+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | January 14th, 2005 Volume 6, Number 2a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for php, ethereal, krb, kerberos, lintian, kdelibs, linpopup, bmv, exim, libc6, exim-tls, gopher, libtiff, gtk, selinux-policy-targeted, epiphany, kernel, yum, samba, cups, subversion, vim, samba, gdpdf, dillo, tikiwiki, pdftohelp, mpg123, imlib2, poppassed_pam, kde, nfs-utils, hylafax, fcron, lesstif, and unarj. The distributors include Contectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and TurboLinux. ---- Internet Productivity Suite: Open Source Security Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. http://store.guardiandigital.com/html/eng/products/software/ips_overview.sh= tml --- Ape about EtherApe It is always the same scene in Hollywood films. The networks are penetrated; cryptic images and characters are scrolling across the screen. We're being hacked! Did you ever wish you could keep a closer eye on your network? Sure we have sniffers and other tools, but did you ever want something graphical? I've always been a huge fan of ntop, but feel that it lacks on graphical end. My curiosity drives the question, what is happening on my network? Another interesting program that I enjoy using is EtherApe. It is a network monitor that displays traffic graphically. It supports a wide range of protocols and network types. The display is color-coded allowing users to quickly understand the type of traffic on a network. The project is several years old, originally being based on etherman. It is licensed under the GPL and is currently packaged for many different Linux distributions. The hardware requirements are minimal, however it does require you to use X and have libcap installed. With EtherApe you'll find the network monitoring has never been this fun. On an active network, one can easily be drawn to just watching the activity. It can be a very useful tool, but the entertainment value should not be discounted. One of the most useful features of EtherApe is the dynamic graphic images it creates. These can be used to further explain concepts or attacks methodologies to business decision makers who wouldn't normally understand the output of tcpdump. More information about EtherApe can be found at the project website: http://etherape.sourceforge.net/ Also, for those of you who are just curious, severals screenshots are also available: http://etherape.sourceforge.net/images/ Until next time, cheers! Benjamin D. Thomas ---------------------- Encrypting Shell Scripts Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output). http://www.linuxsecurity.com/content/view/117920/49/ --- A 2005 Linux Security Resolution Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide. http://www.linuxsecurity.com/content/view/117721/49/ --- State of Linux Security 2004 In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise. http://www.linuxsecurity.com/content/view/117655/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ * Conectiva: php4 Fixes for multiple php4 vulnerabilities 13th, January, 2005 This announcement fixes seven vulnerabilities[2] found by Stefan Esser and four other vulnerabilities. For further information, please refer to php4's changelog[3]. http://www.linuxsecurity.com/content/view/117904 * Conectiva: ethereal Fixes for security vulnerabilities in ethereal 13th, January, 2005 This update fixes several vulnerabilities[2,3,4] in ethereal. http://www.linuxsecurity.com/content/view/117905 * Conectiva: krb5 Fix for buffer overflow in libkadm5srv 13th, January, 2005 Michael Tautschnig noticed that the MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow[2] in password history handling code which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) host. http://www.linuxsecurity.com/content/view/117911 +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: kerberos arbitrary code execution fix 7th, January, 2005 A buffer overflow has been discovered in the MIT Kerberos 5 administration library (libkadm5srv) that could lead to the execution of arbitrary code upon exploition by an authenticated user, not necessarily one with administrative privileges. http://www.linuxsecurity.com/content/view/117819 * Debian: lintian insecure temporary directory fix 10th, January, 2005 Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack. http://www.linuxsecurity.com/content/view/117827 * Debian: kdelibs arbitrary FTP command execution fix 10th, January, 2005 Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command. http://www.linuxsecurity.com/content/view/117828 * Debian: linpopup arbitrary code execution fix 10th, January, 2005 Stephen Dranger discovered a buffer overflow in linpopup, an X11 port of winpopup, running over Samba, that could lead to the execution of arbitrary code when displaying