+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | September 17th, 2004 Volume 5, Number 37a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for wv, kde, zlib, webmin, cupsys, samba, gtk2, gallery, samba, sus, cdrtools, squid, apache2, mod_ssl, httpd, mc, imlib, and multi. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix. ----- SSL123 - New from Thawte Get SSL123 the new full 128-bit capable digital certificate - issued within minutes for US $159.00. Free reissues and experienced 24/5 multi-lingual support included for the life of the certificate. Click Here to Read More: http://ad.doubleclick.net/clk;9216028;9649398;b ----- Security Through Obscurity One type of security that must be discussed is 'security through obscurity'. This means that by doing something like changing the login name from 'root' to 'toor', for example, to try and obscure someone from breaking into your system as root may be thought of as a false sense of security, and can result in very unpleasant and unexpected consequences. However, it can also be used to your benefit if done properly. If you tell all the users who are authorized to use the root account on your machines to use the root equivilent instead, entries in the /var/log/secure for the real root user would surely indicate an attempted break-in, giving you some advance notice. You'll have to decide if this advantage outweighs the additional administration overhead. In most cases, though, any system attacker will quickly see through such empty security measures. Simply because you may have a small site, or relatively low profile does not mean an intruder won't be interested in what you have. We'll discuss what your protecting in the next sections. Excerpt from the LinuxSecurity Administrator's Guide: http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html Written by: Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx) ----- AIDE and CHKROOTKIT Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit. http://www.linuxsecurity.com/feature_stories/feature_story-173.html --------------------------------------------------------------------- An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com http://www.linuxsecurity.com/feature_stories/feature_story-171.html ------ --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 9/10/2004 - wv Fix for buffer overflow vulnerability iDefense discovered a buffer overflow vulnerability in the wv library. http://www.linuxsecurity.com/advisories/conectiva_advisory-4733.html 9/13/2004 - kde Fix for multiple security vulnerabilities This announcement fixes several vulnerabilities. http://www.linuxsecurity.com/advisories/conectiva_advisory-4734.html 9/13/2004 - zlib Fix for denial of service vulnerabilities A denial of service vulnerability was discovered in the zlib compression library versions 1.2.x. http://www.linuxsecurity.com/advisories/conectiva_advisory-4735.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 9/14/2004 - webmin insecure temporary directory Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside. http://www.linuxsecurity.com/advisories/debian_advisory-4736.html 9/15/2004 - cupsys denial of service Alvaro Martinez Echevarria discovered a problem in CUPS, the Common UNIX Printing System. An attacker can easily disable browsing in CUPS by sending a specially crafted UDP datagram to port 631 where cupsd is running. http://www.linuxsecurity.com/advisories/debian_advisory-4788.html +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ 9/10/2004 - imlib-1.9.13-15.fc Security update (core1) denial of service Several heap overflow vulnerabilities have been found in the imlib BMP image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. http://www.linuxsecurity.com/advisories/fedora_advisory-4731.html 9/13/2004 - samba DoS (Core 1) Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808. http://www.linuxsecurity.com/advisories/fedora_advisory-4786.html 9/13/2004 - samba DoS (Core 2) Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808. http://www.linuxsecurity.com/advisories/fedora_advisory-4787.html 9/15/2004 - gdk-pixbuf vulnerabilities (Core 1) DoS (Core 2) Several vulnerabilities http://www.linuxsecurity.com/advisories/fedora_advisory-4789.html 9/15/2004 - gtk2 vulnerabilities (Core 2) Several vulnerabilities. http://www.linuxsecurity.com/advisories/fedora_advisory-4790.html 9/15/2004 - gdk-pixbuf vulnerabilities (Core 2) vulnerabilities (Core 2) Several vulnerabilities. http://www.linuxsecurity.com/advisories/fedora_advisory-4791.html 9/15/2004 - gtk2 vulnerabilities (Core 2) Several vulnerabilities. http://www.linuxsecurity.com/advisories/fedora_advisory-4792.html +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ 9/15/2004 - gallery arbitrary command execution An attacker could run arbitrary code as the user running PHP. http://www.linuxsecurity.com/advisories/gentoo_advisory-4759.html 9/15/2004 - Mozilla, Firefox, Thunderbird, Galeon, Epiphany arbitrary command execution Security