Author: Preston St. Pierre
freeam, gzip, libgd1, gnats, libgd2, Gallery, ImageMagick, zgv, mtink, Apache,
pavuk, samba, libxml, webmin, and speedtouch. The distributors include Conectiva,
Debian, Fedora, Gentoo, Mandrake, and Trustix.
Identify Gateway Machines
Special attention should be paid to gateway or firewall systems,
as they usually control access to the services running on the
entire network. Such gateways should be identified, its function
within the network shouild be assessed and owners or administrators
should be identified. These hosts, often referred to as
“bastion hosts” are a prime target for an intruder. They should
be some of the most fortified machines on the network.
Be sure to regularly review the current access policies and security
of the system itself.
These “systems” should absolutely only be running the services
necessary to perform it’s operation. Your firewall should not be your
mail server, web server, contain user accounts, etc. Some of the
things you should check for, and absolutely fortify on these hosts
include:
- Turn off access to all but necessary services.
- Depending on the type of firewall, disable IP Forwarding, preventing the
system from routing packets unless absolutely instructed to do so. - Update machine by installing vendor patches immediately.
- Restrict network management utilities, such as SNMP, “public” communities,
and write access. - Be sure firewall policy includes mechanisms for preventing common attacks
such as IP Spoofing, Fragmentation attacks, Denial of Service, etc. - Monitor status very closely. You should develop a reference point in which
the machine normally operates to be able to detect variations which may indicate
an intrusion. - Develop a comprehensive firewall model. Firewalls should be treated as
a security system, not just a program that runs on a machine and has an access
control list. Firewall administration should be centrally controlled and evaluation
of firewall policies should be done prior to actual firewall deployment.
Excerpt from the LinuxSecurity Administrator’s Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave@guardiandigital.com)
| Distribution: | Conectiva | ||
| 11/8/2004 | xpdf | ||
|
vulnerabilities fix
Chris Evans discovered several integer overflows vulnerabilities in the xpdf code which can be exploited remotely by a specially crafted PDF document and may lead to the execution of arbitrary code. |
|||
| 11/8/2004 | libtiff3 | ||
|
vulnerabilities fix
This announcement fixes several integer overflow vulnerabilities that were encountered in libtiff. |
|||
| 11/11/2004 | sasl | ||
|
buffer overflow vulnerability fix
A vulnerability[2] has been discovered in the Cyrus implementation of the SASL library. The library honors the environment variable SASL_PATH blindly, which allows a local attacker to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application. |
|||
| Distribution: | Debian | ||
| 11/5/2004 | shadow | ||
|
unintended behaviour fix
A vulnerability has been discovered in the shadow suite which provides programs like chfn and chsh. It is possible for a user, who is logged in but has an expired password to alter his account information with chfn or chsh without having to change the password. The problem was originally thought to be more severe. |
|||
| 11/8/2004 | ruby | ||
|
denial of service fix
The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles. |
|||
| 11/8/2004 | freeam | ||
|
arbitrary code execution fix
Luigi Auriemma discovered a buffer overflow condition in the playlist module of freeamp which could lead to arbitrary code execution. Recent versions of freeamp were renamed into zinf. |
|||
| 11/8/2004 | gzip | ||
|
insecure temporary files fix
Trustix developers discovered insecure temporary file creation in supplemental scripts in the gzip package which may allow local users to overwrite files via a symlink attack. |
|||
| 11/9/2004 | libgd1 | ||
|
arbitrary code execution fix
“infamous41md” discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim’s machine. |
|||
| 11/9/2004 | gnats | ||
|
arbitrary code execution fix
Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code. |
|||
| 11/9/2004 | libgd2 | ||
|
arbitrary code execution fix
“infamous41md” discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim’s machine. |
|||
| Distribution: | Fedora | ||
| 11/8/2004 | udev-039-10.FC3.1 update | ||
|
arbitrary code execution fix
Due to debugging code left accidently in the FC3 udev package, SIGCHLD signals are blocked in udev, which prevents getting the proper exit status in udev.rules. This means no cdrom symlinks are created and pam_console does not apply desktop user ownerships to any cdrom devices. |
|||
| 11/8/2004 | initscripts-7.93.5-1 update | ||
|
arbitrary code execution fix
This update fixes some minor bugs discovered after the final freeze date. |
|||
| 11/8/2004 | hotplug-2004_04_01-8 update | ||
|
arbitrary code execution fix
This update fixes it so that the sg module gets loaded by hotplug for non-disk, non-optical devices. |
|||
| 11/8/2004 | ipsec-tools-0.3.3-2 update | ||
|
arbitrary code execution fix