a maliciously crafted message. http://www.linuxsecurity.com/content/view/117829 * Debian: bmv insecure temporary file creation fix 11th, January, 2005 Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack. http://www.linuxsecurity.com/content/view/117857 * Debian: HylaFAX unauthorised access fix 11th, January, 2005 Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system. http://www.linuxsecurity.com/content/view/117872 * Debian: exim arbitrary code execution fix 12th, January, 2005 Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address. http://www.linuxsecurity.com/content/view/117878 * Debian: New libc6 packages fix insecure temporary files 12th, January, 2005 Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack. http://www.linuxsecurity.com/content/view/117889 * Debian: New exim-tls packages fix arbitrary code execution 13th, January, 2005 Philip Hazel announced a buffer overflow in the host_aton function in exim-tls, the SSL-enabled version of the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address. http://www.linuxsecurity.com/content/view/117903 * Debian: New gopher packages fix several vulnerabilities 13th, January, 2005 "jaguar" has discovered two security relevant problems in gopherd, the Gopher server in Debian which is part of the gopher package. http://www.linuxsecurity.com/content/view/117915 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora: sane-backends-1.0.15-1.4 update (corrected) 7th, January, 2005 This is version 1.0.15 of the sane-backends scanner drivers. This package also resolves the issues concerning device permissions for USB scanners which are always connected. http://www.linuxsecurity.com/content/view/117815 * Fedora: libtiff-3.6.1-9.fc3 update 7th, January, 2005 The updated libtiff package fixes an integer overflow which could lead to a buffer overflow in the tiffdump utility. http://www.linuxsecurity.com/content/view/117820 * Fedora: libtiff-3.5.7-22.fc2 update 7th, January, 2005 The updated libtiff package fixes an integer overflow which could lead to a buffer overflow in the tiffdump utility. http://www.linuxsecurity.com/content/view/117821 * Fedora: gtk2-2.4.14-2.fc3 update 7th, January, 2005 The updated gtk2 package fixes several cases of missing locking in the file chooser which could cause deadlocks in threaded applications. http://www.linuxsecurity.com/content/view/117822 * Fedora: selinux-policy-targeted-1.17.30-2.68 update 7th, January, 2005 Allow ldconfig to run with full privs. http://www.linuxsecurity.com/content/view/117823 * Fedora: epiphany-1.2.7-0.2.0 update 10th, January, 2005 Rebuild because of Mozilla API changes. http://www.linuxsecurity.com/content/view/117840 * Fedora: epiphany-1.2.7-0.2.2 update 10th, January, 2005 Rebuild because of Mozilla API changes. http://www.linuxsecurity.com/content/view/117841 * Fedora: policycoreutils-1.18.1-2.3 update 10th, January, 2005 backport restorecon and fixfiles from rawhide. to eliminate bad warning. messages and fix handling of rpm files http://www.linuxsecurity.com/content/view/117842 * Fedora: selinux-policy-targeted-1.17.30-2.68 update 10th, January, 2005 Require policycoreutils for selinux-policy-targeted. Run ldconfig as an unconfined_domain http://www.linuxsecurity.com/content/view/117843 * Fedora: kernel-2.6.10-1.8_FC2 update 10th, January, 2005 This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch. http://www.linuxsecurity.com/content/view/117849 * Fedora: kernel-2.6.10-1.737_FC3 update 10th, January, 2005 This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch. http://www.linuxsecurity.com/content/view/117850 * Fedora: yum-2.1.12-0.fc3 update 10th, January, 2005 New yum release fixes many small bugs. http://www.linuxsecurity.com/content/view/117851 * Fedora: system-config-samba-1.2.23-0.fc3.1 update 11th, January, 2005 Unfortunately there have slipped in some bugs in this release which were detected after the sign and push request went out. The bugs in question prevent proper configuring of global preferences. http://www.linuxsecurity.com/content/view/117859 * Fedora: system-config-services-0.8.17-0.fc3.1 update 11th, January, 2005 throw away stderr to not be confused by error messages (#142983). don't hardcode python 2.3 (#142246). remove some cruft from configure.in http://www.linuxsecurity.com/content/view/117860 * Fedora: cups-1.1.20-11.9 update 11th, January, 2005 This package fixes a small regression introduced by FEDORA-2004-574. http://www.linuxsecurity.com/content/view/117861 * Fedora: cups-1.1.22-0.rc1.8.3 update 11th, January, 2005 This package fixes a small regression introduced by FEDORA-2004-575. http://www.linuxsecurity.com/content/view/117862 * Fedora: subversion-1.1.2-2.3 update 11th, January, 2005 This update includes the latest release of Subversion 1.1, including a number of bug