Linux Advisory Watch - November 26, 2004

This week, advisories were released for bugzilla, samba, bnc, sudo, Cyrus,
yardradius, AbiWord, unarj, pdftohtml, ProZilla, phpBB, TWiki, XFree86, libxpm4,
a2ps, zip, kdebase, and kdelibs. The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Openwall, and Trustix.

Security Basics

In the ever-changing world of global data communications, inexpensive Internet
connections, and fast-paced software development, security is becoming more
and more of an issue. Security is now a basic requirement because global computing
is inherently insecure. As your data goes from point A to point B on the Internet,
for example, it may pass through several other points along the way, giving
other users the opportunity to intercept, and even alter, your data. Even other
users on your system may maliciously transform your data into something you
did not intend. Unauthorized access to your system may be obtained by intruders,
also known as “crackers”, who then use advanced knowledge to impersonate you,
steal information from you, or even deny you access to your own resources. If
you’re still wondering what the difference is between a “Hacker” and a “Cracker”,
see Eric Raymond’s document, “How to Become A Hacker”, available at: http://www.catb.org/~esr/faqs/hacker-howto.html

How Vulnerable Are We?

While it is difficult to determine just how vulnerable a particular
system is, there are several indications we can use:

The Computer Emergency Response Team consistently reports an increase in
computer vulnerabilities and exploits.
TCP and UDP, the protocols that comprise the Internet, were not written
with security as their first priority when it was created more than 30 years
ago.
A version of software on one host has the same vulnerabilities as the same
version of software on another host. Using this information, an intruder can
exploit multiple systems using the same attack method.
Many administrators don’t even take simple security measures necessary to
protect their site, or don’t understand the ramifications of implementing
some services. Many administrators are not given the additional time necessary
to integrate the necessary security measures.


Distribution:			Conectiva
	11/23/2004	shadow-utils authentication bypass vulnerability fix
		Martin Schulze reported a vulnerability[2] in the passwd_check() function in “libmisc/pwdcheck.c” which is used by chfn and chsh and thus may allow a local attacker to use them to change the standard shell of other users or modify their GECOS information (full name, phone number…). http://www.linuxsecurity.com/advisories/conectiva_advisory-5223.html

	11/23/2004	bugzilla
		remote vulnerability fix Bugzilla versions prior to 2.16.7 have a vulnerability[3] which allows a remote user to remove keywords from a ticket even without the necessary permissions. Such an action, however, would trigger the usual e-mail detailing the changes, making it easy to discover what happened and what was changed. http://www.linuxsecurity.com/advisories/conectiva_advisory-5224.html

	11/25/2004	samba
		denial of service vulnerability fix Karol Wiesek found a vulnerability[2] in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters that may allow a remote attacker to consume abnormal amounts of CPU cycles. http://www.linuxsecurity.com/advisories/conectiva_advisory-5234.html


Distribution:			Debian
	11/24/2004	bnc
		buffer overflow Leon Juranic discovered that BNC, an IRC session bouncing proxy, does not always protect buffers from being overwritten. This could exploited by a malicious IRC server to overflow a buffer of limited size and execute arbitrary code on the client host. http://www.linuxsecurity.com/advisories/debian_advisory-5227.html

	11/24/2004	sudo
		privilege escalation fix Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system routines. http://www.linuxsecurity.com/advisories/debian_advisory-5228.html

	11/24/2004	sudo
		removes debug output Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system routines. http://www.linuxsecurity.com/advisories/debian_advisory-5229.html

	11/25/2004	Cyrus
		IMAP arbitrary code execution fix Stefan Esser discovered several security related problems in the Cyrus IMAP daemon. Due to a bug in the command parser it is possible to access memory beyond the allocated buffer in two places which could lead to the execution of arbitrary code. http://www.linuxsecurity.com/advisories/debian_advisory-5240.html

	11/25/2004	yardradius
		arbitrary code execution fix Max Vozeler noticed that yardradius, the YARD radius authentication and accounting server, contained a stack overflow similar to the one from radiusd which is referenced as CAN-2001-0534. This could lead to the execution of arbitrary code as root. http://www.linuxsecurity.com/advisories/debian_advisory-5241.html

