+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | March 24th, 2006 Volume 7, Number 13n | | | | Editorial Team: Dave Wreski dave@xxxxxxxxxxxxxxxxx | | Benjamin D. Thomas ben@xxxxxxxxxxxxxxxxx | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week advisories were released for xpvm, vlc, xine-lib, wzdftpd, drupal, kpdf, libmail-audit-perl, ilohamail, kernel-patch-vserver, unzip, snmptrapfmt, firebird2, sendmail, evolution, kernel, xorg, avahi, beagle, curl, php-pear, xterm, scim-anthy, tzdata, logwatch, shadow-utils, cpio, libsepol, bind, Freeciv, zoo, bypass, rshd, metamail, cube, squirrelmail, flex, gnupg, pngcrush, libcurl, cairo, flash-player, and realplayer. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE. --- EnGarde Secure Linux: Why not give it a try? EnGarde Secure Linux is a Linux server distribution that is geared toward providing a open source platform that is highly secure by default as well as easy to administer. EnGarde Secure Linux includes a select group of open source packages configured to provide maximum security for tasks such as serving dynamic websites, high availability mail transport, network intrusion detection, and more. The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are also freely available with GDSN registration. http://www.engardelinux.org/modules/index/register.cgi --- Linux Command Reference Manual: Linux File Structure By: Suhas Desai In the Linux file structure files are grouped according to purpose. Ex: commands, data files, documentation. Parts of a Unix directory tree are listed below. All directories are grouped under the root entry "/". That part of the directory tree is left out of the below diagram. See the FSSTND standard(Filesystem standard). root - The home directory for the root user home - Contains the user's home directories along with directories for services ftp HTTP samba bin - Commands needed during bootup that might be needed by normal users sbin - Like bin but commands are not intended for normal users. Commands run by LINUX: ---------------------- proc - This filesystem is not on a disk. It is a virtual filesystem that exists in the kernels imagination, which is memory. usr - Contains all commands, libraries, man pages, games and static files for normal operation bin - Almost all user commands. some commands are in /bin or /usr/local/bin. sbin - System admin commands not needed on the root filesystem. e.g., most server programs. include - Header files for the C programming language. Should be below /user/lib for consistency. lib - Unchanging data files for programs and subsystems local - The place for locally installed software and other files. man - Manual pages info - Info documents doc - Documentation tmp X11R6 - The X windows system files. There is a directory similar to sr below this directory. X386 - Like X11R6 but for X11 release 5 boot - Files used by the bootstrap loader, LILO. Kernel images are often kept here. lib - Shared libraries needed by the programs on the root filesystem modules - Loadable kernel modules, especially those needed to boot the system after disasters. dev - Device files etc - Configuration files specific to the machine. sysconfig - Files that configure the linux system for devices. var - Contains files that change for mail, news, printers log files, man pages, temp files lib - Files that change while the system is running normally local - Variable data for programs installed in /usr/local. lock - Lock files. Used by a program to indicate it is using a particular device or file log - Log files from programs such as login and syslog which logs all logins and logouts. run - Files that contain information about the system that is valid until the system is next booted. spool - Directories for mail, printer spools, news and other spooled work. tmp - Temporary files that are large or need to exist for longer than they should in /tmp. mnt - Mount points for temporary mounts by the system administrator. tmp - Temporary files. Programs running after bootup should use /var/tmp. Read Full Paper http://www.linuxsecurity.com/images/stories/commandref.pdf ---------------------- EnGarde Secure Community 3.0.4 Released Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.4 (Version 3.0, Release 4). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, and several new packages available for installation. http://www.linuxsecurity.com/content/view/121560/65/ --- Linux File & Directory Permissions Mistakes One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com. http://www.linuxsecurity.com/content/view/119415/49/ --- Buffer Overflow Basics A buffer overflow occurs when a program or process tries to store more data in a temporary data storage area than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. http://www.linuxsecurity.com/content/view/119087/49/ -------- --> Take advantage of the LinuxSecurity.com Quick Reference Card! --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ * Debian: New xpvm packages fix insecure temporary file 16th, March, 2006 Eric Romang discoverd that xpvm, a graphical console and monitor for PVM, creates a temporary file that allows local attackers to create or overwrite arbitrary files with the privileges of the user running xpvm. http://www.linuxsecurity.com/content/view/121949 * Debian: New vlc packages fix arbitrary code execution 16th, March, 2006 Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code. The vlc media player links statically against libavcodec. http://www.linuxsecurity.com/content/view/121951 * Debian: New xine-lib packages fix arbitrary code execution 16th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121957 * Debian: New wzdftpd packages fix arbitrary shell command execution 