Linux Advisory Watch – January 14, 2005

42

Author: Preston St. Pierre

This week, advisories were released for php, ethereal, krb, kerberos,
lintian, kdelibs, linpopup, bmv, exim, libc6, exim-tls, gopher, libtiff,
gtk, selinux-policy-targeted, epiphany, kernel, yum, samba, cups,
subversion, vim, samba, gdpdf, dillo, tikiwiki, pdftohelp, mpg123,
imlib2, poppassed_pam, kde, nfs-utils, hylafax, fcron, lesstif,
and unarj. The distributors include Contectiva, Debian, Fedora,
Gentoo, Mandrake, Red Hat, SuSE, Trustix, and TurboLinux.

Ape about EtherApe

It is always the same scene in Hollywood films. The networks are penetrated; cryptic images and characters are scrolling across the screen. We’re being hacked! Did you ever wish you could keep a closer eye on your network? Sure we have sniffers and other tools, but did you ever want something graphical?

I’ve always been a huge fan of ntop, but feel that it lacks on graphical end. My curiosity drives the question, what is happening on my network? Another interesting program that I enjoy using is EtherApe. It is a network monitor that displays traffic graphically. It supports a wide range of protocols and network types. The display is color-coded allowing users to quickly understand the type of traffic on a network.

The project is several years old, originally being based on etherman. It is licensed under the GPL and is currently packaged for many different Linux distributions. The hardware requirements are minimal, however it does require you to use X and have libcap installed.

With EtherApe you’ll find the network monitoring has never been this fun. On an active network, one can easily be drawn to just watching the activity. It can be a very useful tool, but the entertainment value should not be discounted.

One of the most useful features of EtherApe is the dynamic graphic images it creates. These can be used to further explain concepts or attacks methodologies to business decision makers who wouldn’t normally understand the output of tcpdump.

More information about EtherApe can be found at the project website:
http://etherape.sourceforge.net/

Also, for those of you who are just curious, severals screenshots are also
available:
http://etherape.sourceforge.net/images/

Until next time, cheers!
Benjamin D. Thomas

 

LinuxSecurity.com
Feature Extras:

Encrypting
Shell Scripts
– Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn’t have a “ps -ef” loop running in an attempt to capture
that sensitive info (though some applications mask passwords in “ps” output).

A 2005
Linux Security Resolution
– Year 2000, the coming of the new millennium,
brought us great joy and celebration, but also brought great fear. Some believed
it would result in full-scale computer meltdown, leaving Earth as a nuclear
wasteland. Others predicted minor glitches leading only to inconvenience. The
following years (2001-2004) have been tainted with the threat of terrorism worldwide.

State
of Linux Security 2004
– In 2004, security continued to be a major
concern. The beginning of the year was plagued with several kernel flaws and
Linux vendor advisories continue to be released at an ever-increasing rate.
This year, we have seen the reports touting Window’s security superiority, only
to be debunked by other security experts immediately after release. Also, Guardian
Digital launched the new LinuxSecurity.com, users continue to be targeted by
automated attacks, and the need for security awareness and education continues
to rise.

 

Take advantage of our Linux Security discussion
list!
This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.

Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline
.

 
  Conectiva: php4 Fixes for multiple php4 vulnerabilities
  13th, January, 2005

This announcement fixes seven vulnerabilities[2] found by Stefan
Esser and four other vulnerabilities. For further information, please
refer to php4’s changelog[3].

http://www.linuxsecurity.com/content/view/117904

 
  Conectiva: ethereal Fixes for security vulnerabilities in ethereal
  13th, January, 2005

This update fixes several vulnerabilities[2,3,4] in ethereal.

http://www.linuxsecurity.com/content/view/117905

 
  Conectiva: krb5 Fix for buffer overflow in libkadm5srv
  13th, January, 2005

Michael Tautschnig noticed that the MIT Kerberos 5 administration
library (libkadm5srv) contains a heap buffer overflow[2] in password
history handling code which could be exploited by an authenticated
user to execute arbitrary code on a Key Distribution Center (KDC)
host.

