[ISN] Linux Advisory Watch - September 17th 2004
InfoSec News
isn at c4i.org
Mon Sep 20 05:11:31 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 17th, 2004 Volume 5, Number 37a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave at linuxsecurity.com ben at linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for wv, kde, zlib, webmin, cupsys,
samba, gtk2, gallery, samba, sus, cdrtools, squid, apache2, mod_ssl,
httpd, mc, imlib, and multi. The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.
-----
SSL123 - New from Thawte
Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US $159.00. Free reissues and experienced 24/5
multi-lingual support included for the life of the certificate.
Click Here to Read More:
http://ad.doubleclick.net/clk;9216028;9649398;b
-----
Security Through Obscurity
One type of security that must be discussed is 'security through
obscurity'. This means that by doing something like changing the login
name from 'root' to 'toor', for example, to try and obscure someone from
breaking into your system as root may be thought of as a false sense of
security, and can result in very unpleasant and unexpected consequences.
However, it can also be used to your benefit if done properly. If you tell
all the users who are authorized to use the root account on your machines
to use the root equivilent instead, entries in the /var/log/secure for the
real root user would surely indicate an attempted break-in, giving you
some advance notice. You'll have to decide if this advantage outweighs the
additional administration overhead.
In most cases, though, any system attacker will quickly see through such
empty security measures. Simply because you may have a small site, or
relatively low profile does not mean an intruder won't be interested in
what you have. We'll discuss what your protecting in the next sections.
Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave at guardiandigital.com)
-----
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/feature_stories/feature_story-173.html
---------------------------------------------------------------------
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
9/10/2004 - wv
Fix for buffer overflow vulnerability
iDefense discovered a buffer overflow vulnerability in the wv
library.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4733.html
9/13/2004 - kde
Fix for multiple security vulnerabilities
This announcement fixes several vulnerabilities.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4734.html
9/13/2004 - zlib
Fix for denial of service vulnerabilities
A denial of service vulnerability was discovered in the zlib
compression library versions 1.2.x.
http://www.linuxsecurity.com/advisories/conectiva_advisory-4735.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
9/14/2004 - webmin
insecure temporary directory
Ludwig Nussel discovered a problem in webmin, a web-based
administration toolkit. A temporary directory was used but
without checking for the previous owner. This could allow an
attacker to create the directory and place dangerous symbolic
links inside.
http://www.linuxsecurity.com/advisories/debian_advisory-4736.html
9/15/2004 - cupsys
denial of service
Alvaro Martinez Echevarria discovered a problem in CUPS, the
Common UNIX Printing System. An attacker can easily disable
browsing in CUPS by sending a specially crafted UDP datagram to
port 631 where cupsd is running.
http://www.linuxsecurity.com/advisories/debian_advisory-4788.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
9/10/2004 - imlib-1.9.13-15.fc Security update (core1)
denial of service
Several heap overflow vulnerabilities have been found in the imlib
BMP image handler. An attacker could create a carefully crafted
BMP file in such a way that it would cause an application linked
with imlib to execute arbitrary code when the file was opened by a
victim.
http://www.linuxsecurity.com/advisories/fedora_advisory-4731.html
9/13/2004 - samba
DoS (Core 1)
Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808.
http://www.linuxsecurity.com/advisories/fedora_advisory-4786.html
9/13/2004 - samba
DoS (Core 2)
Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808.
http://www.linuxsecurity.com/advisories/fedora_advisory-4787.html
9/15/2004 - gdk-pixbuf vulnerabilities (Core 1)
DoS (Core 2)
Several vulnerabilities
http://www.linuxsecurity.com/advisories/fedora_advisory-4789.html
9/15/2004 - gtk2
vulnerabilities (Core 2)
Several vulnerabilities.
http://www.linuxsecurity.com/advisories/fedora_advisory-4790.html
9/15/2004 - gdk-pixbuf vulnerabilities (Core 2)
vulnerabilities (Core 2)
Several vulnerabilities.
http://www.linuxsecurity.com/advisories/fedora_advisory-4791.html
9/15/2004 - gtk2
vulnerabilities (Core 2)
Several vulnerabilities.
