Linux Advisory Watch – January 17th 2003

41
by Benjamin D.
Thomas

Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for wget, xpdf, openldap, libmcrypt, impsql,
bugzilla, mod_php, cups, dhcpd, kde, leafnode, libpng, postgresql, mysql, vim,
and ethereal. The distributors include Caldera, Debian, Mandrake, Red Hat, SuSE,
and Yellow Dog.

LinuxSecurity Feature Extras:

Newest
Members of the Team
– Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.

Secure
Passwordless Logins with SSH Part 3
– Setting up your accounts
to allow identity-based authentication gives you several new options to
allow passwordless access to those accounts. This week we’ll see how well
we can restrict the access granted to these identities.

 

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]


 

 

Package: wget
Date: 01-16-2003
Description: The
proper solution is to install the latest packages. Many customers find
it easier to use the Caldera System Updater, called cupdate (or kcupdate
under the KDE environment), to update these packages rather than downloading
and installing them by hand.
Vendor Alerts: Caldera:

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-003.0/RPMS
wget-1.7.1-3.i386.rpm
0adc5e5568cc589b9ab90ebb0e181e65 
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2770.html

 

 

Package: xpdf
Date: 01-10-2003
Description: The
proper solution is to install the latest packages. Many customers find
it easier to use the Caldera System Updater, called cupdate (or kcupdate
under the KDE environment), to update these packages rather than downloading
and installing them by hand.
Vendor Alerts: Caldera:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2746.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2743.html

 

 

Package: openldap2
Date: 01-13-2003
Description: The
SuSE Security Team reviewed critical parts of openldap2, an implementation
of the Lightweight Directory Access Protocol (LDAP) version 2 and 3, and
found several buffer overflows and other bugs remote attackers could exploit
to gain access on systems running vulnerable LDAP servers.  In addition
to these bugs, various local

exploitable
bugs within the OpenLDAP2 libraries have been fixed.
Vendor Alerts: Debian:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2749.html

 

Package: libmcrypt
Date: 01-13-2003
Description: Ilia
Alshanetsky discovered several buffer overflows in libmcrypt, a decryption
and encryption library, that originates in from improper or lacking input
validation.  By passing input which is longer then expected to a number
of functions (multiple functions are affected) the user can successful
make libmcrypt crash and may be able to insert arbitrary, malicious, code
which will be executed under the user libmcrypt runs as, e.g. inside a
web server.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/libm/
libmcrypt/libmcrypt-dev_2.5.0-1woody1_i386.deb
Size/MD5 checksum:  
300576 940ad919f58bcf5e63aa2ae5d82dfc81

http://security.debian.org/pool/updates/main/libm/
libmcrypt/libmcrypt4_2.5.0-1woody1_i386.deb
Size/MD5 checksum:  
109618 f7aca58ac7f137b9c4a5cb30c0aa3348

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2757.html

 

Package: impsql
Date: 01-15-2003
Description: The
impact of SQL injection depends heavily on the underlying database and
its configuration.  If PostgreSQL is used, it’s possible to execute
multiple complete SQL queries separated by semicolons.  The database
contains session id’s so the attacker might hijack sessions of people currently
logged in and read their mail. 
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-5.1_all.deb
Size/MD5 checksum:  
426826 134e3d543d2d32f1fe9f84664a819dd0

 

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2761.html

 

Package: bugzilla
Date: 01-16-2003
Description: The
provided data collection script intended to be run as a nightly cron job
changes the permissions of the data/mining directory to be world-writable
every time it runs.  This would enable local users to alter or delete
the collected data.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/b/bugzilla/
bugzilla-doc_2.14.2-0woody4_all.deb
Size/MD5 checksum:  
489720 ef08e1d090904b2a5c4ee7922a4dfb82

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2769.html

 

Package: mod_php
Date: 01-13-2003
Description: “If
you use the wordwrap() function on user-supplied input, a specially-crafted
input can overflow the allocated buffer and overwrite the heap.  Exploit
looks very difficult, but still theoretically possible.”
Vendor Alerts: Gentoo:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2750.html

 

Package: cups
Date: 01-13-2003
Description: iDefense
reported several security problems in CUPS that can lead to local and remote
root compromise.  An integer overflow in the HTTP interface can be
used to gain remote access with CUPS privilege.  A local file race
condition can be used to gain root privilege, although the previous bug
must be exploited first.  An attacker can remotely add printers to
the vulnerable system.  A remote DoS can be accomplished due to negative
length in the memcpy() call. 
Vendor Alerts: Mandrake:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2744.html