16th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121959 * Debian: New drupal packages fix several vulnerabilities 17th, March, 2006 The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-1225,CVE-2006-1226,CVE-2006-1227,CVE-2006-1228 http://www.linuxsecurity.com/content/view/121964 * Debian: New kpdf packages fix arbitrary code execution 17th, March, 2006 Marcelo Ricardo Leitner noticed that the current patch in DSA 932 (CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all buffer overflows, still allowing an attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/121966 * Debian: New libmail-audit-perl packages fix insecure temporary file use 20th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121981 * Debian: New crossfire packages fix arbitrary code execution 20th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121982 * Debian: New ilohamail packages fix cross-site scripting vulnerabilities 20th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/121983 * Debian: New kernel-patch-vserver packages fix root exploit 21st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122004 * Debian: New unzip packages fix arbitrary code execution 21st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122005 * Debian: New snmptrapfmt packages fix insecure temporary file 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122031 * Debian: New firebird2 packages fix denial of service 23rd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122058 * Debian: New sendmail packages fix arbitrary code execution 23rd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122059 * Debian: New evolution packages fix arbitrary code execution 23rd, March, 2006 Several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122065 +---------------------------------+ | Distribution: Fedora | ----------------------------// +---------------------------------+ * Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.25 16th, March, 2006 Rebuilt against the latest kernel (2.6.15-1.1833_FC4). http://www.linuxsecurity.com/content/view/121954 * Fedora Core 5 Update: xorg-x11-server-1.0.1-9 20th, March, 2006 Coverity scanned the X.Org source code for problems and reported their findings to the X.Org development team. Upon analysis, Alan Coopersmith, a member of the X.Org development team, noticed a couple of serious security issues in the findings. In particular, the Xorg server can be exploited for root privilege escalation by passing a path to malicious modules using the -modulepath command line argument. Also, the Xorg server can be exploited to overwrite any root writable file on the filesystem with the -logfile command line argument. http://www.linuxsecurity.com/content/view/121985 * Fedora Core 5 Update: avahi-0.6.9-8.FC5 20th, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122003 * Fedora Core 5 Update: beagle-0.2.3-4 21st, March, 2006 Some of the wrapper scripts (including beagle-status) looked in the current directory for files with a specific name and ran that instead of the binary in the path. All such cases have been fixed in this release. http://www.linuxsecurity.com/content/view/122022 * Fedora Core 5 Update: curl-7.15.1-3 21st, March, 2006 This curl update fixes security vulnerability CVE-2006-1061 - curl can overflow a heap-based memory buffer if very long TFTP URL with valid host name is passed to curl. This update fixes instalation problems on multilib architectures, too. http://www.linuxsecurity.com/content/view/122023 * Fedora Core 5 Update: sendmail-8.13.6-0.FC5.1 22nd, March, 2006 A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. http://www.linuxsecurity.com/content/view/122043 * Fedora Core 4 Update: sendmail-8.13.6-0.FC4.1 22nd, March, 2006 A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. http://www.linuxsecurity.com/content/view/122044 * Fedora Core 5 Update: php-pear-1.4.6-2.1 22nd, March, 2006 This update includes the latest upstream version of the PEAR XML_RPC package (version 1.4.5), which fixes operation of the XML_RPC server component with PHP 5.1.2. http://www.linuxsecurity.com/content/view/122045 * Fedora Core 4 Update: xterm-208-4.FC4 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122046 * Fedora Core 5 Update: scim-anthy-0.9.0-3.fc5 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122047 * Fedora Core 4 Update: tzdata-2006b-2.fc4 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122050 * Fedora Core 4 Update: logwatch-7.2.1-1.fc4 22nd, March, 2006 This new version of logwatch package fixes problems with --splithosts option and contains a lot of services updates. http://www.linuxsecurity.com/content/view/122051 * Fedora Core 5 Update: anthy-7500-1.fc5 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122052 * Fedora Core 5 Update: shadow-utils-4.0.14-5.FC5 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122053 * Fedora Core 5 Update: cpio-2.6-14.FC5 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122054 * Fedora Core 5 Update: libsepol-1.12.1-1.fc5 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122055 * Fedora Core 5 Update: bind-9.3.2-12.FC5 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122056 +---------------------------------+ | Distribution: Gentoo | ----------------------------// +---------------------------------+ * Gentoo: Freeciv Denial of Service 16th, March, 2006 A memory allocation bug in Freeciv allows a remote attacker to perform a Denial of Service attack. http://www.linuxsecurity.com/content/view/121944 * Gentoo: zoo Buffer overflow 16th, March, 2006 A buffer overflow in zoo may be exploited to execute arbitrary when creating archives of specially crafted directories and files. http://www.linuxsecurity.com/content/view/121945 * Gentoo: PEAR-Auth Potential authentication bypass 