Thomas –
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for wget, xpdf, openldap, libmcrypt, impsql,
bugzilla, mod_php, cups, dhcpd, kde, leafnode, libpng, postgresql, mysql, vim,
and ethereal. The distributors include Caldera, Debian, Mandrake, Red Hat, SuSE,
and Yellow Dog.
LinuxSecurity Feature Extras:
Newest
Members of the Team – Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.Secure
Passwordless Logins with SSH Part 3 – Setting up your accounts
to allow identity-based authentication gives you several new options to
allow passwordless access to those accounts. This week we’ll see how well
we can restrict the access granted to these identities.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
| Package: | wget |
| Date: | 01-16-2003 |
| Description: | The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. |
| Vendor Alerts: | Caldera:
|
| Package: | xpdf |
| Date: | 01-10-2003 |
| Description: | The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. |
| Vendor Alerts: | Caldera:
|
| Package: | openldap2 |
| Date: | 01-13-2003 |
| Description: | The SuSE Security Team reviewed critical parts of openldap2, an implementation of the Lightweight Directory Access Protocol (LDAP) version 2 and 3, and found several buffer overflows and other bugs remote attackers could exploit to gain access on systems running vulnerable LDAP servers. In addition to these bugs, various local exploitable bugs within the OpenLDAP2 libraries have been fixed. |
| Vendor Alerts: | Debian:
|
| Package: | libmcrypt |
| Date: | 01-13-2003 |
| Description: | Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a decryption and encryption library, that originates in from improper or lacking input validation. By passing input which is longer then expected to a number of functions (multiple functions are affected) the user can successful make libmcrypt crash and may be able to insert arbitrary, malicious, code which will be executed under the user libmcrypt runs as, e.g. inside a web server. |
| Vendor Alerts: | Debian:
|
| Package: | impsql |
| Date: | 01-15-2003 |
| Description: | The impact of SQL injection depends heavily on the underlying database and its configuration. If PostgreSQL is used, it’s possible to execute multiple complete SQL queries separated by semicolons. The database contains session id’s so the attacker might hijack sessions of people currently logged in and read their mail. |
| Vendor Alerts: | Debian:
|
| Package: | bugzilla |
| Date: | 01-16-2003 |
| Description: | The provided data collection script intended to be run as a nightly cron job changes the permissions of the data/mining directory to be world-writable every time it runs. This would enable local users to alter or delete the collected data. |
| Vendor Alerts: | Debian:
|
| Package: | mod_php |
| Date: | 01-13-2003 |
| Description: | “If you use the wordwrap() function on user-supplied input, a specially-crafted input can overflow the allocated buffer and overwrite the heap. Exploit looks very difficult, but still theoretically possible.” |
| Vendor Alerts: | Gentoo:
|
| Package: | cups |
| Date: | 01-13-2003 |
| Description: | iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. |
| Vendor Alerts: | Mandrake:
|
| Package: | dhcpd |
| Date: | 01-12-2003 |
| Description: | A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables and DHCP assignment information. |
| Vendor Alerts: | Mandrake:
|
| Package: | kde |
| Date: | 01-12-2003 |
| Description: | Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources. |
| Vendor Alerts: | Mandrake:
|
| Package: | leafnode |
| Date: | 01-14-2003 |
| Description: | A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix of another, is requested by it’s Message-ID. |
| Vendor Alerts: | Mandrake:
|
| Package: | openldap |
| Date: | 01-14-2003 |
| Description: | A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. |
| Vendor Alerts: | Mandrake:
|
| Package: | libpng |
| Date: | 01-13-2003 |
| Description: | Unpatched versions of libpng 1.2.1 and earlier do not correctly calculate offsets, which leads to a buffer overflow and the possibility of arbitrary code execution. This could be exploited by an attacker creating a carefully crafted PNG file which could execute arbitrary code when the victim views it. |
| Vendor Alerts: | Red Hat:
|
| Package: | postgresql |
| Date: | 01-13-2003 |
| Description: | Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the lpad or rpad functions. CAN-2003-0972 |
| Vendor Alerts: | Red Hat:
|
| Package: | mysql |
| Date: | 01-15-2003 |
| Description: | MySQL is a multi-user, multi-threaded SQL database server. While auditing MySQL, Stefan Esser found security vulnerabilities that can be used to crash the server or allow MySQL users to gain privileges. |
| Vendor Alerts: | Red Hat:
|
| Package: | vim |
| Date: | 01-16-2003 |
| Description: | VIM allows a user to set the modeline differently for each edited text file by placing special comments in the files. Georgi Guninski found that these comments can be carefully crafted in order to call external programs. This could allow an attacker to create a text file such that when it is opened arbitrary commands are executed. |
| Vendor Alerts: | Red Hat:
|
| Package: | ethereal |
| Date: | 01-16-2003 |
| Description: | Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages. This problem was discovered by Silvio Cesare. CAN-2003-1355 |
| Vendor Alerts: | YellowDog Linux:
|
Category:
- Security
