Linux Advisory Watch - November 14th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  November 14th, 2003                      Volume 4, Number 45a |
+----------------------------------------------------------------+

   Editors:     Dave Wreski                Benjamin Thomas
                dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for thhtpd, cups, ethereal, mpg123,
xinetd, hylafax, postgresql, conquest, epic4, glibc, and and zebra.  The
distributors include Conectiva, Debian, Mandrake, Red Hat, and SuSE.

---

 >> Get Thawte's NEW Step-by-Step SSL Guide for Apache <<

In this guide you will find out how to test, purchase, install and use a
Thawte Digital Certificate on you Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates. Get you copy
of this new guide now:

  Click Command:
  https://www.guardiandigital.com/cgi-bin/thawteguide.pl?guidetype=apache

---

The recent news has been flooded with reports about a looming security FUD
campaign against Linux.  Although I have strong opinions on this matter,
I've decided to keep quiet about it this week simply because additional
hype will not help the situation. Readers of this newsletter are already
aware of the merits of Linux and its potential for achieving an acceptable
state of security. Rather than re-hash the same old rhetoric, I've decided
to write about something a little bit more practical this week, tunneling
through SSH.

As you probably saw last week, the fifth vulnerability listed on the SANS
Top 10 for Unix list is 'clear text services.' Sadly, these will remain a
problem for years to come simply because many older applications are
dependent on these.  For example, a Web development team may use an HTML
editor that has a built in FTP client.  The moment that you suggest they
stop using this editor, and start using SFTP or SCP, they'll laugh in your
face. Unfortunately, there is always a balance between security and
convenience, and convenience usually wins.  In most cases, a compromise
can be established by tunneling insecure plaintext services through SSH.

Probably the biggest misconception is that tunneling is difficult.  In
fact, it is quite the opposite.  A tunnel can be setup in less than a
minute and put a stop to years of paranoia.  A tunnel can be established
as a simple command at the commandline.

For example, to establish a tunnel:
prompt$ ssh -L 2121:remotehost:21 bdthomas@remotehost -i keyfile.key

To establish FTP connection: (at new terminal)
prompt$ ftp -p localhost 2121

At both terminals, you will authenticate as normal.  Looking at the
example above, you'll see that the user is trying to make a secure FTP
connection to 'remotehost.' To establish the tunnel, the SSH option '-L
2121:remotehost:21' was given.  This simply means, listen on local port
2121 and forward to remote port 21.  The options can be changed to fit any
port requirement of any plaintext service.

If you've never giving SSH tunneling a try, hopefully I've given you
enough information to be interested.  Sometimes it can be a lifesaver
because of its simplicity.  There is a large amount of information
available on Google.  Also, Brian Hatch has written several good pieces
that are available on LinuxSecurity.com

http://www.linuxsecurity.com/articles/documentation_article-6822.html



Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx

---

OpenVPN: An Introduction and Interview with Founder, James Yonan In this
article, Duane Dunston gives a brief introduction to OpenVPN and
interviews its founder James Yonan.

http://www.linuxsecurity.com/feature_stories/feature_story-152.html

--------------------------------------------------------------------

CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2

--------------------------------------------------------------------

FEATURE: R00ting The Hacker
Dan Verton, the author of The Hacker Diaries: Confessions of Teenage
Hackers is a former intelligence officer in the U.S. Marine Corps who
currently writes for Computerworld and CNN.com, covering national
cyber-security issues and critical infrastructure protection.

http://www.linuxsecurity.com/feature_stories/feature_story-150.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

  11/7/2003 - thhtpd
    Multiple vulnerabilities

    Multiple vulnerabilities including sensitive file disclosure,
    cross-site scription, and directory traversal vulnerabilities have
    been fixed.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3765.html

  11/7/2003 - net-snmp
    Multiple vulnerabilities

    "net-snmp" version 5.0.9 was released to address a security
    vulnerability in previous 5.0.x versions where an existing
    user/community could get access to data in MIB objects that were
    explicitly excluded from their view.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3766.html

  11/7/2003 - cups
    DoS Vulnerability

    It has been reported that the IPP daemon from the Cups package can
    under some circumstances enter a loop and consume excessive CPU
    resources, causing the service to become slow and unresponsive.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3767.html

