+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 14th, 2004 Volume 5, Number 20a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for lha, rsync, film, exim, mc,
OpenSSL, heimdal, libneon, clamav, utempter, propftd, apache2, systrace,
cvs, procfs, libpng, openoffice, kernel, sysklogd, and live. The
distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake,
NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.
----
>> Need to Secure Multiple Domain or Host Names? <<
Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital
certificates.
Download a guide to learn more:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06
----
Why Security
As security professionals and systems administrators we often forget
exactly why we're adding additional security. In the daily grime of
configuring firewalls, intrusion detection systems, and other controls, we
tend to loose sight of the real objective. In any organization the
purpose of information security is to support long-term growth and
stability, and ensuring confidentiality, integrity, and availability. In
a business environment, information security is critical.
A typical business objective is to maximize profit, while having a high
and sustainable rate of growth. Today, businesses are increasingly
dependent on IT to support the automation of tasks, and e-Business
functions. Email and Web access are no longer just a 'nice thing to
have,' they are a necessity. With this, comes increased risks.
Information is an essential resource for all businesses, and is often a
key factor for achieving business goals. Having the right information in
the hands of the right people, at the right time is a critical success
factor. It could be the difference between success and failure. Today,
businesses are so dependent on IT that if any event interrupted service,
productivity would grind to a halt. In many cases, doing a task manually
is no longer an option or even possible.
We have information security initiatives in business to help prevent those
catastrophic occurrences. We must also realize it is impossible to
prevent every incident. With that in mind, it is important to have a plan
to appropriately deal with situations as they occur, possibly limiting any
consequential damage. Information security is about maintaining
confidentiality, integrity, and availability with appropriate controls.
It is not about having the latest-and-greatest experimental technology.
Although fun to play with, it is important to keep the real objectives in
mind.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
----
Guardian Digital Security Solutions Win Out At Real World Linux
Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out
successes.
http://www.linuxsecurity.com/feature_stories/feature_story-164.html
--------------------------------------------------------------------
Interview with Siem Korteweg: System Configuration Collector
In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.
http://www.linuxsecurity.com/feature_stories/feature_story-162.html
--------------------------------------------------------------------
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
5/10/2004 - lha
Multiple vulnerabilities
Specially crafted LHarc archives, when processed by lha, may
execute arbitrary code or overwrite arbitrary files.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4322.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
5/10/2004 - rsync
Directory traversal vulneraiblity
Patch fixes issue where a remote user could cause an rsync daemon
to write files outside of the intended directory tree unless
'chroot' option is on.
http://www.linuxsecurity.com/advisories/debian_advisory-4319.html
5/10/2004 - flim
Insecure temporary file vulnerability
This vulnerability could be exploited by a local user to overwrite
files with the privileges of the user running emacs.
http://www.linuxsecurity.com/advisories/debian_advisory-4320.html
5/10/2004 - exim
Buffer overflow vulnerabilities
Neither of these stack-based buffer overflows is exploitable with
the default Debian configuration.
http://www.linuxsecurity.com/advisories/debian_advisory-4321.html
5/12/2004 - exim-tls Buffer overflow vulnerabilities
Buffer overflow vulnerabilities
These can not be exploited with the default configuration from the
Debian system.
http://www.linuxsecurity.com/advisories/debian_advisory-4330.html
5/13/2004 - mah-jong Denial of service vulnerability
Buffer overflow vulnerabilities
A problem has been discovered in mah-jong that can be utilised to
crash the game server after dereferencing a NULL pointer.
http://www.linuxsecurity.com/advisories/debian_advisory-4336.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
5/10/2004 - mc
Multiple vulnerabilities
Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander.
http://www.linuxsecurity.com/advisories/fedora_advisory-4317.html
5/10/2004 - OpenSSL
Denial of service vulnerability
Testing uncovered a bug in older versions of OpenSSL 0.9.6 prior
to 0.9.6d that can lead to a denial of service attack (infinite
loop).
http://www.linuxsecurity.com/advisories/fedora_advisory-4318.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
5/10/2004 - heimdal
Cross-realm trust vulnerability
It is possible for the Key Distribution Center (KDC) of a realm to
forge part or all of the `transited' field to fake zone
trustedness.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4315.html
5/10/2004 - crypto_heimdal
Heap overflow vulnerability
A remote attacker may send a specially formatted message to
k5admind, causing it to crash or possibly resulting in arbitrary
code execution.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4316.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/10/2004 - LHa
Multiple vulnerabilities
Patch corrects two stack-based buffer overflows and two directory
traversal problems in LHa.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4313.html
5/10/2004 - libneon
Format string vulnerabilities
Allows malicious WebDAV server to execute arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4314.html
5/12/2004 - ClamAV
Privilege escalation vulnerability
With a specific configuration Clam AntiVirus is vulnerable to an
attack allowing execution of arbitrary commands.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4328.html
5/12/2004 - OpenOffice.org Format string vulnerabilities
Privilege escalation vulnerability
Several format string vulnerabilities are present in the Neon
library allowing remote execution of arbitrary code when connected
to an untrusted WebDAV server.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4329.html
5/13/2004 - utempter
Insecure temporary file vulnerability
Utempter contains a vulnerability that may allow local users to
overwrite arbitrary files via a symlink attack.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4335.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
5/10/2004 - proftpd
Access control escape vulnerability
CIDR ACLs in version 1.2.9 allow access even to files and
directories that are otherwise specifically denied.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4312.html
5/12/2004 - rsync
Directory traversal vulnerability
Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot, allows remote attackers to
write files outside of the module's path.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4326.html
5/12/2004 - apache2
Denial of service vulnerability
A memory leak in mod_ssl in the Apache HTTP Server prior to
version 2.0.49 allows a remote denial of service attack against an
SSL-enabled server.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4327.html
+---------------------------------+
| Distribution: NetBSD | ----------------------------//
+---------------------------------+
5/13/2004 - systrace
Privilege escalation vulnerability
A local user that is allowed to use /dev/systrace can obtain root
access.
