+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| February 20th, 2004 Volume 5, Number 8a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for gnupg, kernel, mc, mutt, slocate,
XFree86, gaim, freeradius, samba, phpMyAdmin, clamav, mailman, metamail,
racoon, shmat, OpenSSL, and PWLib. The distributors include Debian,
Fedora, Gentoo, Immunix, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware,
SuSE, Trustix, and Turbolinux.
----
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suites open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn08
----
Where Does Security Belong?
In most organizations security is an extension of the IT department. The
security staff may be under networking, system administration, or even the
helpdesk. Why not? The security team is responsible for solving security
problems and a large percentage of the controls that are put in place are
technical. Traditionally, security has to do with user accounts, access
control lists, and occasionally a firewall or two. The environment is
changing. Proper information security today requires risk analysis,
security awareness training, and maintenance of the security policy.
Do you really think someone working as a security analyst, which is an
extension of the helpdesk is going to be able to influence the decisions
of the CIO or Director of Networking? Who will enforce the security
policy? Someone four job-levels away from executive management can not be
expected to properly enforce a security policy. Interoffice politics is
too much of a problem.
There are several schools of thought on this subject. Some believe that
security should be its own department in an organization, which is
independent of IT. This way of thinking includes merging both physical
and information security. Others believe that information security should
be an extension of a risk management, or internal audit group. What
advantages do both of these have? First, the security team may have
better access to executive management. Also, improved access and
department segmentation will help the political situation. To get an IT
control implemented, rather than going through the typical interoffice
political channels, a simple directive from a member of executive
management can get the job done.
Information security is much broader than IT. To properly mitigate or
transfer unacceptable business risks, a coordinated team is required
across the organization. It is time that IT, HR, Finance, Audit, R&D, and
others begin working together. What does this have to do with Linux?
Linux administrators should be aware of the changing environment. In the
near future, security will be part of everyone's job.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
---
Interview with Vincenzo Ciaglia, Founder of Netwosix
In this article, a brief introduction of Netwosix is given and the project
founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux
distribution for system administrators and advanced users.
http://www.linuxsecurity.com/feature_stories/feature_story-160.html
--------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT?
EnGarde is the undisputed winner! Hardened Linux Puts Hackers EnGarde!
Winner of the Network Computing Editor's Choice Award, EnGarde "walked
away with our Editor's Choice award thanks to the depth of its security
strategy..." Find out what the other Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--------------------------------------------------------------------
Introduction to Netwox and Interview with Creator Laurent Constantin
In this article Duane Dunston gives a brief introduction to Netwox, a
combination of over 130 network auditing tools. Also, Duane interviews
Laurent Constantin, the creator of Netwox.
http://www.linuxsecurity.com/feature_stories/feature_story-158.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
2/18/2004 - gnupg
Crytographic weakness
Phong Nguyen identified a severe bug in the way GnuPG creates and
uses ElGamal keys for signing.
http://www.linuxsecurity.com/advisories/debian_advisory-4026.html
2/18/2004 - kernel
Privilege escalation vulnerability
Due to missing function return value check of internal functions a
local attacker can gain root privileges.
http://www.linuxsecurity.com/advisories/debian_advisory-4036.html
2/18/2004 - kernel
Multiple vulnerabilities
This is actually several related advisories, broken down by
platform, but all referring to the same recently discovered kernel
vulnerabilities.
http://www.linuxsecurity.com/advisories/debian_advisory-4044.html
2/19/2004 - kernel
Many patches for s390
Several security related problems have been fixed in the Linux
kernel 2.4.17 used for the S/390 architecture, mostly by
backporting fixes from 2.4.18 and incorporating recent security
fixes.
http://www.linuxsecurity.com/advisories/debian_advisory-4053.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
2/18/2004 - mc
Buffer overflow vulernability
update CAN-2003-1023 fix to still make vfs symlinks relative, but
with bounds checking
http://www.linuxsecurity.com/advisories/fedora_advisory-4042.html
2/18/2004 - kernel
Heap overflow vulernability
R128 DRI limits checking. (CAN-2004-0003)
http://www.linuxsecurity.com/advisories/fedora_advisory-4043.html
2/18/2004 - mutt
Denial of service vulnerability
This package fixes CAN-2004-0078, where a specifc message could
cause mutt to crash.
