Linux Advisory Watch – December 20th 2002

25
– By Benjamin D.
Thomas

Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for wget, kernel, fetchmail, mysql, openldap,
lynx, micq, libpng, squirrelmail, net-snmp, exim, apache, lynx-ssl, perl, and
tcpdump.  The distributors include Conectiva, Debian, EnGarde, Gentoo,
Mandrake, Red Hat, and Trustix.

LinuxSecurity Feature Extras:

If
It Ain’t Broke See If It’s Fixed
Attackers are still compromising
servers with well-known attacks. General awareness can assist the busy
administrators and users to protect their systems from these kinds of attacks.
SANS provides a list of the Top 20 most common security vulnerabilities,
how to identify each, and what can be done to protect   against
these vulnerabilities.

Network
Security Audit
“Information for the right people at right time
and from anywhere” has been the driving force for providing access to the
most of the vital information on the network of an organization over the
Internet. This is a simple guide on conducting a network security audit.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 


 

 

Package: wget
Date: 12-13-2002
Description: The
vulnerability resides in the way wget handles server answers to LIST and
multiple GET requests. If the filenames in the answer begin with characters
pointing to parent directories (like “../” or “/”), wget can download files
to that location, thus overwritting arbitrary files.
Vendor Alerts: Conectiva:

ftp://atualizacoes.conectiva.com.br/8/RPMS/wget-1.8.2-1U80_1cl.i386.rpm

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2664.html
 

Debian:

http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_i386.deb
Size/MD5 checksum:  
227812 fc7c576836d26cebc397c07f3bbd1488

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2661.html
 

Trustix:

Trustix Vendor
Advisory:

http://www.linuxsecurity.com/advisories/trustix_advisory-2689.html

 

Package: kernel
Date: 12-13-2002
Description: Christophe
Devine reported[1] a vulnerability in versions prior to 2.4.20 of the linux
kernel that could be exploited by a local non-root user to completely “freeze”
the machine. A local attacker could exploit this vulnerability to cause
a Denial of Service (DoS) condition. This update fixes this problem.
Vendor Alerts: Conectiva:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2673.html
 

Trustix:

Trustix Vendor
Advisory:

http://www.linuxsecurity.com/advisories/trustix_advisory-2685.html

 

Package: fetchmail
Date: 12-16-2002
Description: Stefan
Esser discovered[1] a buffer overflow vulnerability in fetchmail 
versions prior to 6.1.3 (inclusive) that can be exploited remotelly with
the use of specially crafted mail messages. By exploiting this the attacker
can crash fetchmail or execute arbitrary code with the privileges of the
user running it.
Vendor Alerts: Conectiva:

ftp://atualizacoes.conectiva.com.br/8/RPMS/
fetchmail-5.9.12-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/
fetchmailconf-5.9.12-1U80_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/
fetchmail-doc-5.9.12-1U80_3cl.i386.rpm

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2674.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2666.html

Red Hat:

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-2676.html

 

Package: mysql
Date: 12-17-2002
Description: The
server vulnerabilities can be exploited to crash the MySQL server, bypass
password restrictions or even execute arbitrary code with the privileges
of the user running the server process. The library ones consist in an
arbitrary size heap overflow and a memory addressing problem that can be
both exploited to crash or execute arbitrary code in programs linked against
libmysql.
Vendor Alerts: Conectiva:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2678.html
 

Debian:

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2675.html

EnGarde:

EnGarde Vendor
Advisory:

http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html

Mandrake:

Mandrake Vendor
Adivsory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2681.html

OpenPKG:

OpenPKG:
http://www.linuxsecurity.com/advisories/other_advisory-2670.html

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2665.html

 

Package: openldap
Date: 12-19-2002
Description: The
vulnerabilities consists mainly in buffer overflows in both the OpenLDAP
server and in the libraries provided with the OpenLDAP package. Some of
these vulnerabilities can be exploited by attackers remotely or locally
to compromise the OpenLDAP server or applications linked against the vulnerable
libraries.
Vendor Alerts: Conectiva:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2682.html

 

Package: lynx
Date: 12-13-2002
Description: lynx
(a text-only web browser) did not properly check for illegal characters
in all places, including processing of command line options, which could
be used to insert extra HTTP headers in a request.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_i386.deb
Size/MD5 checksum:  
973310 9f591d8c7e97b1bd84da2f841397a75c

http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_i386.deb
Size/MD5 checksum:  
980678 ef6cf5f0e4a8781b14876639fafa78be

