[ISN] Linux Advisory Watch - December 10th 2004
InfoSec News
isn at c4i.org
Mon Dec 13 04:57:18 EST 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| December 10th, 2004 Volume 5, Number 49a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave at linuxsecurity.com ben at linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for hpsockd, viewvcs, nfs-util,
cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth,
rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl,
mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl,
ImageMagick, samba, and cups. The distributors include Debian,
Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.
----
Internet Productivity Suite: Open Source Security
Trust Internet Productivity Suite's open source architecture to give
you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and
methods into their design.
http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml
---
Packet Sniffers
One of the most common ways intruders gain access to more systems
on your network is by employing a packet sniffer on a already
compromised host. This "sniffer" just listens on the Ethernet port
for things like passwd and login and su in the packet stream and
then logs the traffic after that. This way, attackers gain passwords
for systems they are not even attempting to break into. Clear-text
passwords are very vulnerable to this attack.
Example: Host A has been compromised. Attacker installs a sniffer.
Sniffer picks up admin logging into Host B from Host C. It gets the
admins personal password as they login to B. Then, the admin does a
su to fix a problem. They now have the root password for Host B.
Later the admin lets someone telnet from his account to Host Z on
another site. Now the attacker has a password/login on Host Z.
In this day and age, the attacker doesn't even need to compromise a
system to do this: they could also bring a laptop or pc into a
building and tap into your net.
Using ssh or other encrypted password methods thwarts this attack.
Things like APOP for POP accounts also prevents this attack. (Normal
POP logins are very vulnerable to this, as is anything that sends
clear-text passwords over the network.)
Excerpt from LinuxSecurity HowTO:
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
By: Dave Wreski (dave at linuxsecurity.com) & Kevin Fenzi
-----
Mass deploying Osiris
Osiris is a centralized file-integrity program that uses a client/server
architecture to check for changes on a system. A central server maintains
the file-integrity database and configuration for a client and at a
specified time, sends the configuration file over to the client, runs a
scan and sends the results back to the server to compare any changes.
Those changes are then sent via email, if configured, to a system admin or
group of people. The communication is all done over an encrypted
communication channel.
http://www.linuxsecurity.com/content/view/101884/49/
---------------------------------------------------------------------
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/content/view/101882/49/
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: hpsockd denial of service fix
3rd, December, 2004
"infamous41md" discovered a buffer overflow condition in hpsockd, the
socks server written at Hewlett-Packard. An exploit could cause the
program to crash or may have worse effect.
http://www.linuxsecurity.com/content/view/117313
* Debian: viewcvs information leak fix
6th, December, 2004
Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility
for viewing CVS and Subversion repositories via HTTP. When exporting
a repository as a tar archive the hide_cvsroot and forbidden settings
were not honoured enough.
http://www.linuxsecurity.com/content/view/117392
* Debian: nfs-util denial of service fix
8th, December, 2004
SGI has discovered that rpc.statd from the nfs-utils package, the
Network Status Monitor, did not ignore the "SIGPIPE". Hence, a
client prematurely terminating the TCP connection could also
terminate the server process.
http://www.linuxsecurity.com/content/view/117423
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora: cyrus-imapd-2.2.10-3.fc2 update
3rd, December, 2004
The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits
revealed a package installation problem.
http://www.linuxsecurity.com/content/view/117366
* Fedora: cyrus-imapd-2.2.10-3.fc3 update
3rd, December, 2004
The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits
revealed a package installation problem. If the main configuration
files for cyrus-imapd
http://www.linuxsecurity.com/content/view/117367
* Fedora: netatalk-1.6.4-2.2 update
6th, December, 2004
Fix to temp file vulnerability in /etc/psf/etc2ps
http://www.linuxsecurity.com/content/view/117395
* Fedora: netatalk-1.6.4-4 update
6th, December, 2004
Fix temp file vulnerability in /etc/psf/etc2ps
http://www.linuxsecurity.com/content/view/117396
* Fedora: gaim-1.1.0-0.FC2 update
6th, December, 2004
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.
http://www.linuxsecurity.com/content/view/117397
* Fedora: gaim-1.1.0-0.FC3 update
6th, December, 2004
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.
http://www.linuxsecurity.com/content/view/117398
* Fedora: rhpl-0.148.1-2 update
6th, December, 2004
Remove synaptics requires (#137935)
http://www.linuxsecurity.com/content/view/117399
* Fedora: ttfonts-ja-1.2-36.FC3.0 update
7th, December, 2004
reverted the previous changes so that it broke ghostscript working.
(#139798)
http://www.linuxsecurity.com/content/view/117404
* Fedora: mc-4.6.1-0.11FC3 update
7th, December, 2004
The updated version of Midnight Commander contains finished
CAN-2004-0494 security fixes in extfs scripts and has better support
for UTF-8, contains subshell prompt fixes and enhanced large file
support.
http://www.linuxsecurity.com/content/view/117417
* Fedora: udev-039-10.FC3.4 update
7th, December, 2004
udev is a implementation of devfs in userspace using sysfs and
/sbin/hotplug. It requires a 2.6 kernel to run properly.
http://www.linuxsecurity.com/content/view/117418
* Fedora: udev-039-10.FC3.5 update
7th, December, 2004
fixed udev.rules for cdrom symlinks (bug 141897)
http://www.linuxsecurity.com/content/view/117419
* Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update
7th, December, 2004
fixed again gnome-bluetooth-manager script for 64bit (bug 134864)
http://www.linuxsecurity.com/content/view/117420
* Fedora: rsh update
8th, December, 2004
fixed rexec fails with "Invalid Argument" (#118630)
http://www.linuxsecurity.com/content/view/117432
* Fedora: Omni-0.9.2-1.1 update
8th, December, 2004
This is the 0.9.2 release of the Omni printer driver collection. It
also fixes a library path problem on multilib architectures such as
x86_64.
http://www.linuxsecurity.com/content/view/117433
* Fedora: mysql-3.23.58-9.1 update
8th, December, 2004
fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 (bugs
#135372, 135375, 135387)
http://www.linuxsecurity.com/content/view/117434
* Fedora: libpng-1.2.8-1.fc2 update
9th, December, 2004
Updates libpng to the current release 1.2.8. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117439
* Fedora: libpng10-1.0.18-1.fc2 update
9th, December, 2004
Updates libpng10 to the current release 1.0.18. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117440
* Fedora: glib2-2.4.8-1.fc2 update
9th, December, 2004
Updates GLib to the current stable release 2.4.8. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00004.html
http://www.linuxsecurity.com/content/view/117441
* Fedora: gtk2-2.4.14-1.fc2 update
9th, December, 2004
Updates GTK+ to the current stable release 2.4.14. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00007.html
http://www.linuxsecurity.com/content/view/117442
* Fedora: libpng10-1.0.18-1.fc3 update
9th, December, 2004
Updates libpng10 to the current release 1.0.18. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117443
* Fedora: libpng-1.2.8-1.fc3 update
9th, December, 2004
Updates libpng to the current release 1.2.8. For details about the
bugs which have been fixed in this release, see
http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117444
* Fedora: glib2-2.4.8-1.fc3 update
9th, December, 2004
Updates GLib to the current stable release 2.4.8. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00004.html
http://www.linuxsecurity.com/content/view/117445
* Fedora: gtk2-2.4.14-1.fc3 update
9th, December, 2004
Updates GTK+ to the current stable release 2.4.14. For details about
the bugs which have been fixed in this release, see
http://mail.gnome.org/archives/gnome-announce-list/2004-
December/msg00007.html
http://www.linuxsecurity.com/content/view/117446
* Fedora: postgresql-odbc-7.3-6.2 update
9th, December, 2004
This update fixes problems occurring on 64-bit platforms.
http://www.linuxsecurity.com/content/view/117447
* Fedora: postgresql-odbc-7.3-8.FC3.1 update
9th, December, 2004
This update fixes problems occurring on 64-bit platforms.
http://www.linuxsecurity.com/content/view/117448
* Fedora: postgresql-7.4.6-1.FC2.1 update
9th, December, 2004
This update synchronizes PostgreSQL for FC2 with the version already
released in FC3.
http://www.linuxsecurity.com/content/view/117449
* Fedora: shadow-utils-4.0.3-55 update
9th, December, 2004
A regression has been fixed where strict enforcement of POSIX rules
for user and group names prevented Samba 3 from using its "add
machine script" feature...
http://www.linuxsecurity.com/content/view/117452
* Fedora: shadow-utils-4.0.3-56 update
9th, December, 2004
A regression has been fixed where strict enforcement of POSIX rules
for user and group names prevented Samba 3 from using its "add
machine script" feature...
http://www.linuxsecurity.com/content/view/117453
* Gentoo: rssh, scponly Unrestricted command execution
3rd, December, 2004
rssh and scponly do not filter command-line options that can be
exploited to execute any command, thereby allowing a remote user to
completely bypass the restricted shell.
http://www.linuxsecurity.com/content/view/117364
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: PDFlibs Multiple overflows in the included TIFF library
6th, December, 2004
PDFlib is vulnerable to multiple overflows, which can potentially
lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117393
* Gentoo: imlib Buffer overflows in image decoding
6th, December, 2004
Multiple overflows have been found in the imlib library image
decoding routines, potentially allowing execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117394
* Gentoo: perl Insecure temporary file creation
6th, December, 2004
Perl is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/117402
* Gentoo: mirrorselect Insecure temporary file creation
7th, December, 2004
mirrorselect is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/117403
* Mandrake: drakxtools update
7th, December, 2004
Beginning immediately, all bug reports for stable releases will be
handled via Bugzilla at http://qa.mandrakesoft.com/. The drakbug
tool has been updated to point users of stable releases to Bugzilla.
http://www.linuxsecurity.com/content/view/117405
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
* Mandrake: dietlibc fix
7th, December, 2004
There was a problem with dietlibc in Mandrakelinux 10.0/amd64 where
it would not provide proper support for the AMD64 architecture. The
updated package fixes this.
http://www.linuxsecurity.com/content/view/117406
* Mandrake: gzip fix
7th, December, 2004
The Trustix developers found some insecure temporary file creation
problems in the zdiff, znew, and gzeze supplemental scripts in the
gzip package. These flaws could allow local users to overwrite files
via a symlink attack.
http://www.linuxsecurity.com/content/view/117407
* Mandrake: ImageMagick fix
7th, December, 2004
A vulnerability was discovered in ImageMagick where, due to a
boundary error within the EXIF parsing routine, a specially crafted
graphic image could potentially lead to the execution of arbitrary
code.
http://www.linuxsecurity.com/content/view/117408
* Mandrake: lvml fix
7th, December, 2004
The Trustix developers discovered that the lvmcreate_initrd script,
part of the lvm1 package, created a temporary directory in an
insecure manner. This could allow for a symlink attack to create or
overwrite arbitrary files with the privileges of the user running the
script.
http://www.linuxsecurity.com/content/view/117409
* Mandrake: rp-pppoe fix
7th, December, 2004
Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe
package. When pppoe is running setuid root, an attacker can
overwrite any file on the system. Mandrakelinux does not install
pppoe setuid root, however the packages have been patched to prevent
this problem.
http://www.linuxsecurity.com/content/view/117410
* Mandrake: nfs-utils fix
7th, December, 2004
SGI developers discovered a remote DoS (Denial of Service) condition
in the NFS statd server. rpc.statd did not ignore the "SIGPIPE"
signal which would cause it to shutdown if a misconfigured or
malicious peer terminated the TCP connection prematurely.
http://www.linuxsecurity.com/content/view/117411
* Mandrake: openssl fix
7th, December, 2004
The Trustix developers found that the der_chop script, included in
the openssl package, created temporary files insecurely. This could
allow local users to overwrite files using a symlink attack.
http://www.linuxsecurity.com/content/view/117412
* Trustix: multiple package bugfixes
9th, December, 2004
amavisd-new
AMaViS is a script that interfaces a mail transport agent (MTA) with
one or more virus scanners.
http://www.linuxsecurity.com/content/view/117437
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
* Trustix: nfs-util Remote denial of service
9th, December, 2004
SGI developers discovered a remote Denial of Service in the NFS statd
server where it did not ignore the "SIGPIPE" signal. This could cause
the server to shut down if a client terminates prematurely.
http://www.linuxsecurity.com/content/view/117438
+---------------------------------+
| Distribution: Red Ha | ----------------------------//
+---------------------------------+
* Red Hat: ImageMagick security vulnerability fix
8th, December, 2004
Updated ImageMagick packages that fixes a buffer overflow are now
available.
http://www.linuxsecurity.com/content/view/117431
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: cyrus-imapd remote command execution
3rd, December, 2004
Stefan Esser reported various bugs within the Cyrus IMAP Server.
These include buffer overflows and out-of-bounds memory access which
could allow remote attackers to execute arbitrary commands as root.
The bugs occur in the pre-authentication phase, therefore an update
is strongly recommended.
http://www.linuxsecurity.com/content/view/117317
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
* TurboLinux: samba, cups vulnerabilities
8th, December, 2004
Two vulnerabilities discovered in Samba. DoS vulnerability in cups.
http://www.linuxsecurity.com/content/view/117424
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list