+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | November 28th, 2003 Volume 4, Number 47a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for BIND, Ethereal, Glibc, Libnids, phpSysInfo, Stunnel, EPIC, iproute, Pan, and XFree86. The distributors include Guardian Digital's EnGarde Linux, Gentoo, Mandrake, and Red Hat. --- >> Free Trial SSL Certificate from Thawte << Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate our easy online guide will show you how. Get started now: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte28 --- Business and IT centers today are controlled by the growth of the Internet. Just in ten years, technology has changed so rapidly that the old rules no longer apply. Today, businesses are forced to comply with the momentum of the Internet, or face extinction. Change is always difficult, but now more than ever it is necessary. With every change in business, security must constantly be re- evaluated. In a typical corporate IT environment, new business requirements arise each day. The application development team is constantly being asked to add new features to software, the networking team is increasingly being asked to provide access at anywhere, anytime and managers have the opinion, "make it work now, and no you can't have a budget." Well, it's usually not that bad, but you get the idea. Everyone is being stretched to the limit and it puts a great strain on the organization. In the middle of adding more features, access points, and bandwidth, security is often forgotten. That's okay, isn't it? "We'll just add security later once we get the system working." That is exactly the problem all of us have today when working in security. It is typical to receive a memo at the end of the day stating that ten new servers is going to be deployed tomorrow morning, then at the end it asks, "Is this ok with security?" Of course not! The typical problem that we all face does not have to do with technology, it is simply a people problem. Unfortunately, attitudes can't be changed over night. Sometimes, they may not be able to be changed or years. The only way to address this is through a security awareness program. The smaller the organization, the easier it should be. People must be reminded daily that security is important to the organization, and is a high priority. The quickest way to get results, is to get top management on board. If you see that key management figures are unwilling to comply, and the organization is large enough, total security awareness may be an impossible task. Security is everyone's problem. One administrator simply patching a server each week is a good start, but it shouldn't stop there. Having adequate business security depends on many. Often, it is your job to let those people know. I realize that this task harder than it sounds, but hopefully I've given you some inspiration to begin getting others on board. Don't face the fire alone! Until next time, cheers! Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx --- Guardian Digital Launches First Secure Small Business Internet Productivity Solution Building a complete Internet security and productivity system for your organization just got a whole lot simpler and more secure with Guardian Digital Internet Productivity Suite. Web-based management, spam and virus control, groupware, VPN services, and more! Find out more now: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=ips01 -------------------------------------------------------------------- OpenVPN: An Introduction and Interview with Founder, James Yonan In this article, Duane Dunston gives a brief introduction to OpenVPN and interviews its founder James Yonan. http://www.linuxsecurity.com/feature_stories/feature_story-152.html --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: EnGarde | ----------------------------// +---------------------------------+ 11/26/2003 - BIND cache poisoning vulnerability A cache poisoning vulnerability exists in the version of BIND shipped with all versions of EnGarde Secure Linux. Successful exploitation of this vulnerability may result in a temporary denial of service until the bad record expires from the cache. http://www.linuxsecurity.com/advisories/engarde_advisory-3816.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 11/25/2003 - Ethereall buffer overflow vulnerability These updated ethereal packages fix a security problem found in versions prior to 0.9.16. It also fixes several other minor bugs and problems. http://www.linuxsecurity.com/advisories/fedora_advisory-3814.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 11/24/2003 - Ethereal multiple vulnerabilities It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. http://www.linuxsecurity.com/advisories/gentoo_advisory-3808.html 11/24/2003 - Glibc buffer overrun vulnerability A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an administrator has placed a user in a number of groups larger than that expected by an application. http://www.linuxsecurity.com/advisories/gentoo_advisory-3809.html 11/24/2003 - Libnids remote code execution There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. http://www.linuxsecurity.com/advisories/gentoo_advisory-3810.html 11/24/2003 - phpSysInfo directory traversal phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process. http://www.linuxsecurity.com/advisories/gentoo_advisory-3811.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 11/21/2003 - freeswan directory traversal The version of freeswan bundled with the latest kernel update did not match the freeswan package which essentially rendered it unuseable. This update brings the freeswan package up to date with the kernel version. http://www.linuxsecurity.com/advisories/mandrake_advisory-3803.html 11/26/2003 - Stunnel file descriptor leak A vulnerability was discovered in stunnel versions 3.24 and earlier, as well as 4.00, by Steve Grubb. It was found that stunnel leaks a critical file descriptor that can be used to hijack stunnel's services. http://www.linuxsecurity.com/advisories/mandrake_advisory-3815.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 11/24/2003 - EPIC Buffer overflow vulnerability Updated EPIC packages which fix an exploitable buffer overflow vulnerability are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-3804.html 11/24/2003 - iproute Local denial of service vulnerability Updated iproute packages that close a locally-exploitable denial of service vulnerability are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-3805.html 11/24/2003 - stunnel Signal-handling vulnerability Updated stunnel packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 systems. These updates address problems stemming from improper use of non-reentrant functions in signal handlers. http://www.linuxsecurity.com/advisories/redhat_advisory-3806.html 11/24/2003 - Pan Denial of service vulnerability Updated Pan packages that close a denial of service vulnerability are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-3807.html 11/25/2003 - XFree86 Multiple vulnerabilities Multiple integer overflows in the transfer and enumeration of font libraries in XFree86 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. http://www.linuxsecurity.com/advisories/redhat_advisory-3812.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------