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2662.html

 

Package: micq
Date: 12-13-2002
Description: Rüdiger
Kuhlmann, upstream developer of mICQ, a text based ICQ client, discovered
a problem in mICQ.  Receiving certain ICQ message types that do not
contain the required 0xFE seperator causes all versions to

crash.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/m/
micq/micq_0.4.3-4.1_i386.deb
Size/MD5 checksum:   
42682 1ed0c823d4ccc05bc9e2070c15a687be

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2663.html

 

Package: libpng
Date: 12-19-2002
Description: Glenn
Randers-Pehrson discovered a problem in connection with 16-bit samples
from libpng, an interface for reading and writing PNG (Portable Network
Graphics) format files.  The starting offsets for the loops are calculated
incorrectly which causes a buffer overrun beyond the beginning of the row
buffer.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/libp/libpng/
libpng2_1.0.5-1.1_i386.deb
Size/MD5 checksum:   
93642 adaf7a70c5c96cc86dd37e3e97662749

http://security.debian.org/pool/updates/main/libp/libpng/
libpng2-dev_1.0.5-1.1_i386.deb
Size/MD5 checksum:  
174272 55f53fa4fd4c4f4c56a9b6d89e466f21

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2683.html

 

Package: squirrelmail
Date: 12-15-2002
Description: read_body.php
didn’t filter out user input for ‘filter_dir’ and ‘mailbox’, making a xss
attack possible.
Vendor Alerts: Gentoo:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2668.html

 

Package: exim
Date: 12-16-2002
Description: This
is a format string bug in daemon.c.
Vendor Alerts: Gentoo:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2669.html

 

 

Package: net-SNMP
Date: 12-16-2002
Description: The
Net-SNMP packages shipped with Red Hat Linux 8.0 contain several bugs including
a remote denial of service vulnerability. This errata release corrects
those problems.
Vendor Alerts: Red Hat:

ftp://updates.redhat.com/8.0/en/os/i386/net-snmp-5.0.6-8.80.2.i386.rpm
756809c05de41a612dd39f175c545816

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2677.html

 

 

 

Package: apache
Date: 12-18-2002
Description: A
number of vulnerabilities were discovered in Apache versions prior to 1.3.27. 
The first is regarding the use of shared memory (SHM) in Apache.  An
attacker that is able to execute code as the UID of the
 webserver
(typically “apache”) is able to send arbitrary processes a USR1 signal as
root.  Using this vulnerability, the attacker can also cause the Apache
process to continously span more children processes, thus causing a local
DoS.  Another vulnerability was discovered by Matthew Murphy regarding
a cross site scripting vulnerability in the standard 404 error page. 
Finally, some buffer overflows were found in the “ab” benchmark program
that is included with Apache.
Vendor Alerts: Mandrake:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2680.html

 

Package: lynx-ssl
Date: 12-19-2002
Description: This
SSL patch package for Lynx provides the ability to make use of SSL over
HTTP for secure access to web sites (HTTPS) and over NNTP for secure access
to news servers (SNEWS).  SSL is handled transparently, allowing users
to continue accessing web sites and news services from within Lynx  
through the same interface for both secure and standard transfers.
Vendor Alerts: Trustix:

./1.5/RPMS/lynx-ssl-2.8.4-1tr.i586.rpm
b9a901ce8b48c6fd77ca996c6f998540 
http://www.trustix.net/pub/Trustix/updates/

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2686.html

 

Package: perl
Date: 12-19-2002
Description: Perl
allows for socalled “safe compartmemts” where code can be evalutated without
access to variables outside this environment. There was, however, a bug
with regards to applications using this safe compartment more than once.
Vendor Alerts: Trustix:

./1.5/RPMS/perl-5.00503-14tr.i586.rpm
6e864051fab21be22c8e295dbff00df2 
http://www.trustix.net/pub/Trustix/updates/

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2687.html

 

Package: tcpdump
Date: 12-19-2002
Description: Tcpdump
tries to decode packages it sees on the network to provide some information
to the user.  In the decoding of BGP packages, it failed to do proper
bounds checking.  The impact is not known, but

  it could
at least be used to crash tcpdump.  This is fixed in the 3.7.1 release
of tcpdump.
Vendor Alerts: Trustix:

PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2688.html