Linux Advisory Watch – December 6th 2002

24
By Benjamin
D. Thomas

This week, advisories were released for RPC XDR, ypserv,
pine, freeswan, im, smb2www, xinetd, webalizer, kde, kdelibs, and windowmaker. 
The distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, and
Red Hat.

LinuxSecurity Feature Extras:

Network
Security Audit
“Information for the right people at right time and
from anywhere” has been the driving force for providing access to the most
of the vital information on the network of an organization over the Internet.
This is a simple guide on conducting a network security audit.

Security:
MySQL and PHP (3 of 3)
This is the third installation of a 3 part
article on LAMP (Linux Apache MySQL PHP). In order to safeguard a MySQL server
to the basic level, one has to abide by the following guidelines.

[ Linux Advisory Watch
] – [ Linux Security
Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

Vendors Packages
RPC XDR Caldera
ypserv Caldera
pine Conectiva, Gentoo, 
Mandrake
freeswan Debian
im Debian
smb2www Debian
xinetd Red Hat
webalizer Red Hat
kde Red Hat
windowmaker Mandrake
kdelibs Debian

Linux Advisory Watch is a comprehensive newsletter that outlines
the security vulnerabilities that have been announced throughout the week. 
It includes pointers to updated packages and descriptions of each vulnerability.

[ Subscribe
]
 


 
 

Package: RPC XDR
Date: 12-04-2002
Description: The implementation of xdr_array can be tricked into writing beyond
the buffers it allocated when deserializing the XDR stream.
Vendor Alerts: Caldera:

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/
CSSA-2002-055.0/RPMS
glibc-2.2.4-25.i386.rpm
0c879b13edf9d0ad38421432184b7749 
 

Caldera Vendor
Advisory:

http://www.linuxsecurity.com/advisories/caldera_advisory-2637.html

 

Package: ypserv
Date: 12-04-2002
Description: Requesting a map that doesn’t exist will cause a memory leak in
the server.
Vendor Alerts: Caldera:

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/
CSSA-2002-054.0/RPMS

nis-client-2.0-23.i386.rpm
f416f2e39a29d419832f3b18c04491a2 

nis-server-2.0-23.i386.rpm
b86300ae67587b447262d31f123bc12e 

Caldera Vendor
Advisory:

http://www.linuxsecurity.com/advisories/caldera_advisory-2638.html

 
 

Package: pine
Date: 12-04-2002
Description: By exploiting this, an attacker can prevent the pine user of starting
the program to manage his/her mailbox. It was not confirmed if it is possible
to execute arbitrary code by exploiting this vulnerability,  but such
a possibility exists.
Vendor Alerts: Conectiva:

ftp://atualizacoes.conectiva.com.br/8/RPMS/pico-4.50L-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/pilot-4.50L-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/pine-4.50L-1U80_1cl.i386.rpm
 

Conectiva
Vendor Advisory:

http://www.linuxsecurity.com/advisories/connectiva_advisory-2639.html
 

Gentoo:

Gentoo
Vendor Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2618.html

Mandrake:

Mandrake
Vendor Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2631.html

 
 
 

Package: freeswan
Date: 12-02-2002
Description: Bindview discovered a problem in several IPSEC implementations
that do not properly handle certain very short packets.  IPSEC is a set
of security extensions to IP which provide authentication and encryption.

Free/SWan
in Debain is affected by this and is said to cause a kernel panic.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/f/freeswan/
kernel-patch-freeswan_1.96-1.4_all.deb
Size/MD5 checksum:  
889918 30c73e274e84b62125136ec96160d23a

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2628.html

 
 

Package: im
Date: 12-03-2002
Description: The impwagent program creates a temporary directory in an insecure
manner in /tmp using predictable directory names without checking the return
code of mkdir, so it’s possible to seize a permission of the temporary directory
by local access as another user.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/i/im/im_141-18.1_all.deb
Size/MD5 checksum:  
217416 41a6ad3bc0b0591ba180dd5d646387f9

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2630.html

 
 

Package: smb2www
Date: 12-04-2002
Description: Robert Luberda found a security problem in smb2www, a Windows Network
client that is accessible through a web browser.  This could lead a
remote attacker to execute arbitrary programs under the user id www-data on
the host where smb2www is running.
Vendor Alerts: Debian:

http://security.debian.org/pool/updates/main/s/smb2www/
smb2www_980804-16.1_all.deb
Size/MD5 checksum:   
79050 6d443251ebe2389c26ac163e739ee80e

 

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2636.html

 
 

Package: kdelibs
Date: 12-05-2002
Description: The KDE team has discovered a vulnerability in the support for
various network protocols via the KIO The implementation of the rlogin and
protocol allows a carefully crafted URL in an HTML page, HTML email or other
KIO-enabled application to execute arbitrary commands on the system using
the victim’s account on the vulnerable machine. 
Vendor Alerts: Debian:

PLEASE
SEE VENDOR ADVISORY FOR UPDATE

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2640.html

 
 

Package: WindowMaker
Date: 12-02-2002
Description: Al Viro discovered a vulnerability in the WindowMaker window manager. 
A function used to load images, for example when configuring a new  background
image or previewing themes, contains a buffer overflow.  The function
calculates the amount of memory necessary to load the  image by doing
some multiplication but does not check the results of  this multiplication,
which may not fit into the destination variable,  resulting in a buffer
overflow when the image is loaded.
Vendor Alerts: Mandrake:

PLEASE
SEE VENDOR ADVISORY FOR UPDATE

Mandrake
Vendor Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2632.html

 

Package: xinetd
Date: 12-02-2002
Description: Versions of Xinetd prior to 2.3.7 leak file descriptors for the
signal pipe to services that are launched by xinetd. This could allow an attacker
to execute a DoS attack via the pipe. The Common Vulnerabilities and Exposures
project has assigned the name CAN-2002-0871 to this issue.
Vendor Alerts: Red Hat:

ftp://updates.redhat.com/8.0/en/os/i386/xinetd-2.3.7-5.i386.rpm
26e6f6faec33503f3538a4ac80c82ce2 

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-2629.html

 

Package: webalizer
Date: 12-02-2002
Description: A buffer overflow in Webalizer versions prior to 2.01-10, when
configured to use reverse DNS lookups, may allow remote attackers to execute
arbitrary code by connecting to the monitored Web server from an IP address
that resolves to a long hostname. 
Vendor Alerts: Red Hat:

ftp://updates.redhat.com/7.2/en/os/i386/
webalizer-2.01_09-1.72.i386.rpm
f3d16a9fa3c202031a6cda1da2944e3d 

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-2634.html

 

Package: kde
Date: 12-02-2002
Description: A number of vulnerabilities have been found that affect various
versions of KDE. This errata provides updates which resolve these issues.
Vendor Alerts: Red Hat:

PLEASE
SEE VENDOR ADVISORY FOR UPDATE

Red Hat Vendor
Advisory:

http://www.linuxsecurity.com/advisories/redhat_advisory-2635.html