D. Thomas
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each vulnerability.
This week, advisories were released for nss_ldap, icecast, fileutils,
imp, apache, groff, html2ps, im, gtetrinet, tcpdump, tetex, perl, python,
canna, and wget. The distributors include Caldera, Debian, Mandrake,
and Red Hat.
LinuxSecurity Feature Extras:
Network
Security Audit – “Information for the right people at right time
and from anywhere” has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.Security:
MySQL and PHP (3 of 3) – This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following guidelines.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
| Package: | nss_ldap |
| Date: | 12-06-2002 |
| Description: | A buffer overflow in the DNS SRV code for nss_ldap allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| Vendor Alerts: | Caldera:
|
| Package: | icecast |
| Date: | 12-10-2002 |
| Description: | Buffer overflows in the icecast server allow remote attackers to execute arbitrary code via a long HTTP GET request, as well as allowing denial of service attacks. |
| Vendor Alerts: | Caldera:
|
| Package: | fileutils |
| Date: | 12-10-2002 |
| Description: | A race condition in various utilities from the GNU fileutils package may cause a root user to delete the whole filesystem. This updates resolves a problem in the original fix that would cause an attempt to recursively remove a directory with trailing slashes to memory fault. |
| Vendor Alerts: | Caldera:
|
| Package: | imp |
| Date: | 12-16-2002 |
| Description: | There are some potential cross-site scripting (CSS) attacks in the imp and horde programs. |
| Vendor Alerts: | Caldera:
|
| Package: | apache |
| Date: | 12-06-2002 |
| Description: | Cross-site scripting (XSS) vulnerability in the default error page of Apache when UseCanonicalName is “Off” and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header. |
| Vendor Alerts: | Caldera:
Red Hat:
|
| Package: | groff |
| Date: | 12-06-2002 |
| Description: | groff pic(1) has a buffer overrun in argument handling. The problem could be remotely exploited depending on the lpd(8) setup. |
| Vendor Alerts: | Caldera:
|
| Package: | html2ps |
| Date: | 12-06-2002 |
| Description: | The SuSE Security Team found a vulnerability in html2ps, a HTML to PostScript converter, that opened files based on unsanitized input insecurely. This problem can be exploited when html2ps is installed as filter within lrpng and the attacker has previously gained access to the lp account. |
| Vendor Alerts: | Debian:
|
| Package: | im |
| Date: | 12-06-2002 |
| Description: | The impwagent program creates a temporary directory in an insecure manner in /tmp using predictable directory names without checking the return code of mkdir, so it’s possible to seize a permission of the temporary directory by local access as another user. |
| Vendor Alerts: | Debian:
|
| Package: | gtetrinet |
| Date: | 12-10-2002 |
| Description: | Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server. |
| Vendor Alerts: | Debian:
|
| Package: | tcpdump |
| Date: | 12-10-2002 |
| Description: | The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution. |
| Vendor Alerts: | Debian:
|
| Package: | tetex |
| Date: | 12-11-2002 |
| Description: | If dvips is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printer user (usually lp). |
| Vendor Alerts: | Debian:
|
| Package: | perl |
| Date: | 12-12-2002 |
| Description: | If dvips is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printer user (usually lp). |
| Vendor Alerts: | Debian:
|
| Package: | python |
| Date: | 12-9-2002 |
| Description: | A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. |
| Vendor Alerts: | Mandrake:
|
| Package: | canna |
| Date: | 12-11-2002 |
| Description: | The Canna server, used for Japanese character input, has two security vulnerabilities including an exploitable buffer overrun allowing a local user to gain ‘bin’ user privileges. Updated packages for Red Hat Linux are available. |
| Vendor Alerts: | Red Hat:
|
| Package: | wget |
| Date: | 12-10-2002 |
| Description: | The wget packages shipped with Red Hat Linux 6.2 through 8.0 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory. |
| Vendor Alerts: | Red Hat:
|
