Linux Advisory Watch – February 20, 2004

24

Author: Benjamin D. Thomas

This week, advisories were
released for gnupg, kernel, mc, mutt, slocate, XFree86, gaim, freeradius, samba,
phpMyAdmin, clamav, mailman, metamail, racoon, shmat, OpenSSL, and PWLib. The
distributors include Debian, Fedora, Gentoo, Immunix, Mandrake, NetBSD, OpenBSD,
Red Hat, Slackware, SuSE, Trustix, and Turbolinux.


Where Does Security Belong?

In most organizations security is
an extension of the IT department. The security staff may be under networking,
system administration, or even the helpdesk. Why not? The security team is responsible
for solving security problems and a large percentage of the controls that are
put in place are technical. Traditionally, security has to do with user accounts,
access control lists, and occasionally a firewall or two. The environment is
changing. Proper information security today requires risk analysis, security
awareness training, and maintenance of the security policy.

Do you really think someone working
as a security analyst, which is an extension of the helpdesk is going to be
able to influence the decisions of the CIO or Director of Networking? Who will
enforce the security policy? Someone four job-levels away from executive management
can not be expected to properly enforce a security policy. Interoffice politics
is too much of a problem.

There are several schools of thought
on this subject. Some believe that security should be its own department in
an organization, which is independent of IT. This way of thinking includes merging
both physical and information security. Others believe that information security
should be an extension of a risk management, or internal audit group. What advantages
do both of these have? First, the security team may have better access to executive
management. Also, improved access and department segmentation will help the
political situation. To get an IT control implemented, rather than going through
the typical interoffice political channels, a simple directive from a member
of executive management can get the job done.

Information security is much broader
than IT. To properly mitigate or transfer unacceptable business risks, a coordinated
team is required across the organization. It is time that IT, HR, Finance, Audit,
R&D, and others begin working together. What does this have to do with Linux?
Linux administrators should be aware of the changing environment. In the near
future, security will be part of everyone’s job.

Until next time, cheers!
Benjamin D. Thomas

LinuxSecurity
Feature Extras:

Interview
with Vincenzo Ciaglia, Founder of Netwosix

– In this article, a brief introduction of Netwosix is given and the project
founder Vincenzo Ciaglia is interviewed. Netwosix is light Linux distribution
for system administrators and advanced users.

Introduction
to Netwox and Interview with Creator Laurent Constantin

– In this article Duane Dunston gives a brief introduction to Netwox, a combination
of over 130 network auditing tools. Also, Duane interviews Laurent Constantin,
the creator of Netwox.

Managing
Linux Security Effectively in 2004

– This article examines the process of proper Linux security management in
2004. First, a system should be hardened and patched. Next, a security routine
should be established to ensure that all new vulnerabilities are addressed.
Linux security should be treated as an evolving process.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 

Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Debian
  2/18/2004 gnupg
    Crytographic
weakness

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal
keys for signing.

Advisory

 
  2/18/2004 kernel
    Privilege
escalation vulnerability

Due to missing function return value check of internal functions a local
attacker can gain root privileges.

Advisory

 
  2/18/2004 kernel
    Multiple
vulnerabilities

This is actually several related advisories, broken down by platform, but
all referring to the same recently discovered kernel vulnerabilities.

Advisory

 
  2/19/2004 kernel
    Many patches
for s390

Several security related problems have been fixed in the Linux kernel 2.4.17
used for the S/390 architecture, mostly by backporting fixes from 2.4.18
and incorporating recent security fixes.

Advisory

 
 
Distribution: Fedora
  2/18/2004 mc
    Buffer
overflow vulernability

update CAN-2003-1023 fix to still make vfs symlinks relative, but with bounds
checking

Advisory

 
  2/18/2004 kernel
    Heap overflow
vulernability

R128 DRI limits checking. (CAN-2004-0003)

Advisory

 
  2/18/2004 mutt
    Denial
of service vulnerability

This package fixes CAN-2004-0078, where a specifc message could cause mutt
to crash.

