+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 19th, 2005 Volume 6, Number 34a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave@xxxxxxxxxxxxxxxxx ben@xxxxxxxxxxxxxxxxx
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for amd64, fetchmail, Mozilla,
heartbeat, clamav, lam, vim, evolution, audit, evolution, mc,
kdeaddons, kdeadmin, kdebase, kdedu, kdegames, kdegraphics,
kdemultimedia, kdenetwork, kdepim, kdesdk, kdetoys, kdeutils,
kdevelop, kdewebdev, koffice, xpdf, arts, kdepim, epiphany,
kdbg, doxygen, ncpfs, gaim, pcre, tar, vnc, metacity, cups,
pygtk, shadow-utils, and netpbm. The distributors include
Debian, Fedora, Gentoo, an Red Hat.
---
## Internet Productivity Suite: Open Source Security ##
Trust Internet Productivity Suite's open source architecture to
give you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced
ideas and methods into their design.
Click to find out more!
http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml
---
Hacks From Pax: PHP Web Application Security, Part II
Another common cause of PHP application holes is improper
sanitization of user provided data. For example, if you allow a
user to fill out a form and then pass data from a field on that
form to a function like system() or exec() the data could contain
something malicious, like an ; rm -rf * command tacked onto it.
* Never trust user provided data.
* Beware functions that launch system commands, think long
and hard about checking any data that is passed to them.
Another related but common security flaw in PHP applications is
a SQL injection vulnerability. The magic_quotes_gpc option can
mitigate this, but as with register_globals you should not assume
this setting is on.
For example, in your PHP script you might ask the user for a
user id and password, and then check for the user by passing
the database a query.
SELECT * FROM users WHERE name='$username' AND pass='$password';
However, if the user logging in is malicious and devious, he
may enter the following as his password:
' OR '1'='1
This causes your query to become:
SELECT * FROM users WHERE name='known_user' AND pass='' OR '1'='1';
The user has just logged in with no password, and your
application has been penetrated. To avoid this, check for
the status of magic_quotes_gpc() using the ini_get() function
and if it is disabled, pass all user input that must be included
in a query through addslashes(). This will escape the single
or double quotes in the user input with backslashes, thereby
thwarting the attempted SQL injection attack.
* Use magic_quotes_gpc, but don't assume it is
on or depend on it.
* The addslashes() function should be used
on user data passed to SQL queries.
* Again, you simply cannot trust user
provided data.
The PHP online manual contains an entire chapter on PHP
security. It's an excellent resource, and goes into much
more detail on the PHP security issues I've discussed in
this article. Until next time, stay secure, and don't blindly
trust any user provided data.
Read Entire Article:
http://www.linuxsecurity.com/content/view/120043/49/
----------------------
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
---
Buffer Overflow Basics
A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.
http://www.linuxsecurity.com/content/view/119087/49/
---
Review: The Book of Postfix: State-of-the-Art Message Transport
I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.
http://www.linuxsecurity.com/content/view/119027/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New amd64 packages fix several bugs
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120074
* Debian: New fetchmail packages fix arbitrary code execution
12th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120076
* Debian: New Mozilla packages fix frame injection spoofing
vulnerability
15th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120082
* Debian: New heartbeat packages fix insecure temporary files
15th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120086
* Debian: New clamav packages fix several problems
16th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120124
* Debian: New Mozilla packages fix frame injection spoofing
vulnerability
17th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120126
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 4 Update: system-config-bind-4.0.0-28_FC4
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120066
* Fedora Core 3 Update: system-config-bind-4.0.0-28
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120067
* Fedora Core 4 Update: system-config-netboot-0.1.24-1_FC4
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120068
* Fedora Core 3 Update: system-config-netboot-0.1.24-1_FC3
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120069
* Fedora Core 4 Update: lam-7.1.1-7.FC4
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120070
* Fedora Core 3 Update: lam-7.1.1-7.FC3
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120071
* Fedora Core 3 Update: vim-6.3.086-0.fc3
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120072
* Fedora Core 4 Update: vim-6.3.086-0.fc4
11th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120073
* Fedora Core 4 Update: evolution-data-server-1.2.3-2.fc4
15th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120087
* Fedora Core 4 Update: audit-1.0.2-3.FC4
15th, August, 2005
This update fixes several problems where the audit system is used on
systems with SE Linux disabled, it provides a sample CAPP
configuration, adds new auditd config option to keep all logs instead
of rotating them, and does some sanity checks on some rules before
sending them to the kernel.
