Linux Advisory Watch – March 14th, 2003

22
by Benjamin D.
Thomas

This week advisories were released for zlib, sendmail, qpopper, file, snort,
mysqlcc, netscape-flash, ethereal, usermode, tcpdump, and lprold.  The
distributors include Caldera, Debian, Guardian Digital’s EnGarde Secure Linux,
Gentoo, Mandrake, NetBSD, Red Hat, and SuSE.

LinuxSecurity Feature Extras:

Get
out of a BIND – install DJBDNS
– DJBDNS eases DNS management and
improves security over BIND alternatives by taking a different approach
to serving and caching DNS answers.

Remote
Syslog with MySQL and PHP
– Msyslog has the ability to log syslog
messages to a database. This allows for easier monitoring of multiple servers
and the ability to be display and search for syslog messages using PHP
or any other programming language that can communicate with the database.by
that, too.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

  The Linux Advisory Watch newsletter is developed by the community of
volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.    


 
 

Package: zlib
Date: 03-10-2003
Description: There
is a buffer overflow in the gzprintf function in zlib that can enable attackers
to cause a denial of service or possibly execute arbitrary code.
Vendor Alerts: Caldera:

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-011.0/RPMS
libz-1.1.4-2.i386.rpm
54e3d653907b2aa8111939d208b1f48b 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2952.html

 

Package: sendmail
Date: 03-10-2003
Description: From
CA-2003-07: Researchers at Internet Security Systems  (ISS) have discovered
a remotely exploitable vulnerability in sendmail. This vulnerability could
allow an intruder to gain control of a vulnerable sendmail server.
Vendor Alerts: Caldera:

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-011.0/RPMS

sendmail-8.11.6-13.i386.rpm
3750ebb1d4260068deab033eabfa605c 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2953.html

 

Package: qpopper
Date: 03-13-2003
Description: The
sample exploit requires a valid user account and password, and overflows
a string in the pop_msg() function to give the user “mail” group privileges
and a shell on the system. Since the Qvsnprintf function is used elsewhere
in

qpopper, additional
exploits may be possible. 
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/q/
qpopper/qpopper_4.0.4-2.woody.3_i386.deb
Size/MD5 checksum:  
423226 6a00f3aacf1a94586fc83e92894e0f3a

http://security.debian.org/pool/updates/main/q/
qpopper/qpopper-drac_4.0.4-2.woody.3_i386.deb
Size/MD5 checksum:  
424134 b80a81713471f455c6753e8282f1171d

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2956.html

 

Package: file
Date: 03-13-2003
Description: iDEFENSE
discovered a buffer overflow vulnerability in the ELF format parsing of
the “file” command, one which can be used to execute arbitrary code with
the privileges of the user running the command. The vulnerability can be
exploited by crafting a special ELF binary which is then input to file.
This could be accomplished by leaving the binary on the file system and
waiting for someone to use file to identify it, or by passing it to a service
that uses file to classify input. 
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/
main/f/file/file_3.28-1.potato.1_i386.deb
Size/MD5 checksum:   
88164 9a1945e7449e5bc243fd22af2cfb15a2

 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2957.html
 

EnGarde:

EnGarde Vendor
Advisory:

http://www.linuxsecurity.com/advisories/engarde_advisory-2945.html

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2947.html

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2951.html

NetBSD:

NetBSD Vendor
Advisory:

http://www.linuxsecurity.com/advisories/netbsd_advisory-2954.html

Red Hat:

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-2943.html

 

Package: snort
Date: 03-07-2003
Description: Recently
ISS X-Force discovered a buffer overflow vulnerability in the RPC preprocessor
of the snort IDS system.  A remote attacker could send fragmented
RPC records and cause snort to execute arbitrary code as the snort user.
Vendor Alerts: EnGarde:

ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

i386/snort-1.9.1-1.0.9.i386.rpm
MD5 Sum: 5aa3f13b4f79cb27021517056a6c2f7c

i686/snort-1.9.1-1.0.9.i686.rpm
MD5 Sum: f379ae963718c32e46aacbf65941c404

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2941.html

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2950.html

 

Package: mysqlcc
Date: 03-07-2003
Description: Versions
prior to 0.8.9 had all configuration and connection files world readable.
Vendor Alerts: Gentoo:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2942.html

 

Package: netscape-flash
Date: 03-09-2003
Description: The
cumulative security patch is available today and addresses the potential
for exploits surrounding buffer overflows (read/write) and sandbox integrity
within the player, which might allow malicious users to gain access to
a user’s computer. 
Vendor Alerts: Gentoo:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2948.html

 

Package: ethereal
Date: 03-09-2003
Description: The
SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow.
This vulnerability has been present in Ethereal since the SOCKS dissector
was introduced in version 0.8.7. It was discovered by Georgi Guninski.
Additionally, the NTLMSSP code is susceptible to a heap overflow. All users
of Ethereal 0.9.9 and below are encouraged to upgrade. 
Vendor Alerts: Gentoo:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html

 

Package: usermode
Date: 03-12-2003
Description: The
/usr/bin/shutdown command that comes with the usermode package can be executed
by local users to shutdown all running processes and drop into a root shell. 
This command is not really needed to shutdown a

 system,
so it has been removed and all users are encouraged to upgrade. Please
note that the user must have local console access in order to obtain a
root shell in this fashion.
Vendor Alerts: Mandrake:

9.0/RPMS/usermode-1.55-8.1mdk.i586.rpm
6b3efb01bca77c598bfed862df7a10fe 

9.0/RPMS/usermode-consoleonly-1.55-8.1mdk.i586.rpm
eda24e3cdb96a6171e5b6ed7e6b1da2b 

http://www.mandrakesecure.net/en/ftp.php
 

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2955.html

 

Package: tcpdump
Date: 03-12-2003
Description: The
network traffic analyzer tool tcpdump is vulnerable to a denial-of-service
condition while parsing ISAKMP or BGP packets. This bug can be exploited
remotely by an attacker to stop the use of tcpdump for analyzing network
traffic for signs of security breaches or alike.   Another bug
may lead to system compromise due to the handling of malformed NFS packets
send by an attacker. 
Vendor Alerts: SuSE:

 

ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/tcpdump-3.7.1-198.i586.rpm
524015d3f9517311ee46eb63bc3ed42f

ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/tcpdump-3.7.1-198.i586.patch.rpm
2e1d2db971cf2693e5acca0da7e3bb39
 

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2959.html

 

Package: lprold
Date: 03-12-2003
Description: The
lprm command of the printing package lprold shipped till SuSE 7.3 contains
a buffer overflow. This buffer overflow can be exploited by a local user,
if the printer system is set up correctly, to gain root privileges. lprold
is installed as default package and has the setuid bit set.
Vendor Alerts: SuSE:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2958.html

Category:

  • Security