Advisory

 
  2/18/2004 slocate
    Privilege
leak vulnerability

A local user could exploit this vulnerability to gain “slocate” group privileges
and then read the entire slocate database.

Advisory

 
  2/18/2004 XFree86
    Privilege
escalation vulnerability

Updated XFree86 packages that fix a privilege escalation vulnerability are
now available.

Advisory

 
  2/18/2004 gaim
    Buffer
overflow vulnerability

This update fixes recent gaim security problems as discussed on both the
gaim web site and was addressed by a recent Red Hat errata.

Advisory

 
  2/18/2004 freeradius
    Denial
of service vulnerability

This version corrects a flaw in 0.9.2 (and all earlier versions of the server)
which may allow an attacker to DoS the server.

Advisory

 
  2/18/2004 samba
    Improper
account enabling vuln.

Under some circumstances, Samba 3.0.0 and 3.0.1 could overwrite the password
field of a disabled account with uninitialized memory.

Advisory

 
  2/18/2004 kernel
    Privilege
escalation vulnerability

Paul Starzetz discovered a flaw in return value checking in mremap() in
the Linux kernel versions 2.4.24 and previous that may allow a local attacker
to gain root privileges.

Advisory

 
  2/19/2004 kernel
    Bug in
previous patch

The previous security errata (2.4.22-1.2173) unfortunatly contained a bug
which made some systems unbootable, due to breakage in the aacraid scsi
driver.

Advisory

 
 
Distribution: Gentoo
  2/18/2004 phpMyAdmin
    Directory
traversal vulernability

A vulnerability in phpMyAdmin which was not properly verifying user generated
input could lead to a directory traversal attack.

Advisory

 
  2/18/2004 kernel
    Privilege
escalation vulnerability

A vulnerability has been discovered by in the ptrace emulation code for
AMD64 platforms, allowing a local user to obtain elevated priveleges.

Advisoryl

 
  2/19/2004 clamav
    Denial
of service vulnerability

Exploit by a malformed uuencoded message would cause a denial of service
for programs that rely on the clamav daemon, such as SMTP.

Advisory

 
 
Distribution: Immunix
  2/13/2004 XFree86
    Multiple
buffer overflows

Greg MacManus, of iDEFENSE Labs, reports finding several potentially exploitable
buffer overflows in XFree86’s font code.

Advisory

 
  2/18/2004 XFree86
    Multiple
buffer overflows

Greg MacManus, of iDEFENSE Labs, reports finding several potentially exploitable
buffer overflows in XFree86’s font code.

Advisory

 
 
Distribution: Mandrake
  2/18/2004 XFree86
    Multiple
buffer overflows

Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86’s
parsing of the font.alias file.

Advisory

 
  2/18/2004 mailman
    Cross-site
scripting vulnerabilities

A cross-site scripting vulnerability was discovered in mailman’s administration
interface. There fixes here for other mailman vulnerabilities as well.

Advisory

 
  2/19/2004 metamail
    Multiple
vulnerabilities

Two format string and two buffer overflow vulnerabilities were discovered
in metamail by Ulf Harnhammar.

Advisory

 
 
Distribution: NetBSD
  2/19/2004 racoon
    Remote
deletion of SA

IPsec SA/ISAKMP SA may be deleted remotely by malicious third party

http://www.linuxsecurity.com/advisories/netbsd_advisory-4056.html

 
  2/19/2004 kernel
    Denial
of service vulnerability

A malicious party can cause a remote kernel panic by using ICMPv6 “too big”
messages.

http://www.linuxsecurity.com/advisories/netbsd_advisory-4057.html

 
  2/19/2004 shmat
    Privilege
escalation vulnerability

A programming error in the shmat(2) system call can result in a shared memory
segment’s reference count being erroneously incremented.

http://www.linuxsecurity.com/advisories/netbsd_advisory-4059.html

 
 
