[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 263/04 - Three Debian Security Advisories:



----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 263/04 dated 03.06.04  Time: 13:50  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
----------------------------------------------------------------------------------

Title
=====

Three Debian Security Advisories:

1. New gatos packages fix privilege escalation

2.  New jftpgw packages fix format string

3. New ethereal packages fix buffer overflows


Detail
======

 
1. Steve Kemp discovered a vulnerability in xatitv, one of the programs in the gatos 
package, which is used to display video with certain ATI video cards. xatitv is installed setuid root in order to gain direct access
to the video hardware.  
It normally drops root privileges after successfully initializing itself.  However, 
if initialization fails due to a missing configuration file, root privileges are not 
dropped, and xatitv executes the system(3) function to launch its configuration program 
without sanitizing user-supplied environment variables.


2. jaguar@xxxxxxxxxxxxxxxx discovered a vulnerability in jftpgw, an FTP proxy program, 
whereby a remote user could potentially cause arbitrary code to be executed with the 
privileges of the jftpgw server process. By default, the server runs as user "nobody".


3. Several buffer overflow vulnerabilities were discovered in ethereal, a network traffic 
analyzer.  These vulnerabilites are described in the ethereal advisory "enpa-sa-00013".  
Of these, only some parts of CAN-2004-0176 affect the version of ethereal in Debian woody. 
CAN-2004-0367 and CAN-2004-0365 are not applicable to this version.





1.


- --------------------------------------------------------------------------
Debian Security Advisory DSA 509-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
May 29th, 2004                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gatos
Vulnerability  : privilege escalation
Problem-Type   : local
Debian-specific: no
CVE Ids        : CAN-2004-0395

Steve Kemp discovered a vulnerability in xatitv, one of the programs in the gatos package, 
which is used to display video with certain ATI video cards.

xatitv is installed setuid root in order to gain direct access to the video hardware.  It 
normally drops root privileges after successfully initializing itself.  However, if initialization 
fails due to a missing configuration file, root privileges are not dropped, and xatitv executes the 
system(3) function to launch its configuration program without sanitizing user-supplied environment 
variables.

By exploiting this vulnerability, a local user could gain root privileges if the configuration file 
does not exist.  However, a default configuration file is supplied with the package, and so this 
vulnerability is not exploitable unless this file is removed by the administrator.

For the current stable distribution (woody) this problem has been fixed in version 0.0.5-6woody1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your gatos package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1.dsc
      Size/MD5 checksum:      629 73d7637956bdcc827fb3c9be500902a0
    http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1.diff.gz
      Size/MD5 checksum:    40666 2ff18e9bbf71ea71ce9b2a43486c8cc6
    http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5.orig.tar.gz
      Size/MD5 checksum:   483916 9c16631afc933bde6f5d5e1421efddb7

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1_i386.deb
      Size/MD5 checksum:   176268 d64a2e508adbd6423c6a0bbf2426c11b
    http://security.debian.org/pool/updates/main/g/gatos/libgatos-dev_0.0.5-6woody1_i386.deb
      Size/MD5 checksum:   109416 81ada7ba7f2d0d44d2cf107154a2cd93
    http://security.debian.org/pool/updates/main/g/gatos/libgatos0_0.0.5-6woody1_i386.deb
      Size/MD5 checksum:    75040 4c2f9aea5082612027d520bab82dbff5

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> 




2.





- --------------------------------------------------------------------------
Debian Security Advisory DSA 510-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
May 29th, 2004                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : jftpgw
Vulnerability  : format string
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0448

jaguar@xxxxxxxxxxxxxxxx discovered a vulnerability in jftpgw, an FTP proxy program, 
whereby a remote user could potentially cause arbitrary code to be executed with the 
privileges of the jftpgw server process. By default, the server runs as user "nobody".

CAN-2004-0448: format string vulnerability via syslog(3) in log() function

For the current stable distribution (woody) this problem has been fixed in version 0.13.1-1woody1.

For the unstable distribution (sid), this problem has been fixed in version 0.13.4-1.