http://www.linuxsecurity.com/advisories/fedora_advisory-4045.html
2/18/2004 - slocate
Privilege leak vulnerability
A local user could exploit this vulnerability to gain "slocate"
group privileges and then read the entire slocate database.
http://www.linuxsecurity.com/advisories/fedora_advisory-4046.html
2/18/2004 - XFree86
Privilege escalation vulnerability
Updated XFree86 packages that fix a privilege escalation
vulnerability are now available.
http://www.linuxsecurity.com/advisories/fedora_advisory-4047.html
2/18/2004 - gaim
Buffer overflow vulnerability
This update fixes recent gaim security problems as discussed on
both the gaim web site and was addressed by a recent Red Hat
errata.
http://www.linuxsecurity.com/advisories/fedora_advisory-4048.html
2/18/2004 - freeradius
Denial of service vulnerability
This version corrects a flaw in 0.9.2 (and all earlier versions of
the server) which may allow an attacker to DoS the server.
http://www.linuxsecurity.com/advisories/fedora_advisory-4049.html
2/18/2004 - samba
Improper account enabling vuln.
Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite
the password field of a disabled account with uninitialized
memory.
http://www.linuxsecurity.com/advisories/fedora_advisory-4050.html
2/18/2004 - kernel
Privilege escalation vulnerability
Paul Starzetz discovered a flaw in return value checking in
mremap() in the Linux kernel versions 2.4.24 and previous that may
allow a local attacker to gain root privileges.
http://www.linuxsecurity.com/advisories/fedora_advisory-4051.html
2/19/2004 - kernel
Bug in previous patch
The previous security errata (2.4.22-1.2173) unfortunatly
contained a bug which made some systems unbootable, due to
breakage in the aacraid scsi driver.
http://www.linuxsecurity.com/advisories/fedora_advisory-4054.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
2/18/2004 - phpMyAdmin
Directory traversal vulernability
A vulnerability in phpMyAdmin which was not properly verifying
user generated input could lead to a directory traversal attack.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4028.html
2/18/2004 - kernel
Privilege escalation vulnerability
A vulnerability has been discovered by in the ptrace emulation
code for AMD64 platforms, allowing a local user to obtain elevated
priveleges.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4029.html
2/19/2004 - clamav
Denial of service vulnerability
Exploit by a malformed uuencoded message would cause a denial of
service for programs that rely on the clamav daemon, such as SMTP.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4055.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
2/13/2004 - XFree86
Multiple buffer overflows
Greg MacManus, of iDEFENSE Labs, reports finding several
potentially exploitable buffer overflows in XFree86's font code.
http://www.linuxsecurity.com/advisories/immunix_advisory-4020.html
2/18/2004 - XFree86
Multiple buffer overflows
Greg MacManus, of iDEFENSE Labs, reports finding several
potentially exploitable buffer overflows in XFree86's font code.
http://www.linuxsecurity.com/advisories/immunix_advisory-4030.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
2/18/2004 - XFree86
Multiple buffer overflows
Two buffer overflow vulnerabilities were found by iDEFENSE in
XFree86's parsing of the font.alias file.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4031.html
2/18/2004 - mailman
Cross-site scripting vulnerabilities
A cross-site scripting vulnerability was discovered in mailman's
administration interface. There fixes here for other mailman
vulnerabilities as well.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4032.html
2/19/2004 - metamail
Multiple vulnerabilities
Two format string and two buffer overflow vulnerabilities were
discovered in metamail by Ulf Harnhammar.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4052.html
+---------------------------------+
| Distribution: NetBSD | ----------------------------//
+---------------------------------+
2/19/2004 - racoon
Remote deletion of SA
IPsec SA/ISAKMP SA may be deleted remotely by malicious third
party
http://www.linuxsecurity.com/advisories/netbsd_advisory-4056.html
2/19/2004 - kernel
Denial of service vulnerability
A malicious party can cause a remote kernel panic by using ICMPv6
"too big" messages.
