[ISN] Linux Advisory Watch - March 24th 2006
InfoSec News
isn at c4i.org
Mon Mar 27 04:20:02 EST 2006
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| March 24th, 2006 Volume 7, Number 13n |
| |
| Editorial Team: Dave Wreski dave at linuxsecurity.com |
| Benjamin D. Thomas ben at linuxsecurity.com |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week advisories were released for xpvm, vlc, xine-lib, wzdftpd,
drupal, kpdf, libmail-audit-perl, ilohamail, kernel-patch-vserver,
unzip, snmptrapfmt, firebird2, sendmail, evolution, kernel, xorg,
avahi, beagle, curl, php-pear, xterm, scim-anthy, tzdata, logwatch,
shadow-utils, cpio, libsepol, bind, Freeciv, zoo, bypass, rshd,
metamail, cube, squirrelmail, flex, gnupg, pngcrush, libcurl,
cairo, flash-player, and realplayer. The distributors include
Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE.
---
EnGarde Secure Linux: Why not give it a try?
EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.
http://www.engardelinux.org/modules/index/register.cgi
---
Linux Command Reference Manual: Linux File Structure
By: Suhas Desai
In the Linux file structure files are grouped according to purpose.
Ex: commands, data files, documentation. Parts of a Unix directory
tree are listed below. All directories are grouped under the root
entry "/". That part of the directory tree is left out of the below
diagram. See the FSSTND standard(Filesystem standard).
root - The home directory for the root user
home - Contains the user's home directories along with directories
for services
ftp
HTTP
samba
bin - Commands needed during bootup that might be needed by
normal users
sbin - Like bin but commands are not intended for normal users.
Commands run by LINUX:
----------------------
proc - This filesystem is not on a disk. It is a virtual filesystem
that exists in the kernels imagination, which is memory.
usr - Contains all commands, libraries, man pages, games and static
files for normal operation
bin - Almost all user commands. some commands are in /bin or
/usr/local/bin.
sbin - System admin commands not needed on the root filesystem.
e.g., most server programs.
include - Header files for the C programming language. Should be
below /user/lib for consistency.
lib - Unchanging data files for programs and subsystems
local - The place for locally installed software and other files.
man - Manual pages
info - Info documents
doc - Documentation
tmp
X11R6 - The X windows system files. There is a directory similar to
sr below this directory.
X386 - Like X11R6 but for X11 release 5
boot - Files used by the bootstrap loader, LILO. Kernel images are
often kept here.
lib - Shared libraries needed by the programs on the root filesystem
modules - Loadable kernel modules, especially those needed to boot
the system after disasters.
dev - Device files
etc - Configuration files specific to the machine.
sysconfig - Files that configure the linux system for devices.
var - Contains files that change for mail, news, printers log files, man
pages, temp files
lib - Files that change while the system is running normally
local - Variable data for programs installed in /usr/local.
lock - Lock files. Used by a program to indicate it is using a
particular device or file
log - Log files from programs such as login and syslog which logs
all logins and logouts.
run - Files that contain information about the system that is valid
until the system is next booted.
spool - Directories for mail, printer spools, news and other
spooled work.
tmp - Temporary files that are large or need to exist for longer
than they should in /tmp.
mnt - Mount points for temporary mounts by the system administrator.
tmp - Temporary files. Programs running after bootup should use
/var/tmp.
Read Full Paper
http://www.linuxsecurity.com/images/stories/commandref.pdf
----------------------
EnGarde Secure Community 3.0.4 Released
Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.4 (Version 3.0, Release 4). This release
includes several bug fixes and feature enhancements to the Guardian
Digital WebTool and the SELinux policy, and several new packages
available for installation.
http://www.linuxsecurity.com/content/view/121560/65/
---
Linux File & Directory Permissions Mistakes
One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.
http://www.linuxsecurity.com/content/view/119415/49/
---
Buffer Overflow Basics
A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.
