+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 15th, 2003 Volume 4, Number 32a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for lynx, zblast, perl, kernel,
signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix, and php.
The distributors include Conectiva, Debian, FreeBSD, Gentoo, Red Hat,
SuSe, Trustix, and TurboLinux.
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
For many, it has been an eventful week. Blaster has affected nearly every
windows server on the net. Although I'm sure many Linux administrators
smirked while saying "not my servers," an equal number had "to deal with
it." Whether you maintain Windows boxes or not, there are several lessons
to be learned. First, as most readers of this newsletter are already
aware, patching is critical. Also, incident preparation is extremely
important. It is important to develop a weekly schedule where time can be
allocated for regular server maintenance. Also, a documented set of
incident procedures should be written. It is important to have emergency
contacts and system procedures documented before an incident so that
damage can be minimized.
Last week I reviewed the O'Reilly book, Secure Coding: Principles &
Practices. I received several emails about the book including one from
David Wheeler, author of the "Secure Programming for Linux and Unix
HOWTO." Because I've found this document helpful in the past, I thought
that I should share it with you. The latest PDF version of the document
is 168 pages, written in twelve chapters. It is distributed under the GNU
Free Documentation License, therefore copying and distributing is
perfectly legal. In the past, I've sent previous versions of this
document to friends who are full time software developers. Everyone that
has read this document has been impressed.
The HOWTO includes chapters on input validation, avoiding buffer
overflows, using system resources, as well as special topics that include
passwords, random numbers, cryptography, and authentication. The book
also includes a chapter with specific information for popular languages
such as C/C++, PERL, python, shell, Ada, Java, Tcl, and PHP.
This HOWTO is worth the bandwidth! Download it! It is a great addition
to last week's book because it focuses on many specific issues. If you
have a problem related to secure program to solve, this is definitely one
of the first places you should check.
http://www.dwheeler.com/secure-programs/
Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
Expert vs. Expertise: Computer Forensics and the Alternative OS
No longer a dark and mysterious process, computer forensics have
been significantly on the scene for more than five years now.
Despite this, they have only recently gained the notoriety they
deserve.
http://www.linuxsecurity.com/feature_stories/feature_story-147.html
--------------------------------------------------------------------
REVIEW: Linux Security Cookbook
There are rarely straightforward solutions to real world issues,
especially in the field of security. The Linux Security Cookbook is an
essential tool to help solve those real world problems. By covering
situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook
distinguishes itself as an indispensible reference for security oriented
individuals.
http://www.linuxsecurity.com/feature_stories/feature_story-145.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
8/11/2003 - lynx
CRLF injection vulnerability
Ulf Harnhammar reported a CRLF injection vulnerability in lynx.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3552.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
8/8/2003 - 'man-db' vulnerability
CRLF injection vulnerability
The previous man-db update (DSA-364-1) introduced an error
whichresulted in a segmentation fault in the "mandb" command, which
runspart of the daily cron job. This error was caused by allocating
a memory region which was one byte too small to hold the data
written into it.
http://www.linuxsecurity.com/advisories/debian_advisory-3542.html
8/8/2003 - 'xtokkaetama' buffer overflow
CRLF injection vulnerability
Another buffer overflow was discovered in xtokkaetama, involving
the"-nickname" command line option. This vulnerability could
be exploited by a local attacker to gain gid 'games'.
http://www.linuxsecurity.com/advisories/debian_advisory-3543.html
8/8/2003 - 'xpcd' buffer overflow
CRLF injection vulnerability
Steve Kemp discovered a buffer overflow in xpcd-svga which can
be triggered by a long HOME environment variable. This
vulnerability could be exploited by a local attacker to gain root
privileges.
http://www.linuxsecurity.com/advisories/debian_advisory-3544.html
8/11/2003 - zblast
buffer overflow vulnerability
Steve Kemp discovered a buffer overflow in zblast-svgalib, when
saving the high score file.
http://www.linuxsecurity.com/advisories/debian_advisory-3545.html
8/11/2003 - pam-pgsql format string vulnerability
buffer overflow vulnerability
There is a vulnerability in pam-pgsql whereby the username to be
used for authentication is used as a format string when writing a
log message.
http://www.linuxsecurity.com/advisories/debian_advisory-3546.html
8/9/2003 - kdelibs-crypto multiple vulnerabilities
buffer overflow vulnerability
There are multiple vulnerabilities in kdelibs.
http://www.linuxsecurity.com/advisories/debian_advisory-3547.html
8/11/2003 - perl
CGI.pm XSS vulnerability
A cross-site scripting vulnerability exists in the
start_form()function in CGI.pm.
http://www.linuxsecurity.com/advisories/debian_advisory-3553.html
8/14/2003 - kernel
oops
This advisory provides a correction to the previous kernel
updates, which contained an error introduced in
kernel-source-2.4.18 version2.4.18-10.
http://www.linuxsecurity.com/advisories/debian_advisory-3554.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
8/11/2003 - signal
kernel vulnerability
Some mechanisms for causing a signal to be sent did not
properly validate the signal number, in some cases allowing the
kernel to attempt to deliver a negative or out-of-range signal
number.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3548.html
8/11/2003 - iBCS2
kernel vulnerability
The iBCS2 system call translator for statfs erroneously used
the user-supplied length parameter when copying a kernel data
structure into userland. If the length parameter were larger than
required, then instead of copying only the statfs-related data
structure, additional kernel memory would also be made available to
the user.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3549.html
8/12/2003 - kernel
signal vulnerability
Some mechanisms for causing a signal to be sent did not
properly validate the signal number, in some cases allowing the
kernel to attempt to deliver a negative or out-of-range signal
number.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3555.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
8/14/2003 - multiple
vulnerabilities
There are multiple vulnerabilities in Gentoo Linux source tree.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3556.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
8/8/2003 - 'up2date' gpg signature verification vulnerability
vulnerabilities
up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG
signatures. These are the versions found in Red Hat Linux 8.0 and
9.
http://www.linuxsecurity.com/advisories/redhat_advisory-3539.html
8/11/2003 - ddskk
tmp file vulnerability
ddskk does not take appropriate security precautions when
creating temporary files.
http://www.linuxsecurity.com/advisories/redhat_advisory-3550.html
8/11/2003 - konquerer
information disclosure vulnerability
Konqueror may inadvertently send authentication credentials to
websites other than the intended website inclear text via the
HTTP-referer header.
http://www.linuxsecurity.com/advisories/redhat_advisory-3551.html
+---------------------------------+
| Distribution: SuSe | ----------------------------//
+---------------------------------+
8/12/2003 - kernel
multiple vulnerabilities
There are multiple vulnerabilities in the kernel.
http://www.linuxsecurity.com/advisories/suse_advisory-3557.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
8/8/2003 - 'stunnel' DoS vulnerability
multiple vulnerabilities
Stunnel prior to 3.25 and 4.04 has an error in the SIGCHILD
handling code which could lead to a denial of service attack if
the child processes were terminated too fast.
http://www.linuxsecurity.com/advisories/trustix_advisory-3540.html
8/8/2003 - 'postfix' DoS vulnerability
multiple vulnerabilities
This patch fixes a denial of service condition in the Postfix
smtpd, qmgr, and other programs that use the trivial-rewrite
service. The problem is triggered when an invalid address
resolves to an impossible result. This causes the affected
programs to reject the result and to retry the trivial-rewrite
request indefinitely.
http://www.linuxsecurity.com/advisories/trustix_advisory-3541.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
8/13/2003 - php
XSS vulnerability
An attacker could use this vulnerability to execute embedded scripts
within the context of the generated page.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3558.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