We recommend that you update your jftpgw package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1.dsc
      Size/MD5 checksum:      589 6c0ed10f2034cefdbf338de14b8c26bf
    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1.diff.gz
      Size/MD5 checksum:    19365 e34131b25f532be7e16c51030c55349f
    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1.orig.tar.gz
      Size/MD5 checksum:   219139 9546400895b5fe54ad70dbb33f83c6a1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_alpha.deb
      Size/MD5 checksum:    74918 53c4ed0d56bfdd42191405059376cc98

  ARM architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_arm.deb
      Size/MD5 checksum:    57788 a3cadbfab75a3be17d0ef4d3da483504

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_i386.deb
      Size/MD5 checksum:    55924 b59ff3f29eb9803ebe06de132fbb2c24

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_ia64.deb
      Size/MD5 checksum:    98458 072000de165c9abb980c99241ad1282a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_hppa.deb
      Size/MD5 checksum:    67726 e90daefe5490c21c7d442f33f2d68223

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_m68k.deb
      Size/MD5 checksum:    52158 d48c566a6fda177048e91e90f60c076a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_mips.deb
      Size/MD5 checksum:    68020 60b41b05f85fc83affd559bca3f0fd6f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_mipsel.deb
      Size/MD5 checksum:    68180 b966bab91c3bc469652874d6e18844f7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_powerpc.deb
      Size/MD5 checksum:    60466 3363c313d0cb2a409ce5579697912afc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_s390.deb
      Size/MD5 checksum:    57770 bfead388669f0fd30967e56b2b648c2c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_sparc.deb
      Size/MD5 checksum:    60528 849fd4f56002ff1d8e4e4b08de7608f2

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>





3.




===========================================================================
            
            ESB-2004.0375 -- Debian Security Advisory DSA 511-1
                New ethereal packages fix buffer overflows
                                31 May 2004

===========================================================================

       

Product:                ethereal
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
Impact:                 Execute Arbitrary Code/Commands
                        Denial of Service
Access Required:        Remote
CVE Names:              CAN-2004-0176

Ref:                    ESB-2004.0240

- --------------------------BEGIN INCLUDED TEXT--------------------



- - --------------------------------------------------------------------------
Debian Security Advisory DSA 511-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Matt Zimmerman
May 30th, 2004                          http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0176 

Several buffer overflow vulnerabilities were discovered in ethereal, a network traffic analyzer.  
These vulnerabilites are described in the ethereal advisory "enpa-sa-00013".  Of these, only some 
parts of CAN-2004-0176 affect the version of ethereal in Debian woody. CAN-2004-0367 and CAN-2004-0365 
are not applicable to this version.

For the current stable distribution (woody), these problems have been fixed in version 0.9.4-1woody7.

For the unstable distribution (sid), these problems have been fixed in version 0.10.3-1.

We recommend that you update your ethereal package.

Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.dsc
      Size/MD5 checksum:      679 323c90392539e2da1279f17f6decf771
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.diff.gz
      Size/MD5 checksum:    45483 0004ee73d2b90d02661745d3312b08e3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_alpha.deb
      Size/MD5 checksum:  1941020 d79e6c8e1457cfb06c76baf19e6b5b7d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_alpha.deb
      Size/MD5 checksum:   334382 ac866af4b9479c44c3d4d84488bde94c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_alpha.deb
      Size/MD5 checksum:   222246 1ee88001668518dea6abdb02e7cbe55a
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_alpha.deb
      Size/MD5 checksum:  1707506 02752471daed08c9df975e9f415ac4e0

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_arm.deb
      Size/MD5 checksum:  1635334 4adb4b8cc07457a945f1b2eeb97f6690
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_arm.deb
      Size/MD5 checksum:   297540 d7ac6d332bfef2e152337529cb83ceee
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_arm.deb
      Size/MD5 checksum:   206166 cb3005dc622ad56e73ba2dce5a53c63b
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_arm.deb
      Size/MD5 checksum:  1439432 704ee53390010698221ae05188fb6ae6

