[ISN] Linux Advisory Watch - April 16th 2004
InfoSec News
isn at c4i.org
Mon Apr 19 04:58:49 EDT 2004
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 16th, 2004 Volume 5, Number 16a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave at linuxsecurity.com ben at linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for apache, the Linux kernel, mysql,
xonix, ssmtp, openoffice, squid, cvs, Heimdal, iproute, pwlib, scorched,
tcpdump, cadaver, and mailman. The distributors include Conectiva, Debian,
Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.
----
>> Secure Online Data Transfer with SSL <<
Get Thawte's new introductory guide to SSL security which covers the
basics of how it operates. A discussion of the various applications of SSL
certificates and their appropriate deployment is also included along with
details of how to test SSL on your web server.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte02
----
Professional Associations
Those of you who have been in the IT industry for years are probably
already familiar with most professional organizations. Some of the more
popular include ISSA (Information Systems Security Association),
USENIX/SAGE, ACM, IAPSC, and countless others. Most organizations require
its members to pay dues, but that is not without value. Because there are
so many different organizations, it is a better idea to pick one or two
and get heavily involved. Many organizations are worldwide, but have
local chapters. This provides many opportunities for benefit.
Did you ever wish you knew the right people? Local chapter meetings are
great for professional networking. Some organizations have quarterly
meetings, others hold them monthly. Chapter events are a great
opportunity to meet people that have similar interests and needs. If you
are in search for a specific security solution, often you will find
someone at a meeting who can offer it. Conversely, if you're a business
owner and wish to extend your services, meetings can be helpful.
Organizations such as the ISSA offer educational benefits. Usually
meetings include a lecture that is centered around an information security
topic. Other meetings can include practical demonstrations and
round-table discussions. Also, ad hoc study groups are often formed to
prepare for certification exams.
Do you need additional credentials on your resume/cv? Do you wish you
could prove to management that you are ready for a leadership position?
Professional organizations also offer its members the chance to lead.
Positions such as chapter president, vice president, secretary, etc. open
for election each year. Although time consuming, it can be a worthwhile
commitment.
Finally, most professional organizations have monthly/quarterly journals
that are written by members. Rather than being subject to corporate
pressures, you'll find the articles in these journals are of high quality
and relatively unbiased. Usually you can also find archives of past
papers/publications on each organization's Web site.
For more information about some of the professional organizations that
I've mentioned, please see the following Web sites:
Information Systems Security Association
http://www.issa.org
Association for Computing Machinery
http://www.acm.org
USENIX/SAGE
http://www.usenix.org
International Association of Professional Security Consultants
http://www.iapsc.org/
Until next time, cheers!
Benjamin D. Thomas
ben at linuxsecurity.com
----
Guardian Digital Launches Next Generation Internet
Defense & Detection System
Guardian Digital has announced the first fully open source system designed
to provide both intrusion detection and prevention functions. Guardian
Digital Internet Defense & Detection System (IDDS) leverages best-in-class
open source applications to protect networks and hosts using a unique
multi-layered approach coupled with the security expertise and ongoing
security vigilance provided by Guardian Digital.
http://www.linuxsecurity.com/feature_stories/feature_story-163.html
--------------------------------------------------------------------
Interview with Siem Korteweg: System Configuration Collector
In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.
http://www.linuxsecurity.com/feature_stories/feature_story-162.html
--------------------------------------------------------------------
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
4/12/2004 - 'mod_python' DoS
This update fixes a remote denial of service vulnerabiliy in
Apache web-servers which have mod_python enabled.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4216.html
4/13/2004 - 'squid' ACL bypass vulnerability
This update fixes a vulnerability that allows a malicious user to
bypass url_regex ACLs by using a specially crafted URL.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4217.html
4/14/2004 - apache
Multiple vulnerabilities
Patch corrects non-filtered escape sequences and a DoS attack.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4219.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
4/14/2004 - kernel
Multiple vulnerabilities
This is three advisories in one, each for the same group of kernel
2.4.x vulnerabilities. The first is for the PA-RISC architecture,
the second for the IA-64 architecture, and the third for the
PowerPC/apus and S/390 architectures.
http://www.linuxsecurity.com/advisories/debian_advisory-4229.html
4/14/2004 - mysql
Insecure temporary file vulnerabilities
Two scripts contained in the package don't create temporary files
in a secure fashion, which could lead to a root exploit.
http://www.linuxsecurity.com/advisories/debian_advisory-4230.html
4/15/2004 - kernel
2.4.18 Multiple vulnerabilities
Here is a patch release specifically for kernel 2.4.18 on the i386
architecture, fixing multiple kernel security issues, and fixing a
build error from a previous patch to same.