17th, March, 2006 PEAR-Auth did not correctly verify data passed to the DB and LDAP containers, thus allowing to inject false credentials to bypass the authentication. http://www.linuxsecurity.com/content/view/121970 * Gentoo: Heimdal rshd privilege escalation 17th, March, 2006 An error in the rshd daemon of Heimdal could allow authenticated users to elevate privileges. http://www.linuxsecurity.com/content/view/121971 * Gentoo: Crypt:CBC: Insecure initialization vector 17th, March, 2006 Crypt::CBC uses an insecure initialization vector, potentially resulting in a weaker encryption. http://www.linuxsecurity.com/content/view/121972 * Gentoo: Metamail Buffer overflow 17th, March, 2006 A buffer overflow in Metamail could possibly be exploited to execute arbitrary code. http://www.linuxsecurity.com/content/view/121973 * Gentoo: Cube Multiple vulnerabilities 21st, March, 2006 Cube is vulnerable to a buffer overflow, invalid memory access and remote client crashes, possibly leading to a Denial of Service or remote code execution. http://www.linuxsecurity.com/content/view/122012 * Gentoo: SquirrelMail Cross-site scripting and IMAP command injection 21st, March, 2006 SquirrelMail is vulnerable to several cross-site scripting vulnerabilities and IMAP command injection. http://www.linuxsecurity.com/content/view/122013 * Gentoo: GNU tar Buffer overflow 21st, March, 2006 A malicious tar archive could trigger a Buffer overflow in GNU tar, potentially resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122014 * Gentoo: flex Potential insecure code generation 21st, March, 2006 flex might generate code with a buffer overflow, making applications using such scanners vulnerable to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122015 * Gentoo: GnuPG Incorrect signature verification 21st, March, 2006 GnuPG may erroneously report a modified or unsigned message has a valid digital signature. http://www.linuxsecurity.com/content/view/122016 * Gentoo: PeerCast Buffer overflow 21st, March, 2006 PeerCast is vulnerable to a buffer overflow that may lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122017 * Gentoo: Pngcrush Buffer overflow 21st, March, 2006 Pngcrush is vulnerable to a buffer overflow which could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/122018 * Gentoo: cURL/libcurl Buffer overflow in the handling 21st, March, 2006 libcurl is affected by a buffer overflow in the handling of URLs for the TFTP protocol, which could be exploited to compromise a user's system. http://www.linuxsecurity.com/content/view/122029 * Gentoo: Macromedia Flash Player Arbitrary code execution 21st, March, 2006 Multiple vulnerabilities have been identified that allows arbitrary code execution on a user's system via the handling of malicious SWF files. http://www.linuxsecurity.com/content/view/122030 * Gentoo: Sendmail Race condition in the handling of asynchronous signals 22nd, March, 2006 Sendmail is vulnerable to a race condition which could lead to the execution of arbitrary code with sendmail privileges. http://www.linuxsecurity.com/content/view/122041 * Gentoo: PHP Format string and XSS vulnerabilities 22nd, March, 2006 Multiple vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers, perform cross site scripting or in some cases execute arbitrary code. http://www.linuxsecurity.com/content/view/122042 +---------------------------------+ | Distribution: Mandriva | ----------------------------// +---------------------------------+ * Mandriva: Updated xorg-x11 packages to address local root vuln 20th, March, 2006 Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files. Updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/122001 * Mandriva: Updated cairo packages to address Evolution DoS vulnerability 20th, March, 2006 GNOME Evolution allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. http://www.linuxsecurity.com/content/view/122002 * Mandriva: Updated sendmail packages fix remote vulnerability 22nd, March, 2006 A race condition was reported in sendmail in how it handles asynchronous signals. This could allow a remote attacker to be able to execute arbitrary code with the privileges of the user running sendmail. http://www.linuxsecurity.com/content/view/122048 * Mandriva: Updated kernel packages fix multiple vulnerabilities 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122049 +---------------------------------+ | Distribution: Red Hat | ----------------------------// +---------------------------------+ * RedHat: Critical: sendmail security update 22nd, March, 2006 Updated sendmail packages to fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122035 * RedHat: Critical: sendmail security update 22nd, March, 2006 Updated sendmail packages to fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122036 * RedHat: Critical: RealPlayer security update 23rd, March, 2006 An updated RealPlayer package that fixes a buffer overflow bug is now available for Red Hat Enterprise Linux Extras 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/122057 +---------------------------------+ | Distribution: SuSE | ----------------------------// +---------------------------------+ * SuSE: flash-player buffer overflow 21st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122006 * SuSE: xorg-x11-server local privilege 21st, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122007 * SuSE: sendmail remote code execution 22nd, March, 2006 Updated package. http://www.linuxsecurity.com/content/view/122037 * SuSE: RealPlayer security problems 23rd, March, 2006 This update fixes the following security problems in Realplayer: CVE-2006-0323, CVE-2005-2922. http://www.linuxsecurity.com/content/view/122060 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------