[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 495/05 - Three Debian Security Advisories:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 495/05 dated 01.07.05  Time: 12:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Three Debian Security Advisories:
1. DSA 733-1 - crip
2. DSA 735-1 - sudo
3. DSA 736-1 - spamassassin

Detail
====== 

1. Justin Rye discovered that crip, a terminal-based ripper, encoder and
tagger tool, utilises temporary files in an insecure fashion in its
helper scripts.

2. A local user who has been granted permission to run commands via sudo
could run arbitrary commands as a privileged user due to a flaw in
sudo's pathname validation. This bug only affects configurations which
have restricted user configurations prior to an ALL directive in the
configuration file.

3. A vulnerability was recently found in the way that SpamAssassin parses
certain email headers. This vulnerability could cause SpamAssassin to
consume a large number of CPU cycles when processing messages containing
these headers, leading to a potential denial of service (DOS) attack. 



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 733-1                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
June 30th, 2005                         http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : crip
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0393
CERT advisory  : 
BugTraq ID     : 
Debian Bug     : 

Justin Rye discovered that crip, a terminal-based ripper, encoder and
tagger tool, utilises temporary files in an insecure fashion in its
helper scripts.

The old stable distribution (woody) does not provide the crip package.

For the stable distribution (sarge) this problem has been fixed in
version 3.5-1sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 3.5-1sarge2.

We recommend that you upgrade your crip package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2.dsc
      Size/MD5 checksum:      572 8586b5bc06ec3a314e4f9920061fb061
    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2.diff.gz
      Size/MD5 checksum:     4427 01c4f0a2b1af58ba1c26828399f3c641
    http://ftp.debian.org/debian/pool/main/c/crip/crip_3.5.orig.tar.gz
      Size/MD5 checksum:    31935 e0b93d38ce19fbdb8c8d7c1d3f2a8676

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_alpha.deb
      Size/MD5 checksum:    45134 ecf643d9d598eaa200a8888f474d2084

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_arm.deb
      Size/MD5 checksum:    44436 52ff32d6ace120ef28d778127f6b624e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_i386.deb
      Size/MD5 checksum:    43710 639c9586b54d2d4538352c3f0a84fd17

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_ia64.deb
      Size/MD5 checksum:    45582 a3e8b6645fbcc5fbe95ba78cb7aa308d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_hppa.deb
      Size/MD5 checksum:    45298 62be35e7881ad4d1b32b33d213361dee

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_m68k.deb
      Size/MD5 checksum:    44562 08ce1cfa8fdeb0cae763f18dcdf53320

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_mips.deb
      Size/MD5 checksum:    47086 e20d2a33a94d3153b10d3adb8f09a9d7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_mipsel.deb
      Size/MD5 checksum:    47088 55f8284e194dd8593e5486daa24e1851

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_powerpc.deb
      Size/MD5 checksum:    44830 bf5bb457f8363c76374ec1141db324e7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_s390.deb
      Size/MD5 checksum:    44810 8ff12262a45ff8a7602f965c240689ed

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_sparc.deb
      Size/MD5 checksum:    44538 fc5feb3258717d56f48b1be034faf164


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCw7DYW5ql+IAeqTIRAsCIAJsFiiLWcFa/d0cY1w8PpKFcDmGzDgCfXubx
huFjZTHlgKYHwrngTEoNkdg=
=2DCX
- -----END PGP SIGNATURE-----


2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory 735-1                       security@xxxxxxxxxx
http://www.debian.org/security/                            Michael Stone
July 01, 2005                         http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : sudo
Vulnerability  : pathname validation race
Problem type   : local
Debian-specific: no
CVE Id(s)      : CAN-2005-1993
Debian Bug     : 315115

A local user who has been granted permission to run commands via sudo
could run arbitrary commands as a privileged user due to a flaw in
sudo's pathname validation. This bug only affects configurations which
have restricted user configurations prior to an ALL directive in the
configuration file. A workaround is to move any ALL directives to the
beginning of the sudoers file; see the advisory at
http://www.sudo.ws/sudo/alerts/path_race.html for more information.

For the old stable Debian distribution (woody), this problem has been
fixed in version 1.6.6-1.3woody1. For the current stable distribution
(sarge), this problem has been fixed in version 1.6.8p7-1.1sarge1. Note
that packages are not yet ready for certain architectures; these will be
released as they become available.

We recommend that you upgrade your sudo package.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.0 (woody)
- - ------------------

  woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
      Size/MD5 checksum:   333074 4da4bf6cf31634cc7a17ec3b69fdc333
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.dsc
      Size/MD5 checksum:      663 9d642dfebcaa64925b0dc8222fdef8fb
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.diff.gz
      Size/MD5 checksum:    32343 4e6a3617874f1a947073adbe8f5a8bd7

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_alpha.deb
      Size/MD5 checksum:   150074 adfd1c1e51dbe1dc66d5929c38035753

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_hppa.deb
      Size/MD5 checksum:   145954 62d30eb38b9605b3aeee404d7df6ad67

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_i386.deb
      Size/MD5 checksum:   133990 cbeaf7f9f666dcd118b3e6a5aff980c5

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_m68k.deb
      Size/MD5 checksum:   131568 0c43529165c66b41b1afee8a5fcab94c

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mips.deb
      Size/MD5 checksum:   142726 fdd7c5c36fc97e6d43bd38c389eb6661

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mipsel.deb
      Size/MD5 checksum:   142672 b569048607197ae6d1a6bda1b8678b28

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_powerpc.deb
      Size/MD5 checksum:   139220 89f8dba75e485aa186892b7ff8cae0a9

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_s390.deb
      Size/MD5 checksum:   138806 4ce4d39f104be67c037df435b2fbfcfa