http://www.linuxsecurity.com/content/view/119087/49/
--------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
* Debian: New xpvm packages fix insecure temporary file
16th, March, 2006
Eric Romang discoverd that xpvm, a graphical console and monitor for
PVM, creates a temporary file that allows local attackers to create
or overwrite arbitrary files with the privileges of the user running
xpvm.
http://www.linuxsecurity.com/content/view/121949
* Debian: New vlc packages fix arbitrary code execution
16th, March, 2006
Simon Kilvington discovered that specially crafted PNG images can
trigger a heap overflow in libavcodec, the multimedia library of
ffmpeg, which may lead to the execution of arbitrary code. The vlc
media player links statically against libavcodec.
http://www.linuxsecurity.com/content/view/121951
* Debian: New xine-lib packages fix arbitrary code execution
16th, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121957
* Debian: New wzdftpd packages fix arbitrary shell command execution
16th, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121959
* Debian: New drupal packages fix several vulnerabilities
17th, March, 2006
The Drupal Security Team discovered several vulnerabilities in
Drupal, a fully-featured content management and discussion engine.
The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2006-1225,CVE-2006-1226,CVE-2006-1227,CVE-2006-1228
http://www.linuxsecurity.com/content/view/121964
* Debian: New kpdf packages fix arbitrary code execution
17th, March, 2006
Marcelo Ricardo Leitner noticed that the current patch in DSA 932
(CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all
buffer overflows, still allowing an attacker to execute arbitrary
code.
http://www.linuxsecurity.com/content/view/121966
* Debian: New libmail-audit-perl packages fix insecure temporary file
use
20th, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121981
* Debian: New crossfire packages fix arbitrary code execution
20th, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121982
* Debian: New ilohamail packages fix cross-site scripting
vulnerabilities
20th, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/121983
* Debian: New kernel-patch-vserver packages fix root exploit
21st, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122004
* Debian: New unzip packages fix arbitrary code execution
21st, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122005
* Debian: New snmptrapfmt packages fix insecure temporary file
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122031
* Debian: New firebird2 packages fix denial of service
23rd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122058
* Debian: New sendmail packages fix arbitrary code execution
23rd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122059
* Debian: New evolution packages fix arbitrary code execution
23rd, March, 2006
Several format string vulnerabilities in Evolution, a free groupware
suite, that could lead to crashes of the application or the execution
of arbitrary code.
http://www.linuxsecurity.com/content/view/122065
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
* Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.25
16th, March, 2006
Rebuilt against the latest kernel (2.6.15-1.1833_FC4).
http://www.linuxsecurity.com/content/view/121954
* Fedora Core 5 Update: xorg-x11-server-1.0.1-9
20th, March, 2006
Coverity scanned the X.Org source code for problems and
reported their findings to the X.Org development team. Upon
analysis, Alan Coopersmith, a member of the X.Org
development team, noticed a couple of serious security
issues in the findings. In particular, the Xorg server can
be exploited for root privilege escalation by passing a path
to malicious modules using the -modulepath command line
argument. Also, the Xorg server can be exploited to
overwrite any root writable file on the filesystem with the
-logfile command line argument.
http://www.linuxsecurity.com/content/view/121985
* Fedora Core 5 Update: avahi-0.6.9-8.FC5
20th, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122003
* Fedora Core 5 Update: beagle-0.2.3-4
21st, March, 2006
Some of the wrapper scripts (including beagle-status) looked
in the current directory for files with a specific name and
ran that instead of the binary in the path. All such cases
have been fixed in this release.
http://www.linuxsecurity.com/content/view/122022
* Fedora Core 5 Update: curl-7.15.1-3
21st, March, 2006
This curl update fixes security vulnerability CVE-2006-1061 -
curl can overflow a heap-based memory buffer if very long
TFTP URL with valid host name is passed to curl.
