Linux Advisory Watch – May 14, 2004

80

Author: Benjamin D. Thomas

This week, advisories were
released for lha, rsync, film, exim, mc, OpenSSL, heimdal, libneon, clamav,
utempter, propftd, apache2, systrace, cvs, procfs, libpng, openoffice, kernel,
sysklogd, and live. The distributors include Conectiva, Debian, Fedora, FreeBSD,
Gentoo, Mandrake, NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.

Why Security

As security professionals and systems
administrators we often forget exactly why we’re adding additional security.
In the daily grime of configuring firewalls, intrusion detection systems, and
other controls, we tend to loose sight of the real objective. In any organization
the purpose of information security is to support long-term growth and stability,
and ensuring confidentiality, integrity, and availability. In a business environment,
information security is critical.

A typical business objective is
to maximize profit, while having a high and sustainable rate of growth. Today,
businesses are increasingly dependent on IT to support the automation of tasks,
and e-Business functions. Email and Web access are no longer just a ‘nice thing
to have,’ they are a necessity. With this, comes increased risks.

Information is an essential resource
for all businesses, and is often a key factor for achieving business goals.
Having the right information in the hands of the right people, at the right
time is a critical success factor. It could be the difference between success
and failure. Today, businesses are so dependent on IT that if any event interrupted
service, productivity would grind to a halt. In many cases, doing a task manually
is no longer an option or even possible.

We have information security initiatives
in business to help prevent those catastrophic occurrences. We must also realize
it is impossible to prevent every incident. With that in mind, it is important
to have a plan to appropriately deal with situations as they occur, possibly
limiting any consequential damage. Information security is about maintaining
confidentiality, integrity, and availability with appropriate controls. It is
not about having the latest-and-greatest experimental technology. Although fun
to play with, it is important to keep the real objectives in mind.

Until next time, cheers!
Benjamin D. Thomas

 

LinuxSecurity
Feature Extras:

Guardian
Digital Security Solutions Win Out At Real World Linux

– Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian Digital’s
enterprise and small business applications were stand-out successes.

Interview
with Siem Korteweg: System Configuration Collector

– In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open source,
and information on future developments.

Security:
MySQL and PHP

– This is the second installation of a 3 part article on LAMP (Linux Apache
MySQL PHP). In order to safeguard a MySQL server to the basic level, one has
to abide by the following guidelines.

[ Linux
Advisory Watch
] – [ Linux
Security Week
] – [ PacketStorm
Archive
] – [ Linux Security
Documentation
]

 


Linux Advisory Watch
is a comprehensive newsletter that outlines the security vulnerabilities that
have been announced throughout the week. It includes pointers to updated packages
and descriptions of each vulnerability.

[ Subscribe
]

 
Distribution: Conectiva
  5/10/2004 lha
    Multiple
vulnerabilities

Specially crafted LHarc archives, when processed by lha, may execute arbitrary
code or overwrite arbitrary files.

Conectiva advisory 4322

 
 
Distribution: Debian
  5/10/2004 rsync
    Directory
traversal vulneraiblity

Patch fixes issue where a remote user could cause an rsync daemon to write
files outside of the intended directory tree unless ‘chroot’ option is on.

Debian advisory 4319

 
  5/10/2004 flim
    Insecure
temporary file vulnerability

This vulnerability could be exploited by a local user to overwrite files
with the privileges of the user running emacs.

Debian advisory 4320

 
  5/10/2004 exim
    Buffer
overflow vulnerabilities

Neither of these stack-based buffer overflows is exploitable with the default
Debian configuration.

Debian advisory 4321

 
  5/12/2004 exim-tls
Buffer overflow vulnerabilities
    Buffer
overflow vulnerabilities

These can not be exploited with the default configuration from the Debian
system.

Debian advisory 4330

 
  5/13/2004 mah-jong
Denial of service vulnerability
    Buffer
overflow vulnerabilities

A problem has been discovered in mah-jong that can be utilised to crash
the game server after dereferencing a NULL pointer.

Debian advisory 4336

 
 
Distribution: Fedora
  5/10/2004 mc
    Multiple
vulnerabilities

Several buffer overflows, several temporary file creation vulnerabilities,
and one format string vulnerability have been discovered in Midnight Commander.


Fedora advisory 4317

 
  5/10/2004 OpenSSL
    Denial
of service vulnerability

Testing uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d
that can lead to a denial of service attack (infinite loop).

Fedora advisory 4318

 
 
Distribution: FreeBSD
  5/10/2004 heimdal
    Cross-realm
trust vulnerability

It is possible for the Key Distribution Center (KDC) of a realm to forge
part or all of the `transited’ field to fake zone trustedness.

FreeBSD advisory 4315

 
  5/10/2004 crypto_heimdal
    Heap overflow
vulnerability

A remote attacker may send a specially formatted message to k5admind, causing
it to crash or possibly resulting in arbitrary code execution.

FreeBSD advisory 4316

 
 
Distribution: Gentoo
  5/10/2004 LHa
    Multiple
vulnerabilities

Patch corrects two stack-based buffer overflows and two directory traversal
problems in LHa.