http://www.linuxsecurity.com/content/view/117911

 
  Debian: kerberos arbitrary code execution fix
  7th, January, 2005

A buffer overflow has been discovered in the MIT Kerberos 5 administration library (libkadm5srv) that could lead to the execution of arbitrary code upon exploition by an authenticated user, not necessarily one with administrative privileges.

http://www.linuxsecurity.com/content/view/117819

 
  Debian: lintian insecure temporary directory fix
  10th, January, 2005

Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn’t created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack.

http://www.linuxsecurity.com/content/view/117827

 
  Debian: kdelibs arbitrary FTP command execution fix
  10th, January, 2005

Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.

http://www.linuxsecurity.com/content/view/117828

 
  Debian: linpopup arbitrary code execution fix
  10th, January, 2005

Stephen Dranger discovered a buffer overflow in linpopup, an X11 port of winpopup, running over Samba, that could lead to the execution of arbitrary code when displaying a maliciously crafted message.

http://www.linuxsecurity.com/content/view/117829

 
  Debian: bmv insecure temporary file creation fix
  11th, January, 2005

Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack.

http://www.linuxsecurity.com/content/view/117857

 
  Debian: HylaFAX unauthorised access fix
  11th, January, 2005

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.

http://www.linuxsecurity.com/content/view/117872

 
  Debian: exim arbitrary code execution fix
  12th, January, 2005

Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.

http://www.linuxsecurity.com/content/view/117878

 
  Debian: New libc6 packages fix insecure temporary files
  12th, January, 2005

Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack.

http://www.linuxsecurity.com/content/view/117889

 
  Debian: New exim-tls packages fix arbitrary code execution
  13th, January, 2005

Philip Hazel announced a buffer overflow in the host_aton function in
exim-tls, the SSL-enabled version of the default mail-tranport-agent
in Debian, which can lead to the execution of arbitrary code via an
illegal IPv6 address.

http://www.linuxsecurity.com/content/view/117903

 
  Debian: New gopher packages fix several vulnerabilities
  13th, January, 2005

“jaguar” has discovered two security relevant problems in gopherd, the
Gopher server in Debian which is part of the gopher package.

http://www.linuxsecurity.com/content/view/117915

 
  Fedora: sane-backends-1.0.15-1.4 update (corrected)
  7th, January, 2005

This is version 1.0.15 of the sane-backends scanner drivers. This package also resolves the issues concerning device permissions for USB scanners which are always connected.

http://www.linuxsecurity.com/content/view/117815

 
  Fedora: libtiff-3.6.1-9.fc3 update
  7th, January, 2005

The updated libtiff package fixes an integer overflow which could lead to a buffer overflow in the tiffdump utility.

http://www.linuxsecurity.com/content/view/117820

 
  Fedora: libtiff-3.5.7-22.fc2 update
  7th, January, 2005

The updated libtiff package fixes an integer overflow which could lead to a buffer overflow in the tiffdump utility.

http://www.linuxsecurity.com/content/view/117821

 
  Fedora: gtk2-2.4.14-2.fc3 update
  7th, January, 2005

The updated gtk2 package fixes several cases of missing locking in the file chooser which could cause deadlocks in threaded applications.

http://www.linuxsecurity.com/content/view/117822

 
  Fedora: selinux-policy-targeted-1.17.30-2.68 update
  7th, January, 2005

Allow ldconfig to run with full privs.

http://www.linuxsecurity.com/content/view/117823

 
  Fedora: epiphany-1.2.7-0.2.0 update
  10th, January, 2005

Rebuild because of Mozilla API changes.

http://www.linuxsecurity.com/content/view/117840

 
  Fedora: epiphany-1.2.7-0.2.2 update
  10th, January, 2005

Rebuild because of Mozilla API changes.

