+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | August 5th, 2005 Volume 6, Number 32a | +---------------------------------------------------------------------+ Editors: Dave Wreski Benjamin D. Thomas dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for gaim, gopher, pdns, apt- catcher, ethereal, im-sdk, selinux-policy-targeted, gamin, pam, netpbm, mkinitrd, kde, arts, NetworkManager, labraw, ckermit, httpd, gphoto, coreutils, iiimf, yum, gimp, redhead, zlib, fetchmail, sandbox prsotext, proftpd, nbsmtp, dump, and SquirrelMail. The distributors include Debian, Fedora, Gentoo, and Red Hat. --- ## Internet Productivity Suite: Open Source Security ## Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more! http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml --- Network Intrusion Prevention Systems . When They.re Valuable, and When They.re Not: Part II By: Daniel Miessler The true benefit of network IPS lies in what it can do for companies that can.t keep their systems patched. This may sound negative, but it.s almost as if the request for NIPS technology is analogous to the requestor admitting that they cannot stay on top of system administration. For anyone willing to make this admission, however, the benefits of network IPS are quite significant. Consider a medium to large sized company where upper management doesn.t see the need for additional (see enough) systems and/or security administrators. (This shouldn.t require much imagination, by the way). In an environment like this, vulnerabilities are likely to go unpatched for weeks, months, or even years . even in the Internet- facing areas. Many things can lead to machines not getting patched in these sorts of companies . developers claiming that the main bread-winning app will break if the patches are applied, administrator fear of being the cause of downtime, apathy, stupidity . take your pick. The point is, a strategically-placed network IPS . say in front of the Internet-facing environment . can do something absolutely magical for an systems/security staff -- it can buy them time. Consider a site passing a ton of traffic into their DMZ via multiple protocols to dozens or hundreds of machines, and let.s say several of the applications being interfaced with have known vulnerabilities. If the person in charge knows that they lack the ability to patch all the vulnerable systems (inexcusable, I agree), then the NIPS system can effectively serve as a multi-patch gateway. If the NIPS product has a signature for 34 of the 42 exploits that could potentially root 180 machines, then putting a network IPS at the bottleneck becomes an alternative to 1. getting cracked, and 2. patching. Make no mistake, though . patching is the better solution, but I recognize that there are sometimes circumstances that prevent good admins from doing their jobs. There are also situations where someone who knows the risks lacks the funding to bring admins aboard that can help them keep their systems in top shape. For either of these cases, network IPS seems like an acceptable evil. Read Entire Article: http://www.linuxsecurity.com/content/view/119888/49/ ---------------------- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ --- Review: The Book of Postfix: State-of-the-Art Message Transport I was very impressed with "The Book of Postfix" by authors Ralf Hildebrandt and Pattrick Koetter and feel that it is an incredible Postfix reference. It gives a great overall view of the operation and management of Postfix in an extremely systematic and practical format. It flows in a logical manner, is easy to follow and the authors did a great job of explaining topics with attention paid to real world applications and how to avoid many of the associated pitfalls. I am happy to have this reference in my collection. http://www.linuxsecurity.com/content/view/119027/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New gaim packages fix denial of service 29th, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119944 * Debian: New gopher packages fix insecure temporary file creation 29th, July, 2005 Update package. http://www.linuxsecurity.com/content/view/119954 * Debian: New pdns packages fix denial of service 1st, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/119988 * Debian: New apt-cacher package fixes arbitrary command execution 3rd, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/120011 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 3 Update: ethereal-0.10.12-1.FC3.1 28th, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119939 * Fedora Core 3 Update: im-sdk-12.1-10.FC3.1 28th, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119940 * Fedora Core 4 Update: selinux-policy-targeted-1.25.3-6 28th, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119941 * Fedora Core 3 Update: gamin-0.1.1-3.FC3 29th, July, 2005 This should fix the problem where monitoring desktop files works initially but sometimes fails after a while. This is a safe update from 0.1.1-1.FC3 http://www.linuxsecurity.com/content/view/119955 * Fedora Core 4 Update: gamin-0.1.1-3.FC4 29th, July, 2005 This should fix the problem where monitoring desktop files works initially but sometimes fails after a while. This is a safe update from 0.1.1-1.FC4 http://www.linuxsecurity.com/content/view/119956 * Fedora Core 4 Update: pam-0.79-9.4 29th, July, 2005 This update fixes a regression of pam_userdb against FC3 pam and links to shared audit library as audit-libs-devel is now fixed. http://www.linuxsecurity.com/content/view/119957 * Fedora Core 4 Update: netpbm-10.28-1.FC4.1 29th, July, 2005 Update package. http://www.linuxsecurity.com/content/view/119958 * Fedora Core 3 Update: netpbm-10.28-1.FC3.1 29th, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119959 * Fedora Core 4 Update: ethereal-0.10.12-1.FC4.1 29th, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119960 * Fedora Core 3 Update: mkinitrd-4.1.18.1-1 29th, July, 2005 This update should fix the issue a number of people saw after the recent kernel update where various modules would fail to load during boot, making systems unbootable. After updating this package, remove, and reinstall the recent kernel update, and the initrd will be recreated correctly. http://www.linuxsecurity.com/content/view/119961 * Fedora Core 4 Update: kdeaddons-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119963 * Fedora Core 4 Update: kdesdk-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119964 * Fedora Core 4 Update: kdepim-3.4.2-0.fc4.2 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119965 * Fedora Core 4 Update: kdemultimedia-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119966 * Fedora Core 4 Update: kdelibs-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119967 * Fedora Core 4 Update: kdewebdev-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119968 * Fedora Core 4 Update: kdebase-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119969 * Fedora Core 4 Update: kdevelop-3.2.