Gentoo advisory 4313

 
  5/10/2004 libneon
    Format
string vulnerabilities

Allows malicious WebDAV server to execute arbitrary code.

Gentoo advisory 4314

 
  5/12/2004 ClamAV
    Privilege
escalation vulnerability

With a specific configuration Clam AntiVirus is vulnerable to an attack
allowing execution of arbitrary commands.

Gentoo advisory 4328

 
  5/12/2004 OpenOffice.org
Format string vulnerabilities
    Privilege
escalation vulnerability

Several format string vulnerabilities are present in the Neon library allowing
remote execution of arbitrary code when connected to an untrusted WebDAV
server.

Gentoo advisory 4329

 
  5/13/2004 utempter
    Insecure
temporary file vulnerability

Utempter contains a vulnerability that may allow local users to overwrite
arbitrary files via a symlink attack.

Gentoo advisory 4335

 
 
Distribution: Mandrake
  5/10/2004 proftpd
    Access
control escape vulnerability

CIDR ACLs in version 1.2.9 allow access even to files and directories that
are otherwise specifically denied.

Mandrake advisory 4312

 
  5/12/2004 rsync
    Directory
traversal vulnerability

Rsync before 2.6.1 does not properly sanitize paths when running a read/write
daemon without using chroot, allows remote attackers to write files outside
of the module’s path.

Mandrake advisory 4326

 
  5/12/2004 apache2
    Denial
of service vulnerability

A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49
allows a remote denial of service attack against an SSL-enabled server.


Mandrake advisory 4327

 
 
Distribution: NetBSD
  5/13/2004 systrace
    Privilege
escalation vulnerability

A local user that is allowed to use /dev/systrace can obtain root access.


NetBSD advisory 4334

 
 
Distribution: OpenBSD
  5/10/2004 cvs
    Pathname
validation vulnerabilities

Patches for both client and server prevent file creation and modification
outside of allowed directories.

OpenBSD advisory 4311

 
  5/13/2004 procfs
    Incorrect
bounds checking vulnerability

Incorrect bounds checking in several procfs functions could allow an unprivileged
malicious user to read arbitrary kernel memory.

OpenBSD advisory 4332

 
 
Distribution: Red
Hat
  5/10/2004 utempter
    Temporary
file vulnerability

Utemper can be userd to overwrite privileged files with symlink.

Red Hat advisory 4300

 
  5/10/2004 libpng
    Denial
of service vulnerability

An attacker could carefully craft a PNG file in such a way that it would
cause an application linked to libpng to crash when opened by a victim.


Red Hat advisory 4301

 
  5/10/2004 OpenOffice
    Format
string vulnerability

An attacker could create a malicious WebDAV server in such a way as to allow
arbitrary code execution on the client should a user connect to it using
OpenOffice.

Red Hat advisory 4302

 
  5/10/2004 mc
    Multiple
vulnerabilities

This patch corrects many vulnerabilities of Midnight Commander.

Red Hat advisory 4303

 
  5/12/2004 kernel
    Multiple
vulnerabilities

This patches the 2.4.x kernel for a wide variety of platforms to fix a large
number of bugs, including several with security implications.

Red Hat advisory 4324

 
  5/12/2004 ipsec-tools
Multiple vulnerabilities
    Multiple
vulnerabilities

This patch fixes three seperate vulnerabilities in IPSec under Red Hat.


Red Hat advisory 4325

 
 
Distribution: Slackware
  5/10/2004 rsync
    Improper
write access vulnerability

When running an rsync server without the chroot option it is possible for
an attacker to write outside of the allowed directory.

Slackware advisory 4306

 
  5/10/2004 sysklogd
    Denial
of service vulnerability

New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current
to fix a security issue where a user could cause syslogd to crash.

Slackware advisory 4307

 
  5/10/2004 xine-lib
Arbitrary code execution vulnerability
    Denial
of service vulnerability

Playing a specially crafted Real RTSP stream could run malicious code as
the user playing the stream.

Slackware advisory 4308

 
  5/10/2004 libpng
    Denial
of service vulnerability

libpng could be caused to crash, creating a denial of service issue if network
services are linked with it.

Slackware advisory 4309

 
  5/10/2004 lha
    Multiple
vulneraiblities

Fixes buffer overflows and directory traversal vulnerabilities.

Slackware advisory 4310

 
  5/13/2004 apache
    Multiple
vulnerabilities

Patch corrects denial of service and shell escape vulnerabilities.

Slackware advisory 4333

 
 
Distribution: Suse
  5/10/2004 kernel
    Multiple
vulnerabilities

This patch fixes a large number of minor vulnerabilities and bugs related
to the SuSE 8.1 and SuSE 9.0 kernels.

SUSE advisory 4304

 
  5/10/2004 Live
    CD 9.1
Passwordless superuser

A configuration error on the Live CD allows for a passwordless, remote root
login to the system via ssh, if the computer has booted from the Live CD
and if it is connected to a network.

SUSE advisory 4305