[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Advisory Watch - September 13th 2002



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  September 13th, 2002                     Volume 3, Number 37a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.  
It includes pointers to updated packages and descriptions of each
vulnerability.
 
This week, advisories were released for ethereal, python, cacti,
postgresql, kdelibs, krb5, php, wordtrans, gaim, glibc, util-linux.  The
vendors include Contiva, Debian, Gentoo, Mandrake, and Red Hat.

FEATURE:  NFS Security - NFS (Network File System) is a widely used and
primitive protocol that allows computers to share files over a network.
The main problems with NFS are that it relies on the inherently insecure
UDP protocol, transactions are not encrypted and hosts and users cannot be
easily authenticated. Below we will show a number of issues that one can
follow to heal those security problems.


http://www.linuxsecurity.com/feature_stories/feature_story-118.html 
  

ENCRYPTION + AUTHENTICATION = TRUST 
You may think people will regard your business as trustworthy because
you've got a 128-bit encryption certificate, but encryption does not
guarantee trust. Thawte believes in rigorous authentication 

   -> http://www.gothawte.com/rd365.html
  

EnGarde Secure Linux: Editor's Choice & Undisputed Leader
Concerned about the next threat? EnGarde is the undisputed winner!  
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.

http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2 
  


+---------------------------------+
|  Package: ethereal              | ----------------------------//
|  Date: 09-06-2002               |
+---------------------------------+  

Description: 
Ethereal developers discovered a buffer overflow in the ISIS protocol
dissector.  It may be possible to make Ethereal crash or hang by
injecting a purposefully malformed packet onto the wire, or by 
convincing someone to read a malformed packet trace file.  It may be
possible to make Ethereal run arbitrary code by exploiting the buffer
and pointer problems. 

Vendor Alerts: 

 Debian: i386:  
 http://security.debian.org/pool/updates/main/e/ethereal/ 
 ethereal_0.8.0-4potato.1_i386.deb 
 
 Size/MD5 checksum:   520452 c04c0c6253dc91ea8f773cb1607258df

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2330.html 

  

+---------------------------------+
|  Package: python                | ----------------------------//
|  Date: 09-09-2002               |
+---------------------------------+  

Description: 
The bugfix we distributed in DSA 159-1 unfortunately caused Python to
sometimes behave improperly when a non-executable file existed
earlier in the path and an executable file of the same name existed
later in the path.  Zack Weinberg fixed this in the Python source.  

Vendor Alerts: 

 Debian: i386: 
 http://security.debian.org/pool/updates/main/p/python/ 
 python-base_1.5.2-10potato13_i386.deb 

 Size/MD5 checksum:   825292 3fd77f5f0f90ee904908c3af612b9268

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2331.html 

  

+---------------------------------+
|  Package: cacti                 | ----------------------------//
|  Date: 09-09-2002               |
+---------------------------------+  

Description: 
A problem in cacti, a PHP based frontend to rrdtool for monitoring
systems and services, has been discovered.  This could lead into
cacti executing arbitrary program code under the user id of the web
server. This problem, however, is only persistant to users who
already have administrator privileges in the cacti system. 

Vendor Alerts: 

 Debian: i386: 
 http://security.debian.org/pool/updates/main/c/cacti/ 
 cacti_0.6.7-2.1_all.deb 

 Size/MD5 checksum:   209658 d63265f2a6606893ac9d1e3a6539c20d

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2332.html 

  


+---------------------------------+
|  Package: postgresql            | ----------------------------//
|  Date: 09-09-2002               |
+---------------------------------+  

Description: 
Mordred Labs and others found several vulnerabilities in PostgreSQL,
an object-relational SQL database.  They are inherited from several
buffer overflows and integer overflows.  Specially crafted long date
and time input, currency, repeat data and long timezone names could 
cause the PostgreSQL server to crash as well as specially crafted
input data for lpad() and rpad().  More buffer/integer overflows were
found in circle_poly(), path_encode() and path_addr(). 

Vendor Alerts: 

 Debian: i386: 
 http://security.debian.org/pool/updates/main/p/postgresql/ 
 postgresql_6.5.3-27.2_i386.deb 

 Size/MD5 checksum:   687334 8b448ec3a6c1e6cd52bca10b5cc48cc3 
 
 http://security.debian.org/pool/updates/main/p/postgresql/ 
 postgresql-client_6.5.3-27.2_i386.deb 

 Size/MD5 checksum:    88128 4d3b874a135665ff355001fada0fddef 

 http://security.debian.org/pool/updates/main/p/postgresql/ 
 postgresql-contrib_6.5.3-27.2_i386.deb 

 Size/MD5 checksum:    95942 0ebcebc831c984a7b18d61cbed5875a0 

 http://security.debian.org/pool/updates/main/p/postgresql/ 
 postgresql-dev_6.5.3-27.2_i386.deb 

 Size/MD5 checksum:   233256 a15449922f2ac541b2ef6c5d108c9e80 
 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2345.html 

  


+---------------------------------+
|  Package: kdelibs               | ----------------------------//
|  Date: 09-12-2002               |
+---------------------------------+  

Description: 
A vulnerability was discovered in KDE's SSL implementation in that it
does not check the basic constraints on a certificate and as a result
may accept certificates as valid that were signed by an issuer who is
not authorized to do so.  This can lead to Konqueror and other SSL-
enabled KDE software falling victim to a man-in-the-middle attack
without being aware of the invalid certificate.  This will trick
users into thinking they are on a secure connection with a valid site
when in fact the site is different from that which they intended to
connect to. 