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119970 * Fedora Core 4 Update: kdeutils-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119971 * Fedora Core 4 Update: kdenetwork-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119972 * Fedora Core 4 Update: kde-i18n-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119973 * Fedora Core 4 Update: kdegraphics-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119974 * Fedora Core 4 Update: kdegames-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119975 * Fedora Core 4 Update: kdeedu-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119976 * Fedora Core 4 Update: kdebindings-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119977 * Fedora Core 4 Update: kdeartwork-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119978 * Fedora Core 4 Update: kdeadmin-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119979 * Fedora Core 4 Update: kdeaccessibility-3.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119980 * Fedora Core 4 Update: arts-1.4.2-0.fc4.1 29th, July, 2005 KDE 3.4.2 update http://www.linuxsecurity.com/content/view/119981 * Fedora Core 4 Update: NetworkManager-0.4-20.FC4.1 29th, July, 2005 Network Manager passes logging messages straight to syslog as the format string. http://www.linuxsecurity.com/content/view/119982 * Fedora Core 4 Update: libraw1394-1.2.0-1.fc4 31st, July, 2005 Updated package. http://www.linuxsecurity.com/content/view/119986 * Fedora Core 4 Update: selinux-policy-targeted-1.25.3-9 1st, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/119994 * Fedora Core 4 Update: ckermit-8.0.211-2.FC4 1st, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/119995 * Fedora Core 4 Update: httpd-2.0.54-10.1 2nd, August, 2005 This update security fixes for CVE CAN-2005-2088 and CVE CAN-2005-1268, along with some minor bug fixes. http://www.linuxsecurity.com/content/view/120003 * Fedora Core 4 Update: kdegames-3.4.2-0.fc4.2 2nd, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/120004 * Fedora Core 3 Update: httpd-2.0.53-3.2 2nd, August, 2005 This update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE CAN-2005-2088 and CVE CAN-2005-1268. http://www.linuxsecurity.com/content/view/120005 * Fedora Core 4 Update: gphoto2-2.1.6-1.1 2nd, August, 2005 Updated to new release. http://www.linuxsecurity.com/content/view/120006 * Fedora Core 4 Update: coreutils-5.2.1-48.1 2nd, August, 2005 This updated package fixes "who -r" and "who -b". http://www.linuxsecurity.com/content/view/120007 * Fedora Core 4 Update: iiimf-12.2-4.fc4.2 2nd, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/120008 * Fedora Core 3 Update: yum-2.2.2-0.fc3 2nd, August, 2005 This update fixes a few minor problems. http://www.linuxsecurity.com/content/view/120010 * Fedora Core 3 Update: ethereal-0.10.12-1.FC3.2 3rd, August, 2005 To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE). http://www.linuxsecurity.com/content/view/120018 * Fedora Core 4 Update: ethereal-0.10.12-1.FC4.2 3rd, August, 2005 To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE). http://www.linuxsecurity.com/content/view/120019 * Fedora Core 3 Update: gimp-2.2.8-0.fc3.2 3rd, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/120020 * Fedora Core 4 Update: gimp-2.2.8-0.fc4.2 3rd, August, 2005 Updated package. http://www.linuxsecurity.com/content/view/120021 * Fedora Core 4 Update: readahead-1.1-1.16_FC4 3rd, August, 2005 This update should fix a inverted case where readahead would be triggered on boxes that have less than 384MB of memory, and would not occur if the box had more than 384MB of memory. http://www.linuxsecurity.com/content/view/120023 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Ethereal Multiple vulnerabilities 28th, July, 2005 Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination. http://www.linuxsecurity.com/content/view/119934 * Gentoo: Shorewall Security policy bypass 29th, July, 2005 A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules. http://www.linuxsecurity.com/content/view/119945 * Gentoo: zlib Buffer overflow 29th, July, 2005 zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119946 * Gentoo: fetchmail Buffer Overflow 29th, July, 2005 fetchmail is susceptible to a buffer overflow resulting in a Denial of Service or arbitrary code execution. http://www.linuxsecurity.com/content/view/119947 * Gentoo: Kopete Vulnerability in included Gadu library 29th, July, 2005 Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119948 * Gentoo: Mozilla Suite Multiple vulnerabilities 29th, July, 2005 Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to inormation leakage. http://www.linuxsecurity.com/content/view/119949 * Gentoo: Clam AntiVirus Integer overflows 29th, July, 2005 Clam AntiVirus is vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/119950 * Gentoo: sandbox Insecure temporary file handling 29th, July, 2005 The sandbox utility may create temporary files in an insecure manner. http://www.linuxsecurity.com/content/view/119951 * Gentoo: AMD64 x86 emulation base libraries Buffer overflow 30th, July, 2005 The x86 emulation base libraries for AMD64 contain a vulnerable version of zlib which could potentially lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119983 * Gentoo: pstotext Remote execution of arbitrary code 31st, July, 2005 pstotext contains a vulnerability which can potentially result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/119984 * Gentoo: Compress:Zlib: Buffer overflow 1st, August, 2005 Compress::Zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code. http://www.linuxsecurity.com/content/view/119987 * Gentoo: ProFTPD Format string vulnerabilities 1st, August, 2005 Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/119996 * Gentoo: ProFTPD Format string vulnerabilities 1st, August, 2005 Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/119997 * Gentoo: nbSMTP Format string vulnerability 2nd, August, 2005 nbSMTP is vulnerable to a format string vulnerability which may result in remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/120002 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Low: dump security update 3rd, August, 2005 Updated dump packages that address two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/120016 * RedHat: Moderate: SquirrelMail security update 3rd, August, 2005 An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response T am. http://www.linuxsecurity.com/content/view/120017 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------