http://www.linuxsecurity.com/content/view/117841

 
  Fedora: policycoreutils-1.18.1-2.3 update
  10th, January, 2005

backport restorecon and fixfiles from rawhide. to eliminate bad warning. messages and fix handling of rpm files

http://www.linuxsecurity.com/content/view/117842

 
  Fedora: selinux-policy-targeted-1.17.30-2.68 update
  10th, January, 2005

Require policycoreutils for selinux-policy-targeted. Run ldconfig as an unconfined_domain

http://www.linuxsecurity.com/content/view/117843

 
  Fedora: kernel-2.6.10-1.8_FC2 update
  10th, January, 2005

This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch.

http://www.linuxsecurity.com/content/view/117849

 
  Fedora: kernel-2.6.10-1.737_FC3 update
  10th, January, 2005

This update rebases the kernel to match the upstream 2.6.10 release, and adds a number of security fixes by means of adding the latest -ac patch.

http://www.linuxsecurity.com/content/view/117850

 
  Fedora: yum-2.1.12-0.fc3 update
  10th, January, 2005

New yum release fixes many small bugs.

http://www.linuxsecurity.com/content/view/117851

 
  Fedora: system-config-samba-1.2.23-0.fc3.1 update
  11th, January, 2005

Unfortunately there have slipped in some bugs in this release which were detected after the sign and push request went out. The bugs in question prevent proper configuring of global preferences.

http://www.linuxsecurity.com/content/view/117859

 
  Fedora: system-config-services-0.8.17-0.fc3.1 update
  11th, January, 2005

throw away stderr to not be confused by error messages (#142983). don’t hardcode python 2.3 (#142246). remove some cruft from configure.in

http://www.linuxsecurity.com/content/view/117860

 
  Fedora: cups-1.1.20-11.9 update
  11th, January, 2005

This package fixes a small regression introduced by FEDORA-2004-574.

http://www.linuxsecurity.com/content/view/117861

 
  Fedora: cups-1.1.22-0.rc1.8.3 update
  11th, January, 2005

This package fixes a small regression introduced by FEDORA-2004-575.

http://www.linuxsecurity.com/content/view/117862

 
  Fedora: subversion-1.1.2-2.3 update
  11th, January, 2005

This update includes the latest release of Subversion 1.1, including a number of bug fixes.

http://www.linuxsecurity.com/content/view/117863

 
  Fedora: initscripts-7.55.2-1 update
  11th, January, 2005

This update fixes the mouting of usbfs on boot, along with various other accumulated fixes.

http://www.linuxsecurity.com/content/view/117875

 
  CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.0
  12th, January, 2005

Rebuild because of Mozilla API changes.

http://www.linuxsecurity.com/content/view/117885

 
  CORRECTION: Fedora Core 2 Update: epiphany-1.2.7-0.2.2
  12th, January, 2005

Rebuild because of Mozilla API changes.

http://www.linuxsecurity.com/content/view/117886

 
  Fedora Core 2 Update: vim-6.3.054-0.fc2.1
  12th, January, 2005

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fern‡ndez-Sanguino Pe–a discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack.

http://www.linuxsecurity.com/content/view/117887

 
  Fedora Core 3 Update: vim-6.3.054-0.fc3.1
  12th, January, 2005

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is possible that a malicious user could create a file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. Javier Fern‡ndez-Sanguino Pe–a discovered insecure usage of temporary files in two scripts shipped with vim. It is possible that a malicious user could guess the names of the temporary files and start a symlink attack.

http://www.linuxsecurity.com/content/view/117888

 
  Fedora: system-config-samba-1.2.26-0.fc3.1 update
  12th, January, 2005

ignore case of share name when deleting share (#144504). when double clicking share, open properties dialog. assume default is “security == user” to avoid traceback on users dialog (#144511). update main window when changing share path (#144168). include Ukranian translation in desktop file (#143659).

http://www.linuxsecurity.com/content/view/117892

 
  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.72
  12th, January, 2005

Allow dhcpd and nscd to read certs files in usr_t.
Allow postgresql to use ypbind and fix db creation calls.