http://www.linuxsecurity.com/advisories/debian_advisory-4231.html
4/15/2004 - xonix
Privilege retention vulnerability
A local attacker could exploit this vulnerability to gain gid
"games".
http://www.linuxsecurity.com/advisories/debian_advisory-4232.html
4/15/2004 - ssmtp
Format string vulnerability
These vulnerabilities could potentially be exploited by a remote
mail relay to gain the privileges of the ssmtp process (including
potentially root).
http://www.linuxsecurity.com/advisories/debian_advisory-4233.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
4/14/2004 - kernel
Multiple vulnerabilities
This patch fixes a variety of buffer overflow and information leak
vulnerabilities.
http://www.linuxsecurity.com/advisories/fedora_advisory-4228.html
4/15/2004 - kernel
Corrected md4sums
Something went wrong with the md5sums in yesterdays announcement.
http://www.linuxsecurity.com/advisories/fedora_advisory-4234.html
4/15/2004 - openoffice
Multiple format string vulnerabilities
This patch fixes vulnerabilities that may allow execution of
arbitrary code, as well as other bugfixes.
http://www.linuxsecurity.com/advisories/fedora_advisory-4238.html
4/15/2004 - squid
2.5 ACL escape vulnerability
This is a backport of an older patch which prevented crafted URLs
from being able to ignore Squid's ACLs.
http://www.linuxsecurity.com/advisories/fedora_advisory-4239.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
4/15/2004 - cvs
Chroot escape vulnerability
This patch fixes two cvs errors, one with the client and one with
the server. Both allow chroot escapes.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4240.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
4/9/2004 - Heimdal
Cross-realm scripting vulnerability
Heimdal contains cross-realm vulnerability allowing someone with
control over a realm to impersonate anyone in the cross-realm
trust path.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4211.html
4/9/2004 - iproute
Denial of service vulnerability
The iproute package allows local users to cause a denial of
service.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4212.html
4/9/2004 - pwlib
Multiple vulnerabilities
Multiple vulnerabilites have been found in pwlib that may lead to
a remote denial of service or buffer overflow attack.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4213.html
4/9/2004 - Scorched
3D Format string attack vulnerability
Scorched 3D is vulnerable to a format string attack in the chat
box that leads to Denial of Service on the game server and
possibly allows execution of arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4214.html
4/15/2004 - cvs
Multiple vulnerabilities
There are two vulnerabilities in CVS; one in the server and one in
the client. These vulnerabilities allow the reading and writing of
arbitrary files on both client and server.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4235.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
4/9/2004 - ipsec-tools Signature non-verification vulnerability
Multiple vulnerabilities
Racoon does not verify the RSA signature during phase one of a
connection using either main or aggressive mode. Only the
certificate of the client is verified, the certificate is not used
to verify the client's signature.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4215.html
4/14/2004 - cvs
Chroot escape vulnerability
A maliciously configured server could then create any file with
content on the local user's disk.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4226.html
4/14/2004 - kernel
Multiple vulnerabilities
This patch fixes a large variety of kernel bugs, including an
assortment of filesystem related vulnerabilities.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4227.html
4/15/2004 - tcpdump
Multiple vulnerabilities
Corrects out of bounds read and DoS attack.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4236.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
4/14/2004 - cvs
Chroot escape vulnerability
Updated cvs packages that fix a client vulnerability that could be
exploited by a malicious server are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4222.html
4/14/2004 - cadaver
Multiple format string vulnerabilities
An updated cadaver package that fixes a vulnerability in neon
exploitable by a malicious DAV server is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4223.html
4/14/2004 - mailman
Denial of service vulnerability
An updated mailman package that closes a DoS vulnerability in
mailman introduced by RHSA-2004:019 is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4224.html
4/14/2004 - OpenOffice
Multiple format string vulnerabilities
An attacker could create a malicious WebDAV server in such a way
as to allow arbitrary code execution on the client.
http://www.linuxsecurity.com/advisories/redhat_advisory-4225.html
4/15/2004 - subversion
Multiple format string vulnerabilities
An attacker could create a malicious WebDAV server in such a way
as to allow arbitrary code execution on the client connecting via
subserversion.
http://www.linuxsecurity.com/advisories/redhat_advisory-4237.html
+---------------------------------+
| Distribution: Suse | ----------------------------//
+---------------------------------+
4/14/2004 - kernel
Multiple vulnerabilities
Two vulnerabilities, one involving symlink names and one involving
the JFS filesystem, can both be used to gain root privileges.
http://www.linuxsecurity.com/advisories/suse_advisory-4220.html
4/14/2004 - cvs
Chroot escape vulnerability
Patches an ability for a rogue CVS server to remotely create
arbitrary absolute-path files with the user's permission.
http://www.linuxsecurity.com/advisories/suse_advisory-4221.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list