[ISN] Linux Advisory Watch - September 24th 2004 (fwd)

InfoSec News isn at c4i.org
Mon Sep 27 04:24:00 EDT 2004


+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  September 24th, 2004                        Volume 5, Number 38a   |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for lukemftpd, cvs, Heimdal, mpg123,
SnipSnap, Foomatic, CUPS, and login_radius.  The distributors include
Debian, FreeBSD, Gentoo, Mandrake, OpenBSD, and Suse.

-----

SSL123 - New from Thawte

Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US $159.00. Free reissues and experienced 24/5
multi-lingual support included for the life of the certificate.

 Click Here to Read More:
 http://ad.doubleclick.net/clk;9216013;9649389;v

-----

SSL, S-HTTP, HTTPS and S/MIME

Often times users ask about the differences between the various security
and encryption protocols, and how to use them.  While this isn't an
encryption document, it is a good idea to explain briefly what each are,
and where to find more information.

SSL: SSL, or Secure Sockets Layer, is an encryption method developed by
Netscape to provide security over the Internet. It supports several
different encryption protocols, and provides client and server
authentication.  SSL operates at the transport layer, creates a secure
encrypted channel of data, and thus can seamlessly encrypt data of many
types.  This is most commonly seen when going to a secure site to view a
secure online document with Communicator, and serves as the basis for
secure communications with Communicator, as well as many other Netscape
Communications data encryption.  More information can be found at
http://www.consensus.com/security/ssl-talk-faq.html. Information on
Netscape's other security implementations, and a good starting point for
these protocols is available at
http://home.netscape.com/info/security-doc.html.

S-HTTP: S-HTTP is another protocol that provides security services across
the Internet.  It was designed to provide confidentiality, authenticity,
integrity, and non-repudiability (cannot be mistaken for someone else, and
I cannot deny my actions later) while supporting multiple key management
mechanisms and cryptographic algorithms via option negotiation between the
parties involved in each transaction. S-HTTP is limited to the specific
software that is implementing it, and encrypts each message individually.
[ From RSA Cryptography FAQ, page 138]

S/MIME: S/MIME, or Secure Multipurpose Internet Mail Extension, is an
encryption standard used to encrypt electronic mail, or other types of
messages on the Internet.  More information on S/MIME can be found at
http://home.netscape.com/assist/security/smime/overview.html.

Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html

Written by: Dave Wreski (dave at guardiandigital.com)

-----

AIDE and CHKROOTKIT

Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.

http://www.linuxsecurity.com/feature_stories/feature_story-173.html

---------------------------------------------------------------------

An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com

http://www.linuxsecurity.com/feature_stories/feature_story-171.html

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 9/21/2004 - lukemftpd
   fix arbitrary code execution

   Przemyslaw Frasunek discovered a vulnerability in tnftpd or
   lukemftpd respectively, the enhanced ftp daemon from NetBSD.  An
   attacker could utilise this to execute arbitrary code on the
   server.
   http://www.linuxsecurity.com/advisories/debian_advisory-4837.html


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 9/20/2004 - cvs
   number of vulnerabilities

   A number of vulnerabilities were discovered in CVS by Stefan
   Esser, Sebastian Krahmer, and Derek Price.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-4826.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 9/19/2004 - Heimdal
   ftpd root escalation

   Several bugs exist in the Heimdal ftp daemon which could allow a
   remote attacker to gain root privileges.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4828.html

 9/21/2004 - mpg123
   Buffer overflow vulnerability

   mpg123 decoding routines contain a buffer overflow bug that might
   lead to arbitrary code execution.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4829.html

 9/17/2004 - SnipSnap
   HTTP response splitting

   SnipSnap is vulnerable to HTTP response splitting attacks such as
   web cache poisoning, cross-user defacement, and cross-site
   scripting.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4832.html

 9/20/2004 - Foomatic
   Arbitrary command execution

   The foomatic-rip filter in foomatic-filters contains a
   vulnerability which may allow arbitrary command execution on the
   print server.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4833.html

 9/20/2004 - CUPS
   Denial of service vulnerability

   A vulnerability in CUPS allows remote attackers to cause a denial
   of service when sending a carefully-crafted UDP packet to the IPP
   port.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4834.html

 9/20/2004 - Mozilla, Firefox, Thunderbird, Epiphany New releases fix
vulnerabilities
   Denial of service vulnerability

   New releases of Mozilla, Epiphany, Mozilla Thunderbird, and
   Mozilla Firefox fix several vulnerabilities, including the remote
   execution of arbitrary code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4835.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 9/17/2004 - gdk-pixbuf/gtk+2 image loading vulnerabilities
   Denial of service vulnerability

   A vulnerability was found in the gdk-pixbug bmp loader where a bad
   BMP image could send the bmp loader into an infinite loop
   (CAN-2004-0753).
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4824.html

 9/17/2004 - gdk-pixbuf/gtk+2 image loading vulnerabilities
   Denial of service vulnerability

   A vulnerability was found in the gdk-pixbug bmp loader where a bad
   BMP image could send the bmp loader into an infinite loop
   (CAN-2004-0753).
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4825.html


+---------------------------------+
|  Distribution: OpenBSD          | ----------------------------//
+---------------------------------+

 9/21/2004 - login_radius
   security flaw

   Eilko Bos has reported that radius authentication, as implemented
   by login_radius(8), was not checking the shared secret used for
   replies sent by the radius server.
   http://www.linuxsecurity.com/advisories/openbsd_advisory-4838.html


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

 9/17/2004 - gtk2, gdk-pixbuf remote code execution
   security flaw

   Chris Evans has discovered a heap based, a stack based and an
   integer overflow in the XPM and ICO loaders of those libraries.
   http://www.linuxsecurity.com/advisories/suse_advisory-4813.html

 9/17/2004 - XFree86-libs, xshared remote command execution
   security flaw

   Chris Evans reported three vulnerabilities in libXpm which can be
   exploited remotely by providing malformed XPM image files.
   http://www.linuxsecurity.com/advisories/suse_advisory-4814.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list