+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| February 27th, 2004 Volume 5, Number 9a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for XFree86, the Linux kernel,
lbreakout2, mailman, synaesthesia, hsftp, pwlib, metamail, libxml2,
mtools, OpenSSL, mod_python, and libxml2. The distributors include
Conectiva, Debian, Fedora, Immunix, Mandrake, NetBSD, Red Hat, Suse,
Trustix, and Turbolinux.
----
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suites open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn09
----
SELinux Making Progress
First released in December 2000, SELinux has continued making progress in
development. It was introduced containing mandatory access controls and
an example security policy demonstrating its usage. Over the past three
years, the NSA and a team of volunteers have continued making improvements
on a consistent basis.
SELinux can provide access control for kernel objects, services,
processes, files, directories, sockets, network interfaces, and others. It
provides protection mechanisms against many well-known problems because it
eliminates the dependence on setuid/setgid binaries. In a nutshell,
mandatory access control provides a finer and more in-depth level of
control for administrators. Rather than being bound to the rules
established by software, effectively an administrator can fully set the
security policy.
The latest release of SELinux includes an updated base kernel and enhanced
policy language. SELinux is a patch that can be applied to the kernel of
virtually any Linux system. At the moment, many of the major Linux
distributions are developing patches that will give users the ability to
easily take advantage of SELinux. When used correctly, SELinux can
provide administrators with a greater level of assurance.
Although the technology that SELinux takes advantage of can provide many
benefits, if used incorrectly a system can still remain vulnerable. Poor
administration practices and uninformed staff can be problematic. For
example, incorrectly implementing the software could give a false
impression of security, when in reality problems still exist. When
evaluating a new tool or kernel patch it is important to take each step
slowly. The system should be setup in a test environment and fully
evaluated. Also, before moving a system into production, everyone
involved should be fully trained to deal with incidents if they arise.
If you are interested in finding out more about SELinux, please see the
following URL:
http://www.nsa.gov/selinux/faq.cfm
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
---
Interview with Vincenzo Ciaglia, Founder of Netwosix
In this article, a brief introduction of Netwosix is given and the project
founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux
distribution for system administrators and advanced users.
http://www.linuxsecurity.com/feature_stories/feature_story-160.html
--------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--------------------------------------------------------------------
Introduction to Netwox and Interview with Creator Laurent Constantin
In this article Duane Dunston gives a brief introduction to Netwox, a
combination of over 130 network auditing tools. Also, Duane interviews
Laurent Constantin, the creator of Netwox.
http://www.linuxsecurity.com/feature_stories/feature_story-158.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
2/23/2004 - kernel
Privilege escalation vulnerability
Bug can be used by local attackers to obtain root privileges.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4078.html
2/23/2004 - XFree86
Multiple vulnerabilities
Greg MacManus from iDEFENSE Labs discovered[3][5] two
vulnerabilities in the way the X server deals with font files.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4079.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
2/20/2004 - XFree86
Multiple vulnerabilities
Various buffer-overflow and input-non-validation vulnerabilities
are fixed in this patch.
http://www.linuxsecurity.com/advisories/debian_advisory-4062.html
2/20/2004 - kernel
Privilege escalation vulnerability
This patch is for the ia64 architecture.
http://www.linuxsecurity.com/advisories/debian_advisory-4063.html
2/23/2004 - lbreakout2
Environment non-sanitation vulnerability
This bug could be exploited by a local attacker to gain the
privileges of group "games".
http://www.linuxsecurity.com/advisories/debian_advisory-4073.html
2/23/2004 - mailman
Multiple vulnerabilities
Patch for cross-site scripting and denial of service
vulnerabilities.
http://www.linuxsecurity.com/advisories/debian_advisory-4074.html
2/23/2004 - synaesthesia
Insecure file creation
This type of vulnerability can usually be easily exploited to
execute arbitary code with root privileges by various means.