fixes. http://www.linuxsecurity.com/content/view/117863 * Fedora: initscripts-7.55.2-1 update 11th, January, 2005 This update fixes the mouting of usbfs on boot, along with various other accumulated fixes. http://www.linuxsecurity.com/content/view/117875 * CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.0 12th, January, 2005 Rebuild because of Mozilla API changes. http://www.linuxsecurity.com/content/view/117885 * CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.2 12th, January, 2005 Rebuild because of Mozilla API changes. http://www.linuxsecurity.com/content/view/117886 * Fedora Core 2 Update: vim-6.3.054-0.fc2.1 12th, January, 2005 Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fern=C3=A1ndez-Sanguino Pe=C3=B1a discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack. http://www.linuxsecurity.com/content/view/117887 * Fedora Core 3 Update: vim-6.3.054-0.fc3.1 12th, January, 2005 Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fern=C3=A1ndez-Sanguino Pe=C3=B1a discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack. http://www.linuxsecurity.com/content/view/117888 * Fedora: system-config-samba-1.2.26-0.fc3.1 update 12th, January, 2005 ignore case of share name when deleting share (#144504). when double clicking share, open properties dialog. assume default is "security =3D=3D user" to avoid traceback on users dialog (#144511). update main window when changing share path (#144168). include Ukranian translation in desktop file (#143659). http://www.linuxsecurity.com/content/view/117892 * Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.72 12th, January, 2005 Allow dhcpd and nscd to read certs files in usr_t. Allow postgresql to use ypbind and fix db creation calls. http://www.linuxsecurity.com/content/view/117899 * Fedora Core 2 Update: gpdf-2.8.2-1.1 13th, January, 2005 Update to 2.8.2. Remove all patches, they are upstream http://www.linuxsecurity.com/content/view/117912 * Fedora Core 3 Update: gpdf-2.8.2-1.2 13th, January, 2005 Update to 2.8.2. Remove all patches, they are upstream http://www.linuxsecurity.com/content/view/117913 * Fedora Core 3 Update: exim-4.43-1.FC3.1 13th, January, 2005 This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively. http://www.linuxsecurity.com/content/view/117914 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: dillo Format string vulnerability 9th, January, 2005 Dillo is vulnerable to a format string bug, which may result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117831 * Gentoo: TikiWiki Arbitrary command execution 10th, January, 2005 A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts. http://www.linuxsecurity.com/content/view/117832 * Gentoo: pdftohtml Vulnerabilities in included Xpdf 10th, January, 2005 pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file. http://www.linuxsecurity.com/content/view/117833 * Gentoo: UnRTF Buffer overflow 10th, January, 2005 A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file. http://www.linuxsecurity.com/content/view/117852 * Gentoo: mpg123 Buffer overflow 10th, January, 2005 An attacker may be able to execute arbitrary code by way of specially crafted MP2 or MP3 files. http://www.linuxsecurity.com/content/view/117853 * Gentoo: konqueror Java sandbox vulnerabilities 11th, January, 2005 The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system. http://www.linuxsecurity.com/content/view/117854 * Gentoo: Kpdf, Koffice More vulnerabilities in included Xpdf 11th, January, 2005 KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file. http://www.linuxsecurity.com/content/view/117855 * Gentoo: KDE FTP KIOslave Command injection 11th, January, 2005 The FTP KIOslave contains a bug allowing users to execute arbitrary FTP commands. http://www.linuxsecurity.com/content/view/117864 * Gentoo: imlib2 Buffer overflows in image decoding 11th, January, 2005 Multiple overflows have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117865 * Gentoo: o3read Buffer overflow during file conversion 11th, January, 2005 A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file. http://www.linuxsecurity.com/content/view/117867 * Gentoo: HylaFAX hfaxd unauthorized login vulnerability 11th, January, 2005 HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists. http://www.linuxsecurity.com/content/view/117868 * Gentoo: poppassd_pam Unauthorized password changing 11th, January, 2005 poppassd_pam allows anyone to change any user's password without authenticating the user first. http://www.linuxsecurity.com/content/view/117874 * Gentoo: CUPS Multiple vulnerabilities 12th, January, 2005 CUPS was vulnerable to multiple vulnerabilities and as a fix we recommended upgrading to version 1.1.23_rc1. This version is affected by a remote Denial Of Service, so we now recommend upgrading to the final 1.1.23 release which does not have any