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_sparc.deb
      Size/MD5 checksum:   141510 d09ac30ed8b11148616094bc11f6ff89

Debian 3.1 (sarge)
- - ------------------

  sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.dsc
      Size/MD5 checksum:      647 727b653bb76115569d23a447b0886526
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.diff.gz
      Size/MD5 checksum:    22106 534fb1a1ed826d19585a210830b1b3e8
    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
      Size/MD5 checksum:   585302 ad65d24f20c736597360d242515e412c

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_alpha.deb
      Size/MD5 checksum:   176226 9e39a081bcfb34bcc51b26d9a741cdcb

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_hppa.deb
      Size/MD5 checksum:   170318 3f2cdd1fa837bfe741e2a00c2c7998ff

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_i386.deb
      Size/MD5 checksum:   159542 31bf940fb0e3efcfc3b6dd7a8d6183b7

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_ia64.deb
      Size/MD5 checksum:   194802 2f256e875cd8af6341e9d9e70f6d594e

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_m68k.deb
      Size/MD5 checksum:   154864 c7bf16b5de02b5dc53de79b050d4b610

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mips.deb
      Size/MD5 checksum:   168270 950106a439c05ba869fab23e5173c0d6

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mipsel.deb
      Size/MD5 checksum:   168074 142d0e2675335cc3db32017057ae4fab

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_powerpc.deb
      Size/MD5 checksum:   164932 eb71691a92c039e51c8af2838d1b66cf

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_s390.deb
      Size/MD5 checksum:   167808 5a3b22d227258306b36e9e925e4a36b0

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_sparc.deb
      Size/MD5 checksum:   162398 759a6f3d0facda5ca05037f40a4c0c64

- - -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQsSdaA0hVr09l8FJAQJeIwP/RsNnnkEEwvGv8JTvXBg/UfLQhrIxog7b
T3pnGKwM1RajhQSsSipmZG43JkTRsKt4N3PtWLNup8+pIi03u8trMMKYcbQEU3ol
XJ5B/+QdOEL/iuUfkpREnrTxfomTN8cbWDoW+yf67AEFGbB6bsInKCO/IPFvIyLE
q/Jnf4yX2Wg=
=Npjy
- -----END PGP SIGNATURE-----


3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory 736-1                       security@xxxxxxxxxx
http://www.debian.org/security/                            Michael Stone
July 01, 2005                         http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : spamassassin
Vulnerability  : mail header parsing error
Problem type   : remote DOS
Debian-specific: no
CVE Id(s)      : CAN-2005-1266
Debian Bug     : 314447

A vulnerability was recently found in the way that SpamAssassin parses
certain email headers. This vulnerability could cause SpamAssassin to
consume a large number of CPU cycles when processing messages containing
these headers, leading to a potential denial of service (DOS) attack. 

The version of SpamAssassin in the old stable distribution (woody) is
not vulnerable.

For the stable distribution (sarge), this problem has been fixed in
version 3.0.3-2. Note that packages are not yet ready for certain
architectures; these will be released as they become available.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.4-1.

We recommend that you upgrade your sarge or sid spamassassin package.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (sarge)
- - ------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.diff.gz
      Size/MD5 checksum:    44610 b1b383fc4f9dc0792ecd954fa99aaa56
    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3.orig.tar.gz
      Size/MD5 checksum:   999558 ca96f23cd1eb7d663ab55db98ef8090c
    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.dsc
      Size/MD5 checksum:      776 4f3092c679992ad322598f4195f4800c

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2_all.deb
      Size/MD5 checksum:   768948 b2d7f49923aa67d8a016e5a3b3545249

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_alpha.deb
      Size/MD5 checksum:    61552 84fcd819583c747545fda079a074d987

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_i386.deb
      Size/MD5 checksum:    58438 18138ce49c9d249fb5d93487e60481a2

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_ia64.deb
      Size/MD5 checksum:    65020 65e214d1922317d511e23c32f7e19ff6

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_m68k.deb
      Size/MD5 checksum:    57536 b13aad3cb78a148e8838ddfdb301dbd5

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mips.deb
      Size/MD5 checksum:    60228 8578263361ff0e95ed0bddc2493d620e

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mipsel.deb
      Size/MD5 checksum:    60202 2338edb2f9679396005d490232147b7b

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_powerpc.deb
      Size/MD5 checksum:    60578 e547e452fc5e7ed28b04065af1b677a0

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_s390.deb
      Size/MD5 checksum:    59436 32ab8a7fef23ac35912ae51cc22aad29

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_sparc.deb
      Size/MD5 checksum:    58370 8791b8226b25a0bc5381f39257ecd547

- - -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQsSl5w0hVr09l8FJAQJckQP+It+rZFa4xKdZUM5f3OWBXEOUdxbsZ3vB
Q/2V/PHyNOP2xXT81M+ZUXk+Tggi4TuBFaxXfg/gHOuYE7vcfBfT/hpxjvgDgTXI
PDUQSpdRjmPMgQq84eUryJzQNwwXv5iVFjeKDrDTDd3qnBja707XZTUuotYGgUp2
KdvwCAkNzrE=
=TN0J
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQsUkoYpao72zK539AQHs2AQAsUnypEVKnm3t08yz/gYamHDDPJfmOQ4S
O5IzVf2hHDo4feZ9+SyTTDwAqs8ZsOKLaSWm3YV0FV4ClCAZAypHEuzjkelE6R7t
C2LfHAlBE3NG/mLCKVjZGc78R1PQCEAK5oNNMrwIM1kiHDZgngHTpdVQYRBe1JAw
BLDQ3VrUCco=
=1BI1
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________