Thomas –
This week advisories were released for zlib, sendmail, qpopper, file, snort,
mysqlcc, netscape-flash, ethereal, usermode, tcpdump, and lprold. The
distributors include Caldera, Debian, Guardian Digital’s EnGarde Secure Linux,
Gentoo, Mandrake, NetBSD, Red Hat, and SuSE.
LinuxSecurity Feature Extras:
Get
out of a BIND – install DJBDNS– DJBDNS eases DNS management and
improves security over BIND alternatives by taking a different approach
to serving and caching DNS answers.Remote
Syslog with MySQL and PHP – Msyslog has the ability to log syslog
messages to a database. This allows for easier monitoring of multiple servers
and the ability to be display and search for syslog messages using PHP
or any other programming language that can communicate with the database.by
that, too.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
The Linux Advisory Watch newsletter is developed by the community of
volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.
| Package: | zlib |
| Date: | 03-10-2003 |
| Description: | There is a buffer overflow in the gzprintf function in zlib that can enable attackers to cause a denial of service or possibly execute arbitrary code. |
| Vendor Alerts: | Caldera:
|
| Package: | sendmail |
| Date: | 03-10-2003 |
| Description: | From CA-2003-07: Researchers at Internet Security Systems (ISS) have discovered a remotely exploitable vulnerability in sendmail. This vulnerability could allow an intruder to gain control of a vulnerable sendmail server. |
| Vendor Alerts: | Caldera:
|
| Package: | qpopper |
| Date: | 03-13-2003 |
| Description: | The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user “mail” group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible. |
| Vendor Alerts: | Debian:
|
| Package: | file |
| Date: | 03-13-2003 |
| Description: | iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the “file” command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. |
| Vendor Alerts: | Debian:
EnGarde:
Gentoo:
Mandrake:
NetBSD:
Red Hat:
|
| Package: | snort |
| Date: | 03-07-2003 |
| Description: | Recently ISS X-Force discovered a buffer overflow vulnerability in the RPC preprocessor of the snort IDS system. A remote attacker could send fragmented RPC records and cause snort to execute arbitrary code as the snort user. |
| Vendor Alerts: | EnGarde:
Gentoo:
Mandrake:
|
| Package: | mysqlcc |
| Date: | 03-07-2003 |
| Description: | Versions prior to 0.8.9 had all configuration and connection files world readable. |
| Vendor Alerts: | Gentoo:
|
| Package: | netscape-flash |
| Date: | 03-09-2003 |
| Description: | The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user’s computer. |
| Vendor Alerts: | Gentoo:
|
| Package: | ethereal |
| Date: | 03-09-2003 |
| Description: | The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow. This vulnerability has been present in Ethereal since the SOCKS dissector was introduced in version 0.8.7. It was discovered by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a heap overflow. All users of Ethereal 0.9.9 and below are encouraged to upgrade. |
| Vendor Alerts: | Gentoo:
|
| Package: | usermode |
| Date: | 03-12-2003 |
| Description: | The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion. |
| Vendor Alerts: | Mandrake:
|
| Package: | tcpdump |
| Date: | 03-12-2003 |
| Description: | The network traffic analyzer tool tcpdump is vulnerable to a denial-of-service condition while parsing ISAKMP or BGP packets. This bug can be exploited remotely by an attacker to stop the use of tcpdump for analyzing network traffic for signs of security breaches or alike. Another bug may lead to system compromise due to the handling of malformed NFS packets send by an attacker. |
| Vendor Alerts: | SuSE:
|
| Package: | lprold |
| Date: | 03-12-2003 |
| Description: | The lprm command of the printing package lprold shipped till SuSE 7.3 contains a buffer overflow. This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root privileges. lprold is installed as default package and has the setuid bit set. |
| Vendor Alerts: | SuSE:
|
Category:
- Security