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2752.html

Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2754.html

 

Package: dhcpd
Date: 01-12-2003
Description: A
vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client
daemon.  dhcpcd has the ability to execute an external script named
dhcpcd-.exe when an IP address is assigned to that network interface. 
The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains
shell variables and DHCP assignment information. 
Vendor Alerts: Mandrake:

9.0/RPMS/dhcpcd-1.3.22pl4-1.1mdk.i586.rpm
f2b6212121ea3edbed6f6e62ebb0e20d 

http://www.mandrakesecure.net/en/ftp.php

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2745.html

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2766.html

 

Package: kde
Date: 01-12-2003
Description: Multiple
instances of improperly quoted shell command execution exist in KDE 2.x
up to and including KDE 3.0.5.  KDE fails to properly quote parameters
of instructions passed to the shell for execution.  These parameters
may contain data such as filenames, URLs, email address, and so forth;
this data may be provided remotely to a victim via email, web pages, files
on a network filesystem, or other untrusted sources.
Vendor Alerts: Mandrake:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

http://www.mandrakesecure.net/en/ftp.php

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2758.html

 

Package: leafnode
Date: 01-14-2003
Description: A
vulnerability was discovered by Jan Knutar in leafnode that Mark Brown
pointed out could be used in a Denial of Service attack.  This vulnerability
causes leafnode to go into an infinite loop with 100% CPU use when an article
that has been crossposed to several groups, one of which is the prefix
of another, is requested by it’s Message-ID.
Vendor Alerts: Mandrake:

9.0/RPMS/leafnode-1.9.31-1.1mdk.i586.rpm
4749ee927caa55f15adddadd473a3d12 

http://www.mandrakesecure.net/en/ftp.php

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2763.html

 

Package: openldap
Date: 01-14-2003
Description: A
review was completed by the SuSE Security Team on the OpenLDAP server software,
and this audit revealed several buffer overflows and other bugs that remote
attackers could exploit to gain unauthorized access to the system running
the vulnerable OpenLDAP servers. Additionally, various locally exploitable
bugs in the OpenLDAP v2 libraries have been fixed as well.
Vendor Alerts: Mandrake:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

http://www.mandrakesecure.net/en/ftp.php

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2768.html

 

Package: libpng
Date: 01-13-2003
Description: Unpatched
versions of libpng 1.2.1 and earlier do not correctly calculate offsets,
which leads to a buffer overflow and the possibility of arbitrary code
execution.  This could be exploited by an attacker creating a carefully
crafted PNG file which could execute arbitrary code when the victim views
it.
Vendor Alerts: Red Hat:

ftp://updates.redhat.com/8.0/en/os/i386/libpng-1.2.2-8.i386.rpm
65f374f46b9b03de4c162ef0052a6fe1 

ftp://updates.redhat.com/8.0/en/os/i386/libpng-devel-1.2.2-8.i386.rpm
55f87f85687d29e92a6cc4e9bc7dd5cd 

RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2751.html

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2756.html

Yellow Dog Vendor Advisory:
http://www.linuxsecurity.com/advisories/yellowdog_advisory-2755.html

 

Package: postgresql
Date: 01-13-2003
Description: Buffer
overflows in PostgreSQL 7.2 allow attackers to cause a denial of service
and possibly execute arbitrary code via long arguments to the lpad or rpad
functions. CAN-2003-0972
Vendor Alerts: Red Hat:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2760.html

 

Package: mysql
Date: 01-15-2003
Description: MySQL
is a multi-user, multi-threaded SQL database server. While auditing MySQL,
Stefan Esser found security vulnerabilities that can be used to crash the
server or allow MySQL users to gain privileges.
Vendor Alerts: Red Hat:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2764.html

 

Package: vim
Date: 01-16-2003
Description: VIM
allows a user to set the modeline differently for each edited text file
by placing special comments in the files.  Georgi Guninski found that
these comments can be carefully crafted in order to call external programs. 
This could allow an attacker to create a text file such that when it is
opened arbitrary commands are executed. 
Vendor Alerts: Red Hat:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

RedHat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2767.html

 

Package: ethereal
Date: 01-16-2003
Description: Multiple
integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier
allow remote attackers to cause a denial of service (infinite loop) via
malformed messages. This problem was discovered by Silvio Cesare. CAN-2003-1355
Vendor Alerts: YellowDog Linux:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

YellowDog Linux Vendor
Advisory:

http://www.linuxsecurity.com/advisories/yellowdog_advisory-2753.html

 

Category:

  • Security