[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Linux Advisory Watch - December 6th 2002



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  December 6th, 2002                       Volume 3, Number 49a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for RPC XDR, ypserv, pine, freeswan,
im, smb2www, xinetd, webalizer, kde, kdelibs, and windowmaker. The
distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, and Red
Hat.

 Concerned about the next threat? EnGarde is the undisputed winner!
 Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
 Editor's Choice Award, EnGarde "walked away with our Editor's Choice
 award thanks to the depth of its security strategy..." Find out what the
 other Linux vendors are not telling you.

 http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2


Network Security Audit - "Information for the right people at right time
and from anywhere" has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.

http://www.linuxsecurity.com/feature_stories/feature_story-131.html


Security: MySQL and PHP (3 of 3) - This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following
guidelines.

http://www.linuxsecurity.com/feature_stories/feature_story-130.html


+---------------------------------+
|  Package: RPC XDR               | ----------------------------//
|  Date: 12-04-2002               |
+---------------------------------+

Description:
The implementation of xdr_array can be tricked into writing beyond the
buffers it allocated when deserializing the XDR stream.

Vendor Alerts:

 Caldera:
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/
  CSSA-2002-055.0/RPMS
  glibc-2.2.4-25.i386.rpm
  0c879b13edf9d0ad38421432184b7749

  Caldera Vendor Advisory:
  http://www.linuxsecurity.com/advisories/caldera_advisory-2637.html



+---------------------------------+
|  Package: ypserv                | ----------------------------//
|  Date: 12-04-2002               |
+---------------------------------+

Description:
Requesting a map that doesn't exist will cause a memory leak in the
server.

Vendor Alerts:

 Caldera:
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/
  CSSA-2002-054.0/RPMS
  nis-client-2.0-23.i386.rpm
  f416f2e39a29d419832f3b18c04491a2

  nis-server-2.0-23.i386.rpm
  b86300ae67587b447262d31f123bc12e

  Caldera Vendor Advisory:
  http://www.linuxsecurity.com/advisories/caldera_advisory-2638.html


+---------------------------------+
|  Package: pine                  | ----------------------------//
|  Date: 12-04-2002               |
+---------------------------------+

Description:
By exploiting this, an attacker can prevent the pine user of starting the
program to manage his/her mailbox. It was not confirmed if it is possible
to execute arbitrary code by exploiting this vulnerability, but such a
possibility exists.

Vendor Alerts:

 Conectiva:
  ftp://atualizacoes.conectiva.com.br/8/RPMS/
  pico-4.50L-1U80_1cl.i386.rpm

  ftp://atualizacoes.conectiva.com.br/8/RPMS/
  pilot-4.50L-1U80_1cl.i386.rpm

  ftp://atualizacoes.conectiva.com.br/8/RPMS/
  pine-4.50L-1U80_1cl.i386.rpm

  Conectiva Vendor Advisory:
  http://www.linuxsecurity.com/advisories/connectiva_advisory-2639.html



 Gentoo:
  Gentoo Vendor Advisory:
  http://www.linuxsecurity.com/advisories/gentoo_advisory-2618.html

 Mandrake:
  Mandrake Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-2631.html




+---------------------------------+
|  Package: freeswan              | ----------------------------//
|  Date: 12-02-2002               |
+---------------------------------+

Description:
Bindview discovered a problem in several IPSEC implementations that do not
properly handle certain very short packets.  IPSEC is a set of security
extensions to IP which provide authentication and encryption. Free/SWan in
Debain is affected by this and is said to cause a kernel panic.

Vendor Alerts:

 Debian:
  http://security.debian.org/pool/updates/main/f/freeswan/
  kernel-patch-freeswan_1.96-1.4_all.deb
  Size/MD5 checksum:   889918 30c73e274e84b62125136ec96160d23a

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-2628.html




+---------------------------------+
|  Package: im                    | ----------------------------//
|  Date: 12-03-2002               |
+---------------------------------+

Description:
The impwagent program creates a temporary directory in an insecure manner
in /tmp using predictable directory names without checking the return code
of mkdir, so it's possible to seize a permission of the temporary
directory by local access as another user.