http://www.linuxsecurity.com/advisories/netbsd_advisory-4334.html
+---------------------------------+
| Distribution: OpenBSD | ----------------------------//
+---------------------------------+
5/10/2004 - cvs
Pathname validation vulnerabilities
Patches for both client and server prevent file creation and
modification outside of allowed directories.
http://www.linuxsecurity.com/advisories/openbsd_advisory-4311.html
5/13/2004 - procfs
Incorrect bounds checking vulnerability
Incorrect bounds checking in several procfs functions could allow
an unprivileged malicious user to read arbitrary kernel memory.
http://www.linuxsecurity.com/advisories/openbsd_advisory-4332.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
5/10/2004 - utempter
Temporary file vulnerability
Utemper can be userd to overwrite privileged files with symlink.
http://www.linuxsecurity.com/advisories/redhat_advisory-4300.html
5/10/2004 - libpng
Denial of service vulnerability
An attacker could carefully craft a PNG file in such a way that it
would cause an application linked to libpng to crash when opened
by a victim.
http://www.linuxsecurity.com/advisories/redhat_advisory-4301.html
5/10/2004 - OpenOffice
Format string vulnerability
An attacker could create a malicious WebDAV server in such a way
as to allow arbitrary code execution on the client should a user
connect to it using OpenOffice.
http://www.linuxsecurity.com/advisories/redhat_advisory-4302.html
5/10/2004 - mc
Multiple vulnerabilities
This patch corrects many vulnerabilities of Midnight Commander.
http://www.linuxsecurity.com/advisories/redhat_advisory-4303.html
5/12/2004 - kernel
Multiple vulnerabilities
This patches the 2.4.x kernel for a wide variety of platforms to
fix a large number of bugs, including several with security
implications.
http://www.linuxsecurity.com/advisories/redhat_advisory-4324.html
5/12/2004 - ipsec-tools Multiple vulnerabilities
Multiple vulnerabilities
This patch fixes three seperate vulnerabilities in IPSec under Red
Hat.
http://www.linuxsecurity.com/advisories/redhat_advisory-4325.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
5/10/2004 - rsync
Improper write access vulnerability
When running an rsync server without the chroot option it is
possible for an attacker to write outside of the allowed
directory.
http://www.linuxsecurity.com/advisories/slackware_advisory-4306.html
5/10/2004 - sysklogd
Denial of service vulnerability
New sysklogd packages are available for Slackware 8.1, 9.0, 9.1,
and -current to fix a security issue where a user could cause
syslogd to crash.
http://www.linuxsecurity.com/advisories/slackware_advisory-4307.html
5/10/2004 - xine-lib Arbitrary code execution vulnerability
Denial of service vulnerability
Playing a specially crafted Real RTSP stream could run malicious
code as the user playing the stream.
http://www.linuxsecurity.com/advisories/slackware_advisory-4308.html
5/10/2004 - libpng
Denial of service vulnerability
libpng could be caused to crash, creating a denial of service
issue if network services are linked with it.
http://www.linuxsecurity.com/advisories/slackware_advisory-4309.html
5/10/2004 - lha
Multiple vulneraiblities
Fixes buffer overflows and directory traversal vulnerabilities.
http://www.linuxsecurity.com/advisories/slackware_advisory-4310.html
5/13/2004 - apache
Multiple vulnerabilities
Patch corrects denial of service and shell escape vulnerabilities.
http://www.linuxsecurity.com/advisories/slackware_advisory-4333.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
5/10/2004 - kernel
Multiple vulnerabilities
This patch fixes a large number of minor vulnerabilities and bugs
related to the SuSE 8.1 and SuSE 9.0 kernels.
http://www.linuxsecurity.com/advisories/suse_advisory-4304.html
5/10/2004 - Live
CD 9.1 Passwordless superuser
A configuration error on the Live CD allows for a passwordless,
remote root login to the system via ssh, if the computer has
booted from the Live CD and if it is connected to a network.
http://www.linuxsecurity.com/advisories/suse_advisory-4305.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