http://www.linuxsecurity.com/content/view/117899

 
  Fedora Core 2 Update: gpdf-2.8.2-1.1
  13th, January, 2005

Update to 2.8.2. Remove all patches, they are upstream

http://www.linuxsecurity.com/content/view/117912

 
  Fedora Core 3 Update: gpdf-2.8.2-1.2
  13th, January, 2005

Update to 2.8.2. Remove all patches, they are upstream

http://www.linuxsecurity.com/content/view/117913

 
  Fedora Core 3 Update: exim-4.43-1.FC3.1
  13th, January, 2005

This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0021 and CAN-2005-0022 to these, respectively.

http://www.linuxsecurity.com/content/view/117914

 
  Gentoo: dillo Format string vulnerability
  9th, January, 2005

Dillo is vulnerable to a format string bug, which may result in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117831

 
  Gentoo: TikiWiki Arbitrary command execution
  10th, January, 2005

A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts.

http://www.linuxsecurity.com/content/view/117832

 
  Gentoo: pdftohtml Vulnerabilities in included Xpdf
  10th, January, 2005

pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.

http://www.linuxsecurity.com/content/view/117833

 
  Gentoo: UnRTF Buffer overflow
  10th, January, 2005

A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file.

http://www.linuxsecurity.com/content/view/117852

 
  Gentoo: mpg123 Buffer overflow
  10th, January, 2005

An attacker may be able to execute arbitrary code by way of specially crafted MP2 or MP3 files.

http://www.linuxsecurity.com/content/view/117853

 
  Gentoo: konqueror Java sandbox vulnerabilities
  11th, January, 2005

The Java sandbox environment in Konqueror can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

http://www.linuxsecurity.com/content/view/117854

 
  Gentoo: Kpdf, Koffice More vulnerabilities in included Xpdf
  11th, January, 2005

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code if a user is enticed to view a malicious PDF file.

http://www.linuxsecurity.com/content/view/117855

 
  Gentoo: KDE FTP KIOslave Command injection
  11th, January, 2005

The FTP KIOslave contains a bug allowing users to execute arbitrary FTP commands.

http://www.linuxsecurity.com/content/view/117864

 
  Gentoo: imlib2 Buffer overflows in image decoding
  11th, January, 2005

Multiple overflows have been found in the imlib2 library image decoding routines, potentially allowing the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117865

 
  Gentoo: o3read Buffer overflow during file conversion
  11th, January, 2005

A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.

http://www.linuxsecurity.com/content/view/117867

 
  Gentoo: HylaFAX hfaxd unauthorized login vulnerability
  11th, January, 2005

HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists.

http://www.linuxsecurity.com/content/view/117868

 
  Gentoo: poppassd_pam Unauthorized password changing
  11th, January, 2005

poppassd_pam allows anyone to change any user’s password without authenticating the user first.

http://www.linuxsecurity.com/content/view/117874

 
  Gentoo: CUPS Multiple vulnerabilities
  12th, January, 2005

CUPS was vulnerable to multiple vulnerabilities and as a fix we recommended upgrading to version 1.1.23_rc1. This version is affected by a remote Denial Of Service, so we now recommend upgrading to the final 1.1.23 release which does not have any known vulnerability.

http://www.linuxsecurity.com/content/view/117879

 
  Gentoo: Exim Two buffer overflows
  12th, January, 2005

Buffer overflow vulnerabilities, which could lead to arbitrary code
execution, have been found in the handling of IPv6 addresses as well
as in the SPA authentication mechanism in Exim.

http://www.linuxsecurity.com/content/view/117900

 
  Mandrake: g-wrap compilation error fix
  10th, January, 2005

A compilation error in g-wrap prevented gnucash from running on Mandrakelinux 10.1/x86_64. The updated packages correct the problem.

http://www.linuxsecurity.com/content/view/117846

 
  Mandrake: xscreensave bug with KDE fix
  10th, January, 2005

A bug in xscreensaver existed when running under KDE. When selecting a screensaver, it can be tested and seen properly, but when it actually is supposed to start, only a black screen would come up.