	11/25/2004	tetex-bin arbitrary code execution
		arbitrary code execution fix Chris Evans discovered several integer overflows in xpdf, that are also present in tetex-bin, binary files for the teTeX distribution, which can be exploited remotely by a specially crafted PDF document and lead to the execution of arbitrary code. http://www.linuxsecurity.com/advisories/debian_advisory-5242.html


Distribution:			Fedora
	11/19/2004	system-config-users-1.2.28-0.fc3.1 update
		arbitrary code execution fix check for running processes of a user about to be deleted (#132902) http://www.linuxsecurity.com/advisories/fedora_advisory-5205.html

	11/19/2004	system-config-users-1.2.28-0.fc2.1 update
		arbitrary code execution fix check for running processes of a user about to be deleted (#132902) http://www.linuxsecurity.com/advisories/fedora_advisory-5206.html

	11/19/2004	rhgb-0.16.1-1.FC3 update
		arbitrary code execution fix This should fix the problem where rhgb blocks the boot process when X fails to initialize correctly, as well as the one preventing vncserver to start when rhgb is used. http://www.linuxsecurity.com/advisories/fedora_advisory-5207.html

	11/22/2004	redhat-menus-3.7-2.2.fc3 update
		arbitrary code execution fix This update adds additional file types to the list of file types associated with the OpenOffice.org application suite, allowing users to open more documents with OpenOffice.org through Nautilus and Evolution. http://www.linuxsecurity.com/advisories/fedora_advisory-5213.html

	11/22/2004	kernel-2.6.9-1.6_FC2 update
		arbitrary code execution fix This update brings a rebase to 2.6.9, including various security fixes incorporated into the upstream kernel, and also includes Alan Cox’s -ac patchset, which adds additional security fixes. http://www.linuxsecurity.com/advisories/fedora_advisory-5214.html

	11/22/2004	kernel-2.6.9-1.681_FC3 update
		arbitrary code execution fix This update brings an updated -ac patch which which adds several security fixes, and various other fixes that have occured since the release of Fedora Core 3. http://www.linuxsecurity.com/advisories/fedora_advisory-5215.html

	11/22/2004	redhat-menus-3.7.1-1.fc3 update
		arbitrary code execution fix This update fixes the missing evolution icon bug (#rh138282). http://www.linuxsecurity.com/advisories/fedora_advisory-5216.html

	11/23/2004	system-config-display-1.0.24-1 update
		arbitrary code execution fix This fixes tracebacks experienced by some users with dual head support http://www.linuxsecurity.com/advisories/fedora_advisory-5217.html

	11/24/2004	system-config-samba-1.2.22-0.fc3.1 update
		arbitrary code execution fix add missing options (#137756) http://www.linuxsecurity.com/advisories/fedora_advisory-5230.html

	11/24/2004	system-config-samba-1.2.22-0.fc2.1 update
		arbitrary code execution fix add missing options (#137756), don’t raise exception when writing /etc/samba/smb.conf (#135946), updated translations http://www.linuxsecurity.com/advisories/fedora_advisory-5231.html

	11/25/2004	AbiWord
		bug fixes Fixes for tempnam usages and startup geometry crashes http://www.linuxsecurity.com/advisories/fedora_advisory-5232.html


Distribution:			Gentoo
	11/19/2004	X.org, Xfree vulnerabilities
		bug fixes libXpm contains several vulnerabilities that could lead to a Denial of Service and arbitrary code execution. http://www.linuxsecurity.com/advisories/gentoo_advisory-5209.html

	11/19/2004	unarj
		Long filenames buffer overflow and a path traversal vulnerability unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-5210.html

	11/23/2004	pdftohtml
		Vulnerabilities in included Xpdf pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file. http://www.linuxsecurity.com/advisories/gentoo_advisory-5219.html