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_i386.deb
      Size/MD5 checksum:  1513010 7e6ba57850ffa13e38b7b8b2cd273e58
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_i386.deb
      Size/MD5 checksum:   285086 c9a7fa9eaa2eab45af8172bbfc23a070
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_i386.deb
      Size/MD5 checksum:   199306 0ea83e3dee4fa81599444cd5091d51a5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_i386.deb
      Size/MD5 checksum:  1326436 aa569b225bd0d0e67368a73d65e29cc9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_ia64.deb
      Size/MD5 checksum:  2150400 f6f32ff9881157387367660faf2b21ab
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_ia64.deb
      Size/MD5 checksum:   373176 fde622e2a2d698e8fb0d88793cf1e8d0
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_ia64.deb
      Size/MD5 checksum:   233810 a95f6ed4e1e8fe3d9d0c2f9d882dab0f
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_ia64.deb
      Size/MD5 checksum:  1861656 7846c3569c7d206aff1f1f08886673d0

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_hppa.deb
      Size/MD5 checksum:  1804472 82765f65ed7430e76fb9d7f9dee0fe6a
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_hppa.deb
      Size/MD5 checksum:   322514 af524dc1735491c3b840420a9cbc0c8d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_hppa.deb
      Size/MD5 checksum:   216956 42ca7e3e8b5c79fdd0072b9aba4bd9fe
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_hppa.deb
      Size/MD5 checksum:  1575904 a74cfa5c06002a4fd9020144b475f72d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_m68k.deb
      Size/MD5 checksum:  1424618 14a7fd43db721c403a918ec8303e6dcf
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_m68k.deb
      Size/MD5 checksum:   282804 591da6c2f59875d83c41298a02f13f1c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_m68k.deb
      Size/MD5 checksum:   195206 0778bfba89f9a2f5584c72c28f8c7da3
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_m68k.deb
      Size/MD5 checksum:  1248686 9fc38a5b59118f8c4f13ffd8a9b9885f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mips.deb
      Size/MD5 checksum:  1617004 433296ba229444a3deb419d2f50708c9
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mips.deb
      Size/MD5 checksum:   305342 79d872e63c188f938822a0d61f48a992
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mips.deb
      Size/MD5 checksum:   213752 d31a8bf923fa2b34a4aabe28b3db101c
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mips.deb
      Size/MD5 checksum:  1421942 e2ebe374ac6766a309c7d8b79269892a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mipsel.deb
      Size/MD5 checksum:  1597816 80474ae115e5c4c8cfb00f341570850f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mipsel.deb
      Size/MD5 checksum:   304826 50dc977f60d8dad848f19093f5ecab6e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mipsel.deb
      Size/MD5 checksum:   213370 c43657991fc0a7297640550c40b196c7
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mipsel.deb
      Size/MD5 checksum:  1406348 73e84895bcc86352df38fb7bf4fe648a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_powerpc.deb
      Size/MD5 checksum:  1618208 f2f27be2f0ce2430d8ce41eeab19b9b9
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_powerpc.deb
      Size/MD5 checksum:   302004 f6e1cef517f5ab9fa455c277e9262a22
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_powerpc.deb
      Size/MD5 checksum:   208972 965e842a91a01195a86ef41a8f9ecbaa
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_powerpc.deb
      Size/MD5 checksum:  1419068 aa1cf1b5394f307ca154563a4d95087b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_s390.deb
      Size/MD5 checksum:  1574614 e0df6a629ac38a3c9f651eefaac6395c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_s390.deb
      Size/MD5 checksum:   300822 1b6b348837db92604c262bd436caae50
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_s390.deb
      Size/MD5 checksum:   204054 0fc3dc9ec73c7c72f24c992424553069
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_s390.deb
      Size/MD5 checksum:  1387334 f42f341c609cfa7c5a46bbc3c7c98bfe

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_sparc.deb
      Size/MD5 checksum:  1583320 14e73331296d5be03036e93c1e792fa7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_sparc.deb
      Size/MD5 checksum:   318104 be2b5daaf45a1dd699273abd9ed2ed15
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_sparc.deb
      Size/MD5 checksum:   204810 a163c33d0e73df9956f9e8467bb5fbb2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_sparc.deb
      Size/MD5 checksum:  1389412 1997cf66066552f8e2ddd543ef060115

  These files will probably be moved into the stable distribution on
  its next revision.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- --------------------------END INCLUDED TEXT--------------------


  

----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
----------------------------------------------------------------------------------
<End of UNIRAS Briefing>