This update fixes the use of ‘setkey’ when reading from stdin (the ‘-c’ argument). |
|||
| 11/8/2004 | kde-i18n-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdeaddons-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdeadmin-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdeartwork-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdebase-3.3.1-4.1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdebindings-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdeedu-3.3.1-2.1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdegames-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdegraphics-3.3.1-2.1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdelibs-3.3.1-2.2 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdemultimedia-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdenetwork-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdepim-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdesdk-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdetoys-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdeutils-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdevelop-3.1.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | kdewebdev-3.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | arts-1.3.1-1 update | ||
|
arbitrary code execution fix
KDE 3.3.1 update |
|||
| 11/8/2004 | gpdf-2.8.0-8 update | ||
|
arbitrary code execution fix
GPdf includes the gpdf application, a Bonobo control for PDF display which can be embedded in Nautilus, and a Nautilus property page for PDF files. |
|||
| 11/8/2004 | wireless-tools-27-0.pre25.3 update | ||
|
arbitrary code execution fix
Fixes a memory leak during wireless scans that affects NetworkManager. |
|||
| 11/8/2004 | redhat-artwork-0.96-2 update | ||
|
arbitrary code execution fix
This update fixes issues when using redhat-artwork on 64-bit platforms, having both 32 and 64 bit versions installed. |
|||
| 11/8/2004 | gnome-media-2.8.0-3.FC3.1 update | ||
|
arbitrary code execution fix
GNOME (GNU Network Object Model Environment) is a user-friendly set of GUI applications and desktop tools to be used in conjunction with a window manager for the X Window System. The gnome-media package will install media features like the GNOME CD player. |
|||
| 11/8/2004 | zip-2.3-26.2 update | ||
|
arbitrary code execution fix
A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames. |
|||
| 11/8/2004 | zip-2.3-26.3 update | ||
|
arbitrary code execution fix
A buffer overflow has been found in zip which will lead to a buffer overflow when a user try to create a zip archive which contains very long filenames. |
|||
| 11/9/2004 | gnumeric-1.2.13-8.fc3 update | ||
|
arbitrary code execution fix
64bit excel {im|ex}port backport fixes |
|||
| 11/10/2004 | system-config-users-1.2.27-0.fc2.1 update | ||
|
arbitrary code execution fix
system-config-users is a graphical utility for administrating users and groups. It depends on the libuser library. |
|||
| 11/10/2004 | openoffice.org-1.1.2-11.5.fc3 update | ||
|
arbitrary code execution fix
The fixes in this update are detailed in the changelog entry below. |
|||
| 11/10/2004 | openoffice.org-1.1.2-11.4.fc2 update | ||
|
arbitrary code execution fix
The fixes in this update are detailed in the changelog entry below. |
|||
| 11/10/2004 | jwhois-3.2.2-6.FC3.1 update | ||
|
arbitrary code execution fix
This update fixes a crash when a processing a query requires more than one redirection. |
|||
| 11/11/2004 | ruby-1.8.1-6.FC2.0 update | ||
|
arbitrary code execution fix
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. |
|||
| 11/11/2004 | ruby-1.8.1-7.FC3.1 update | ||
|
arbitrary code execution fix
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. |
|||
| 11/11/2004 | glibc-2.3.3-27.1 update | ||
|
arbitrary code execution fix
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. |
|||
| 11/11/2004 | system-config-users-1.2.27-0.fc3.1 update | ||
|
arbitrary code execution fix
system-config-users is a graphical utility for administrating users and groups. It depends on the libuser library. |
|||
| 11/11/2004 | libxml2-2.6.16-2 update | ||
|
arbitrary code execution fix
This update to libxml2 fixes a variety of bugs found in 2.6.15, notably #137968. |
|||
| 11/11/2004 | libxml2-2.6.16-3 update | ||
|
arbitrary code execution fix
This update to libxml2 fixes a variety of bugs found in 2.6.15, notably #137968. |
|||
| 11/11/2004 | gd-2.0.21-5.20.1 update | ||
|
arbitrary code execution fix
Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. |
|||
| 11/11/2004 | gd-2.0.28-1.30.1 update | ||
|
arbitrary code execution fix
Several buffer overflows were reported in various memory allocation calls. An attacker could create a carefully crafted image file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. |
|||
| 11/11/2004 | unarj-2.63a-7 update | ||
|
arbitrary code execution fix
A buffer overflow bug has been discovered in unarj when handling long file names contained in an archive. An attacker could create an archive with a specially crafted path which could cause unarj to crash or execute arbitrary instructions. |
|||
| Distribution: | Gentoo | ||
| 11/6/2004 | GPdf, KPDF, KOffice Vulnerabilities in included xpdf | ||