roll-up. http://www.linuxsecurity.com/advisories/gentoo_advisory-4761.html 9/10/2004 - samba remote printing vulnerability After further verifications, it appears that a remote user can only deny service to himself, so this bug does not induce any security issue at all. http://www.linuxsecurity.com/advisories/gentoo_advisory-4769.html 9/12/2004 - webmin, usermin multiple vulnerabilities remote printing vulnerability There is an input validation bug in the webmail feature of Usermin. Additionally, the Webmin and Usermin installation scripts write to /tmp/.webmin without properly checking if it exists first. http://www.linuxsecurity.com/advisories/gentoo_advisory-4770.html 9/13/2004 - samba denial of service vulnerabilities There is a defect in smbd's ASN.1 parsing. Another defect was found in nmbd's processing of mailslot packets, where a bad NetBIOS request could crash the nmbd process. http://www.linuxsecurity.com/advisories/gentoo_advisory-4771.html 9/14/2004 - sus local root vulnerability Leon Juranic found a bug in the logging functionality of SUS that can lead to local privilege escalation. A format string vulnerability exists in the log() function due to an incorrect call to the syslog() function. http://www.linuxsecurity.com/advisories/gentoo_advisory-4772.html 9/14/2004 - cdrtools local root vulnerability Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. http://www.linuxsecurity.com/advisories/gentoo_advisory-4773.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 9/13/2004 - samba multiple vulnerabilities Two vulnerabilities were discovered in samba 3.0.x. http://www.linuxsecurity.com/advisories/mandrake_advisory-4741.html 9/15/2004 - squid denial of service A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this problem. http://www.linuxsecurity.com/advisories/mandrake_advisory-4793.html 9/15/2004 - printer-drivers vulnerability denial of service The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server http://www.linuxsecurity.com/advisories/mandrake_advisory-4794.html 9/15/2004 - gdk-pixbuf image loading vulnerabilities denial of service A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop. Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf. http://www.linuxsecurity.com/advisories/mandrake_advisory-4795.html 9/15/2004 - apache2 multiple vulnerabilities Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests. http://www.linuxsecurity.com/advisories/mandrake_advisory-4796.html 9/15/2004 - cups denial of service Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 would disable browsing. http://www.linuxsecurity.com/advisories/mandrake_advisory-4797.html +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ 9/15/2004 - mod_ssl security flaw Updated httpd packages that include a security fix for mod_ssl and various enhancements are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4743.html 9/15/2004 - openoffice.org resolve security issue security flaw Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user's open documents. http://www.linuxsecurity.com/advisories/redhat_advisory-4798.html 9/15/2004 - gdk-pixbuf security flaws security flaw Several vulnerabilities. http://www.linuxsecurity.com/advisories/redhat_advisory-4799.html 9/15/2004 - cups security vulnerability Alvaro Martinez Echevarria reported a bug in the CUPS Internet Printing Protocol (IPP) implementation in versions of CUPS prior to 1.1.21. http://www.linuxsecurity.com/advisories/redhat_advisory-4800.html 9/15/2004 - httpd security issues Updated httpd packages that include fixes for security issues are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4801.html 9/15/2004 - mc security vulnerabilities An updated mc package that resolves several shell escape security issues is now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4802.html 9/15/2004 - imlib security vulnerability An updated imlib package that fixes several heap overflows is now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4803.html 9/15/2004 - gtk2 security flaws and bugs Updated gtk2 packages that fix several security flaws and bugs are now available. http://www.linuxsecurity.com/advisories/redhat_advisory-4804.html +---------------------------------+ | Distribution: Slackware | ----------------------------// +---------------------------------+ 9/13/2004 - samba DoS New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. http://www.linuxsecurity.com/advisories/slackware_advisory-4749.html +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ 9/15/2004 - cups remote code execution Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. http://www.linuxsecurity.com/advisories/suse_advisory-4805.html 9/15/2004 - apache2 remote denial-of-service The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. http://www.linuxsecurity.com/advisories/suse_advisory-4806.html +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ 9/14/2004 - multi Multiple bugfixes Security roll-up http://www.linuxsecurity.com/advisories/trustix_advisory-4754.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------