http://www.linuxsecurity.com/content/view/120088
* Fedora Core 3 Update: evolution-2.0.4-6
15th, August, 2005
Fix for SITIC Vulnerability Advisory SA05-001
http://www.linuxsecurity.com/content/view/120089
* Fedora Core 4 Update: evolution-2.2.3-2.fc4
15th, August, 2005
Fix for SITIC Vulnerability Advisory SA05-001
http://www.linuxsecurity.com/content/view/120090
* Fedora Core 4 Update: mc-4.6.1a-0.11.FC4
15th, August, 2005
This update cotains the new official release of the
GNU/Midnight Commander 4.6.1.
http://www.linuxsecurity.com/content/view/120091
* Fedora Core 3 Update: mc-4.6.1-1.FC3
15th, August, 2005
This update cotains the new official release of the
GNU/Midnight Commander 4.6.1.
http://www.linuxsecurity.com/content/view/120092
* Fedora Core 3 Update: system-config-netboot-0.1.26-1_FC3
15th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120093
* Fedora Core 3 Update: vim-6.3.086-0.fc3.1
15th, August, 2005
CAN-2005-2368 This update is supposed to fix GTK2 dependency problems
of the vim-6.3.086-0.fc3 package.
http://www.linuxsecurity.com/content/view/120094
* Fedora Core 3 Update: kdeaddons-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120095
* Fedora Core 3 Update: kdeadmin-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120096
* Fedora Core 3 Update: kdeartwork-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120097
* Fedora Core 3 Update: kdebindings-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120098
* Fedora Core 3 Update: kdebase-3.4.2-0.fc3.2
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120099
* Fedora Core 3 Update: kdeedu-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120100
* Fedora Core 3 Update: kdegames-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120101
* Fedora Core 3 Update: kdegraphics-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120102
* Fedora Core 3 Update: kde-i18n-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120103
* Fedora Core 3 Update: kdelibs-3.4.2-0.fc3.2
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120104
* Fedora Core 3 Update: kdemultimedia-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120105
* Fedora Core 3 Update: kdenetwork-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120106
* Fedora Core 3 Update: kdepim-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120107
* Fedora Core 3 Update: kdesdk-3.4.2-0.fc3.2
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120108
* Fedora Core 3 Update: kdetoys-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120109
* Fedora Core 3 Update: kdeutils-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120110
* Fedora Core 3 Update: kdevelop-3.2.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120111
* Fedora Core 3 Update: kdewebdev-3.4.2-0.fc3.1
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120112
* Fedora Core 3 Update: koffice-1.4.1-0.FC3.2
15th, August, 2005
update to 1.4.1
http://www.linuxsecurity.com/content/view/120113
* Fedora Core 4 Update: xpdf-3.00-20.FC4.2
15th, August, 2005
A flaw was discovered in Xpdf in that an attacker could construct a
carefully crafted PDF file that would cause Xpdf to consume all
available disk space in /tmp when opened.
http://www.linuxsecurity.com/content/view/120114
* Fedora Core 3 Update: xpdf-3.00-10.6.FC3
15th, August, 2005
A flaw was discovered in Xpdf in that an attacker could construct a
carefully crafted PDF file that would cause Xpdf to consume all
available disk space in /tmp when opened.
http://www.linuxsecurity.com/content/view/120115
* Fedora Core 3 Update: arts-1.4.2-0.fc3.2
15th, August, 2005
update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120116
* Fedora Core 3 Update: kdeedu-3.4.2-0.fc3.2
15th, August, 2005
Ben Burton notified the KDE security team about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion script
for kvoctrain.
http://www.linuxsecurity.com/content/view/120117
* Fedora Core 3 Update: arts-1.4.2-0.fc3.3
15th, August, 2005
Update to KDE 3.4.2
http://www.linuxsecurity.com/content/view/120118
* Fedora Core 4 Update: kdepim-3.4.2-0.fc4.3
15th, August, 2005
This update should fix a bug which caused kmail saves attachments as
zero-sized files
http://www.linuxsecurity.com/content/view/120119
* Fedora Core 4 Update: epiphany-1.6.5-1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120132
* Fedora Core 4 Update: system-config-netboot-0.1.26-1_FC4
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120133
* Fedora Core 3 Update: kdbg-2.0.0-0.fc3.1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120134
* Fedora Core 4 Update: doxygen-1.4.4-0.fc4.1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120135
* Fedora Core 4 Update: kdbg-2.0.0-0.fc4.1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120136
* Fedora Core 4 Update: kdeedu-3.4.2-0.fc4.2
18th, August, 2005
Ben Burton notified the KDE security team about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion script
for kvoctrain. The script must be manually invoked.
http://www.linuxsecurity.com/content/view/120137
* Fedora Core 3 Update: ncpfs-2.2.4-4.FC3.1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120138
* Fedora Core 3 Update: gaim-1.5.0-1.fc3
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120139
* Fedora Core 4 Update: gaim-1.5.0-1.fc4
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120140
* Fedora Core 3 Update: system-config-bind-4.0.0-30
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120141
* Fedora Core 4 Update: system-config-bind-4.0.0-30_FC4
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120142
* Fedora Core 3 Update: pcre-4.5-3.1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120143
* Fedora Core 4 Update: tar-1.15.1-8.FC4
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120144
* Fedora Core 4 Update: gstreamer-plugins-0.8.8-9
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120145
* Fedora Core 4 Update: vnc-4.1.1-10.1
18th, August, 2005
This package disables the render patch, which was causing problems
when using the loadable X module.
http://www.linuxsecurity.com/content/view/120146
* Fedora Core 3 Update: netpbm-10.28-1.FC3.2
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120147
* Fedora Core 4 Update: metacity-2.10.3-1
18th, August, 2005
This update of metacity fixes the behavior of minimized transient
dialogs for some applications.
http://www.linuxsecurity.com/content/view/120148
* Fedora Core 4 Update: cups-1.1.23-15.1
18th, August, 2005
These updated packages fix a problem handling PDF files that could
have security implications.
http://www.linuxsecurity.com/content/view/120149
* Fedora Core 3 Update: cups-1.1.22-0.rc1.8.6
18th, August, 2005
These updated packages fix a problem handling PDF files that could
have security implications.
http://www.linuxsecurity.com/content/view/120150
* Fedora Core 4 Update: pygtk2-2.6.2-0.fc4.1
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120151
* Fedora Core 4 Update: shadow-utils-4.0.7-10.FC4
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120152
* Fedora Core 4 Update: netpbm-10.28-1.FC4.2
18th, August, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120153
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: Gaim Remote execution of arbitrary code
15th, August, 2005
Gaim is vulnerable to a buffer overflow which could lead to the
execution of arbitrary code or to a Denial of Service.
http://www.linuxsecurity.com/content/view/120081
* Gentoo: AWStats Arbitrary code execution using malicious Referrer
information
16th, August, 2005
AWStats fails to validate certain log input, which could lead to the
execution of arbitrary Perl code during the generation of the
statistics.
http://www.linuxsecurity.com/content/view/120122
* Gentoo: Xpdf, Kpdf, GPdf Denial of Service vulnerability
16th, August, 2005
Xpdf, Kpdf and GPdf may crash as a result of a Denial of Service
vulnerability.
http://www.linuxsecurity.com/content/view/120123
* Gentoo: bluez-utils Bluetooth device name validation vulnerability
17th, August, 2005
Improper validation of Bluetooth device names can lead to arbitrary
command execution.
http://www.linuxsecurity.com/content/view/120130
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Critical: Adobe Acrobat Reader security update
16th, August, 2005
Updated acroread packages that fix a security issue are now
available. This update has been rated as having critical security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120125
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
