[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 511/03 - Conectiva - vulnerabilities in exim + stunnel
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 511/03 dated 08.09.03 Time: 12:10
UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Two Conectiva Security Advisories:
1: Remote buffer overflow vulnerability in exim
2: File descriptor leak and SIGCHLD DoS vulnerabilities in stunnel
Detail
======
1: Remote buffer overflow vulnerability in exim
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : exim
SUMMARY : Remote buffer overflow vulnerability
DATE : 2003-09-05 15:11:00
ID : CLA-2003:735
RELEVANT
RELEASES : 7.0, 8, 9
- - -------------------------------------------------------------------------
DESCRIPTION
Exim[1] is a popular email server (MTA).
A remote heap buffer overflow vulnerability[2] has been reported[3]
in the Exim server. Carefully constructed EHLO/HELO messages can
cause a buffer overflow. By the time this message is processed, Exim
is no longer running with administrator privileges. At this time,
this vulnerability is believed to be difficult to exploit.
Exim is not installed nor started by default on Conectiva Linux.
SOLUTION
It is recommended that all Exim users upgrade their packages. After
the upgrade, Exim will be automatically restarted if it was already
running.
REFERENCES
1. http://www.exim.org/
2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0743
3. http://www.exim.org/pipermail/exim-announce/2003q3/000094.html
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/exim-3.22-9U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/exim-3.22-9U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/exim-config-samples-3.22-9U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/exim-doc-3.22-9U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/exim-mon-3.22-9U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/exim-3.33-4U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-config-samples-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-doc-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/exim-mon-3.33-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/exim-3.36-28816U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-config-samples-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-doc-3.36-28816U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/exim-mon-3.36-28816U90_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/WNIJ42jd0JmAcZARAktGAJ9oLXya1+UNJGKmczQ+Jj/CPQL8yQCgrzhe
X8dhvhMM0ifdmZxcAE7TTgc=
=f5Zy
- -----END PGP SIGNATURE-----
2: File descriptor leak and SIGCHLD DoS vulnerabilities in stunnel
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : stunnel
SUMMARY : File descriptor leak and SIGCHLD DoS vulnerabilities
DATE : 2003-09-05 18:09:00
ID : CLA-2003:736
RELEVANT
RELEASES : 7.0, 8, 9
- - -------------------------------------------------------------------------
DESCRIPTION
Stunnel is a wrapper for network connections. It can be used to
tunnel an unencrypted network connection over a secure connection
(encrypted using SSL or TLS) or to provide a secure means of
connecting to services that do not natively support encryption.
This update fixes two vulnerabilities that affect stunnel versions
shipped with Conectiva Linux:
1. SIGCHLD Denial of Service (CAN-2002-1563)[1]
Henrik Eriksson found[2] a race in the code that handles the SIGCHLD
signal. This vulnerability affects stunnel when configured to listen
for incoming connections (instead of being invoked by inetd) and to
start a new child process to handle each new connection. A remote
attacker can exploit this vulnerability to bring the tunneled service
down.
2. File descriptor leak (CAN-2003-0740)[3]
Steve Grubb found[4] a file descriptor leak vulnerability in versions
prior to 3.26 of stunnel that allows a local attacker to hijack the
stunnel server.
Since this update brings a new version of stunnel (3.26), several
other fixes and minor changes are included as well[5].
SOLUTION
All stunnel users should upgrade.
Please note that after the upgrade all instances of stunnel and all
active network connections being served by it must be restarted
manually.
REFERENCES:
1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1563
2.http://marc.theaimsgroup.com/?l=stunnel-users&m=103600188215117&w=2
3.http://www.securityfocus.com/archive/1/335996
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0740
5.http://www.stunnel.org/news/
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/stunnel-3.26-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/stunnel-3.26-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/stunnel-3.26-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/stunnel-3.26-1U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/stunnel-3.26-21517U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/stunnel-3.26-21517U90_1cl.src.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
unsubscribe: conectiva-updates-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxxx
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/WPyV42jd0JmAcZARApJVAKDBhvm9bXQ8GWEDMCbE0+zPs15K9wCgkdgb
gXbVi8CFgPUMfSCJ4gmADUs=
=yxsa
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Conectiva for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBP1xh2Ipao72zK539AQGpyQP7BY4tPO14oD6TVa4jIRJCrRAuxzAP+HQG
stYXs8osNbLi2C97HGfdw2x3gUHXrzlWu8AThqr2OtlRxhNKucJRir04dCEwFTxO
jGbRS/w9n/ef1fIDsEOYYoErxlZP+WkC63hz697R5xP+5pKT9jgjiPrxb0NGCqIk
twwdWla5H64=
=mcun
-----END PGP SIGNATURE-----