Thomas –
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for wget, kernel, fetchmail, mysql, openldap,
lynx, micq, libpng, squirrelmail, net-snmp, exim, apache, lynx-ssl, perl, and
tcpdump. The distributors include Conectiva, Debian, EnGarde, Gentoo,
Mandrake, Red Hat, and Trustix.
LinuxSecurity Feature Extras:
If
It Ain’t Broke See If It’s Fixed – Attackers are still compromising
servers with well-known attacks. General awareness can assist the busy
administrators and users to protect their systems from these kinds of attacks.
SANS provides a list of the Top 20 most common security vulnerabilities,
how to identify each, and what can be done to protect against
these vulnerabilities.Network
Security Audit – “Information for the right people at right time
and from anywhere” has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
| Package: | wget |
| Date: | 12-13-2002 |
| Description: | The vulnerability resides in the way wget handles server answers to LIST and multiple GET requests. If the filenames in the answer begin with characters pointing to parent directories (like “../” or “/”), wget can download files to that location, thus overwritting arbitrary files. |
| Vendor Alerts: | Conectiva:
Debian:
Trustix:
|
| Package: | kernel |
| Date: | 12-13-2002 |
| Description: | Christophe Devine reported[1] a vulnerability in versions prior to 2.4.20 of the linux kernel that could be exploited by a local non-root user to completely “freeze” the machine. A local attacker could exploit this vulnerability to cause a Denial of Service (DoS) condition. This update fixes this problem. |
| Vendor Alerts: | Conectiva:
Trustix:
|
| Package: | fetchmail |
| Date: | 12-16-2002 |
| Description: | Stefan Esser discovered[1] a buffer overflow vulnerability in fetchmail versions prior to 6.1.3 (inclusive) that can be exploited remotelly with the use of specially crafted mail messages. By exploiting this the attacker can crash fetchmail or execute arbitrary code with the privileges of the user running it. |
| Vendor Alerts: | Conectiva:
Gentoo:
Red Hat:
|
| Package: | mysql |
| Date: | 12-17-2002 |
| Description: | The server vulnerabilities can be exploited to crash the MySQL server, bypass password restrictions or even execute arbitrary code with the privileges of the user running the server process. The library ones consist in an arbitrary size heap overflow and a memory addressing problem that can be both exploited to crash or execute arbitrary code in programs linked against libmysql. |
| Vendor Alerts: | Conectiva:
Debian:
EnGarde:
Mandrake:
OpenPKG:
Gentoo:
|
| Package: | openldap |
| Date: | 12-19-2002 |
| Description: | The vulnerabilities consists mainly in buffer overflows in both the OpenLDAP server and in the libraries provided with the OpenLDAP package. Some of these vulnerabilities can be exploited by attackers remotely or locally to compromise the OpenLDAP server or applications linked against the vulnerable libraries. |
| Vendor Alerts: | Conectiva:
|
| Package: | lynx |
| Date: | 12-13-2002 |
| Description: | lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request. |
| Vendor Alerts: | Debian:
|
| Package: | micq |
| Date: | 12-13-2002 |
| Description: | Rüdiger Kuhlmann, upstream developer of mICQ, a text based ICQ client, discovered a problem in mICQ. Receiving certain ICQ message types that do not contain the required 0xFE seperator causes all versions to crash. |
| Vendor Alerts: | Debian:
|
| Package: | libpng |
| Date: | 12-19-2002 |
| Description: | Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. |
| Vendor Alerts: | Debian:
|
| Package: | squirrelmail |
| Date: | 12-15-2002 |
| Description: | read_body.php didn’t filter out user input for ‘filter_dir’ and ‘mailbox’, making a xss attack possible. |
| Vendor Alerts: | Gentoo:
|
| Package: | exim |
| Date: | 12-16-2002 |
| Description: | This is a format string bug in daemon.c. |
| Vendor Alerts: | Gentoo:
|
| Package: | net-SNMP |
| Date: | 12-16-2002 |
| Description: | The Net-SNMP packages shipped with Red Hat Linux 8.0 contain several bugs including a remote denial of service vulnerability. This errata release corrects those problems. |
| Vendor Alerts: | Red Hat:
|
| Package: | apache |
| Date: | 12-18-2002 |
| Description: | A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically “apache”) is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the “ab” benchmark program that is included with Apache. |
| Vendor Alerts: | Mandrake:
|
| Package: | lynx-ssl |
| Date: | 12-19-2002 |
| Description: | This SSL patch package for Lynx provides the ability to make use of SSL over HTTP for secure access to web sites (HTTPS) and over NNTP for secure access to news servers (SNEWS). SSL is handled transparently, allowing users to continue accessing web sites and news services from within Lynx through the same interface for both secure and standard transfers. |
| Vendor Alerts: | Trustix:
|
| Package: | perl |
| Date: | 12-19-2002 |
| Description: | Perl allows for socalled “safe compartmemts” where code can be evalutated without access to variables outside this environment. There was, however, a bug with regards to applications using this safe compartment more than once. |
| Vendor Alerts: | Trustix:
|
| Package: | tcpdump |
| Date: | 12-19-2002 |
| Description: | Tcpdump tries to decode packages it sees on the network to provide some information to the user. In the decoding of BGP packages, it failed to do proper bounds checking. The impact is not known, but it could at least be used to crash tcpdump. This is fixed in the 3.7.1 release of tcpdump. |
| Vendor Alerts: | Trustix:
|
