+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 28th, 2004 Volume 5, Number 22a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes point
This week, advisories were released for libneon, mailman, kde, xpcd,
kdepim, httpd, SquirrelMail, cvs, neon, subversion, cadaver, metamail,
firebird, opera, mysql, mc, apache, heimdal, kernel, utempter, and LHA.
The distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo,
Mandrake, OpenBSD, Red Hat, Slackware, SuSE, and TurboLinux.
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
----
Internal and External Audit
One of the most important but overlooked aspects of information security
is auditing. All servers have been hardened, all patches installed,
access is regularly monitored, but can one be sure all of those
countermeasures are effective? Auditing is an independent review to form
an opinion. It can provide assurance that the security controls in place
are doing their job. It is important to conduct both internal and
external, each having their own advantages. Auditing is increasingly
becoming top-management priority because of the increased reliance on IT,
increased system complexity, and increased concern for security. Also,
many laws are requiring it as a necessary business function to achieve
compliance.
Internal audit is a tool that can be used to give assurance to managers
and other personnel. It provides the ability to compare the security
policies, procedures, and practices being used with those in a standard or
best practices. It gives management the ability to make comparisons
between different departments and divisions. From an IT security point of
view, it identifies areas that need attention and can provide information
on how to improve overall security. It is always better to identify and
fix problems found internally, rather than in external audits.
External audits are conducted by third parties and can be used to give
assurance to other parties such as share-holders, the board of directors,
or partner companies. External audits can provide the information
necessary to make comparisons between other companies (if the data is
available) or industry standards. The process of auditing produces reports
that are issued to management and are written in a way that they can
understand and address. It involves translating technical risks into
business language. Generally, audit reports summarize the current
situation, compare that with what the standards say, and provide direction
on how to achieve compliance. Auditing can provide the information
required for implementing new security controls, conducting a risk
analysis, and special internal investigations.
Pentesting and vulnerability assessments are another essential aspect of
auditing. It is necessary to check system security from an intruder's
perspective. Auditors should ask who, what, when, where, and how.
Timelines should be compiled, system logs should be reviewed, and
personnel should be interviewed. Rather than only hoping a system is
secure, auditing can provide a level of assurance that will help you sleep
better at night.
Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx
----
Guardian Digital Security Solutions Win Out At Real World Linux
Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out
successes.
http://www.linuxsecurity.com/feature_stories/feature_story-164.html
--------------------------------------------------------------------
Interview with Siem Korteweg: System Configuration Collector
In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.
http://www.linuxsecurity.com/feature_stories/feature_story-162.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
5/25/2004 - libneon
Heap overflow vulnerability
libneon library which could be abused by remote WebDAV servers to
execute arbitrary code on the client accessing these servers.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4397.html
5/27/2004 - mailman
Multiple vulnerabilities
Fixes cross site scripting and remote password retrieval
vulnerabilities, plus a denial of service.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4409.html
5/27/2004 - kde
Insufficient input sanitation
The telnet, rlogin, ssh and mailto URI handlers in KDE do not
check for '-' at the beginning of the hostname passed.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4410.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
5/25/2004 - xpcd
Buffer overflow vulnerability
Bug allows copy of user-supplied data of arbitrary length into a
fixed-size buffer in the pcd_open function.
http://www.linuxsecurity.com/advisories/debian_advisory-4396.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
5/25/2004 - kdepim
Buffer overflow vulnerability
An attacker could construct a VCF file so that when it was opened
by a victim it would execute arbitrary commands.
http://www.linuxsecurity.com/advisories/fedora_advisory-4394.html
5/25/2004 - httpd
Multiple vulnerabilities
Fixes an exploitable memory leak and escapable error-log output.
http://www.linuxsecurity.com/advisories/fedora_advisory-4395.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
5/27/2004 - core:sys Buffer cache invalidation vulnerability
Multiple vulnerabilities
In some situations, a user with read access to a file may be able
to prevent changes to that file from being committed to disk.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4408.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
5/25/2004 - SquirrelMail
Cross-site scripting vulnerabilities
SquirrelMail is subject to several XSS and one SQL injection
vulnerability.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4381.html
5/25/2004 - cvs
Heap overflow vulnerability
CVS is subject to a heap overflow vulnerability allowing source
repository compromise.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4382.html
5/25/2004 - neon
Heap overflow vulnerability
A vulnerability potentially allowing remote execution of arbitrary
code has been discovered in the neon library.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4383.html
5/25/2004 - Subversion
Format string vulnerability
There is a vulnerability in the Subversion date parsing code which
may lead to denial of service attacks, or execution of arbitrary
code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4384.html
5/25/2004 - cadaver
Heap overflow vulnerability
There is a heap-based buffer overflow, possibly leading to
execution of arbitrary code when connected to a malicious server.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4385.html
5/25/2004 - metamail
Multiple vulnerabilities
Several format string bugs and buffer overflows were discovered in
metamail, potentially allowing execution of arbitrary code
remotely.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4386.html
5/25/2004 - Firebird
Buffer overflow vulnerability
A buffer overflow may allow a local user to manipulate or destroy
local databases and trojan the Firebird binaries.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4387.html
5/25/2004 - Opera
Insufficient input sanitation
A vulnerability exists in Opera's telnet URI handler that may
allow a remote attacker to overwrite arbitrary files.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4388.html
5/27/2004 - MySQL
Symlink vulnerability
Two MySQL utilities create temporary files with hardcoded paths,
allowing an attacker to use a symlink to trick MySQL into
overwriting important data.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4404.html
5/27/2004 - mc
Multiple vulnerabilities
Multiple security issues have been discovered in Midnight
Commander including several buffer overflows and string format
vulnerabilities.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4405.html
5/27/2004 - Apache
1.3 Multiple vulnerabilities
Several security vulnerabilites have been fixed in the latest
release of Apache 1.3.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4406.html
5/27/2004 - Heimdal
Buffer overflow vulnerability
A possible buffer overflow in the Kerberos 4 component of Heimdal
has been discovered.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4407.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
5/25/2004 - apache-mod_perl Multiple vulnerabilities
Buffer overflow vulnerability
Four security vulnerabilities were fixed with the 1.3.31 release
of Apache. All of these issues have been backported and applied
to the provided packages.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4392.html
5/25/2004 - kernel
2.6 Multiple vulnerabilities
Several kernel 2.6 vulnerabilities have been fixed in this update.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4393.html
5/27/2004 - mailman
Password leak vulnerability
Mailman versions >= 2.1 have an issue where 3rd parties can
retrieve member passwords from the server.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4402.html
5/27/2004 - kolab-server Plain text passwords
Password leak vulnerability
The affected versions store OpenLDAP passwords in plain text.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4403.html
+---------------------------------+
| Distribution: OpenBSD | ----------------------------//
+---------------------------------+
5/25/2004 - cvs
Heap overflow vulnerability
Malignant clients can run arbitrary code on CVS servers.
http://www.linuxsecurity.com/advisories/openbsd_advisory-4391.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
5/27/2004 - utempter
Symlink vulnerability
An updated utempter package that fixes a potential symlink
vulnerability is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4399.html
5/27/2004 - LHA
Multiple vulnerabilities
Ulf Harnhammar discovered two stack buffer overflows and two
directory traversal flaws in LHA.
http://www.linuxsecurity.com/advisories/redhat_advisory-4400.html
5/27/2004 - tcpdump,libpcap,arpwatch Denial of service vulnerability
Multiple vulnerabilities
Upon receiving specially crafted ISAKMP packets, TCPDUMP would
crash.
http://www.linuxsecurity.com/advisories/redhat_advisory-4401.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
5/25/2004 - cvs
Heap overflow vulnerability
Carefully crafted server requests to run arbitrary programs on the
CVS server machine.
http://www.linuxsecurity.com/advisories/slackware_advisory-4390.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
5/27/2004 - kdelibs/kdelibs3 Insufficient input sanitation
Heap overflow vulnerability
The URI handler of the kdelibs3 and kdelibs class library contains
a flaw which allows remote attackers to create arbitrary files as
the user utilizing the kdelibs3/kdelibs package.
http://www.linuxsecurity.com/advisories/suse_advisory-4398.html
+---------------------------------+
| Distribution: Turbolinux | ----------------------------//
+---------------------------------+
5/25/2004 - kernel
Multiple vulnerabilities
The vulnerabilities may allow an attacker to cause a denial of
service to the kernel and gain sensitive information from your
system.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-4389.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
