Thomas –
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for kdeutils, noffle, dhcp3, tomcat3, courier,
mysql, fetchmail, vim, webalizer, postgresql, and cvs. The distributors include
Debian, Guardian Digital’s EnGarde Secure Linux, Mandrake, and Yellow Dog.
LinuxSecurity Feature Extras:
Patching
It Up – Patching and upgrading software requires more than running
a few commands. Having a patch recovery plan, communicating with developers
on that server, and knowing who to contact in case of a botched patch job
is critical.Newest
Members of the Team – Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
| Package: | kdeutils |
| Date: | 01-24-2003 |
| Description: | The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. |
| Vendor Alerts: | Debian:
|
| Package: | noffle |
| Date: | 01-27-2003 |
| Description: | Dan Jacobson noticed a problem in noffle, an offline news server, that leads to a segmentation fault. It is not yet clear whether this problem is exploitable. However, if it is, a remote attacker could trigger arbitrary code execution under the user that calls noffle, probably news. |
| Vendor Alerts: | Debian:
|
| Package: | dhcp3 |
| Date: | 01-28-2003 |
| Description: | Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches. |
| Vendor Alerts: | Debian:
|
| Package: | tomcat3 |
| Date: | 01-29-2003 |
| Description: | A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome file is present. File contents can be returned as well. |
| Vendor Alerts: | Debian:
|
| Package: | courier |
| Date: | 01-30-2003 |
| Description: | The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected. |
| Vendor Alerts: | Debian:
|
| Package: | mysql |
| Date: | 01-27-2003 |
| Description: | Update for the COM_TABLE_DUMP vulnerability. |
| Vendor Alerts: | EnGarde:
|
| Package: | fetchmail |
| Date: | 01-27-2003 |
| Description: | Stefan Esser of e-matters, while re-auditing the Fetchmail package, found another vulnerability. This heap overflow vulnerability allows a malicious remote attacker to crash Fetchmail or potentially execute arbitrary code as the user under which Fetchmail is being run. |
| Vendor Alerts: | EnGarde:
Mandrake:
|
| Package: | vim |
| Date: | 01-27-2003 |
| Description: | VIM allows a user to set the modeline differently for each edited text file by placing special comments in the files. Georgi Guninski found that these comments can be carefully crafted in order to call external programs. This could allow an attacker to create a text file such that when it is opened arbitrary commands are executed. |
| Vendor Alerts: | Yellow Dog:
|
| Package: | webalizer |
| Date: | 01-27-2003 |
| Description: | A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. |
| Vendor Alerts: | Yellow Dog:
|
| Package: | postgresql |
| Date: | 01-27-2003 |
| Description: | Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the lpad or rpad functions. CAN-2002-0972 |
| Vendor Alerts: | Yellow Dog:
|
| Package: | cvs |
| Date: | 01-27-2003 |
| Description: | On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. |
| Vendor Alerts: | Yellow Dog:
|
Category:
- Security