|
arbitrary code execution fix
The original fix introduced new vulnerabilities on 64-bit platforms. New fixed packages are available. Updated sections follow. |
|||
| 11/6/2004 | Xpdf, CUPS Multiple integer overflows | ||
|
arbitrary code execution fix
The original fix introduced new vulnerabilities on 64-bit platforms. New fixed packages are available. Updated sections follow. |
|||
| 11/6/2004 | Gallery | ||
|
Cross-site scripting vulnerability
Gallery is vulnerable to cross-site scripting attacks. |
|||
| 11/6/2004 | ImageMagick | ||
|
EXIF buffer overflow
ImageMagick contains an error in boundary checks when handling EXIF information, which could lead to arbitrary code execution. |
|||
| 11/7/2004 | zgv | ||
|
Multiple buffer overflows
zgv contains multiple buffer overflows that can potentially lead to the execution of arbitrary code. |
|||
| 11/7/2004 | Portage, Gentoolkit Temporary file vulnerabilities | ||
|
Multiple buffer overflows
dispatch-conf (included in Portage) and qpkg (included in Gentoolkit) are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script. |
|||
| 11/7/2004 | Kaffeine, gxine Remotely exploitable buffer overflow | ||
|
Multiple buffer overflows
Kaffeine and gxine both contain a buffer overflow that can be exploited when accessing content from a malicious HTTP server with specially crafted headers. |
|||
| 11/8/2004 | OpenSSL, Groff Insecure tempfile handling | ||
|
Multiple buffer overflows
groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. |
|||
| 11/9/2004 | zip | ||
|
Path name buffer overflow
zip contains a buffer overflow when creating a ZIP archive of files with very long path names. This could lead to the execution of arbitrary code. |
|||
| 11/9/2004 | mtink | ||
|
Insecure tempfile handling
mtink is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. |
|||
| 11/10/2004 | Apache | ||
|
2.0 Denial of Service by memory consumption
A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of Service. |
|||
| 11/11/2004 | pavuk | ||
|
Multiple buffer overflows
Pavuk contains multiple buffer overflows that can allow a remote attacker to run arbitrary code. |
|||
| 11/11/2004 | ez-ipupdate Format string vulnerability | ||
|
Multiple buffer overflows
ez-ipupdate contains a format string vulnerability that could lead to execution of arbitrary code. |
|||
| 11/11/2004 | samba | ||
|
Remote Denial of Service
An input validation flaw in Samba may allow a remote attacker to cause a Denial of Service by excessive consumption of CPU cycles. |
|||
| 11/11/2004 | Davfs2, lvm-user Insecure tempfile handling | ||
|
Remote Denial of Service
Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them. |
|||
| Distribution: | Mandrake | ||
| 11/5/2004 | shadow | ||
|
security bypass vulnerability fix
A vulnerability in the shadow suite was discovered by Martin Schulze that can be exploited by local users to bypass certain security restrictions due to an input validation error in the passwd_check() function. This function is used by the chfn and chsh tools. |
|||
| 11/5/2004 | libxml | ||
|
libxml2 multiple vulnerabilities fix
Multiple buffer overflows were reported in the libxml XML parsing library. These vulnerabilities may allow remote attackers to execute arbitray code via a long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function, a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy() function, and other overflows in the code that resolves names via DNS. |
|||
| 11/8/2004 | ruby | ||
|
remote DoS vulnerability fix
Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session’s FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CAN-2004-0755). |
|||
| 11/10/2004 | webmin | ||
|
problem with some modules fix
There was a problem with two modules in the webmin package that did not work correctly: the cron and backup modules. The updates packages fix the problem so the modules will again work. |
|||
| 11/11/2004 | ez-ipupdate format string vulnerability fix | ||
|
problem with some modules fix
Ulf Harnhammar discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. The updated packages are patched to protect against this problem. |
|||
| 11/11/2004 | speedtouch | ||
|
format string vulnerability fix
The Speedtouch USB driver contains a number of format string vulnerabilities due to improperly made syslog() system calls. These vulnerabilities can be abused by a local user to potentially allow the execution of arbitray code with elevated privileges. |
|||
| 11/11/2004 | samba | ||
|
DoS vulnerability fix
Karol Wiesek discovered a bug in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts of CPU cycles which would impact the performance and response of the server. |
|||
| Distribution: | Trustix | ||
| 11/5/2004 | apache | ||
|
buffer overflow
Potential buffer overflow with escaped characters in SSI tag string. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0940 to this issue. |
|||
| 11/8/2004 | php, postfix, kernel, sqlgrey, sqlite package fixes | ||
|
buffer overflow
PHP: Wrong “extension_dir” leads to problems loading modules. Postfix: Fixed a missing define that prevented dynamic loading of modules. |
|||
