Thomas –
Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.
This week, advisories were released for cups, canna, cvs, dhcp, libpng, kde, fnord, vim, printer-drivers, python, and susehelp. The distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.
LinuxSecurity Feature Extras:
Patching
It Up – Patching and upgrading software requires more than running
a few commands. Having a patch recovery plan, communicating with developers
on that server, and knowing who to contact in case of a botched patch job
is critical.Newest
Members of the Team – Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
| Package: | cups |
| Date: | 01-20-2003 |
| Description: | Allows remote attackers to add printers without authentication via a certain UDP packet, that can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a “need authorization” page. |
| Vendor Alerts: | Caldera:
Debian:
|
| Package: | canna |
| Date: | 01-20-2003 |
| Description: | Buffer overflow in canna allows local users to execute arbitrary code as the bin user. Canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. |
| Vendor Alerts: | Caldera:
|
| Package: | dhcp |
| Date: | 01-23-2003 |
| Description: | During an internal source code audit, the ISC developers found several stack-based buffer overflow vulnerabilities[2,3] in the error handling routines of the minires library. This library is used by the NSUPDATE feature, which is present in dhcp versions newer than 3.0 and allows the DHCP server to dynamically update DNS server records. |
| Vendor Alerts: |
|
| Package: | libpng |
| Date: | 01-23-2003 |
| Description: | Programs such as web browsers and various others common applications make use of libpng. An attacker could exploit this vulnerability to remotely run arbitrary code or crash such applications by using a specially crafted png image. |
| Vendor Alerts: | Conectiva:
Mandrake:
|
| Package: | kde |
| Date: | 01-22-2003 |
| Description: | The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. |
| Vendor Alerts: | Debian:
Gentoo:
|
| Package: | fnord |
| Date: | 01-17-2003 |
| Description: | “fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable.” |
| Vendor Alerts: | Gentoo:
|
| Package: | vim |
| Date: | 01-22-2003 |
| Description: | “Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them.” |
| Vendor Alerts: | Gentoo:
|
| Package: | printer-drivers |
| Date: | 01-21-2003 |
| Description: | Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. |
| Vendor Alerts: | Mandrake:
|
| Package: | python |
| Date: | 01-21-2003 |
| Description: | Zack Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names. This could allow local users to execute arbitrary code via a symlink attack. |
| Vendor Alerts: | Red Hat:
|
| Package: | susehelp |
| Date: | 01-20-2003 |
| Description: | Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the “wwwrun” user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites. |
| Vendor Alerts: | SuSE:
|
Category:
- Security
