Linux Advisory Watch - December 10, 2004

This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd,
netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng,
glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib,
gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include
Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.

Packet Sniffers

One of the most common ways intruders gain access to more systems
on your network is by employing a packet sniffer on a already
compromised host. This “sniffer” just listens on the Ethernet port
for things like passwd and login and su in the packet stream and
then logs the traffic after that. This way, attackers gain passwords
for systems they are not even attempting to break into. Clear-text
passwords are very vulnerable to this attack.

Example: Host A has been compromised. Attacker installs a sniffer.
Sniffer picks up admin logging into Host B from Host C. It gets the
admins personal password as they login to B. Then, the admin does a
su to fix a problem. They now have the root password for Host B.
Later the admin lets someone telnet from his account to Host Z on
another site. Now the attacker has a password/login on Host Z.

In this day and age, the attacker doesn’t even need to compromise a
system to do this: they could also bring a laptop or pc into a
building and tap into your net.

Using ssh or other encrypted password methods thwarts this attack.
Things like APOP for POP accounts also prevents this attack. (Normal
POP logins are very vulnerable to this, as is anything that sends
clear-text passwords over the network.)

	Debian
	Debian: hpsockd denial of service fix
	3rd, December, 2004 “infamous41md” discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect. http://www.linuxsecurity.com/content/view/117313

	Debian: viewcvs information leak fix
	6th, December, 2004 Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough. http://www.linuxsecurity.com/content/view/117392

	Debian: nfs-util denial of service fix
	8th, December, 2004 SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the “SIGPIPE”. Hence, a client prematurely terminating the TCP connection could also terminate the server process. http://www.linuxsecurity.com/content/view/117423

	Fedora
	Fedora: cyrus-imapd-2.2.10-3.fc2 update
	3rd, December, 2004 The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits revealed a package installation problem. http://www.linuxsecurity.com/content/view/117366

	Fedora: cyrus-imapd-2.2.10-3.fc3 update
	3rd, December, 2004 The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits revealed a package installation problem. If the main configuration files for cyrus-imapd http://www.linuxsecurity.com/content/view/117367

	Fedora: netatalk-1.6.4-2.2 update
	6th, December, 2004 Fix to temp file vulnerability in /etc/psf/etc2ps http://www.linuxsecurity.com/content/view/117395

	Fedora: netatalk-1.6.4-4 update
	6th, December, 2004 Fix temp file vulnerability in /etc/psf/etc2ps http://www.linuxsecurity.com/content/view/117396

	Fedora: gaim-1.1.0-0.FC2 update
	6th, December, 2004 Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. http://www.linuxsecurity.com/content/view/117397

	Fedora: gaim-1.1.0-0.FC3 update
	6th, December, 2004 Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. http://www.linuxsecurity.com/content/view/117398

	Fedora: rhpl-0.148.1-2 update
	6th, December, 2004 Remove synaptics requires (#137935) http://www.linuxsecurity.com/content/view/117399

	Fedora: ttfonts-ja-1.2-36.FC3.0 update
	7th, December, 2004 reverted the previous changes so that it broke ghostscript working. (#139798) http://www.linuxsecurity.com/content/view/117404

	Fedora: mc-4.6.1-0.11FC3 update
	7th, December, 2004 The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support. http://www.linuxsecurity.com/content/view/117417

	Fedora: udev-039-10.FC3.4 update
	7th, December, 2004 udev is a implementation of devfs in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. http://www.linuxsecurity.com/content/view/117418

	Fedora: udev-039-10.FC3.5 update
	7th, December, 2004 fixed udev.rules for cdrom symlinks (bug 141897) http://www.linuxsecurity.com/content/view/117419

	Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update
	7th, December, 2004 fixed again gnome-bluetooth-manager script for 64bit (bug 134864) http://www.linuxsecurity.com/content/view/117420

	Fedora: rsh update
	8th, December, 2004 fixed rexec fails with “Invalid Argument” (#118630) http://www.linuxsecurity.com/content/view/117432

	Fedora: Omni-0.9.2-1.1 update
	8th, December, 2004 This is the 0.9.2 release of the Omni printer driver collection. It also fixes a library path problem on multilib architectures such as x86_64. http://www.linuxsecurity.com/content/view/117433

	Fedora: mysql-3.23.58-9.1 update
	8th, December, 2004 fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 (bugs #135372, 135375, 135387) http://www.linuxsecurity.com/content/view/117434

	Fedora: libpng-1.2.8-1.fc2 update
	9th, December, 2004 Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117439

	Fedora: libpng10-1.0.18-1.fc2 update
	9th, December, 2004 Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117440

	Fedora: glib2-2.4.8-1.fc2 update
	9th, December, 2004 Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome-announce-list/2004- December/msg00004.html http://www.linuxsecurity.com/content/view/117441

	Fedora: gtk2-2.4.14-1.fc2 update
	9th, December, 2004 Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome-announce-list/2004- December/msg00007.html http://www.linuxsecurity.com/content/view/117442

	Fedora: libpng10-1.0.18-1.fc3 update
	9th, December, 2004 Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117443

	Fedora: libpng-1.2.8-1.fc3 update
	9th, December, 2004 Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117444

