Thomas –
This week, advisories were released for slocate, nanog, tcpdump, kde, openssl,
WebTool, syncookie, webmin, acupsd, tightvnc, vnc, vte, hypermail, libmcrypt,
openldap, mysql, postgresql, initscripts, krb5, lynx, and shadow-utils.
The distributors include Conectiva, Debian, Guardian Digital’s EnGarde Secure
Linux, Gentoo, Mandrake, Red Hat, SuSE, and Trustix.
LinuxSecurity Feature Extras:
Remote
Syslog with MySQL and PHP – Msyslog has the ability to log syslog messages
to a database. This allows for easier monitoring of multiple servers and the
ability to be display and search for syslog messages using PHP or any other
programming language that can communicate with the database.by that, too.Review:
Mastering Network Security, Second Edition – The introduction states
that this book is aimed at systems administrators who are not security experts,
but have some responsibility for ensuring the integrity of their systems.
That would seem to cover most sysadmins.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
The Linux Advisory Watch newsletter is developed by the community
of volunteers at
and sponsored by Guardian Digital, Inc., the open
source security company.
| Package: | slocate |
| Date: | 02-21-2003 |
| Description: | A problem has been discovered in slocate, a secure locate replacement. A buffer overflow in the setuid program slocate can be used to execute arbitrary code as superuser. |
| Vendor Alerts: | Debian:
|
| Package: | nanog |
| Date: | 02-27-2003 |
| Description: | A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the ‘get_origin()’ function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian. |
| Vendor Alerts: | Debian:
|
| Package: | tcpdump |
| Date: | 02-27-2003 |
| Description: | Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop. |
| Vendor Alerts: | Debian:
|
| Package: | kde |
| Date: | 02-20-2003 |
| Description: | This is a full update of the KDE desktop to the 3.0.5a version, the latest 3.0.x release from the KDE project[1]. Besides containing several bugfixes and enhancements, this update also fixes several security vulnerabilities[2] found during an internal code audit organized by the KDE team. |
| Vendor Alerts: | Conectiva:
|
| Package: | openssl |
| Date: | 02-21-2003 |
| Description: | Vulnerable[2][3] openssl versions do not perform a MAC computation if an incorrect block cipher padding is used. An active attacker who can insert data into an existing encrypted connection is then able to measure time differences between the error messages the server sends. This information can make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext. |
| Vendor Alerts: |
|
| Package: | WebTool |
| Date: | 02-21-2003 |
| Description: | Keigo Yamazaki discovered a vulnerability in miniserv.pl (the webserver program at the core of the WebTool) which may allow an attacker to spoof a session ID by including special metacharacters in the BASE64 encoded string using during the authentication process. This may allow a remote attacker to gain full administrative privileges over the WebTool. All users are recommended to upgrade immediately. |
| Vendor Alerts: | EnGarde:
|
| Package: | syncookie |
| Date: | 02-24-2003 |
| Description: | Once a syncookie key has been recovered, an attacker may construct valid ISNs until the key is rotated (typically up to four seconds). The ability to construct a valid ISN may be used to spoof a TCP connection in exactly the same way as in the well-known ISN prediction attacks (see `References’). Spoofing may allow an attacker to bypass IP-based access control lists such as those implemented by tcp_wrappers and many firewalls. Similarly, SMTP and other connections may be forged, increasing the difficulty of tracing abusers. Recovery of a syncookie key will also allow the attacker to reset TCP connections initiated within the same 31.25ms window. |
| Vendor Alerts: | FreeBSD:
|
| Package: | webmin |
| Date: | 02-22-2003 |
| Description: | Due to a remotely exploitable security hole being discovered that effects all previous Webmin releases, version 1.070 is now available for download. |
| Vendor Alerts: | Gentoo:
Mandrake:
|
| Package: | acupsd |
| Date: | 02-22-2003 |
| Description: | A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. |
| Vendor Alerts: | Gentoo:
|
| Package: | tightvnc |
| Date: | 02-24-2003 |
| Description: | The VNC server acts as an X server, but the script for starting it generates an MIT X cookie (which is used for X authentication) without using a strong enough random number generator. This could allow an attacker to be able to more easily guess the authentication cookie. |
| Vendor Alerts: | Gentoo:
|
| Package: | vnc |
| Date: | 02-24-2003 |
| Description: | The VNC server acts as an X server, but the script for starting it generates an MIT X cookie (which is used for X authentication) without using a strong enough random number generator. This could allow an attacker to be able to more easily guess the authentication cookie. |
| Vendor Alerts: | Gentoo:
|
| Package: | vte |
| Date: | 02-24-2003 |
| Description: | One feature that most terminal emulators support is the ability for the shell to set the title of the window using an escape sequence. Certain xterm variants also provide an escape sequence for reporting the current window title. This essentially takes the current title and places it directly on the command line. This feature could be potentially exploited if an attacker can cause carefully crafted escape sequences to be displayed on a vulnerable terminal emulator used by their victim. |
| Vendor Alerts: | Red Hat:
|
| Package: | hypermail |
| Date: | 02-24-2003 |
| Description: | During an internal source code review done by Thomas Biege several bugs where found in hypermail and its tools. These bugs allow remote code execution, local tmp race conditions, denial-of-service conditions and read access to files belonging to the host hypermail is running on. Additionally the mail CGI program can be abused by spammers as email-relay and should thus be disabled. |
| Vendor Alerts: | SuSE:
|
| Package: | libmcrypt |
| Date: | 02-26-2003 |
| Description: | Versions of libmcrypt prior to 2.5.5 include several buffer overflows that can be triggered by passing very long input to the mcrypt functions. |
| Vendor Alerts: | SuSE:
|
| Package: | openldap |
| Date: | 02-20-2003 |
| Description: | Several minor security issues where fixed in the new upstream version 1.2.13 |
| Vendor Alerts: | Trustix:
|
| Package: | mysql |
| Date: | 02-20-2003 |
| Description: | The new upstream version of mysql, 3.23.55, included several minor security fixes. |
| Vendor Alerts: | Trustix:
|
| Package: | postgresql |
| Date: | 02-20-2003 |
| Description: | The new upstream version of postgresql, 7.1.3, included several minor security fixes. |
| Vendor Alerts: | Trustix:
|
| Package: | installer initscripts |
| Date: | 02-20-2003 |
| Description: | A dependency loop exists between several package including initscripts, pam and SysVinit, that causes the installer to complaint. This update removes the loop, as it was not needed. |
| Vendor Alerts: | Trustix:
|
| Package: | krb5 |
| Date: | 02-21-2003 |
| Description: | A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client. |
| Vendor Alerts: | Mandrake:
|
| Package: | lynx |
| Date: | 02-21-2003 |
| Description: | A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting. |
| Vendor Alerts: | Mandrake:
|
| Package: | shadow-utils |
| Date: | 02-21-2003 |
| Description: | The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user’s primary group. If this is a shared group (ie. “users”), then all members of the shared group would be able to obtain access to the mail spools of other members of the same group. A patch to useradd has been applied to correct this problem. |
| Vendor Alerts: | Mandrake:
|
Category:
- Security