	11/23/2004	ProZilla
		Multiple vulnerabilities ProZilla contains several buffer overflow vulnerabilities that can be exploited by a malicious server to execute arbitrary code with the rights of the user running ProZilla. http://www.linuxsecurity.com/advisories/gentoo_advisory-5220.html

	11/23/2004	phpBB
		Remote command execution phpBB contains a vulnerability which allows a remote attacker to execute arbitrary commands with the rights of the web server user. http://www.linuxsecurity.com/advisories/gentoo_advisory-5221.html

	11/24/2004	TWiki
		Arbitrary command execution A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki. http://www.linuxsecurity.com/advisories/gentoo_advisory-5222.html

	11/25/2004	Cyrus
		IMAP Multiple remote vulnerabilities The Cyrus IMAP Server contains multiple vulnerabilities which could lead to remote execution of arbitrary code. http://www.linuxsecurity.com/advisories/gentoo_advisory-5233.html


Distribution:			Mandrake
	11/23/2004	XFree86
		vulnerabilities fix A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. http://www.linuxsecurity.com/advisories/mandrake_advisory-5225.html

	11/23/2004	libxpm4
		vulnerabilities fix A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. http://www.linuxsecurity.com/advisories/mandrake_advisory-5226.html

	11/25/2004	Cyrus
		IMAP multiple vulnerabilities A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the ‘partial’ and ‘fetch’ commands, a buffer overflow could be exploited to execute arbitrary attacker-supplied code. http://www.linuxsecurity.com/advisories/mandrake_advisory-5235.html

	11/25/2004	a2ps
		vulnerability fix The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitray commands with the privileges of the user running the vulnerable application. http://www.linuxsecurity.com/advisories/mandrake_advisory-5236.html

	11/25/2004	zip
		vulnerability fix A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an archive containing a specially-crafted path name. http://www.linuxsecurity.com/advisories/mandrake_advisory-5237.html

	11/26/2004	kdebase
		various bugs fixes A number of bugs in kdebase are fixed with this update. http://www.linuxsecurity.com/advisories/mandrake_advisory-5238.html

	11/26/2004	kdelibs
		various bugs fix A number of bugs in kdelibs are fixed with this update. http://www.linuxsecurity.com/advisories/mandrake_advisory-5239.html


Distribution:			Openwall
	11/23/2004	2.4.28-ow1 security-related bugs
		various bugs fix Linux 2.4.28, and thus 2.4.28-ow1, fixes a number of security-related bugs, including the ELF loader vulnerabilities discovered by Paul Starzetz (confirmed: ability for users to read +s-r binaries; potential: local root), a race condition with reads from Unix domain sockets (potential local root), smbfs support vulnerabilities discovered by Stefan Esser (confirmed: remote DoS by a malicious smbfs server; potential: remote root by a malicious smbfs server). http://www.linuxsecurity.com/advisories/openwall_advisory-5218.html


Distribution:			Trustix
	11/22/2004	apache, kernel, sudo Multiple vulnerabilities
		various bugs fix An issue was discovered where the field length limit was not enforced for certain malicious requests. This could lead to a remote denial of service attack. http://www.linuxsecurity.com/advisories/trustix_advisory-5211.html

	11/22/2004	amavisd-new, anaconda, courier-imap, ppp, setup, spamassassin, swup, tftp-hpa, tsl-utils Package bugfixes
		various bugs fix amavisd-new: Add tmpwatch of the virusmails directory to keep it from growing infinitely. Anaconda: Increase ramdisk-size as needed by netboot floppy. Courier-imap: Now use $HOME/Maildir. http://www.linuxsecurity.com/advisories/trustix_advisory-5212.html

RELATED ARTICLESMORE FROM AUTHOR

Xen 4.19 is released

Advancing Xen on RISC-V: key updates

AI Produces Data-driven OpenFOAM Speedup (HPC Wire)

Delivering Prime Training Deals – 2 DAYS ONLY

Why You Need to Know About Event Modeling: —An Intro

RELATED ARTICLES MORE FROM AUTHOR