This update fixes instalation problems on multilib
architectures, too.
http://www.linuxsecurity.com/content/view/122023
* Fedora Core 5 Update: sendmail-8.13.6-0.FC5.1
22nd, March, 2006
A flaw in the handling of asynchronous signals. A remote attacker may
be able to exploit a race condition to execute arbitrary code as
root.
http://www.linuxsecurity.com/content/view/122043
* Fedora Core 4 Update: sendmail-8.13.6-0.FC4.1
22nd, March, 2006
A flaw in the handling of asynchronous signals. A remote attacker may
be able to exploit a race condition to execute arbitrary code as
root.
http://www.linuxsecurity.com/content/view/122044
* Fedora Core 5 Update: php-pear-1.4.6-2.1
22nd, March, 2006
This update includes the latest upstream version of the PEAR XML_RPC
package (version 1.4.5), which fixes operation of the XML_RPC server
component with PHP 5.1.2.
http://www.linuxsecurity.com/content/view/122045
* Fedora Core 4 Update: xterm-208-4.FC4
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122046
* Fedora Core 5 Update: scim-anthy-0.9.0-3.fc5
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122047
* Fedora Core 4 Update: tzdata-2006b-2.fc4
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122050
* Fedora Core 4 Update: logwatch-7.2.1-1.fc4
22nd, March, 2006
This new version of logwatch package fixes problems with --splithosts
option and contains a lot of services updates.
http://www.linuxsecurity.com/content/view/122051
* Fedora Core 5 Update: anthy-7500-1.fc5
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122052
* Fedora Core 5 Update: shadow-utils-4.0.14-5.FC5
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122053
* Fedora Core 5 Update: cpio-2.6-14.FC5
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122054
* Fedora Core 5 Update: libsepol-1.12.1-1.fc5
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122055
* Fedora Core 5 Update: bind-9.3.2-12.FC5
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122056
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
* Gentoo: Freeciv Denial of Service
16th, March, 2006
A memory allocation bug in Freeciv allows a remote attacker to
perform a Denial of Service attack.
http://www.linuxsecurity.com/content/view/121944
* Gentoo: zoo Buffer overflow
16th, March, 2006
A buffer overflow in zoo may be exploited to execute arbitrary when
creating archives of specially crafted directories and files.
http://www.linuxsecurity.com/content/view/121945
* Gentoo: PEAR-Auth Potential authentication bypass
17th, March, 2006
PEAR-Auth did not correctly verify data passed to the DB and LDAP
containers, thus allowing to inject false credentials to bypass the
authentication.
http://www.linuxsecurity.com/content/view/121970
* Gentoo: Heimdal rshd privilege escalation
17th, March, 2006
An error in the rshd daemon of Heimdal could allow authenticated
users
to elevate privileges.
http://www.linuxsecurity.com/content/view/121971
* Gentoo: Crypt:CBC: Insecure initialization vector
17th, March, 2006
Crypt::CBC uses an insecure initialization vector, potentially
resulting in a weaker encryption.
http://www.linuxsecurity.com/content/view/121972
* Gentoo: Metamail Buffer overflow
17th, March, 2006
A buffer overflow in Metamail could possibly be exploited to execute
arbitrary code.
http://www.linuxsecurity.com/content/view/121973
* Gentoo: Cube Multiple vulnerabilities
21st, March, 2006
Cube is vulnerable to a buffer overflow, invalid memory access and
remote client crashes, possibly leading to a Denial of Service or
remote code execution.
http://www.linuxsecurity.com/content/view/122012
* Gentoo: SquirrelMail Cross-site scripting and IMAP command
injection
21st, March, 2006
SquirrelMail is vulnerable to several cross-site scripting
vulnerabilities and IMAP command injection.
http://www.linuxsecurity.com/content/view/122013
* Gentoo: GNU tar Buffer overflow
21st, March, 2006
A malicious tar archive could trigger a Buffer overflow in GNU tar,
potentially resulting in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/122014
* Gentoo: flex Potential insecure code generation
21st, March, 2006
flex might generate code with a buffer overflow, making applications
using such scanners vulnerable to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/122015
* Gentoo: GnuPG Incorrect signature verification
21st, March, 2006
GnuPG may erroneously report a modified or unsigned message has a
valid digital signature.