http://www.linuxsecurity.com/content/view/117848

 
  Mandrake: kde numerous bugs fix
  11th, January, 2005

Updates are provided for various components of kdeaddons, kdebase, kdelibs, kdenetwork, and kdepim that fix a variety of bugs.

http://www.linuxsecurity.com/content/view/117866

 
  Mandrake: nfs-utils 64bit vulnerability fix
  11th, January, 2005

Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a
specially crafted request which could then lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117877

 
  Mandrake: hylafax vulnerability fix
  12th, January, 2005

Patrice Fournier discovered a vulnerability in the authorization
sub-system of hylafax. A local or remote user guessing the contents
of the hosts.hfaxd database could gain unauthorized access to the
fax system.

http://www.linuxsecurity.com/content/view/117901

 
  Mandrake: Updated imlib packages fix
  12th, January, 2005

Pavel Kankovsky discovered several heap overflow flaw in the imlib image handler. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a user (CAN-2004-1025). As well, Pavel also discovered several integer overflows in imlib.
These could allow an attacker, creating a carefully crafted image file, to cause an application linked with imlib to execute arbitrary code or crash (CAN-2004-1026).

http://www.linuxsecurity.com/content/view/117902

 
  Trustix: fcron, kernel vulnerabilities
  13th, January, 2005

Security vulnerabilites have been found in fcronsighup, the program used by fcrontab to tell fcron it should reload its configuration. Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup’s overall security.

http://www.linuxsecurity.com/content/view/117918

 
  Trustix: glibc iproute setup tsl-utils bug fixes
  13th, January, 2005

glibc: Added success/failure to nscd.init to make it consistent with other init scripts. iproute: Now make /etc/iproute2/* config(noreplace). setup: Added lmtp ports in /etc/services. tsl-utils: Now handle more release tags in kernel names. Take II.

http://www.linuxsecurity.com/content/view/117919

 
  RedHat: Updated lesstif package fixes image vulnerability
  12th, January, 2005

An updated lesstif package that fixes flaws in the Xpm library is now available for Red Hat Enterprise Linux 2.1.

http://www.linuxsecurity.com/content/view/117893

 
  RedHat: Updated unarj package fixes security issue
  12th, January, 2005

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

http://www.linuxsecurity.com/content/view/117894

 
  RedHat: Updated CUPS packages fix security issues
  12th, January, 2005

Updated CUPS packages that fix several security issues are now available.

http://www.linuxsecurity.com/content/view/117895

 
  RedHat: Updated nfs-utils package fixes security
  12th, January, 2005

An updated nfs-utils package that fixes various security issues is now available.

http://www.linuxsecurity.com/content/view/117896

 
  RedHat: Updated Pine packages fix security vulnerability
  12th, January, 2005

An updated Pine package is now available for Red Hat Enterprise Linux 2.1
to fix a denial of service attack.

http://www.linuxsecurity.com/content/view/117897

 
  RedHat: Updated Xpdf packages fix security issues
  12th, January, 2005

Updated Xpdf packages that fix several security issues are now available.

http://www.linuxsecurity.com/content/view/117898

 
  RedHat: Updated libtiff packages fix security issues
  13th, January, 2005

Updated libtiff packages that fix various integer overflows are now available.

http://www.linuxsecurity.com/content/view/117906

 
  RedHat: Updated mozilla packages fix a buffer overflow
  13th, January, 2005

Updated mozilla packages that fix a buffer overflow issue are now available.

http://www.linuxsecurity.com/content/view/117907

 
  SuSE: libtiff/tiff remote system compromise
  10th, January, 2005

Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards.

http://www.linuxsecurity.com/content/view/117830

 
  TurboLinux: php, httpd multiple vulnerabilities
  13th, January, 2005

The vulnerabilities can allow remote attackers to cause a denial of service and possibly execute arbitrary code.

http://www.linuxsecurity.com/content/view/117908