Distribution: OpenBSD
  2/19/2004 OpenSSL
    Denial
of service vulnerability

OpenSSL 0.9.6k ASN.1 parser had a possible denial-of-service vulnerability.


http://www.linuxsecurity.com/advisories/openbsd_advisory-4058.html

 
 
Distribution: Red
Hat
  2/13/2004 XFree86
    Multiple
buffer overflows

A local attacker could exploit this vulnerability by creating a carefully-crafted
file and gaining root privileges.

http://www.linuxsecurity.com/advisories/redhat_advisory-4021.html

 
  2/13/2004 PWLib
    Denial
of service vulnerability

The effects of such an attack can vary depending on the application, but
would usually result in a Denial of Service.

http://www.linuxsecurity.com/advisories/redhat_advisory-4022.html

 
  2/18/2004 XFree86
    Multiple
buffer overflows

Updated XFree86 packages that fix a privilege escalation vulnerability are now available.

http://www.linuxsecurity.com/advisories/redhat_advisory-4033.html

 
  2/18/2004 samba
    Improper
account enabling vuln.

If an account for a user is created, but marked as disabled using the mksmbpasswd
script, it is possible for Samba to overwrite the user’s password with the
contents of an uninitialized buffer.

http://www.linuxsecurity.com/advisories/redhat_advisory-4039.html

 
  2/18/2004 kernel
    Privilege
escalation vulnerability

Updated kernel packages that fix security vulnerabilities which may allow
local users to gain root privileges are now available.

http://www.linuxsecurity.com/advisories/redhat_advisory-4040.html

 
  2/18/2004 metamail
    Multiple vulnerabilities

Ulf Harnhammar discovered two integer overflow bugs and two buffer overflow
bugs in versions of Metamail up to and including 2.7.

http://www.linuxsecurity.com/advisories/redhat_advisory-4041.html

 
 
Distribution: Slackware
  2/13/2004 mutt
    Buffer
overflow vulnerability

Upgrade to version 1.4.2i to fix a buffer overflow that could lead to a
machine compromise.
http://www.linuxsecurity.com/advisories/slackware_advisory-4023.html

 
  2/13/2004 XFree86
    Multiple
buffer overflows

These fix overflows which could possibly be exploited to gain unauthorized
root access.

http://www.linuxsecurity.com/advisories/slackware_advisory-4024.html

 
  2/18/2004 kernel
    Privilege
escalation vulnerability

A bounds-checking problem in the kernel’s mremap() call could be used by
a local attacker to gain root privileges.

http://www.linuxsecurity.com/advisories/slackware_advisory-4037.html

 
  2/18/2004 metamail
    Multiple
vulnerabilities

These fix two format string bugs and two buffer overflows which could lead
to unauthorized code execution.

http://www.linuxsecurity.com/advisories/slackware_advisory-4038.html

 
 
Distribution: Suse
  2/19/2004 kernel
    Privilege
escalation vulernability

Local attacker can gain write access to previous read-only pages in memory,
resulting in root access to the system.

http://www.linuxsecurity.com/advisories/suse_advisory-4060.html

 
 
Distribution: Trustix
  2/13/2004 mutt
    Denial
of service vulnerability

It was discovered that certain messages would cause mutt to crash. Mutt
1.4.2 fixes this bug.

http://www.linuxsecurity.com/advisories/trustix_advisory-4025.html

 
  2/18/2004 kernel
    Privilege
escalation vulnerability

A hole was discovered in the mremap. Through this hole, it is possible for
anyone with a local account on the system to gain root privileges.

http://www.linuxsecurity.com/advisories/trustix_advisory-4035.html

 
 
Distribution: Turbolinux
  2/18/2004 XFree86
    and slocate
Multiple vulnerabilities

(1) XFree86 -> Font file buffer overlows (2) slocate -> Buffer overlows

http://www.linuxsecurity.com/advisories/turbolinux_advisory-4034.html