http://www.linuxsecurity.com/advisories/debian_advisory-4075.html
2/23/2004 - hsftp
Format string vulnerability
An attacker, able to create files on a remote server, could
potentially execute arbitrary code with the privileges of the
user invoking hsftp.
http://www.linuxsecurity.com/advisories/debian_advisory-4076.html
2/23/2004 - pwlib
Multiple vulnerabilities
This library is most notably used in several applications
implementing the H.323 teleconferencing protocol, including the
OpenH323 suite, gnomemeeting and asterisk.
http://www.linuxsecurity.com/advisories/debian_advisory-4077.html
2/24/2004 - metamail
Multiple vulnerabilities
An attacker could create a carefully-crafted mail message which
will execute arbitrary code as the victim when it is opened and
parsed through metamail.
http://www.linuxsecurity.com/advisories/debian_advisory-4081.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
2/26/2004 - libxml2
Buffer overflow vulnerability
Updated libxml2 packages are available to fix an overflow when
parsing the URI for remote resources.
http://www.linuxsecurity.com/advisories/fedora_advisory-4087.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
2/26/2004 - kernel
Privilege escalation vulnerability
While they found the flaw on the 2.4 series of Linux kernels, the
2.2 series of Linux kernels is also vulnerable to the same
problem.
http://www.linuxsecurity.com/advisories/immunix_advisory-4088.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
2/24/2004 - kernel
Privilege escalation vulnerability
A flaw in the Linux kernel, versions 2.4.24 and previous, could
allow a local user to obtain root privileges.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4082.html
2/25/2004 - mtools
Inappropriate use of privilege
The mformat program can be used to gain root privileges when run
suid root.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4083.html
2/26/2004 - kernel
Privilege escalation vulnerabilities
This patches one mremap() and several driver vulnerabilites, each
capable of allowing a local root compromise.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4086.html
+---------------------------------+
| Distribution: NetBSD | ----------------------------//
+---------------------------------+
2/20/2004 - Multiple
Addendums to recent advisories
Here are three mailings from the NetBSD announce list that discuss
various gotchas with the recent advisories.
http://www.linuxsecurity.com/advisories/netbsd_advisory-4061.html
2/20/2004 - OpenSSL
Denial of service vulnerability
OpenSSL 0.9.6k ASN.1 parser had a possible denial-of-service
vulnerability.
http://www.linuxsecurity.com/advisories/netbsd_advisory-4068.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
2/26/2004 - mod_python
Denial of service vulnerability
Updated mod_python packages that fix a denial of service
vulnerability are now available for Red Hat Linux.
http://www.linuxsecurity.com/advisories/redhat_advisory-4084.html
2/26/2004 - libxml2
Buffer overflow vulernability
Updated libxml2 packages that fix an overflow when parsing remote
resources are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4085.html
2/26/2004 - mod_python
Denial of service vulnerability
Updated mod_python packages that fix a denial of service
vulnerability are now available for Red Hat Enterprise Linux.
http://www.linuxsecurity.com/advisories/redhat_advisory-4089.html
2/26/2004 - libxml2
Improper parse vulnerability
Updated libxml2 packages that fix an overflow when parsing remote
resources are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4090.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
2/23/2004 - XFree86
Multiple vulnerabilities
Successful exploitation of these bugs leads to local root access.
http://www.linuxsecurity.com/advisories/suse_advisory-4080.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
2/23/2004 - kernel
2.2.25 Privilege escalation vulnerability
Through this hole, it is possible for anyone with a local account
on the system to gain root privileges. This is the kernel 2.2.25
counterpart to the security hole fixed in TSLSA-2004-0007.
http://www.linuxsecurity.com/advisories/trustix_advisory-4070.html
+---------------------------------+
| Distribution: Turbolinux | ----------------------------//
+---------------------------------+
2/23/2004 - kernel
Privilege escalation vulnerability
A Linux memory management subsystem (mremap) issue has been
discovered in kernel 2.4.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-4071.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