known vulnerability. http://www.linuxsecurity.com/content/view/117879 * Gentoo: Exim Two buffer overflows 12th, January, 2005 Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim. http://www.linuxsecurity.com/content/view/117900 +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ * Mandrake: g-wrap compilation error fix 10th, January, 2005 A compilation error in g-wrap prevented gnucash from running on Mandrakelinux 10.1/x86_64. The updated packages correct the problem. http://www.linuxsecurity.com/content/view/117846 * Mandrake: xscreensave bug with KDE fix 10th, January, 2005 A bug in xscreensaver existed when running under KDE. When selecting a screensaver, it can be tested and seen properly, but when it actually is supposed to start, only a black screen would come up. http://www.linuxsecurity.com/content/view/117848 * Mandrake: kde numerous bugs fix 11th, January, 2005 Updates are provided for various components of kdeaddons, kdebase, kdelibs, kdenetwork, and kdepim that fix a variety of bugs. http://www.linuxsecurity.com/content/view/117866 * Mandrake: nfs-utils 64bit vulnerability fix 11th, January, 2005 Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117877 * Mandrake: hylafax vulnerability fix 12th, January, 2005 Patrice Fournier discovered a vulnerability in the authorization sub-system of hylafax.=09A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorized access to the fax system. http://www.linuxsecurity.com/content/view/117901 * Mandrake: Updated imlib packages fix 12th, January, 2005 Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler.=09An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib. These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026). http://www.linuxsecurity.com/content/view/117902 +---------------------------------+ | Distribution: Trustix | ----------------------------// +---------------------------------+ * Trustix: fcron, kernel vulnerabilities 13th, January, 2005 Security vulnerabilites have been found in fcronsighup, the program used by fcrontab to tell fcron it should reload its configuration. Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup's overall security. http://www.linuxsecurity.com/content/view/117918 * Trustix: glibc iproute setup tsl-utils bug fixes 13th, January, 2005 glibc: Added success/failure to nscd.init to make it consistent with other init scripts. iproute: Now make /etc/iproute2/* config(noreplace). setup: Added lmtp ports in /etc/services. tsl-utils: Now handle more release tags in kernel names. Take II. http://www.linuxsecurity.com/content/view/117919 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Updated lesstif package fixes image vulnerability 12th, January, 2005 An updated lesstif package that fixes flaws in the Xpm library is now available for Red Hat Enterprise Linux 2.1. http://www.linuxsecurity.com/content/view/117893 * RedHat: Updated unarj package fixes security issue 12th, January, 2005 An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available. http://www.linuxsecurity.com/content/view/117894 * RedHat: Updated CUPS packages fix security issues 12th, January, 2005 Updated CUPS packages that fix several security issues are now available. http://www.linuxsecurity.com/content/view/117895 * RedHat: Updated nfs-utils package fixes security 12th, January, 2005 An updated nfs-utils package that fixes various security issues is now available. http://www.linuxsecurity.com/content/view/117896 * RedHat: Updated Pine packages fix security vulnerability 12th, January, 2005 An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a denial of service attack. http://www.linuxsecurity.com/content/view/117897 * RedHat: Updated Xpdf packages fix security issues 12th, January, 2005 Updated Xpdf packages that fix several security issues are now available. http://www.linuxsecurity.com/content/view/117898 * RedHat: Updated libtiff packages fix security issues 13th, January, 2005 Updated libtiff packages that fix various integer overflows are now available. http://www.linuxsecurity.com/content/view/117906 * RedHat: Updated mozilla packages fix a buffer overflow 13th, January, 2005 Updated mozilla packages that fix a buffer overflow issue are now available. http://www.linuxsecurity.com/content/view/117907 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: libtiff/tiff remote system compromise 10th, January, 2005 Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards. http://www.linuxsecurity.com/content/view/117830 +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ * TurboLinux: php, httpd multiple vulnerabilities 13th, January, 2005 The vulnerabilities can allow remote attackers to cause a denial of service and possibly execute arbitrary code. http://www.linuxsecurity.com/content/view/117908 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------