+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | September 12th, 2003 Volume 4, Number 36a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week advisories were released for pam_smb, exim, stunnel, wu-ftpd, mah-jong, sane-backends, pine, GtkHTML, and inetd. The distributors include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Red Hat, Slackware, and SuSE. >> FREE Apache SSL Guide from Thawte << Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache --- It has been an exciting week for me. My wife and I have been preparing to move over 2000 miles away. After months of consideration, I have decided that it is in my best interest to return to school. I will be pursuing a Master's of Science in Information Security at Royal Holloway, University of London. I will continue to write Linux Advisory Watch as well as other projects that I am involved in while abroad. The course that I have chosen is quite interesting. It was established in 1992 and includes study in security management, network security, host operating system security, standards and evaluation, advanced cryptography, database security, computer crime, as well as multiple industrial seminars. A thesis written on a specic area of information security is required to complete the course. I have decided go full-time, so it will be completed in a year. I have talked with many students who have completed the course and they are all quite pleased. I look forward to getting back in the classroom. As you can imagine, I did not jump into this overnight. I have wanted to go to graduate school for quite some time. I also considered a getting a MBA from the University of Louisville (my home town), and a Master's of Science in Computer Science (MSCS) with concentration in information security from James Madison University. Although the NSA accreditation is very appealing, several of the modules taught do not seem to be strictly dedicated to security. It seems to be a very good program, but London is calling. While attending Royal Holloway, University of London, I expect to learn many things in addition to security that will be helpful throughout life. First, I will gain international experience, meet friends from around the world, and see how America is perceived from an outside perspective. I also hope to be able to dedicate more time to several of the projects that I am working on. If you have experiences from, or live in London, I would love to hear from you! From time to time, I will be sharing my experiences and knowledge that I gain. Until next time, cheers! Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx ---- FEATURE: A Practical Approach of Stealthy Remote Administration This paper is written for those paranoid administrators who are looking for a stealthy technique of managing sensitive servers (like your enterprise firewall console or IDS). http://www.linuxsecurity.com/feature_stories/feature_story-149.html -------------------------------------------------------------------- CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing Editor's Choice Award, EnGarde "walked away with our Editor's Choice award thanks to the depth of its security strategy..." Find out what the other Linux vendors are not telling you. http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 -------------------------------------------------------------------- Expert vs. Expertise: Computer Forensics and the Alternative OS No longer a dark and mysterious process, computer forensics have been significantly on the scene for more than five years now. Despite this, they have only recently gained the notoriety they deserve. http://www.linuxsecurity.com/feature_stories/feature_story-147.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 9/5/2003 - pam_smb Remote buffer overflow A buffer overflow vulnerability has been discovered in the pam_smb module. An attacker can execute arbitrary code in the context of the program using the module by supplying a long password. http://www.linuxsecurity.com/advisories/connectiva_advisory-3601.html 9/5/2003 - exim Remote buffer overflow A remote heap buffer overflow vulnerability[2] has been reported[3] in the Exim server. Carefully constructed EHLO/HELO messages can cause a buffer overflow. http://www.linuxsecurity.com/advisories/connectiva_advisory-3602.html 9/5/2003 - stunnel File descriptor and DoS vulnerabilities A file descriptor leak and denial of service vulnerability have been fixed. http://www.linuxsecurity.com/advisories/connectiva_advisory-3603.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 9/5/2003 - 'exim' buffer overflow File descriptor and DoS vulnerabilities A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code. http://www.linuxsecurity.com/advisories/debian_advisory-3598.html 9/5/2003 - 'wu-ftpd' insecure program execution File descriptor and DoS vulnerabilities wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. This feature may be abused to execute arbitrary programs with the privileges of the wu-ftpd process. http://www.linuxsecurity.com/advisories/debian_advisory-3599.html 9/8/2003 - exim buffer overflow vulnerability A buffer overflow exists in exim. http://www.linuxsecurity.com/advisories/debian_advisory-3604.html 9/8/2003 - mah-jong multiple vulnerabilities buffer overflow vulnerability Nicolas Boullis discovered two vulnerabilities in mah-jong. http://www.linuxsecurity.com/advisories/debian_advisory-3605.html 9/11/2003 - sane-backends multiple vulnerabilities buffer overflow vulnerability Thes problems allow a remote attacker to cause a segfault fault and/or consume arbitrary amounts of memory. http://www.linuxsecurity.com/advisories/debian_advisory-3611.html +---------------------------------+ | Distribution: EnGarde | ----------------------------// +---------------------------------+ 9/11/2003 - 'pine' buffer overflows buffer overflow vulnerability The pine e-mail client shipped with EnGarde Secure Linux contains buffer overflows which may be exploited by a remote attacker by sending the victim a specially crafted email. http://www.linuxsecurity.com/advisories/engarde_advisory-3607.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 9/5/2003 - 'httpd' vulnerabilities buffer overflow vulnerability Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9. http://www.linuxsecurity.com/advisories/redhat_advisory-3600.html 9/11/2003 - GtkHTML denial of service vulnerability Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library. http://www.linuxsecurity.com/advisories/redhat_advisory-3612.html 9/11/2003 - pine buffer overflow vulnerability A buffer overflow exists in the way unpatched versions of Pine prior to 4.57 handle the 'message/external-body' type. http://www.linuxsecurity.com/advisories/redhat_advisory-3613.html +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ 9/9/2003 - inetd denial of service vulnerability These updates fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. http://www.linuxsecurity.com/advisories/slackware_advisory-3606.html 9/11/2003 - pine arbitrary code execution vulnerability Upgraded pine packages are available for Slackware 8.1, 9.0 and - current. http://www.linuxsecurity.com/advisories/slackware_advisory-3614.html +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ 9/5/2003 - 'pam_smb' privilege escalation arbitrary code execution vulnerability Dave Airlie informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string. http://www.linuxsecurity.com/advisories/suse_advisory-3597.html 9/11/2003 - pine arbitrary code execution vulnerability The well known and widely used mail client pine is vulnerable to a buffer overflow. The vulnerability exists in the code processing 'message/external-body' type messages. http://www.linuxsecurity.com/advisories/suse_advisory-3615.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------