Linux Advisory Watch - August 29th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  August 29th, 2003                        Volume 4, Number 34a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for docview, unzip, sendmail,
iptables, pam_smb, gdm, php, and perl.  The distributors include Debian,
FreeBSD, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and TurboLinux.

Last Saturday, ISECOM released version 2.1 of the Open-Source Security
Testing Methodology Manual.  For those of you who are not familiar with
it, the OSSTMM is an established standard for testing security.  It
includes information on ethics, legalities, rules of engagement, and many
templates that will prove to be useful to those conducting penetration
tests.  The document is intended to be used by security testing
professionals as well as developers, systems analysts, and architects.

The OSSTMM provides a very structured method for pen-testing. The manual
includes sections on information security, process security, internet
technology security, communications security, wireless security, and
physical security.  Each section module has several detailed parts.  For
example, information security testing includes posture assessment,
information integrity review, human resources review, competitive
intelligence scouting, and many others.  The beauty of the OSSTMM is that
it provides a peer-reviewed and comprehensive listing of tests that should
be conducted.  Many consulting firms have an established testing
methodology.  However, the average security professional has a few tricks,
but it is by no means comprehensive.  The OSSTMM gives everyone an open
standard that can be trusted and is not unnecessarily complex.

As mentioned previously, the OSSTMM provides pen-testing templates.  The
examples provided can easily be re-produced in any spreadsheet application
to be used multiple times.  It is also just as acceptable to re-print or
edit the PDF. Templates include one for firewall analysis, ids testing,
social engineering, privacy, password cracking, denial of service, and
others.  If you are involved in security at any level, you should
definitely use the OSSTMM.  It is extremely valuable.

The OSSTMM document and the Institute for Security and Open Methodologies
Web site is at the following URL: http://www.isecom.org/

Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx


FEATURE: A Practical Approach of Stealthy Remote Administration This paper
is written for those paranoid administrators who are looking for a
stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

http://www.linuxsecurity.com/feature_stories/feature_story-149.html

--------------------------------------------------------------------

>> FREE Apache SSL Guide from Thawte  <<

Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

 Click Command:
 http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache

--------------------------------------------------------------------

Expert vs. Expertise: Computer Forensics and the Alternative OS

No longer a dark and mysterious process, computer forensics have been
significantly on the scene for more than five years now. Despite this,
they have only recently gained the notoriety they deserve.

http://www.linuxsecurity.com/feature_stories/feature_story-147.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 8/26/2003 - unzip
   directory traversal vulnerability

   A directory traversal vulnerability in UnZip 5.50 allows attackers
   tobypass a check for relative pathnames ("../") by placing certain
   invalidcharacters between the two "." characters.
   http://www.linuxsecurity.com/advisories/debian_advisory-3570.html

 8/26/2003 - libpam-smb buffer overflow vulnerability
   directory traversal vulnerability

   If a long password is supplied, this cancause a buffer overflow which
   could be exploited to execute arbitrarycode with the privileges of the
   process which invokes PAM services.
   http://www.linuxsecurity.com/advisories/debian_advisory-3571.html


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 8/26/2003 - sendmail
   DNS map vulnerability

   Some versions of sendmail (8.12.0 through 8.12.8) contain aprogramming
   error in the code that implements DNS maps.  A malformedDNS reply
   packet may cause sendmail to call `free()' on anuninitialized pointer.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-3572.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 8/25/2003 - vmware-server env variable vulnerability
   DNS map vulnerability

   By manipulating the VMware GSX Server and VMware Workstationenvironment
   variables, a program such as a shell session withroot privileges could
   be started when a virtual machine islaunched.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3573.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 8/27/2003 - sendmail
   dns map vulnerability

   Due to wrong initialization of RESOURCE_RECORD_T structures, if
   sendmail receives a bad DNS reply it will call free() on random
   addresses which usually causes sendmail to crash.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-3574.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 8/26/2003 - iptables
   upgrade fix

   Recent updates to the kernel in Red Hat Linux versions 7.1, 7.2, 7.3
   and8.0 did not also update the iptables utility, causing functions such
   asowner match to stop working.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3575.html

 8/27/2003 - pam_smb
   remote buffer overflow vulnerability

   On systems that use pam_smb and are configured to authenticate
   aremotely accessible service, an attacker can exploit this bug
   andremotely execute arbitrary code.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3576.html


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

 8/25/2003 - GDM
   file permission vulnerability

   This fixes a bug where a local user may read any system file by making
   a symlink to it from $HOME/.xsession-errors and using GDM's error
   browser to read the file.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3577.html

 8/26/2003 - unzip
   directory traversal vulnerability

   These fix a security issue where a specially crafted archive
   mayoverwrite files (including system files anywhere on the
   filesystem)upon extraction by a user with sufficient permissions.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3578.html


+---------------------------------+
|  Distribution: SuSe             | ----------------------------//
+---------------------------------+

 8/26/2003 - sendmail
   dns map vulnerability

   When sendmail receives an invalid DNS response it tries to call free on
   random data which results in a process crash.
   http://www.linuxsecurity.com/advisories/suse_advisory-3579.html


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

 8/27/2003 - php
   XSS vulnerability

   The cross-site scripting vulnerability is in the transparent SID
   support capability for PHP.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3580.html

 8/27/2003 - gdm
   file permission vulnerability

   GDM contains a bug where GDM will run as root when examining the
    ~/.xsession-errors file when using the "examine session errors"
   feature, allowing local users the ability to read any text file on the
   system by creating a symlink.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3581.html

 8/27/2003 - perl
   CGI.pm XSS vulnerability

   A cross-site scripting vulnerability exists in the start_form()
   function from CGI.pm
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3582.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux