Linux Advisory Watch - September 19th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  September 19, 2003                        Volume 4, Number 37a     |
+---------------------------------------------------------------------+

  Editors:	Dave Wreski			Benjamin Thomas
		dave@xxxxxxxxxxxxxxxxx		ben@xxxxxxxxxxxxxxxxx

Linux Advisoiry Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

Folks, there are a lot of advisories this week. Be sure to check your
distribution carefully, as many of them are significant.

This week, advisories were released for mana, pine, gtkhtml, openssh,
sendmail, MySQL, xfree86, buffer, kernel, and KDE.

The distributors include SCO, Conectiva, Debian, EnGarde, FreeBSD, Gentoo,
Immunix, NetBSD, Red Hat, Slackware, SuSE, Trustix, TurboLinux, and Yellow
Dog.

>> FREE Apache SSL Guide from Thawte  <<

Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

  Click Command:
  http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache

----

FEATURE: A Practical Approach of Stealthy Remote Administration This paper
is written for those paranoid administrators who are looking for a
stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).

http://www.linuxsecurity.com/feature_stories/feature_story-149.html

--------------------------------------------------------------------

CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2

--------------------------------------------------------------------

Expert vs. Expertise: Computer Forensics and the Alternative OS

No longer a dark and mysterious process, computer forensics have been
significantly on the scene for more than five years now. Despite this,
they have only recently gained the notoriety they deserve.

http://www.linuxsecurity.com/feature_stories/feature_story-147.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: SCO              | ----------------------------//
+---------------------------------+

 9/15/2003 - mana
   local vulnerability

   There are multiple local environment variable vulnerabilities in mana.
   http://www.linuxsecurity.com/advisories/caldera_advisory-3622.html


+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 9/12/2003 - pine
   Multiple remote vulnerabilities

   A buffer overflow and an integer overflow that can be exploited by
   remote attackers through the sending of specially crafted messages have
   been fixed.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3616.html

 9/12/2003 - gtkhtml
   Buffer overflow vulnerability

   Multiple buffer overflow vulnerabilities existed that could be
   exploited to at least crash programs linked to gtkhtml by using
   malformed HTML. In the case of Evolution, a remote attacker can use an
   HTML mail as an attack vector.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3617.html

 9/16/2003 - openssh
   buffer management error

   This update fixes a potential remote vulnerability in the buffer
   handling code of OpenSSH.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3623.html

 9/17/2003 - openssh
   Remote vulnerabilities

   This update fixes new vulnerabilities found in the code that handles
   buffers in OpenSSH. These vulnerabilities are similiar to the ones
   fixed in the CLSA-2003:739 announcement and can be exploited by a
   remote attacker to cause a denial of service condition and potentially
   execute arbitrary code
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3648.html

 9/18/2003 - sendmail
   buffer overflow vulnerabilities

   Michal Zalewski reported a remote vulnerability in sendmail versions
   8.12.9 and earlier.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3656.html

 9/18/2003 - MySQL
   Multiple vulnerabilities

   World writable configuration files, a double-free vulnerability, and a
   password handler buffer overflow have been fixed in this update.
   http://www.linuxsecurity.com/advisories/connectiva_advisory-3658.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 9/12/2003 - xfree86
   Multiple vulnerabilities

   Four vulnerabilities have been identified and fixed in XFree86
   including potential denial of service vulnerability.
   http://www.linuxsecurity.com/advisories/debian_advisory-3618.html

 9/15/2003 - mysql
   buffer overflow vulnerability

   MySQL contains a buffer overflow condition which could be exploited by
   a user who has permission to execute "ALTER TABLE" commands on the
   tables in the "mysql" database.
   http://www.linuxsecurity.com/advisories/debian_advisory-3619.html

 9/16/2003 - ssh
   buffer management error

   A bug has been found in OpenSSH's buffer handling where a buffer could
   be marked as grown when the actual reallocation failed.
   http://www.linuxsecurity.com/advisories/debian_advisory-3624.html

 9/17/2003 - openssh
   multiple vulnerabilities

   This advisory is an addition to the earlier DSA-382-1 advisory: two
   more buffer handling problems have been found in addition to the one
   described in DSA-382-1
   http://www.linuxsecurity.com/advisories/debian_advisory-3633.html

 9/17/2003 - openssh-krb5 buffer handling vulnerability
   multiple vulnerabilities

   Several bugs have been found in OpenSSH's buffer handling. It is not
   known if these bugs are exploitable, but as a precaution an upgrade is
   advised.
   http://www.linuxsecurity.com/advisories/debian_advisory-3634.html

 9/18/2003 - sendmail
   buffer overlow vulnerabilities

   There are multiple buffer overflow vulnerabilities in the sendmail
   package.
   http://www.linuxsecurity.com/advisories/debian_advisory-3651.html


+---------------------------------+
|  Distribution: EnGarde          | ----------------------------//
+---------------------------------+

 9/16/2003 - OpenSSH
   buffer management error

   The OpenSSH daemon shipped with all versions of EnGarde Secure Linux
   contains a potentially exploitable buffer management error.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3621.html

 9/18/2003 - Additional
   'OpenSSH' buffer management bugs

   After the release of ESA-20030916-023, the OpenSSH team discovered more
   buffer management bugs (fixed in OpenSSH 3.7.1) of the same type.
   Additionally, Solar Designer fixed additional bugs of this class.  His
   fixes are included in this update.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3649.html

 9/18/2003 - 'MySQL' buffer overflow
   'OpenSSH' buffer management bugs

   The MySQL daemon contains a buffer overflow which may be exploited by
   any user who has ALTER TABLE permissions on the "mysql" database.
   http://www.linuxsecurity.com/advisories/engarde_advisory-3650.html


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 9/16/2003 - buffer
   management error

   A bug has been found in OpenSSH's buffer handling where a buffer could
   be marked as grown when the actual reallocation failed.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-3625.html

 9/17/2003 - sendmail
   Multiple overflow vulnerabilities

   A buffer overflow that may occur during header parsing was identified.
   An attacker could create a specially crafted message that may cause
   sendmail to execute arbitrary code with the privileges of the user
   running sendmail, typically root.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-3647.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 9/15/2003 - mysql
   buffer overflow vulnerability

   Anyone with global administrative privileges on a MySQL server may
   execute arbitrary code even on a host he isn't supposed to have a shell
   on, with the privileges of the system account running the MySQL server.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3620.html

 9/16/2003 - exim
   buffer overflow vulnerability

   There's a heap overflow in all versions of exim3 and exim4 prior to
   version 4.21.  It can be exercised by anyone who can make an SMTP
   connection to the exim daemon.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3626.html

 9/16/2003 - openssh
   Buffer management error

   All versions of OpenSSH's sshd prior to 3.7 contain a buffer management
   error.  It is uncertain whether this error is potentially exploitable,
   however, we prefer to see bugs fixed proactively.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3629.html

 9/17/2003 - sendmail
   Buffer overflow vulnerabilities

   Fix a buffer overflow in address parsing. Fix a potential buffer
   overflow in ruleset parsing.  This problem is not exploitable in the
   default sendmail configuration.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-3646.html


+---------------------------------+
|  Distribution: Immunix          | ----------------------------//
+---------------------------------+

 9/16/2003 - openssh
   buffer management error

   A bug has been found in OpenSSH's buffer handling where a buffer could
   be marked as grown when the actual reallocation failed.
   http://www.linuxsecurity.com/advisories/immunix_advisory-3627.html

 9/17/2003 - openssh
   buffer management error

   This advisory has been updated to reflect that the OpenSSH team has
   found more instances of the programming idiom in question in their
   codebase.
   http://www.linuxsecurity.com/advisories/immunix_advisory-3635.html

 9/18/2003 - sendmail
   buffer overflow vulnerabilities

   Michal Zalewski discovered flaws in sendmail's prescan() function.
   http://www.linuxsecurity.com/advisories/immunix_advisory-3652.html


+---------------------------------+
|  Distribution: NetBSD           | ----------------------------//
+---------------------------------+

 9/17/2003 - openssh
   buffer overflow vulnerability

   A buffer overwrite with unknown consequences has been found in OpenSSH.
   http://www.linuxsecurity.com/advisories/netbsd_advisory-3636.html

 9/17/2003 - kernel
   memory disclosure vulnerability

   The iBCS2 system call translator for statfs erroneously used the
   user-supplied length parameter when copying a kernel data structure
   into userland.
   http://www.linuxsecurity.com/advisories/netbsd_advisory-3637.html

 9/17/2003 - sysctl
   multiple vulnerabilities

   Three unrelated problems with inappropriate argument handling were
   found in the kernel sysctl code, which could be exploited by malicious
   local user.
   http://www.linuxsecurity.com/advisories/netbsd_advisory-3638.html


+---------------------------------+
|  Distribution: RedHat           | ----------------------------//
+---------------------------------+

 9/16/2003 - openssh
   buffer management error

   A bug has been found in OpenSSH's buffer handling where a buffer could
   be marked as grown when the actual reallocation failed.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3628.html

 9/16/2003 - KDE
   Multiple vulnerabilities

   Updated KDE packages that resolve a local security issue with KDM PAM
   support and weak session cookie generation are now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3631.html

 9/17/2003 - OpenSSH
   Buffer manipulation vulnerabilities

   Updated packages are now available to fix additional buffer
   manipulation problems which were fixed in OpenSSH 3.7.1.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3644.html

 9/17/2003 - sendmail
   Multiple overflow vulnerabilities

   Updated Sendmail packages that fix a potentially-exploitable
   vulnerability are now available. The sucessful exploitation of this bug
   can lead to heap and stack structure overflows.
   http://www.linuxsecurity.com/advisories/redhat_advisory-3645.html


+---------------------------------+
|  Distribution: Slackware        | ----------------------------//
+---------------------------------+

 9/16/2003 - openssh
   Buffer management error

   These fix a buffer management error found in versions of OpenSSH
   earlier than 3.7.  The possibility exists that this error could allow a
   remote exploit, so we recommend all sites running OpenSSH upgrade to
   the new OpenSSH package immediately.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3630.html

 9/17/2003 - openssh
   buffer management errors

   These packages fix additional buffer management errors that were not
   corrected in the recent 3.7p1 release.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3639.html

 9/17/2003 - sendmail
   multiple vulnerabilities

   There are multiple vulnerabilities in the sendmail package.
   http://www.linuxsecurity.com/advisories/slackware_advisory-3640.html


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

 9/16/2003 - openssh
   Buffer management vulnerability

   A programming error has been found in code responsible for buffer
   management. If exploited by a (remote) attacker, the error may lead to
   unauthorized access to the system, allowing the execution of arbitrary
   commands.
   http://www.linuxsecurity.com/advisories/suse_advisory-3632.html

 9/18/2003 - openssh
   management errors

   A programming error has been found in code responsible for buffer
   management.
   http://www.linuxsecurity.com/advisories/suse_advisory-3657.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 9/17/2003 - openssh
   buffer management error

   All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management
   errors.
   http://www.linuxsecurity.com/advisories/trustix_advisory-3641.html

 9/17/2003 - mysql
   buffer overflow vulnerability

   Fixed buffer overflow in SET PASSWORD which could potentially be
   exploited by MySQL users with root privileges to execute random code or
   to gain shell access.
   http://www.linuxsecurity.com/advisories/trustix_advisory-3642.html


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

 9/17/2003 - openssh
   buffer management error

   This vulnerability may allow a remote attacker to execute arbitrary
   code.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3643.html

 9/18/2003 - sendmail
   buffer overflow vulnerabilities

   The potential buffer overflows are in ruleset parsing and address
   parsing for sendmail.
   http://www.linuxsecurity.com/advisories/turbolinux_advisory-3653.html


+---------------------------------+
|  Distribution: YellowDog        | ----------------------------//
+---------------------------------+

 9/18/2003 - openssh
   buffer management errors

   Updated packages are now available to fix additional buffer
   manipulation problems which were fixed in OpenSSH 3.7.1.
   http://www.linuxsecurity.com/advisories/yellowdog_advisory-3654.html

 9/18/2003 - sendmail
   buffer overflow vulnerabilities

   Michal Zalewski found a bug in the prescan() function of unpatched
   Sendmail versions prior to 8.12.10.
   http://www.linuxsecurity.com/advisories/yellowdog_advisory-3655.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux