[ISN] Linux Advisory Watch - August 13, 2004
InfoSec News
isn at c4i.org
Mon Aug 16 04:17:26 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| August 13, 2004 Volume 5, Number 32a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave at linuxsecurity.com ben at linuxsecurity.com
This week, advisories were released for apache, Cfengine, Courier,
Ethereal, Gaim, glibc, gnome-vfs, gv, imagemagick, kernel, libpng,
libpng10, mozilla, MPlayer, Nessus, Opera, PuTTY, Roundup, sox,
SpamAssassin, squirrelmail, and shorewall.
The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake,
Openwall, Red Hat, Slackware, Suse, Trustix, and Turbolinux.
-----
>> Internet Productivity Suite: Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10
-----
Root Security
Keeping the superuser account secure should be a top priority for any
system. The most sought-after account on your machine is the superuser
account. This account has authority over the entire machine, which may
also include authority over other machines on the network. Remember that
you should only use the root account for very short specific tasks and
should mostly run as a normal user. Running as root all the time is a very
very very bad idea.
Several tricks to avoid messing up your own box as root:
- When doing some complex command, try running it first in a non
destructive way...especially commands that use globbing: e.g., you
are going to do a rm foo*.bak, instead, first do: ls foo*.bak and
make sure you are going to delete the files you think you are. Using
echo in place of destructive commands also works.
- Provide your users with a default alias to the /bin/rm command to
ask for confirmation for deletion of files.
- Only become root to do single specific tasks. If you find yourself
trying to figure out how to do something, go back to a normal user
shell until you are sure what needs to be done by root.
- The command path for the root user is very important. The command
path, or the PATH environment variable, defines the location the
shell searches for programs. Try and limit the command path for
the root user as much as possible, and never use '.', meaning 'the
current directory', in your PATH statement. Additionally, never
have writable directories in your search path, as this can allow
attackers to modify or place new binaries in your search path,
allowing them to run as root the next time you run that command.
- Never use the rlogin/rsh/rexec (called the "r-utilities") suite of
tools as root. They are subject to many sorts of attacks, and are
downright dangerous run as root. Never create a .rhosts file for
root.
- The /etc/securetty file contains a list of terminals that root can
login from. By default (on Red Hat Linux) this is set to only the
local virtual consoles (vtys). Be very careful of adding anything
else to this file. You should be able to login remotely as your
regular user account and then use su if you need to (hopefully over
ssh or other encrypted channel), so there is no need to be able to
login directly as root.
- Always be slow and deliberate running as root. Your actions could
affect a lot of things. Think before you type!
Security Tip Written by Dave Wreski (dave at guardiandigital.com)
Additional tips are available at the following URL:
http://www.linuxsecurity.com/tips/
----
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
---------------------------------------------------------------------
Security Expert Dave Wreski Discusses Open Source Security
LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.
http://www.linuxsecurity.com/feature_stories/feature_story-170.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
8/11/2004 - libpng
Multiple vulnerabilities
Chris Evans found several vulnerabilities in unpatched libpng
versions pior to 1.0.16rc1 and 1.2.6rc1
http://www.linuxsecurity.com/advisories/conectiva_advisory-4655.html
8/11/2004 - apache
Format string vulnerability
Ralf S. Engelschall found[1] a dangerous call[2] to ssl_log
function in ssl_engine_log.c that could allow remote attackers to
execute arbitrary messages
http://www.linuxsecurity.com/advisories/conectiva_advisory-4656.html
8/13/2004 - squirrelmail
Multiple vulnerabilities
This patch addresses four vulnerabilities in SquirrelMail,
including XSS and SQL injection attacks.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4669.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
8/11/2004 - squirrelmail
Multiple vulnerabilities
This patch addresses multiple Cross Site Scripting and SQL
Injection vulnerabilities.
http://www.linuxsecurity.com/advisories/debian_advisory-4653.html
8/11/2004 - libpng
Multiple vulnerabilities
This patch addresses a large number of vulnerabilities in libpng.
http://www.linuxsecurity.com/advisories/debian_advisory-4654.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
8/11/2004 - kernel
Multiple vulnerabilities
This update kernel for Fedora Core 2 contains the security fixes
as found by Paul Starzetz from isec.pl.
http://www.linuxsecurity.com/advisories/fedora_advisory-4657.html
8/11/2004 - libpng10
Multiple vulnerabilities
Multiple libpng vulnerabilities are backpatched to the old 1.0.x
libpng libraries.
http://www.linuxsecurity.com/advisories/fedora_advisory-4658.html
8/11/2004 - libpng
Multiple vulnerabilities
This patch fixes numerous buffer overflow and pointer dereference
vulnerabilities that a security audit turned up in libpng 1.2.x
http://www.linuxsecurity.com/advisories/fedora_advisory-4659.html
8/11/2004 - kernel
Unsafe pointer vulnerabilities
A local unprivileged user could make use of these flaws to access
large portions of kernel memory.
http://www.linuxsecurity.com/advisories/fedora_advisory-4660.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
8/11/2004 - MPlayer
Buffer overflow vulnerability
When compiled with GUI support MPlayer is vulnerable to a remotely
exploitable buffer overflow attack.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4645.html
8/11/2004 - Courier
Cross-site scripting vulnerability
The SqWebMail web application, included in the Courier suite, is
vulnerable to cross-site scripting attacks.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4646.html
8/11/2004 - libpng
Multiple vulnerabilities
libpng contains numerous vulnerabilities potentially allowing an
attacker to perform a Denial of Service attack or even execute
arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4647.html
8/11/2004 - PuTTY
Buffer overflow vulnerability
PuTTY contains a vulnerability allowing a SSH server to execute
arbitrary code on the connecting client.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4648.html
8/11/2004 - Opera
Multiple vulnerabilities
Several new vulnerabilities were found and fixed in Opera,
including one allowing an attacker to read the local filesystem
remotely.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4649.html
8/11/2004 - SpamAssassin
Denial of service vulnerability
SpamAssassin is vulnerable to a Denial of Service attack when
handling certain malformed messages.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4650.html
8/11/2004 - Horde-IMP Input validation vulnerability
Denial of service vulnerability
Horde-IMP fails to properly sanitize email messages that contain
malicious HTML or script code so that it is not safe for users of
Internet Explorer when using the inline MIME viewer for HTML
messages.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4651.html
8/11/2004 - Cfengine
Heap corruption vulnerability
Cfengine is vulnerable to a remote root exploit from clients in
AllowConnectionsFrom.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4652.html
8/13/2004 - Roundup
Filesystem access vulnerability
Roundup will make files owned by the user that it's running as
accessable to a remote attacker.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4664.html
8/13/2004 - gv
Buffer overflow vulnerability
gv contains an exploitable buffer overflow that allows an attacker
to execute arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4665.html
8/13/2004 - Nessus
Race condition vulnerability
Nessus contains a vulnerability allowing a user to perform a
privilege escalation attack using "adduser".
http://www.linuxsecurity.com/advisories/gentoo_advisory-4666.html
8/13/2004 - Gaim
Buffer overflow vulnerability
Gaim contains a remotely exploitable buffer overflow vulnerability
in the MSN-protocol parsing code that may allow remote execution
of arbitrary code.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4667.html
8/13/2004 - kdebase,kdelibs Multiple vulnerabilities
Buffer overflow vulnerability
KDE contains three security issues that can allow an attacker to
compromise system accounts, cause a Denial of Service, or spoof
websites via frame injection.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4668.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
8/11/2004 - libpng
Buffer overflow vulnerabilities
Chris Evans discovered numerous vulnerabilities in the libpng
graphics library.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4643.html
8/11/2004 - shorewall
Insecure temporary file vulnerability
The shorewall package has a vulnerability when creating temporary
files and directories, which could allow non-root users to
overwrite arbitrary files on the system.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4644.html
8/13/2004 - gaim
Buffer overflow vulnerabilities
Sebastian Krahmer discovered two remotely exploitable buffer
overflow vunerabilities in the gaim instant messenger.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4662.html
8/13/2004 - mozilla
Multiple vulnerabilities
A large number of Mozilla vulnerabilites is addressed by this
update.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4663.html
+---------------------------------+
| Distribution: Openwall | ----------------------------//
+---------------------------------+
8/11/2004 - kernel
Multiple vulnerabilities
his corrects the access control check in the Linux kernel which
previously wrongly allowed any local user to change the group
ownership of arbitrary NFS-exported/imported files.
http://www.linuxsecurity.com/advisories/openwall_advisory-4642.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
8/11/2004 - kernel
Multiple vulnerabilities
Updated kernel packages that fix potential information leaks and a
incorrect driver permission for Red Hat Enterprise Linux 2.1 are
now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4635.html
8/11/2004 - kernel
Multiple vulnerabilities
Updated kernel packages that fix several security issues in Red
Hat Enterprise Linux 3 are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4636.html
8/11/2004 - libpng
Buffer overflow vulnerabilities
An attacker could create a carefully crafted PNG file in such a
way that it would cause an application linked with libpng to
execute arbitrary code when the file was opened by a victim.
http://www.linuxsecurity.com/advisories/redhat_advisory-4637.html
8/11/2004 - gnome-vfs
VFS Multiple vulnerabilities
An attacker who is able to influence a user to open a
specially-crafted URI using gnome-vfs could perform actions as
that user.
http://www.linuxsecurity.com/advisories/redhat_advisory-4638.html
8/11/2004 - glibc
Multiple vulnerabilities
Updated glibc packages that fix a security flaw in the resolver as
well as dlclose handling are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4639.html
8/11/2004 - mozilla
Multiple vulnerabilities
Updated mozilla packages based on version 1.4.3 that fix a number
of security issues for Red Hat Enterprise Linux are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4640.html
8/11/2004 - Ethereal
Multiple vulnerabilities
Updated Ethereal packages that fix various security
vulnerabilities are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4641.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
8/11/2004 - libpng
Buffer overflow vulnerabilities
Exploitation could cause program crashes, or possibly allow
arbitrary code embedded in a malicious PNG image to execute.
http://www.linuxsecurity.com/advisories/slackware_advisory-4631.html
8/11/2004 - mozilla
Multiple vulnerabilities
This is a full upgrade of Mozilla, put in place to remove security
vulnerabilities whose fixes were not backported.
http://www.linuxsecurity.com/advisories/slackware_advisory-4632.html
8/11/2004 - imagemagick
Buffer overflow vulnerabilities
This imagemagick patch fixes issues with PNG images.
http://www.linuxsecurity.com/advisories/slackware_advisory-4633.html
8/11/2004 - sox
Buffer overflow vulnerabilities
Fixes buffer overflow security issues that could allow a malicious
WAV file to execute arbitrary code.
http://www.linuxsecurity.com/advisories/slackware_advisory-4634.html
+---------------------------------+
| Distribution: Suse | ----------------------------//
+---------------------------------+
8/6/2004 - libpng
Multiple vulnerabilities
Several different security vulnerabilities were found in the PNG
library which is used by applications to support the PNG image
format.
http://www.linuxsecurity.com/advisories/suse_advisory-4626.html
8/11/2004 - kernel
Multiple vulnerabilities
This patch fixes a large number of kernel vulnerabilities,
including a recently discovered race condition that can be
exploited for access to kernel memeory.
http://www.linuxsecurity.com/advisories/suse_advisory-4630.html
8/12/2004 - gaim
Buffer overflow vulnerabilities
Remote attackers can execute arbitrary code as the user running
the gaim client.
http://www.linuxsecurity.com/advisories/suse_advisory-4661.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
8/6/2004 - libpng
Multiple vulnerabilities
This is a roundup patch that fixes all known vulnerabilites with
respect to libpng.
http://www.linuxsecurity.com/advisories/trustix_advisory-4627.html
8/11/2004 - kernel
Multiple vulnerabilities
This roundup patch fixes a large number of kernel vulnerabilites.
http://www.linuxsecurity.com/advisories/trustix_advisory-4629.html
+---------------------------------+
| Distribution: Turbolinux | ----------------------------//
+---------------------------------+
8/11/2004 - libpng
Multiple vulnerabilities
Multiple buffer overflows and a potential NULL pointer dereference
in libpng allow remote attackers to execute arbitrary code via
malformed PNG images.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-4628.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list