+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | April 16th, 2004 Volume 5, Number 16a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for apache, the Linux kernel, mysql, xonix, ssmtp, openoffice, squid, cvs, Heimdal, iproute, pwlib, scorched, tcpdump, cadaver, and mailman. The distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE. ---- >> Secure Online Data Transfer with SSL << Get Thawte's new introductory guide to SSL security which covers the basics of how it operates. A discussion of the various applications of SSL certificates and their appropriate deployment is also included along with details of how to test SSL on your web server. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte02 ---- Professional Associations Those of you who have been in the IT industry for years are probably already familiar with most professional organizations. Some of the more popular include ISSA (Information Systems Security Association), USENIX/SAGE, ACM, IAPSC, and countless others. Most organizations require its members to pay dues, but that is not without value. Because there are so many different organizations, it is a better idea to pick one or two and get heavily involved. Many organizations are worldwide, but have local chapters. This provides many opportunities for benefit. Did you ever wish you knew the right people? Local chapter meetings are great for professional networking. Some organizations have quarterly meetings, others hold them monthly. Chapter events are a great opportunity to meet people that have similar interests and needs. If you are in search for a specific security solution, often you will find someone at a meeting who can offer it. Conversely, if you're a business owner and wish to extend your services, meetings can be helpful. Organizations such as the ISSA offer educational benefits. Usually meetings include a lecture that is centered around an information security topic. Other meetings can include practical demonstrations and round-table discussions. Also, ad hoc study groups are often formed to prepare for certification exams. Do you need additional credentials on your resume/cv? Do you wish you could prove to management that you are ready for a leadership position? Professional organizations also offer its members the chance to lead. Positions such as chapter president, vice president, secretary, etc. open for election each year. Although time consuming, it can be a worthwhile commitment. Finally, most professional organizations have monthly/quarterly journals that are written by members. Rather than being subject to corporate pressures, you'll find the articles in these journals are of high quality and relatively unbiased. Usually you can also find archives of past papers/publications on each organization's Web site. For more information about some of the professional organizations that I've mentioned, please see the following Web sites: Information Systems Security Association http://www.issa.org Association for Computing Machinery http://www.acm.org USENIX/SAGE http://www.usenix.org International Association of Professional Security Consultants http://www.iapsc.org/ Until next time, cheers! Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx ---- Guardian Digital Launches Next Generation Internet Defense & Detection System Guardian Digital has announced the first fully open source system designed to provide both intrusion detection and prevention functions. Guardian Digital Internet Defense & Detection System (IDDS) leverages best-in-class open source applications to protect networks and hosts using a unique multi-layered approach coupled with the security expertise and ongoing security vigilance provided by Guardian Digital. http://www.linuxsecurity.com/feature_stories/feature_story-163.html -------------------------------------------------------------------- Interview with Siem Korteweg: System Configuration Collector In this interview we learn how the System Configuration Collector (SCC) project began, how the software works, why Siem chose to make it open source, and information on future developments. http://www.linuxsecurity.com/feature_stories/feature_story-162.html -------------------------------------------------------------------- >> Internet Productivity Suite: Open Source Security << Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10 --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 4/12/2004 - 'mod_python' DoS This update fixes a remote denial of service vulnerabiliy in Apache web-servers which have mod_python enabled. http://www.linuxsecurity.com/advisories/conectiva_advisory-4216.html 4/13/2004 - 'squid' ACL bypass vulnerability This update fixes a vulnerability that allows a malicious user to bypass url_regex ACLs by using a specially crafted URL. http://www.linuxsecurity.com/advisories/conectiva_advisory-4217.html 4/14/2004 - apache Multiple vulnerabilities Patch corrects non-filtered escape sequences and a DoS attack. http://www.linuxsecurity.com/advisories/conectiva_advisory-4219.