Vendor Alerts:

 Debian:

  http://security.debian.org/pool/updates/main/i/im/
  im_141-18.1_all.deb
  Size/MD5 checksum:   217416 41a6ad3bc0b0591ba180dd5d646387f9

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-2630.html




+---------------------------------+
|  Package: smb2www               | ----------------------------//
|  Date: 12-04-2002               |
+---------------------------------+

Description:
Robert Luberda found a security problem in smb2www, a Windows Network
client that is accessible through a web browser.  This could lead a remote
attacker to execute arbitrary programs under the user id www-data on the
host where smb2www is running.

Vendor Alerts:

 Debian:
  http://security.debian.org/pool/updates/main/s/smb2www/
  smb2www_980804-16.1_all.deb
  Size/MD5 checksum:	79050 6d443251ebe2389c26ac163e739ee80e

 Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-2636.html




+---------------------------------+
|  Package: kdelibs               | ----------------------------//
|  Date: 12-05-2002               |
+---------------------------------+

Description:
The KDE team has discovered a vulnerability in the support for various
network protocols via the KIO The implementation of the rlogin and
protocol allows a carefully crafted URL in an HTML page, HTML email or
other KIO-enabled application to execute arbitrary commands on the system
using the victim's account on the vulnerable machine.

Vendor Alerts:

 Debian:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Debian Vendor Advisory:
 http://www.linuxsecurity.com/advisories/debian_advisory-2640.html




+---------------------------------+
|  Package: windowmaker           | ----------------------------//
|  Date: 12-05-2002               |
+---------------------------------+

Description:
Al Viro discovered a vulnerability in the WindowMaker window manager. A
function used to load images, for example when configuring a new
background image or previewing themes, contains a buffer overflow. The
function calculates the amount of memory necessary to load the image by
doing some multiplication but does not check the results of this
multiplication, which may not fit into the destination variable, resulting
in a buffer overflow when the image is loaded.

Vendor Alerts:

 Mandrake:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Mandrake Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-2632.html




+---------------------------------+
|  Package: xinetd                | ----------------------------//
|  Date: 12-05-2002               |
+---------------------------------+

Description:
Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal
pipe to services that are launched by xinetd. This could allow an attacker
to execute a DoS attack via the pipe. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2002-0871 to this issue.

 Vendor Alerts:

 Red Hat:
  ftp://updates.redhat.com/8.0/en/os/i386/xinetd-2.3.7-5.i386.rpm
  26e6f6faec33503f3538a4ac80c82ce2

  Red Hat Vendor Advisory:
  http://www.linuxsecurity.com/advisories/redhat_advisory-2629.html




+---------------------------------+
|  Package: webalizer             | ----------------------------//
|  Date: 12-02-2002               |
+---------------------------------+

Description:
A buffer overflow in Webalizer versions prior to 2.01-10, when configured
to use reverse DNS lookups, may allow remote attackers to execute
arbitrary code by connecting to the monitored Web server from an IP
address that resolves to a long hostname.

Vendor Alerts:

 Red Hat:
  ftp://updates.redhat.com/7.2/en/os/i386/
  webalizer-2.01_09-1.72.i386.rpm
  f3d16a9fa3c202031a6cda1da2944e3d

  Red Hat Vendor Advisory:
  http://www.linuxsecurity.com/advisories/redhat_advisory-2634.html




+---------------------------------+
|  Package: kdelibs               | ----------------------------//
|  Date: 12-02-2002               |
+---------------------------------+

Description:
A number of vulnerabilities have been found that affect various versions
of KDE. This errata provides updates which resolve these issues.

Vendor Alerts:

 Red Hat:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Red Hat Vendor Advisory:
  http://www.linuxsecurity.com/advisories/redhat_advisory-2635.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.