Thomas
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability.This week, advisories were released for log2mail, apache, luxman, wmaker,
squirrelmail, IPFilter, perl-MailTools, glibc, kerberos, heartbeat, dvips,
krb5, gv, tar/unzip, ypserv, and linuxconf. The distributors include
Conectiva, Debian, Gentoo, NetBSD, Red Hat, and SuSE.
LinuxSecurity Feature Extras:
FEATURE:
Security – Physical and Service The first installation of a 3 part
article covering everything from physical security and service security
to LAMP security (Linux Apache MySQL PHP).FEATURE:
Remote Syslogging – A Primer The syslog daemon is a very versatile
tool that should never be overlooked under any circumstances. The facility
itself provides a wealth of information regarding the local system that
it monitors.
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]
| Package: | log2mail |
| Date: | 11-01-2002 |
| Description: | Enrico Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles and sending lines with matching patterns via mail. The log2mail daemon is started upon system boot and runs as root. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root. |
| Vendor Alerts: | Debian:
|
| Package: | apache |
| Date: | 11-04-2002 |
| Description: | According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. |
| Vendor Alerts: | Debian:
Conectiva:
|
| Package: | luxman |
| Date: | 11-06-2002 |
| Description: | iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. |
| Vendor Alerts: | Debian:
|
| Package: | wmaker |
| Date: | 11-07-2002 |
| Description: | iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. |
| Vendor Alerts: | Debian:
|
| Package: | squirrelmail |
| Date: | 11-07-2002 |
| Description: | Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. |
| Vendor Alerts: | Debian:
|
| Package: | IPFilter (FTP) |
| Date: | 11-05-2002 |
| Description: | FTP proxy module in IPFilter package may not adequately maintain the state of FTP commands and responses. As a result, an attacker could establish arbitrary TCP connections to FTP servers or clients located behind a vulnerable firewall. |
| Vendor Alerts: | NetBSD:
|
| Package: | perl-MailTools |
| Date: | 11-05-2002 |
| Description: | This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. |
| Vendor Alerts: | SuSE:
Gentoo:
|
| Package: | glibc |
| Date: | 11-07-2002 |
| Description: | A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. |
| Vendor Alerts: | Red Hat:
Conectiva:
|
| Package: | kerberos |
| Date: | 11-07-2002 |
| Description: | A remotely exploitable stack buffer overflow has been found in the Kerberos v4 compatibility administration daemon distributed with the Red Hat Linux krb5 packages. |
| Vendor Alerts: | Red Hat:
|
| Package: | heartbeat |
| Date: | 11-03-2002 |
| Description: | Nathan Wallwork reported several format string vulnerabilities[2] in heartbeat that could possibly be used by a remote attacker to execute arbitrary code with root privileges. |
| Vendor Alerts: | Conectiva:
|
| Package: | dvips |
| Date: | 11-03-2002 |
| Description: | Olaf Kirch from SuSE discovered a vulnerability in the dvips utility, which is used to convert .dvi files to PostScript. dvips is calling the system() function in an insecure way when handling font names. An attacker can exploit this by creating a carefully crafted dvi file which, when opened by dvips, will cause the execution of arbitrary commands. |
| Vendor Alerts: | Conectiva:
|
| Package: | krb5 |
| Date: | 11-07-2002 |
| Description: | There is a buffer overflow vulnerability[2][3] in the Kerberos 4 remote administration service (kadmind4) that could be used by a remote attacker to execute arbitrary commands on the server with root privileges. |
| Vendor Alerts: | Conectiva:
|
| Package: | gv |
| Date: | 11-07-2002 |
| Description: | Zen Parse found[1] a buffer overflow vulnerability in gv version 3.5.8 and earlier. kghostview (from kdegraphics versions prior to 3.0.4) is also affected, since it has some code derived from the same project. An attacker can exploit this vulnerability by creating a carefully crafted pdf file that, when opened by gv or kghostview, causes the execution of arbitrary code. |
| Vendor Alerts: | Conectiva:
|
| Package: | tar/unzip |
| Date: | 11-07-2002 |
| Description: | Both tar and unzip have directory transversal vulnerabilities in the way they extract filenames containning “..” or “/” characteres at the beginning. By exploiting these vulnerabilities, a malicious user can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so. |
| Vendor Alerts: | Conectiva:
|
| Package: | ypserv |
| Date: | 11-07-2002 |
| Description: | Thorsten Kukuk identified and fixed a memory leak vulnerability[2] in the ypserv daemon. Requests for non-existing maps would cause the ypserv daemon to consume more and more memory. An attacker in the local network could flood the service with such requests until the memory is exhausted, characterizing a DoS condition. |
| Vendor Alerts: | Conectiva:
|
| Package: | linuxconf |
| Date: | 11-06-2002 |
| Description: | There is a problem[1] in the sendmail.cf file generated by the mailconf module that allows sendmail to be used as an open relay. By exploiting this vulnerability, a malicious user could send SPAM through the sendmail server without being in its served network. In order to do that, the recipient address of the messages must be in the format “user%domain@”. |
| Vendor Alerts: | Conectiva:
|
Category:
- Security
