authentication credentials to websites other than the intended website inclear text via the HTTP-referer header. http://www.linuxsecurity.com/advisories/redhat_advisory-3551.html +---------------------------------+ | Distribution: SuSe | ----------------------------// +---------------------------------+ 8/12/2003 - kernel multiple vulnerabilities There are multiple vulnerabilities in the kernel. http://www.linuxsecurity.com/advisories/suse_advisory-3557.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 8/8/2003 - 'stunnel' DoS vulnerability multiple vulnerabilities Stunnel prior to 3.25 and 4.04 has an error in the SIGCHILD handling code which could lead to a denial of service attack if the child processes were terminated too fast. http://www.linuxsecurity.com/advisories/trustix_advisory-3540.html 8/8/2003 - 'postfix' DoS vulnerability multiple vulnerabilities This patch fixes a denial of service condition in the Postfix smtpd, qmgr, and other programs that use the trivial-rewrite service. The problem is triggered when an invalid address resolves to an impossible result. This causes the affected programs to reject the result and to retry the trivial-rewrite request indefinitely. http://www.linuxsecurity.com/advisories/trustix_advisory-3541.html +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ 8/13/2003 - php XSS vulnerability An attacker could use this vulnerability to execute embedded scripts within the context of the generated page. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3558.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------