[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 553/04 - Two Debian Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 553/04 dated 07.10.04  Time: 10:25 
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Two Debian Security Advisories:

1. Debian Security Advisory DSA 558-1 - New libapache-mod-dav packages fix potential 
                                        denial of service.

2. Debian Security Advisory DSA 559-1 - New net-acct packages fix insecure temporary 
                                        file creation.


Detail
====== 

1. Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference.  When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server.

2. Stefan Nordhausen has identified a local security hole in net-acct, a user-mode IP accounting daemon.  Old and redundant code from some time way back in the past created a temporary file in an insecure fashion.





1.
            ESB-2004.0628 -- Debian Security Advisory DSA 558-1
      New libapache-mod-dav packages fix potential denial of service
                              7 October 2004

Product:                libapache-mod-dav
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
                        UNIX variants
Impact:                 Denial of Service
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0809

Ref:                    AL-2004.029
                        ESB-2004.579

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 558-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
October 6th, 2004                       http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : libapache-mod-dav
Vulnerability  : null pointer dereference
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0809

Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference.  When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server.

For the stable distribution (woody) this problem has been fixed in version 1.0.3-3.1.

For the unstable distribution (sid) this problem has been fixed in version 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of Apache 2.

We recommend that you upgrade your mod_dav packages.


Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc
      Size/MD5 checksum:      645 5b405cd8fe0471edd793343ef8237b26
    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz
      Size/MD5 checksum:     4523 94edc74f33414e93af4ca7fa849b3fb3
    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz
      Size/MD5 checksum:   185284 ba83f2aa6e13b216a11d465b82aab484

  Alpha architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb
      Size/MD5 checksum:    96522 7e5d5d2184629de6be880eb0650d7fd1

  ARM architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb
      Size/MD5 checksum:    81860 fbe2d647e0037436d710ee857c947a52

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb
      Size/MD5 checksum:    80122 dfaab95268192557f711ab9fbd7f9f9b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb
      Size/MD5 checksum:   116596 bb369037b3d2ee0110c15d0b085a410b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb
      Size/MD5 checksum:    90406 fc707743732c491c29bfdb21d469736f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb
      Size/MD5 checksum:    80030 1b434a6598c06e23f3bb253867f59ae5

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb
      Size/MD5 checksum:    84944 a422f253d772ca1c2dae84bac0bb79ea

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb
      Size/MD5 checksum:    85094 4cf00ccacd87e2295af6618987950e13

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb
      Size/MD5 checksum:    84516 853b2929e7f371e79f153f6c57414a1f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb
      Size/MD5 checksum:    82424 7f092c974abfe792278c925bdd345775

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb
      Size/MD5 checksum:    92438 77bdcf29501a581a1cb768af644c923b


  These files will probably be moved into the stable distribution on
  its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBY5+qW5ql+IAeqTIRAsAfAJ9OCkuj0CiIUV/GxATw5IqYG014OgCgsO57
2tpvIRLP8zoqZDV47z9ssf8=
=vMyZ
- - -----END PGP SIGNATURE-----




                   
2.
            ESB-2004.0629 -- Debian Security Advisory DSA 559-1
        New net-acct packages fix insecure temporary file creation
                              7 October 2004


Product:                net-acct
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
                        UNIX variants
Impact:                 Overwrite Arbitrary Files
Access:                 Existing Account
CVE Names:              CAN-2004-0851

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 559-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
October 6th, 2004                       http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : net-acct
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0851
Debian Bug     : 270359

Stefan Nordhausen has identified a local security hole in net-acct, a user-mode IP accounting daemon.  Old and redundant code from some time way back in the past created a temporary file in an insecure fashion.

For the stable distribution (woody) this problem has been fixed in version 0.71-5woody1.

For the unstable distribution (sid) this problem has been fixed in version 0.71-7.

We recommend that you upgrade your net-acct package.


Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1.dsc
      Size/MD5 checksum:      562 72c93549d6dd86d7365d206706ff9a62
    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1.diff.gz
      Size/MD5 checksum:     9950 ab1dd923a4e18d520793c34738d2a8f4
    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71.orig.tar.gz
      Size/MD5 checksum:    44741 87daae6d4b06144534205b3fc201c058

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_alpha.deb
      Size/MD5 checksum:    52922 339d98c59e34655dc8762e076251fbd3

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_arm.deb
      Size/MD5 checksum:    50096 f7a21521634202264dacfae238716bf5

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_i386.deb
      Size/MD5 checksum:    49346 c90d2f7b3f777905c5f8f90f8edd6b57

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_ia64.deb
      Size/MD5 checksum:    58530 df761be43caec7fa543d37279c265afd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_hppa.deb
      Size/MD5 checksum:    51702 145f469e3c2bfae125ff4e0a23729a0a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_m68k.deb
      Size/MD5 checksum:    46882 e1dabe763136c5cfd0b04de8fd691fb7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_mips.deb
      Size/MD5 checksum:    49332 7393517e4ac4f83e0fbc6efda5118a2f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_mipsel.deb
      Size/MD5 checksum:    49380 60ae8a7d4c1265fb07adaaf6d49cbe2f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_powerpc.deb
      Size/MD5 checksum:    49824 3442f397b0db858aa4bfb9e4d418a5f4

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_s390.deb
      Size/MD5 checksum:    47688 69c06b385a4ff25df34dd60052c88fc4

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_sparc.deb
      Size/MD5 checksum:    51684 083a1078e261fd3621f37f17c8305885


  These files will probably be moved into the stable distribution on
  its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBY+dmW5ql+IAeqTIRAuOjAKCcFfAtJBrSdp8RoUiPHkvlmWU3GQCgjJdI
FwMrf2WeGJ47K7dtO5IwHfI=
=Lv9/
- - -----END PGP SIGNATURE-----




- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQWULUYpao72zK539AQHqogP5AU/x4mFMa3oCb8RspJz3EeIRjk1tP2Q2
I0kUPkgpGJlo9tuNL7RKMl1TcG4+Y9SfwDcDjR9BvzB2T1U2rnHwXHhJSWLpM1Js
dtB2ccJCXH0nb2ouvjAmml7NIalkWRKHkjxl4/Us3wqQTKYzFfX4XattgvJ7rjGZ
qKHcoxjCli0=
=4sWU
-----END PGP SIGNATURE-----