	Fedora: glib2-2.4.8-1.fc3 update
	9th, December, 2004 Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome-announce-list/2004- December/msg00004.html http://www.linuxsecurity.com/content/view/117445

	Fedora: gtk2-2.4.14-1.fc3 update
	9th, December, 2004 Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome-announce-list/2004- December/msg00007.html http://www.linuxsecurity.com/content/view/117446

	Fedora: postgresql-odbc-7.3-6.2 update
	9th, December, 2004 This update fixes problems occurring on 64-bit platforms. http://www.linuxsecurity.com/content/view/117447

	Fedora: postgresql-odbc-7.3-8.FC3.1 update
	9th, December, 2004 This update fixes problems occurring on 64-bit platforms. http://www.linuxsecurity.com/content/view/117448

	Fedora: postgresql-7.4.6-1.FC2.1 update
	9th, December, 2004 This update synchronizes PostgreSQL for FC2 with the version already released in FC3. http://www.linuxsecurity.com/content/view/117449

	Fedora: shadow-utils-4.0.3-55 update
	9th, December, 2004 A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its “add machine script” feature with useradd. Also, the maximum length for a username/groupname is now 31 (previously it was 32). The lastlog command can now handle extremely large (greater than 4GB) lastlogs. http://www.linuxsecurity.com/content/view/117452

	Fedora: shadow-utils-4.0.3-56 update
	9th, December, 2004 A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its “add machine script” feature with useradd. Also, the maximum length for a username/groupname is now 31 (previously it was 32). The lastlog command can now handle extremely large (greater than 4GB) lastlogs. http://www.linuxsecurity.com/content/view/117453

	Gentoo
	Gentoo: rssh, scponly Unrestricted command execution
	3rd, December, 2004 rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell. http://www.linuxsecurity.com/content/view/117364

	Gentoo: PDFlibs Multiple overflows in the included TIFF library
	6th, December, 2004 PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117393

	Gentoo: imlib Buffer overflows in image decoding
	6th, December, 2004 Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code. http://www.linuxsecurity.com/content/view/117394

	Gentoo: perl Insecure temporary file creation
	6th, December, 2004 Perl is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/117402

	Gentoo: mirrorselect Insecure temporary file creation
	7th, December, 2004 mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/117403

	Mandrake
	Mandrake: drakxtools update
	7th, December, 2004 Beginning immediately, all bug reports for stable releases will be handled via Bugzilla at http://qa.mandrakesoft.com/. The drakbug tool has been updated to point users of stable releases to Bugzilla. http://www.linuxsecurity.com/content/view/117405

	Mandrake: dietlibc fix
	7th, December, 2004 There was a problem with dietlibc in Mandrakelinux 10.0/amd64 where it would not provide proper support for the AMD64 architecture. The updated package fixes this. http://www.linuxsecurity.com/content/view/117406

	Mandrake: gzip fix
	7th, December, 2004 The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. http://www.linuxsecurity.com/content/view/117407

	Mandrake: ImageMagick fix
	7th, December, 2004 A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117408

	Mandrake: lvml fix
	7th, December, 2004 The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script. http://www.linuxsecurity.com/content/view/117409

	Mandrake: rp-pppoe fix
	7th, December, 2004 Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid root, however the packages have been patched to prevent this problem. http://www.linuxsecurity.com/content/view/117410

	Mandrake: nfs-utils fix
	7th, December, 2004 SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the “SIGPIPE” signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. http://www.linuxsecurity.com/content/view/117411

	Mandrake: openssl fix
	7th, December, 2004 The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack. http://www.linuxsecurity.com/content/view/117412

	Trusix
	Trustix: multiple package bugfixes
	9th, December, 2004 amavisd-new AMaViS is a script that interfaces a mail transport agent (MTA) with one or more virus scanners. http://www.linuxsecurity.com/content/view/117437

	Trustix: nfs-util Remote denial of service
	9th, December, 2004 SGI developers discovered a remote Denial of Service in the NFS statd server where it did not ignore the “SIGPIPE” signal. This could cause the server to shut down if a client terminates prematurely. http://www.linuxsecurity.com/content/view/117438

	Red Hat
	Red Hat: ImageMagick security vulnerability fix
	8th, December, 2004 Updated ImageMagick packages that fixes a buffer overflow are now available. http://www.linuxsecurity.com/content/view/117431

	SuSE
	SuSE: cyrus-imapd remote command execution
	3rd, December, 2004 Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended. http://www.linuxsecurity.com/content/view/117317

	TurboLinux
	TurboLinux: samba, cups vulnerabilities
	8th, December, 2004 Two vulnerabilities discovered in Samba. DoS vulnerability in cups. http://www.linuxsecurity.com/content/view/117424

RELATED ARTICLESMORE FROM AUTHOR

Xen 4.19 is released

Advancing Xen on RISC-V: key updates

AI Produces Data-driven OpenFOAM Speedup (HPC Wire)

Delivering Prime Training Deals – 2 DAYS ONLY

Why You Need to Know About Event Modeling: —An Intro

RELATED ARTICLES MORE FROM AUTHOR