+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 21st, 2004 Volume 5, Number 21a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for heimdal, cvs, neon, cadaver,
libpng, iproute, lha, mailman, kdelibs, tcpdump, utempter, subversion,
exim, Pound, ProFTPD, Icecast, libuser, passwd, apache, kdelibs, mc,
rsync, the and kernel. The distributors include Debian, Fedora, FreeBSD,
Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.
----
>> NEW Step-by-Step SSL Guide for Apache from Thawte <<
Thawtes new guide will show you how to test, purchase, install and use a
Thawte Digital Certificate on your Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.
Download a guide to learn more:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawten06
----
Security Failure
Over the years computer systems and networks of all types have been the
object of attack and compromise. Generally, systems that are compromised
have similar characteristics. I will focus on some of the more common
shortcomings. First, failure to have adequate security policies and
procedures. What information assets should be protected? Who and what
are they being protected from, and how should they be protected? All
these questions should be addressed formally. A security policy provides
direction and justification. Next, poor system logging and auditing. On
many occasions, system administrators fail to review log files. If the
job is too big to do it manually, there are many automated tools that will
do a fine job. Knowing the network and its traffic patterns intimately
can have many advantages.
Failure to patch vulnerable services or applications in a timely fashion
is a major contributor. Begin testing patches as soon as they are
publicly available. After it has been determined stable, roll the changes
out to production. Also, don't forget to verify those MD5s! Next, poor
password generation and management can be troublesome. It is important to
be sure that users are choosing and using strong passwords. Often, this
is the only form of control used. Remember, weak passwords or bad key
management practices can circumvent even the strongest cryptography
schemes.
Unused software/tools/commands should be removed, and network services
should be disabled. If it is not there, it can't be exploited. You'll
find that this is one technique that many hardened distributions (such as
EnGarde Linux) use. A Web server does not need X11, games, etc. The
system should be built for one purpose, exposing it to the least amount of
risk. It is also important to ensure that all configurations are correct.
On many distributions, the default settings are generally calibrated for
usability, rather than high security. It is up to you to do the necessary
research to find out what changes must be made. This also brings up the
point of removing or disabling any pre-installed accounts or default
passwords.
Finally, it is imperative that the system is protected from remote network
attacks. A properly configured, restrictive, firewall can go a long way
in improving a systems security posture. In several situations, I've seen
companies with firewalls that virtually allow all traffic through. Over
time, service by service, new rules are added after each complaint.
Rather than provide strong security, it only gives false assurance. By
taking simple precautions, security can greatly be improved. Give your
valuable information the protection it deserves.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
----
Guardian Digital Security Solutions Win Out At Real World Linux
Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out
successes.
http://www.linuxsecurity.com/feature_stories/feature_story-164.html
--------------------------------------------------------------------
Interview with Siem Korteweg: System Configuration Collector
In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.
http://www.linuxsecurity.com/feature_stories/feature_story-162.html
--------------------------------------------------------------------
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
5/18/2004 - heimdal
Buffer overflow vulnerability
This problem could perhaps be exploited to cause the daemon to
read a negative amount of data which could lead to unexpected
behaviour.
http://www.linuxsecurity.com/advisories/debian_advisory-4347.html
5/19/2004 - cvs
Heap overflow vulnerability
Stefan Esser discovered a heap overflow in the CVS server, which
serves the popular Concurrent Versions System.
http://www.linuxsecurity.com/advisories/debian_advisory-4375.html
5/19/2004 - neon
Heap overflow vulnerability
User input is copied into variables not large enough for all
cases. This can lead to an overflow of a static heap variable.
http://www.linuxsecurity.com/advisories/debian_advisory-4376.html
5/19/2004 - cadaver
Heap overflow vulnerability
User input is copied into variables not large enough for all
cases. This can lead to an overflow of a static heap variable.
http://www.linuxsecurity.com/advisories/debian_advisory-4377.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
5/14/2004 - libpng
1.2.2 Information leak vulnerability
Fixes a possible out-of-bounds read in the error message handler.
http://www.linuxsecurity.com/advisories/fedora_advisory-4340.html
5/14/2004 - libpng
1.0.13 Information leak
Fixes a possible out-of-bounds read in the error message handler.
http://www.linuxsecurity.com/advisories/fedora_advisory-4341.html
5/14/2004 - iproute
Denial of service vulnerability
iproute 2.4.7 and earlier allows local users to cause a denial of
service via spoofed messages as other users to the kernel netlink
interface.
http://www.linuxsecurity.com/advisories/fedora_advisory-4342.html
5/14/2004 - lha
Multiple vulnerabilities
Ulf Hrnhammar discovered two stack buffer overflows and two
directory traversal flaws in LHA.
http://www.linuxsecurity.com/advisories/fedora_advisory-4343.html
5/18/2004 - mailman
Cross-site scripting vulnerability
A cross-site scripting (XSS) vulnerability exists in the admin CGI
script for Mailman before 2.1.4.
http://www.linuxsecurity.com/advisories/fedora_advisory-4353.html
5/18/2004 - neon
Format string vulnerabilities
Exploiting these bugs may allow remote malicious WebDAV servers to
execute arbitrary code.
http://www.linuxsecurity.com/advisories/fedora_advisory-4354.html
5/18/2004 - cvs
Chroot escape vulnerability
The client for CVS before 1.11.15 allows a remote malicious CVS
server to create arbitrary files by using absolute pathnames
during checkouts or updates.
http://www.linuxsecurity.com/advisories/fedora_advisory-4355.html
5/18/2004 - kdelibs
Multiple vulnerabilities
An attacker could create a carefully crafted link such that when
opened by a victim it creates or overwrites a file in the victims
home directory.
http://www.linuxsecurity.com/advisories/fedora_advisory-4356.html
5/19/2004 - tcpdump
Denial of service vulnerability
Upon receiving specially crafted ISAKMP packets, TCPDUMP would try
to read beyond the end of the packet capture buffer and
subsequently crash.
http://www.linuxsecurity.com/advisories/fedora_advisory-4368.html
5/19/2004 - utempter
Insecure temporary file vulnerability
An updated utempter package that fixes a potential symlink
vulnerability is now available.
http://www.linuxsecurity.com/advisories/fedora_advisory-4369.html
5/19/2004 - kdelibs
Insufficient input sanitation
An attacker could create a carefully crafted link such that when
opened by a victim it creates or overwrites a file in the victims
home directory.
http://www.linuxsecurity.com/advisories/fedora_advisory-4370.html
5/19/2004 - cvs
Heap overflow vulnerability
Stefan Esser discovered a flaw in cvs where malformed "Entry"
lines could cause a heap overflow.
http://www.linuxsecurity.com/advisories/fedora_advisory-4371.html
5/19/2004 - neon
Heap overflow vulnerability
An attacker could create a malicious WebDAV server in such a way
as to allow arbitrary code execution on the client, such as
cadaver.
http://www.linuxsecurity.com/advisories/fedora_advisory-4372.html
5/19/2004 - subversion
Buffer overflow vulnerability
An attacker could send malicious requests to a Subversion server
and perform arbitrary execution of code.
http://www.linuxsecurity.com/advisories/fedora_advisory-4373.html
5/19/2004 - ipsec-tools Denial of service vulnerability
Buffer overflow vulnerability
A crafted ISAKMP header can cause racoon to crash.
http://www.linuxsecurity.com/advisories/fedora_advisory-4374.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
5/19/2004 - cvs
Heap overflow vulnerability
Malformed data can cause a heap buffer to overflow, allowing the
client to overwrite arbitrary portions of the server's memory.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4367.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/14/2004 - exim
Buffer overflow vulnerabiity
When the verify=header_syntax option is set, there is a buffer
overflow in Exim that allows remote execution of arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4344.html
5/14/2004 - libpng
Denial of service vulnerability
A bug in the libpng library can be abused using a crafted .png to
crash programs making use of that library.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4345.html
5/19/2004 - Pound
Format string vulnerability
There is a format string flaw in Pound, allowing remote execution
of arbitrary code with the rights of the Pound process.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4363.html
5/19/2004 - ProFTPD
ACL bypass vulnerability
Version 1.2.9 of ProFTPD introduced a vulnerability that causes
CIDR-based Access Control Lists automatically allow remote users
full access to available files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4364.html
5/19/2004 - Icecast
Denial of service vulnerability
Icecast is vulnerable to a denial of service attack allowing
remote users to crash the application.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4365.html
5/19/2004 - KDE
Insufficient input sanitation
Vulnerabilities in KDE URI handlers makes your system vulnerable
to various attacks.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4366.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
5/18/2004 - libuser
Denial of service vulnerability
Steve Grubb discovered a number of problems in the libuser library
that can lead to a crash in applications linked to it, or
possibly write 4GB of garbage to the disk.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4350.html
5/18/2004 - passwd
Multiple vulnerabilities
Passwords given to passwd via stdin are one character shorter than
they are supposed to be. He also discovered that pam may not have
been sufficiently initialized to ensure safe and proper operation.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4351.html
5/18/2004 - apache
Multiple vulnerabilities
Patch fixes four seperate apache vulnerabilities.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4352.html
5/19/2004 - kdelibs
Insufficient input sanitation
This vulnerability can allow remote attackers to create or
truncate arbitrary files.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4360.html
5/19/2004 - cvs
Buffer overflow vulnerability
Stefan Esser discovered that malformed "Entry" lines can be used
to overflow malloc()ed memory in a way that can be remotely
exploited.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4361.html
5/19/2004 - libneon
Heap overflow vulnerability
It was discovered that in portions of neon can be used to overflow
a static heap variable.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4362.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
5/18/2004 - kdelibs
Multiple vulnerabilities
Updated kdelibs packages that fix telnet URI handler and mailto
URI handler file vulnerabilities are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4348.html
5/19/2004 - cvs
Buffer overflow vulnerability
An updated cvs package that fixes a server vulnerability that
could be exploited by a malicious client is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4358.html
5/19/2004 - cadaver
Heap overflow vulnerability
An updated cadaver package is now available that fixes a
vulnerability in neon which could be exploitable by a malicious
DAV server.
http://www.linuxsecurity.com/advisories/redhat_advisory-4359.html
5/19/2004 - mc
Multiple vulnerabilities
Updated mc packages that resolve several buffer overflow
vulnerabilities, one format string vulnerability and several
temporary file creation vulnerabilities are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4378.html
5/19/2004 - rsync
Chroot escape vulnerability
An updated rsync package that fixes a directory traversal security
flaw is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4379.html
5/19/2004 - libpng
Denial of service vulnerability
An attacker could carefully craft a PNG file in such a way that it
would cause an application linked to libpng to crash when opened
by a victim.
http://www.linuxsecurity.com/advisories/redhat_advisory-4380.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
5/17/2004 - mc
Multiple vulnerabilities
These could lead to a denial of service or the execution of
arbitrary code as the user running mc.
http://www.linuxsecurity.com/advisories/slackware_advisory-4346.html
5/18/2004 - kdelibs
Multiple vulnerabilities
The telnet, rlogin, ssh and mailto URI handlers in KDE do not do
sufficient argument checking, allowing improper passing of
arguments.
http://www.linuxsecurity.com/advisories/slackware_advisory-4349.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
5/14/2004 - mc
Multiple vulnerabilities
This patch fixes buffer overflows, temporary file problems and
format string bugs associated with Midnight Commander.
http://www.linuxsecurity.com/advisories/suse_advisory-4339.html
5/19/2004 - cvs
Buffer overflow vulnerability
Stefan Esser reported buffer overflow conditions within the cvs
program.
http://www.linuxsecurity.com/advisories/suse_advisory-4357.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
5/14/2004 - apache
Multiple vulnerabilities
This patch addresses a wide variety of known apache
vulnerabilities.
http://www.linuxsecurity.com/advisories/trustix_advisory-4337.html
5/14/2004 - kernel
Privilege escalation vulnerability
Patch corrects a local root exploit.
http://www.linuxsecurity.com/advisories/trustix_advisory-4338.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