http://www.linuxsecurity.com/advisories/netbsd_advisory-4057.html
2/19/2004 - shmat
Privilege escalation vulnerability
A programming error in the shmat(2) system call can result in a
shared memory segment's reference count being erroneously
incremented.
http://www.linuxsecurity.com/advisories/netbsd_advisory-4059.html
+---------------------------------+
| Distribution: OpenBSD | ----------------------------//
+---------------------------------+
2/19/2004 - OpenSSL
Denial of service vulnerability
OpenSSL 0.9.6k ASN.1 parser had a possible denial-of-service
vulnerability.
http://www.linuxsecurity.com/advisories/openbsd_advisory-4058.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
2/13/2004 - XFree86
Multiple buffer overflows
A local attacker could exploit this vulnerability by creating a
carefully-crafted file and gaining root privileges.
http://www.linuxsecurity.com/advisories/redhat_advisory-4021.html
2/13/2004 - PWLib
Denial of service vulnerability
The effects of such an attack can vary depending on the
application, but would usually result in a Denial of Service.
http://www.linuxsecurity.com/advisories/redhat_advisory-4022.html
2/18/2004 - XFree86
Multiple buffer overflows
Updated XFree86 packages that fix a privilege escalation
vulnerability are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4033.html
2/18/2004 - samba
Improper account enabling vuln.
If an account for a user is created, but marked as disabled using
the mksmbpasswd script, it is possible for Samba to overwrite the
user's password with the contents of an uninitialized buffer.
http://www.linuxsecurity.com/advisories/redhat_advisory-4039.html
2/18/2004 - kernel
Privilege escalation vulnerability
Updated kernel packages that fix security vulnerabilities which
may allow local users to gain root privileges are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4040.html
2/18/2004 - metamail
Multiple vulnerabilities
Ulf Harnhammar discovered two integer overflow bugs and two buffer
overflow bugs in versions of Metamail up to and including 2.7.
http://www.linuxsecurity.com/advisories/redhat_advisory-4041.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
2/13/2004 - mutt
Buffer overflow vulnerability
Upgrade to version 1.4.2i to fix a buffer overflow that could lead
to a machine compromise.
http://www.linuxsecurity.com/advisories/slackware_advisory-4023.html
2/13/2004 - XFree86
Multiple buffer overflows
These fix overflows which could possibly be exploited to gain
unauthorized root access.
http://www.linuxsecurity.com/advisories/slackware_advisory-4024.html
2/18/2004 - kernel
Privilege escalation vulnerability
A bounds-checking problem in the kernel's mremap() call could be
used by a local attacker to gain root privileges.
http://www.linuxsecurity.com/advisories/slackware_advisory-4037.html
2/18/2004 - metamail
Multiple vulnerabilities
These fix two format string bugs and two buffer overflows which
could lead to unauthorized code execution.
http://www.linuxsecurity.com/advisories/slackware_advisory-4038.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
2/19/2004 - kernel
Privilege escalation vulernability
Local attacker can gain write access to previous read-only pages
in memory, resulting in root access to the system.
http://www.linuxsecurity.com/advisories/suse_advisory-4060.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
2/13/2004 - mutt
Denial of service vulnerability
It was discovered that certain messages would cause mutt to crash.
Mutt 1.4.2 fixes this bug.
http://www.linuxsecurity.com/advisories/trustix_advisory-4025.html
2/18/2004 - kernel
Privilege escalation vulnerability
A hole was discovered in the mremap. Through this hole, it is
possible for anyone with a local account on the system to gain
root privileges.
http://www.linuxsecurity.com/advisories/trustix_advisory-4035.html
+---------------------------------+
| Distribution: Turbolinux | ----------------------------//
+---------------------------------+
2/18/2004 - XFree86
and slocate Multiple vulnerabilities
(1) XFree86 -> Font file buffer overlows (2) slocate -> Buffer
overlows
http://www.linuxsecurity.com/advisories/turbolinux_advisory-4034.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