Vendor Alerts: 

 Mandrake: i386:  
 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2337.html 


  

+---------------------------------+
|  Package: krb5                  | ----------------------------//
|  Date: 09-10-2002               |
+---------------------------------+  

Description: 
A vulnerability was discovered in KDE's SSL implementation in that it
does not check the basic constraints on a certificate and as a result
may accept certificates as valid that were signed by an issuer who is
not authorized to do so.  This can lead to Konqueror and other SSL-
enabled KDE software falling victim to a man-in-the-middle attack
without being aware of the invalid certificate.  This will trick
users into thinking they are on a secure connection with a valid site
when in fact the site is different from that which they intended to
connect to. 

Vendor Alerts: 

 Mandrake: i386:  
 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2339.html 


  
+---------------------------------+
|  Package: php                   | ----------------------------//
|  Date: 09-10-2002               |
+---------------------------------+  

Description: 
A fifth parameter was added to PHP's mail() function in 4.0.5 that is
not properly sanitized when the server is running in safe mode.  This
vulnerability would allow local users and, possibly, remote attackers
to execute arbitrary commands using shell metacharacters. 

Vendor Alerts: 

 Mandrake: i386:  
 8.1/RPMS/php-4.0.6-6.1mdk.i586.rpm 
 50358bb3a3702b61c57b657e9129fe07  

 8.1/RPMS/php-common-4.0.6-6.1mdk.i586.rpm 
 f2a81f7b2196082fa46966d8d30efb6a  

 8.1/RPMS/php-devel-4.0.6-6.1mdk.i586.rpm 
 8d194449ba33c3dbdab0fb081e7e3ba1  

 Mandrake Vendor Advisory:  
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2344.html
 

  
+---------------------------------+
|  Package: wordtrans             | ----------------------------//
|  Date: 09-10-2002               |
+---------------------------------+  

Description: 
The wordtrans-web package provides an interface to query multilingual
dictionaries via a web browser.  Guardent discovered vulnerabilities
which affect versions of wordtrans up to and including 1.1pre8. 

Vendor Alerts: 

 Red Hat: i386:  
 ftp://updates.redhat.com/7.3/en/os/i386/ 
 wordtrans-1.1pre8-11.i386.rpm 
 34c2ee6708276f6b84f179797fdf0bcc  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 wordtrans-kde-1.1pre8-11.i386.rpm 
 e6cc175c2075fd0817453b1be64f8ff8  

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 wordtrans-qt-1.1pre8-11.i386.rpm 
 9f73987fcbf92dbedd7a44f22b39d5e4 

 ftp://updates.redhat.com/7.3/en/os/i386/ 
 wordtrans-web-1.1pre8-11.i386.rpm 
 8f7c36661f82413ca0bbedf53d6dcaa9  

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2333.html
 

  
  
+---------------------------------+
|  Package: gaim                  | ----------------------------//
|  Date: 09-09-2002               |
+---------------------------------+  

Description: 
Gaim is an all-in-one instant messaging client that lets you use a
number of messaging protocols such as AIM, ICQ, and Yahoo, all at
once. Versions of gaim prior to 0.59.1 contain a bug in the URL
handler of the manual browser option.  A link can be carefully
crafted to contain an arbitrary shell script which will be executed
if the user clicks on the link. 

Vendor Alerts: 

 Red Hat: i386:
 ftp://updates.redhat.com/7.3/en/os/i386/gaim-0.59.1-0.7.3.i386.rpm 
 b49e9b07d9e449221bd210e5a6bd9474 

 Red Hat Vendor Advisory:
 http://www.linuxsecurity.com/advisories/redhat_advisory-2340.html 



+---------------------------------+
|  Package: glibc                 | ----------------------------//
|  Date: 09-09-2002               |
+---------------------------------+  

Description: 
There is an integer overflow present in the xdr_array() function
distributed as part of the Sun Microsystems XDR library. This
overflow has been shown to lead to remotely exploitable buffer
overflows in multiple applications, leading to the execution of
arbitrary code. Although the library was originally distributed by
Sun Microsystems, multiple vendors have included the vulnerable code
in their own implementations. 

Vendor Alerts: 

 Gentoo: i386: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Gentoo Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2334.html 

  
  
  
+---------------------------------+
|  Package: util-linux            | ----------------------------//
|  Date: 09-12-2002               |
+---------------------------------+  

Description: 
Michal Zalewski found a race condition vulnerability[1] in the way
chfn locks files when changing /etc/passwd. In order to sucessfully
exploit this vulnerability, some administrator interaction is needed
and there are some prerequisites to fulfill. Full details can be
found in the Bindview advisory[2].  

Vendor Alerts: 

 Conectiva: i386:  
 ftp://atualizacoes.conectiva.com.br/8/RPMS/
 util-linux-2.11n-4U80_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2346.html 



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.