http://www.linuxsecurity.com/advisories/fedora_advisory-4792.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
9/15/2004 - gallery
arbitrary command execution
An attacker could run arbitrary code as the user running PHP.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4759.html
9/15/2004 - Mozilla, Firefox, Thunderbird, Galeon, Epiphany
arbitrary command execution
Security roll-up.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4761.html
9/10/2004 - samba
remote printing vulnerability
After further verifications, it appears that a remote user can
only deny service to himself, so this bug does not induce any
security issue at all.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4769.html
9/12/2004 - webmin, usermin multiple vulnerabilities
remote printing vulnerability
There is an input validation bug in the webmail feature of
Usermin. Additionally, the Webmin and Usermin installation
scripts write to /tmp/.webmin without properly checking if it
exists first.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4770.html
9/13/2004 - samba
denial of service vulnerabilities
There is a defect in smbd's ASN.1 parsing. Another defect was
found in nmbd's processing of mailslot packets, where a bad
NetBIOS request could crash the nmbd process.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4771.html
9/14/2004 - sus
local root vulnerability
Leon Juranic found a bug in the logging functionality of SUS that
can lead to local privilege escalation. A format string
vulnerability exists in the log() function due to an incorrect
call to the syslog() function.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4772.html
9/14/2004 - cdrtools
local root vulnerability
Max Vozeler discovered that the cdrecord utility, when set to SUID
root, fails to drop root privileges before executing a
user-supplied RSH program.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4773.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
9/13/2004 - samba
multiple vulnerabilities
Two vulnerabilities were discovered in samba 3.0.x.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4741.html
9/15/2004 - squid
denial of service
A vulnerability in the NTLM helpers in squid 2.5 could allow for
malformed NTLMSSP packets to crash squid, resulting in a DoS. The
provided packages have been patched to prevent this problem.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4793.html
9/15/2004 - printer-drivers vulnerability
denial of service
The foomatic-rip filter, which is part of foomatic-filters
package, contains a vulnerability that allows anyone with access
to CUPS, local or remote, to execute arbitrary commands on the
server
http://www.linuxsecurity.com/advisories/mandrake_advisory-4794.html
9/15/2004 - gdk-pixbuf image loading vulnerabilities
denial of service
A vulnerability was found in the gdk-pixbug bmp loader where a bad
BMP image could send the bmp loader into an infinite loop. Chris
Evans found a heap-based overflow and a stack-based overflow in
the xpm loader of gdk-pixbuf.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4795.html
9/15/2004 - apache2
multiple vulnerabilities
Two Denial of Service conditions were discovered in the input
filter of mod_ssl, the module that enables apache to handle HTTPS
requests.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4796.html
9/15/2004 - cups
denial of service
Alvaro Martinez Echevarria discovered a vulnerability in the CUPS
print server where an empty UDP datagram sent to port 631 would
disable browsing.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4797.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
9/15/2004 - mod_ssl
security flaw
Updated httpd packages that include a security fix for mod_ssl and
various enhancements are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4743.html
9/15/2004 - openoffice.org resolve security issue
security flaw
Secunia Research reported an issue with the handling of temporary
files. A malicious local user could use this flaw to access the
contents of another user's open documents.
http://www.linuxsecurity.com/advisories/redhat_advisory-4798.html
9/15/2004 - gdk-pixbuf security flaws
security flaw
Several vulnerabilities.
http://www.linuxsecurity.com/advisories/redhat_advisory-4799.html
9/15/2004 - cups
security vulnerability
Alvaro Martinez Echevarria reported a bug in the CUPS Internet
Printing Protocol (IPP) implementation in versions of CUPS prior
to 1.1.21.
http://www.linuxsecurity.com/advisories/redhat_advisory-4800.html
9/15/2004 - httpd
security issues
Updated httpd packages that include fixes for security issues are
now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4801.html
9/15/2004 - mc
security vulnerabilities
An updated mc package that resolves several shell escape security
issues is now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4802.html
9/15/2004 - imlib
security vulnerability
An updated imlib package that fixes several heap overflows is now
available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4803.html
9/15/2004 - gtk2
security flaws and bugs
Updated gtk2 packages that fix several security flaws and bugs are
now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4804.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
9/13/2004 - samba
DoS
New samba packages are available for Slackware 10.0 and -current.
These fix two denial of service vulnerabilities reported by
iDEFENSE.
http://www.linuxsecurity.com/advisories/slackware_advisory-4749.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
9/15/2004 - cups
remote code execution
Alvaro Martinez Echevarria has found a remote Denial of Service
condition within CUPS which allows remote users to make the
cups server unresponsive. Additionally the SUSE Security Team
has discovered a flaw in the foomatic-rip print filter which is
commonly installed along with cups.
http://www.linuxsecurity.com/advisories/suse_advisory-4805.html
9/15/2004 - apache2
remote denial-of-service
The Red Hat ASF Security-Team and the Swedish IT Incident Center
within the National Post and Telecom Agency (SITIC) have found
a bug in apache2 each.
http://www.linuxsecurity.com/advisories/suse_advisory-4806.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
9/14/2004 - multi
Multiple bugfixes
Security roll-up
http://www.linuxsecurity.com/advisories/trustix_advisory-4754.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list