+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 12th, 2003 Volume 4, Number 36a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week advisories were released for pam_smb, exim, stunnel, wu-ftpd,
mah-jong, sane-backends, pine, GtkHTML, and inetd. The distributors
include Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Red
Hat, Slackware, and SuSE.
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
---
It has been an exciting week for me. My wife and I have been preparing to
move over 2000 miles away. After months of consideration, I have decided
that it is in my best interest to return to school. I will be pursuing a
Master's of Science in Information Security at Royal Holloway, University
of London. I will continue to write Linux Advisory Watch as well as other
projects that I am involved in while abroad.
The course that I have chosen is quite interesting. It was established in
1992 and includes study in security management, network security, host
operating system security, standards and evaluation, advanced
cryptography, database security, computer crime, as well as multiple
industrial seminars. A thesis written on a specic area of information
security is required to complete the course. I have decided go full-time,
so it will be completed in a year. I have talked with many students who
have completed the course and they are all quite pleased. I look forward
to getting back in the classroom.
As you can imagine, I did not jump into this overnight. I have wanted to
go to graduate school for quite some time. I also considered a getting a
MBA from the University of Louisville (my home town), and a Master's of
Science in Computer Science (MSCS) with concentration in information
security from James Madison University. Although the NSA accreditation is
very appealing, several of the modules taught do not seem to be strictly
dedicated to security. It seems to be a very good program, but London is
calling.
While attending Royal Holloway, University of London, I expect to learn
many things in addition to security that will be helpful throughout life.
First, I will gain international experience, meet friends from around the
world, and see how America is perceived from an outside perspective. I
also hope to be able to dedicate more time to several of the projects that
I am working on. If you have experiences from, or live in London, I would
love to hear from you! From time to time, I will be sharing my
experiences and knowledge that I gain.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
----
FEATURE: A Practical Approach of Stealthy Remote Administration This paper
is written for those paranoid administrators who are looking for a
stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).
http://www.linuxsecurity.com/feature_stories/feature_story-149.html
--------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--------------------------------------------------------------------
Expert vs. Expertise: Computer Forensics and the Alternative OS
No longer a dark and mysterious process, computer forensics have been
significantly on the scene for more than five years now. Despite this,
they have only recently gained the notoriety they deserve.
http://www.linuxsecurity.com/feature_stories/feature_story-147.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
9/5/2003 - pam_smb
Remote buffer overflow
A buffer overflow vulnerability has been discovered in the pam_smb
module. An attacker can execute arbitrary code in the context of the
program using the module by supplying a long password.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3601.html
9/5/2003 - exim
Remote buffer overflow
A remote heap buffer overflow vulnerability[2] has been reported[3] in
the Exim server. Carefully constructed EHLO/HELO messages can cause a
buffer overflow.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3602.html
9/5/2003 - stunnel
File descriptor and DoS vulnerabilities
A file descriptor leak and denial of service vulnerability have been
fixed.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3603.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
9/5/2003 - 'exim' buffer overflow
File descriptor and DoS vulnerabilities
A buffer overflow exists in exim, which is the standard mail transport
agent in Debian. By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap. This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.
http://www.linuxsecurity.com/advisories/debian_advisory-3598.html
9/5/2003 - 'wu-ftpd' insecure program execution
File descriptor and DoS vulnerabilities
wu-ftpd, an FTP server, implements a feature whereby multiple files
can be fetched in the form of a dynamically constructed archive file,
such as a tar archive. This feature may be abused to execute
arbitrary programs with the privileges of the wu-ftpd process.
http://www.linuxsecurity.com/advisories/debian_advisory-3599.html
9/8/2003 - exim
buffer overflow vulnerability
A buffer overflow exists in exim.
http://www.linuxsecurity.com/advisories/debian_advisory-3604.html
9/8/2003 - mah-jong multiple vulnerabilities
buffer overflow vulnerability
Nicolas Boullis discovered two vulnerabilities in mah-jong.
http://www.linuxsecurity.com/advisories/debian_advisory-3605.html
9/11/2003 - sane-backends multiple vulnerabilities
buffer overflow vulnerability
Thes problems allow a remote attacker to cause a segfault fault and/or
consume arbitrary amounts of memory.
http://www.linuxsecurity.com/advisories/debian_advisory-3611.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
9/11/2003 - 'pine' buffer overflows
buffer overflow vulnerability
The pine e-mail client shipped with EnGarde Secure Linux contains
buffer overflows which may be exploited by a remote attacker by
sending the victim a specially crafted email.
http://www.linuxsecurity.com/advisories/engarde_advisory-3607.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
9/5/2003 - 'httpd' vulnerabilities
buffer overflow vulnerability
Updated httpd packages that fix several minor security issues are now
available for Red Hat Linux 8.0 and 9.
http://www.linuxsecurity.com/advisories/redhat_advisory-3600.html
9/11/2003 - GtkHTML
denial of service vulnerability
Alan Cox discovered that certain malformed messages could cause the
Evolution mail component to crash due to a null pointer dereference in
the GtkHTML library.
http://www.linuxsecurity.com/advisories/redhat_advisory-3612.html
9/11/2003 - pine
buffer overflow vulnerability
A buffer overflow exists in the way unpatched versions of Pine prior
to 4.57 handle the 'message/external-body' type.
http://www.linuxsecurity.com/advisories/redhat_advisory-3613.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
9/9/2003 - inetd
denial of service vulnerability
These updates fix a previously hard-coded limit of 256
connections-per-minute, after which the given service is disabled for
ten minutes.
http://www.linuxsecurity.com/advisories/slackware_advisory-3606.html
9/11/2003 - pine
arbitrary code execution vulnerability
Upgraded pine packages are available for Slackware 8.1, 9.0 and -
current.
http://www.linuxsecurity.com/advisories/slackware_advisory-3614.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
9/5/2003 - 'pam_smb' privilege escalation
arbitrary code execution vulnerability
Dave Airlie informed us about a bug in the authentication code of
pam_smb that allows a remote attacker to gain access to a system using
pam_smb by issuing a too long password string.
http://www.linuxsecurity.com/advisories/suse_advisory-3597.html
9/11/2003 - pine
arbitrary code execution vulnerability
The well known and widely used mail client pine is vulnerable to a
buffer overflow. The vulnerability exists in the code processing
'message/external-body' type messages.
http://www.linuxsecurity.com/advisories/suse_advisory-3615.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
