Thomas
This week, advisories were released for snort, sendmail, samba, dhcp, file,
kernel ptrace, zlib, man, mutt, metrics, moxftp, glibc, heimdal, seti, kde,
apache, cvs, kerberos, mysql, httpd, and openssl. The distributors include
Conectiva, Debian, Gentoo, Immunix, FreeBSD, Mandrake, Slackware, SuSE, and
Trustix.
LinuxSecurity Feature Extras:
Making
It Big: Large Scale Network Forensics (Part 2 of 2) – Proper methodology
for computer forensics would involve a laundry-list of actions and thought processes
that an investigator needs to consider in order to have the basics covered.Making
It Big: Large Scale Network Forensics (Part 1 of 2) – Computer forensics
have hit the big time. A previously superniche technology, forensics have
moved into the collective consciousness of IT sys. admins. and Corporate CSOs.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
The Linux Advisory Watch newsletter is developed by the community of volunteers
at
by Guardian Digital, Inc., the open
source security company.
| Package: | snort |
| Description: | A remote atacker able to insert specially crafted RPC traffic in the network being monitored by snort may crash the sensor or execute arbitrary code in the context of it, which is run by the root user. |
| Vendor Alerts: | Conectiva:
|
| Package: | sendmail |
| Description: | It is believed to be possible for remote attackers to cause a Denial of Service condition and to even execute arbitrary commands with the same permissions under which the sendmail daemon runs, which is root. |
| Vendor Alerts: | Conectiva:
Debian:
NetBSD:
Slackware:
|
| Package: | samba |
| Description: | The SuSE Security Team performed a security audit in parts of the Samba project code and found various problems in both the client and server implementations. Among these problems is a buffer overflow[1] vulnerability in the packet fragment re-assembly code. A remote attacker who is able to connect to the samba server may gain root privileges on it by exploiting this vulnerability. The vulnerability also affects the client library code, thus it is possible to exploit applications which use samba library functions by using a malicious samba server to send traffic to them. Additionally, a race condition[2] was discovered which could allow a local attacker to overwrite critical system files. |
| Vendor Alerts: | Conectiva:
Debian:
Gentoo:
Immunix:
Mandrake:
Red Hat:
Slackware:
SuSE:
Trustix:
|
| Package: | dhcp |
| Description: | Florian Lohoff discovered[2] a vulnerability[3,4] in the way dhcrelay (part of the dhcp package) forwards malicious BOOTP packets it receives to the dhcp servers it contacts. An attacker could exploit this vulnerability to generate a “storm” of BOOTP packets, causing a denial of service condition or a misbehavior by the part of the dhcp server. |
| Vendor Alerts: | Conectiva:
Turbo Linux:
|
| Package: | file |
| Description: | iDefense has found a buffer overflow vulnerability[1] in the file command. This vulnerability can be triggered by the use of specially crafted files. |
| Vendor Alerts: | Conectiva:
|
| Package: | kernel ptrace |
| Description: | When a process requires a feature that a certain kernel module provides, the kernel will spawn a child process, give it root privileges and call /sbin/modprobe to load that module. A local attacker can create such a process, make it request a kernel module and wait for the child process to be spawned. Before the privilege change, the attacker can attach to this child process and insert code that will later be run with root privileges. |
| Vendor Alerts: | Conectiva:
Red Hat:
|
| Package: | zlib |
| Description: | Richard Kettlewell discovered[1] a buffer overflow vulnerability[2] in the gzprintf() function provided by zlib. If a program passes unsafe data to this function (e.g. data from remote images or network traffic), it is possible for a remote attacker to execute arbitrary code or to cause a denial of service in such programs. |
| Vendor Alerts: | Conectiva:
|
| Package: | man |
| Description: | Jack Lloyd found[1] a local vulnerability in the man utility. Because of a problem with a value returned by the my_xsprintf() function, man could try to execute a program called “unsafe” when reading a manpage file with certain characteristics. If an attacker can put a malicious executable file called “unsafe” in the system PATH and let a user open a specially created manpage, it could run arbitrary commands with the privileges of this user. |
| Vendor Alerts: | Conectiva:
|
| Package: | mutt |
| Description: | Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder. |
| Vendor Alerts: | Debian:
Red Hat:
Slackware:
|
| Package: | metrics |
| Description: | Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, “halstead” and “gather_stats”, open temporary files without taking appropriate security precautions. “halstead” is installed as a user program, while “gather_stats” is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root. |
| Vendor Alerts: | Debian:
|
| Package: | moxftp |
| Description: | Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this. |
| Vendor Alerts: | Debian:
|
| Package: | glibc |
| Description: | eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun’s RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. |
| Vendor Alerts: | Debian:
|
| Package: | heimdal |
| Description: | A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site’s entire Kerberos authentication infrastructure. |
| Vendor Alerts: | Debian:
|
| Package: | seti |
| Description: | “There is a buffer overflow in the server responds handler. Sending an overly large string followed by a newline (‘n’) character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.” |
| Vendor Alerts: | Gentoo:
FreeBSD:
|
| Package: | kde |
| Description: | An attacker can prepare a malicious PostScript or PDF file which will provide the attacker with access to the victim’s account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled. |
| Vendor Alerts: | Gentoo:
|
| Package: | apache |
| Description: | “Remote exploitation of a memory leak in the Apache HTTP Server causes the daemon to over utilize system resources on an affected system. The problem is HTTP Server’s handling of large chunks of consecutive linefeed characters. The web server allocates an eighty-byte buffer for each linefeed character without specifying an upper limit for allocation. Consequently, an attacker can remotely exhaust system resources by generating many requests containing these characters.” |
| Vendor Alerts: | Gentoo:
|
| Package: | cvs |
| Description: | Stefan Esser discovered a double free() bug in CVS that can be remotely exploited by anonymous users to gain write access to the CVS repository. This write access can be converted into execute access using the CVS protocol commands “Checkin-prog” and “Update-prog”. |
| Vendor Alerts: | Immunix:
|
| Package: | kerberos |
| Description: | Multiple vulnerabilities have been found in the MIT Kerberos suite. This release removes triple-DES support in Kerberos IV and cross-realm authentication in Kerberos IV, as both are known to be insecure. This release also fixes two denial of service attacks against the Kerberos daemons. |
| Vendor Alerts: | Immunix:
|
| Package: | mysql |
| Description: | Multiple vulnerabilities including signed integer vulnerability have been resolved. |
| Vendor Alerts: | Immunix:
|
| Package: | httpd |
| Description: | Updated httpd packages which fix a number of security issues are now available for Red Hat Linux 8.0 and 9. |
| Vendor Alerts: | Red Hat:
|
| Package: | openssl |
| Description: | Researchers from the University of Stanford have discovered certain weaknesses in OpenSSL’s RSA decryption algorithm. It allows remote attackers to compute the private RSA key of a server by observing its timing behavior. This bug has been fixed by enabling “RSA blinding”, by default. |
| Vendor Alerts: | Red Hat:
|
Category:
- Security