http://www.linuxsecurity.com/content/view/122016
* Gentoo: PeerCast Buffer overflow
21st, March, 2006
PeerCast is vulnerable to a buffer overflow that may lead to the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/122017
* Gentoo: Pngcrush Buffer overflow
21st, March, 2006
Pngcrush is vulnerable to a buffer overflow which could potentially
lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/122018
* Gentoo: cURL/libcurl Buffer overflow in the handling
21st, March, 2006
libcurl is affected by a buffer overflow in the handling of URLs for
the TFTP protocol, which could be exploited to compromise a user's
system.
http://www.linuxsecurity.com/content/view/122029
* Gentoo: Macromedia Flash Player Arbitrary code execution
21st, March, 2006
Multiple vulnerabilities have been identified that allows arbitrary
code execution on a user's system via the handling of malicious SWF
files.
http://www.linuxsecurity.com/content/view/122030
* Gentoo: Sendmail Race condition in the handling of asynchronous
signals
22nd, March, 2006
Sendmail is vulnerable to a race condition which could lead to the
execution of arbitrary code with sendmail privileges.
http://www.linuxsecurity.com/content/view/122041
* Gentoo: PHP Format string and XSS vulnerabilities
22nd, March, 2006
Multiple vulnerabilities in PHP allow remote attackers to inject
arbitrary HTTP headers, perform cross site scripting or in some cases
execute arbitrary code.
http://www.linuxsecurity.com/content/view/122042
+---------------------------------+
| Distribution: Mandriva | ----------------------------//
+---------------------------------+
* Mandriva: Updated xorg-x11 packages to address local root vuln
20th, March, 2006
Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which
allows non-root users to use the -modulepath, -logfile and -configure
options. This allows loading of arbitrary modules which will execute
as the root user, as well as a local DoS by overwriting system
files. Updated packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/122001
* Mandriva: Updated cairo packages to address Evolution DoS
vulnerability
20th, March, 2006
GNOME Evolution allows remote attackers to cause a denial of service
(persistent client crash) via an attached text file that contains
"Content-Disposition: inline" in the header, and a very long line in
the body, which causes the client to repeatedly crash until the
e-mail message is manually removed, possibly due to a buffer
overflow, as demonstrated using an XML attachment.
http://www.linuxsecurity.com/content/view/122002
* Mandriva: Updated sendmail packages fix remote vulnerability
22nd, March, 2006
A race condition was reported in sendmail in how it handles
asynchronous signals. This could allow a remote attacker to be able
to execute arbitrary code with the privileges of the user running
sendmail.
http://www.linuxsecurity.com/content/view/122048
* Mandriva: Updated kernel packages fix multiple vulnerabilities
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122049
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
* RedHat: Critical: sendmail security update
22nd, March, 2006
Updated sendmail packages to fix a security issue are now available
for Red Hat Enterprise Linux 3 and 4. This update has been rated as
having critical security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/122035
* RedHat: Critical: sendmail security update
22nd, March, 2006
Updated sendmail packages to fix a security issue are now available
for Red Hat Enterprise Linux 2.1. This update has been rated as having
critical security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/122036
* RedHat: Critical: RealPlayer security update
23rd, March, 2006
An updated RealPlayer package that fixes a buffer overflow bug is now
available for Red Hat Enterprise Linux Extras 3 and 4. This update
has been rated as having critical security impact by the Red Hat
Security Response Team.
http://www.linuxsecurity.com/content/view/122057
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
* SuSE: flash-player buffer overflow
21st, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122006
* SuSE: xorg-x11-server local privilege
21st, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122007
* SuSE: sendmail remote code execution
22nd, March, 2006
Updated package.
http://www.linuxsecurity.com/content/view/122037
* SuSE: RealPlayer security problems
23rd, March, 2006
This update fixes the following security problems in Realplayer:
CVE-2006-0323, CVE-2005-2922.
http://www.linuxsecurity.com/content/view/122060
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list