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 4/14/2004 - kernel Multiple vulnerabilities This is three advisories in one, each for the same group of kernel 2.4.x vulnerabilities. The first is for the PA-RISC architecture, the second for the IA-64 architecture, and the third for the PowerPC/apus and S/390 architectures. http://www.linuxsecurity.com/advisories/debian_advisory-4229.html 4/14/2004 - mysql Insecure temporary file vulnerabilities Two scripts contained in the package don't create temporary files in a secure fashion, which could lead to a root exploit. http://www.linuxsecurity.com/advisories/debian_advisory-4230.html 4/15/2004 - kernel 2.4.18 Multiple vulnerabilities Here is a patch release specifically for kernel 2.4.18 on the i386 architecture, fixing multiple kernel security issues, and fixing a build error from a previous patch to same. http://www.linuxsecurity.com/advisories/debian_advisory-4231.html 4/15/2004 - xonix Privilege retention vulnerability A local attacker could exploit this vulnerability to gain gid "games". http://www.linuxsecurity.com/advisories/debian_advisory-4232.html 4/15/2004 - ssmtp Format string vulnerability These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root). http://www.linuxsecurity.com/advisories/debian_advisory-4233.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 4/14/2004 - kernel Multiple vulnerabilities This patch fixes a variety of buffer overflow and information leak vulnerabilities. http://www.linuxsecurity.com/advisories/fedora_advisory-4228.html 4/15/2004 - kernel Corrected md4sums Something went wrong with the md5sums in yesterdays announcement. http://www.linuxsecurity.com/advisories/fedora_advisory-4234.html 4/15/2004 - openoffice Multiple format string vulnerabilities This patch fixes vulnerabilities that may allow execution of arbitrary code, as well as other bugfixes. http://www.linuxsecurity.com/advisories/fedora_advisory-4238.html 4/15/2004 - squid 2.5 ACL escape vulnerability This is a backport of an older patch which prevented crafted URLs from being able to ignore Squid's ACLs. http://www.linuxsecurity.com/advisories/fedora_advisory-4239.html +---------------------------------+ | Distribution: FreeBSD | ----------------------------// +---------------------------------+ 4/15/2004 - cvs Chroot escape vulnerability This patch fixes two cvs errors, one with the client and one with the server. Both allow chroot escapes. http://www.linuxsecurity.com/advisories/freebsd_advisory-4240.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 4/9/2004 - Heimdal Cross-realm scripting vulnerability Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path. http://www.linuxsecurity.com/advisories/gentoo_advisory-4211.html 4/9/2004 - iproute Denial of service vulnerability The iproute package allows local users to cause a denial of service. http://www.linuxsecurity.com/advisories/gentoo_advisory-4212.html 4/9/2004 - pwlib Multiple vulnerabilities Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack. http://www.linuxsecurity.com/advisories/gentoo_advisory-4213.html 4/9/2004 - Scorched 3D Format string attack vulnerability Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-4214.html 4/15/2004 - cvs Multiple vulnerabilities There are two vulnerabilities in CVS; one in the server and one in the client. These vulnerabilities allow the reading and writing of arbitrary files on both client and server. http://www.linuxsecurity.com/advisories/gentoo_advisory-4235.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 4/9/2004 - ipsec-tools Signature non-verification vulnerability Multiple vulnerabilities Racoon does not verify the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to verify the client's signature. http://www.linuxsecurity.com/advisories/mandrake_advisory-4215.html 4/14/2004 - cvs Chroot escape vulnerability A maliciously configured server could then create any file with content on the local user's disk. http://www.linuxsecurity.com/advisories/mandrake_advisory-4226.html 4/14/2004 - kernel Multiple vulnerabilities This patch fixes a large variety of kernel bugs, including an assortment of filesystem related vulnerabilities. http://www.linuxsecurity.com/advisories/mandrake_advisory-4227.html 4/15/2004 - tcpdump Multiple vulnerabilities Corrects out of bounds read and DoS attack. http://www.linuxsecurity.com/advisories/mandrake_advisory-4236.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 4/14/2004 - cvs Chroot escape vulnerability Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4222.html 4/14/2004 - cadaver Multiple format string vulnerabilities An updated cadaver package that fixes a vulnerability in neon exploitable by a malicious DAV server is now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4223.html 4/14/2004 - mailman Denial of service vulnerability An updated mailman package that closes a DoS vulnerability in mailman introduced by RHSA-2004:019 is now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4224.html 4/14/2004 - OpenOffice Multiple format string vulnerabilities An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client. http://www.linuxsecurity.com/advisories/redhat_advisory-4225.html 4/15/2004 - subversion Multiple format string vulnerabilities An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client connecting via subserversion. http://www.linuxsecurity.com/advisories/redhat_advisory-4237.html +---------------------------------+ | Distribution: Suse | ----------------------------// +---------------------------------+ 4/14/2004 - kernel Multiple vulnerabilities Two vulnerabilities, one involving symlink names and one involving the JFS filesystem, can both be used to gain root privileges. http://www.linuxsecurity.com/advisories/suse_advisory-4220.html 4/14/2004 - cvs Chroot escape vulnerability Patches an ability for a rogue CVS server to remotely create arbitrary absolute-path files with the user's permission. http://www.linuxsecurity.com/advisories/suse_advisory-4221.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------