  11/7/2003 - ethereal
    Multiple vulnerabilities

    This update announcement addresses several vulnerabilities[2] in
    ethereal versions prior to 0.9.16. These vulnerabilities can be
    exploited by an attacker who can insert crafted packets in the wire
    being monitored by ethereal or make an user open a trace file with
    such packets inside.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3770.html

  11/12/2003 - mpg123
    Buffer overflow vulnerability

    When used to play mp3 audio streams over the network, audio servers
    can exploit this vulnerability by sending a carefully crafted response
    to the client which will overflow a buffer on the heap and execute
    arbitrary code.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3778.html

  11/12/2003 - xinetd
    Multiple vulnerabilities

    A memory leak and several other problems have been fixed in the latest
    version of xinetd.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3779.html

  11/12/2003 - hylafax
    Format string vulnerability

    This vulnerability can be exploited by a remote attacker to execute
    arbitrary code with the privileges of the root user in the host where
    hfaxd is running.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3780.html

  11/13/2003 - postgresql
    Multiple buffer overflow vulnerabilities

    Multiple buffer overflow vulnerabilities in the to_ascii() function
    have been fixed.
    http://www.linuxsecurity.com/advisories/connectiva_advisory-3781.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

  11/7/2003 - postgresql
    Remote buffer overflow vulnerability

    Tom Lane discovered a buffer overflow in the to_ascii function in
    PostgreSQL.  This allows remote attackers to execute arbitrary code on
    the host running the database.
    http://www.linuxsecurity.com/advisories/debian_advisory-3771.html

  11/10/2003 - conquest
    Buffer overflow vulnerability

    Steve Kemp discovered a buffer overflow in the environment variable
    handling of conquest, a curses based, real-time, multi-player space
    warfare game, which could lead a local attacker to gain unauthorised
    access to the group conquest.
    http://www.linuxsecurity.com/advisories/debian_advisory-3772.html

  11/10/2003 - epic4
    Buffer overflow vulnerability

    A malicious server could craft a reply which triggers the client to
    allocate a negative amount of memory.  This could lead to a denial of
    service if the client only crashes, but may also lead to executing of
    arbitrary code under the user id of the chatting user.
    http://www.linuxsecurity.com/advisories/debian_advisory-3773.html

  11/11/2003 - omega-rpg buffer overflow vulnerability
    Buffer overflow vulnerability

    Steve Kemp discovered a buffer overflow in the commandline and
    environment variable handling of omega-rpg.
    http://www.linuxsecurity.com/advisories/debian_advisory-3776.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

  11/11/2003 - hylafax
    buffer overflow vulnerability

    The SuSE Security Team discovered a format bug condition that allows
    remote attackers to execute arbitrary code as the root user.
    http://www.linuxsecurity.com/advisories/mandrake_advisory-3777.html

  11/12/2003 - fileutils/coreutils Denial of service vulnerability
    buffer overflow vulnerability

    A memory starvation denial of service vulnerability in the ls program
    was discovered.
    http://www.linuxsecurity.com/advisories/mandrake_advisory-3783.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

  11/10/2003 - ethereal
    Buffer overflow vulnerability

    Updated Ethereal packages that fix a number of exploitable security
    issues are now available.
    http://www.linuxsecurity.com/advisories/redhat_advisory-3775.html

  11/12/2003 - glibc
    Multiple vulnerabilities

    Updated glibc packages that resolve vulnerabilities and address
    several bugs are now available.
    http://www.linuxsecurity.com/advisories/redhat_advisory-3784.html

  11/12/2003 - PostgreSQL
    Buffer overflow vulnerability

    Updated PostgreSQL packages that correct a buffer overflow in the
    to_ascii routines are now available.
    http://www.linuxsecurity.com/advisories/redhat_advisory-3785.html

  11/12/2003 - zebra
    Multiple vulnerabilities

    Updated zebra packages that close a locally-exploitable and a
    remotely-exploitable denial of service vulnerability are now
    available.
    http://www.linuxsecurity.com/advisories/redhat_advisory-3786.html


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

  11/10/2003 - hylafax
    Remote code execution vulnerability

    The SuSE Security Team found a format bug condition during a code
    review of the hfaxd server. It allows remote attackers to execute
    arbitrary code as root. However, the bug can not be triggered in
    hylafax' default configuration.
    http://www.linuxsecurity.com/advisories/suse_advisory-3774.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux