Linux Advisory Watch - July 2, 2004

vuln-newsletter-admins@xxxxxxxxxxxxxxxxx · Fri, 2 Jul 2004 22:30:37 -0400 (EDT)

+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  July 2, 2004                           Volume 5, Number 26a        |
+---------------------------------------------------------------------+

  Editors:	Dave Wreski			Benjamin Thomas
		dave@xxxxxxxxxxxxxxxxx		ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for apache, dhcp, kernel, mailman,
gzip, Pavuk, Esearch and libpng. The distributors include Debian, Fedora,
FreeBSD, Gentoo, Mandrake, Suse and Trustix.

-----

>> Need to Secure Multiple Domain or Host Names? <<

Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital
certificates. Click here to download our Free guide:

http://ad.doubleclick.net/clk;9362975;9674751;f

-----

Easy Administration

Each time management mandates a new project, it must immediately be
followed up with hours of research to determine the best course of action.
Important projects can often be pushed aside or delayed because those
tasked with implementation find themselves in a position of not fully
understanding the technology. A fundamental lack of understanding leads to
configuration errors and security vulnerabilities.  When EnGarde Secure
Linux is used, management can have assurance that systems are setup in the
most efficient and secure manner. Staff can then concentrate on core
competencies that accelerate business, rather than specialized skills such
as server configuration.

The free community version of EnGarde Secure Linux is available at
http://www.engardelinux.org.  After downloading the ISO, it must be burned
to a CD then installed on a dedicated machine. The installation process is
remarkably simple and can be accomplished in about 15 minutes. For
corporate users, I recommend using EnGarde Secure Professional. Users
receive source and binary CD-Roms, an annual subscription to the Guardian
Digital Secure Network, installation and configuration support, 60 days of
phone/email support, a printed configuration manual, and a quick start
reference guide.

After EnGarde is installed, simple administration tasks such as setting up
users, system access controls, and a backup schedule should be set.
EnGarde servers are managed remotely using a browser through a SSL
connection. Access to the Web interface can be restricted to specific IP
addresses if necessary. In addition to Web, DNS, and Mail configuration,
the Guardian Digital WebTool provides screens to assist with FTP, SSH,
User management, IP access controls, Tripwire, Auditing reports, and many
other typical server features.

For a detailed example on configuring a server, please see the following
URL:

http://www.linuxsecurity.com/feature_stories/feature_story-161.html

Until next time, cheers!
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx

-----

Open Source Leaving Microsoft Sitting on the Fence?

The open source model, with special regard to Linux, has no doubt become a
formidable competitor to the once sole giant of the software industry,
Microsoft. It is expected when the market share of an industry leader
becomes threatened, retaliation with new product or service offerings and
marketing campaigns refuting the claims of the new found competition are
inevitable. However, in the case of Microsoft, it seems they have not
taken a solid or plausible position on the use of open source applications
as an alternative to Windows.

http://www.linuxsecurity.com/feature_stories/feature_story-168.html

-----

Guardian Digital Launches Next Generation Secure Mail Suite

Guardian Digital, the premier open source security company, announced the
availability of the next generation Secure Mail Suite, the industry's most
secure open source corporate email system. This latest edition has been
optimized to support the changing needs of enterprise and small business
customers while continually providing protection from the latest in email
security threats.

http://www.linuxsecurity.com/feature_stories/feature_story-166.html

--------------------------------------------------------------------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 6/25/2004 - apache
   Buffer overflow vulnerability

   A remote user could potentially cause arbitrary code to be
   executed with the privileges of an Apache httpd child process (by
   default, user www-data).
   http://www.linuxsecurity.com/advisories/debian_advisory-4522.html

+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 6/25/2004 - dhcp
   Buffer overflow vulnerability

   This release fixes a buffer overflow vulnerability in the Fedora
   Core 2 dhcp-3.0.1rc12-*.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4520.html

 6/25/2004 - kernel
   Multiple vulnerabilities

   This patch fixes a large number of bugs, including the famous
   evil.c kernel crash.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4521.html

 6/30/2004 - ipsec-tools Non-authentication vulnerability
   Multiple vulnerabilities

   When configured to use X.509 certificates to authenticate remote
   hosts, ipsec-tools versions 0.3.3 and earlier will not abort the
   key exchange if the verification fails.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4529.html

 7/2/2004 - kernel
   Privilege change vulnerability

   During an audit of the Linux kernel, SUSE discovered a flaw in the
   Linux kernel that inappropriately allows an unprivileged user to
   change the group ID of a file to his/her own group ID.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4532.html

 7/2/2004 - mailman
   Password leak vulnerability

   Mailman subscriber passwords could be retrieved by a remote
   attacker.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4533.html

+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 7/2/2004 - kernel
   Improper memory access vulnerability

   It may be possible for a local attacker to read and/or overwrite
   portions of kernel memory, resulting in disclosure of sensitive
   information or potential privilege escalation.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-4531.html

+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 6/25/2004 - Apache
   1.3 Buffer overflow vulnerability

   A bug in mod_proxy may allow a remote attacker to execute
   arbitrary code when Apache is configured a certain way.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4515.html

 6/25/2004 - IPsec-Tools Non-authentication vulnerability
   1.3 Buffer overflow vulnerability

   racoon provided as part of IPsec-Tools fails do proper
   authentication.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4516.html

 6/25/2004 - gzip
   Insecure temporary file vulnerability

   gzip contain a bug potentially allowing an attacker to execute
   arbitrary commands.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4517.html

 6/25/2004 - giFT-FastTrack Denial of service vulnerability
   Insecure temporary file vulnerability

   There is a vulnerability where a carefully crafted signal sent to
   the giFT-FastTrack plugin will cause the giFT daemon to crash.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4518.html

 6/25/2004 - FreeS/WAN,Openswan,strongSwan Non-authentication vulnerabilities
   Insecure temporary file vulnerability

   FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two
   bugs when authenticating PKCS#7 certificates. This could allow an
   attacker to authenticate with a fake certificate.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4519.html

 6/30/2004 - mit-krb5 Buffer overflow vulnerabilities
   Insecure temporary file vulnerability

   These flaws could potentially lead to a complete remote system
   compromise.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4527.html

 6/30/2004 - Pavuk
   Buffer overflow vulnerability

   Pavuk contains a bug potentially allowing an attacker to run
   arbitrary code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4528.html

 7/2/2004 - Esearch
   Insecure temp file vulnerability

   Non-check for symlinks makes it possible for any user to create
   arbitrary files.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4530.html

+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 6/25/2004 - dhcp
   Buffer overflow vulnerabilities

   Exploiting these bugs can lead to denial of service or execution
   of arbitrary code.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4513.html

 6/25/2004 - kernel
   Multiple vulnerabilities

   This patch fixes the famous kernel-crash bug and includes some
   driver-related security fixes as well.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4514.html

 6/30/2004 - libpng
   Buffer overflow vulnerability

   This buffer overflow can lead to Denial of Service or even remote
   compromise.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4524.html

 6/30/2004 - apache2
   Denial of service vulnerability

   Exploiting this can lead to httpd consuming an arbitrary amount of
   memory.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4525.html

 6/30/2004 - apache
   Buffer overflow vulnerability

   If mod_proxy is in use, this can be exploited by a remote user to
   execute arbitrary code with user apache's privileges.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4526.html

+---------------------------------+
|  Distribution: Suse             | ----------------------------//
+---------------------------------+

 6/25/2004 - dhcp/dhcp-server Buffer overflow vulnerability
   Buffer overflow vulnerability

   The CERT informed us about a buffer overflow in the logging code
   of the server that can be triggered by a malicious client by
   supplying multiple hostnames.
   http://www.linuxsecurity.com/advisories/suse_advisory-4512.html

+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 6/25/2004 - libpng,mod_php4,openssl,rsync,slocate,swup Multiple vulnerabilities
   Buffer overflow vulnerability

   Lots of bugs, lots of packages.  Enjoy!
   http://www.linuxsecurity.com/advisories/trustix_advisory-4511.html

 6/30/2004 - apache,libpng,python Denial of service vulnerability
   Buffer overflow vulnerability

   The apache fix is for a bug that leaves Apache open to a DoS
   attack, the others are regular bugfixes.
   http://www.linuxsecurity.com/advisories/trustix_advisory-4523.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------