[ISN] Linux Advisory Watch - April 28th 2006

InfoSec News isn at c4i.org
Mon May 1 01:41:00 EDT 2006


+---------------------------------------------------------------------+
|  LinuxSecurity.com                         Weekly Newsletter        |
|  April 28th, 2006                           Volume 7, Number 18n    |
|                                                                     |
|  Editorial Team:  Dave Wreski             dave at linuxsecurity.com    |
|                   Benjamin D. Thomas      ben at linuxsecurity.com     |
+---------------------------------------------------------------------+

Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.

This week, advisories were released for zgv, xzgv, blender, gdm,
abc2ps, SASL, abcmidi, Mozilla, OpenVPN, kernel, gnome-pilot,
qt, tzdata, procps, procinfo, beagle, jwhois, cscope, ethereal,
system-config-data, pygtk, crossfire, fbida, dia, xine-ui,
php, mozilla-firefox, ruby, module-init-tools, thunderbird,
and ipsec-tools.  The distributors include Debian, Fedora,
Gentoo, Fedora, Mandriva, Red Hat, SuSE.

---

EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.

http://www.engardelinux.org/modules/index/register.cgi

---

 Introduction: Buffer Overflow Vulnerabilities

In exploiting the buffer overflow vulnerability, the main
objective is to overwrite some control information in order
to change the flow of control in the program. The usual way
of taking advantage of this is to modify the control information
to give authority to code provided by the attacker to take
control. According to Shaneck, "The most widespread type of
exploit is called 'Smashing the Stack' and involves overwriting
the return address stored on the stack to transfer control to
code placed either in the buffer, or past the end of the buffer."
(Shaneck, 2003) The stack is a section of memory used for
temporary storage of information. In a stack-based buffer
overflow attack, the attacker adds more data than expected to
the stack, overwriting data. Farrow explains this in an example,
"Let's say that a program is executing and reaches the stage
where it expects to use a postal code or zip code, which it
gets from a Web-based form that customers filled out."
(Farrow, 2002) The longest postal code is fewer than twelve
characters, but on the web form, the attacker typed in the
letter "A" 256 times, followed by some other commands. The
data overflows the buffer allotted for the zip code and the
attacker's commands fall into the stack. After a function
is called, the address of the instruction following the
function call is pushed onto the stack to be saved so that
the function knows where to return control when it is
finished. A buffer overflow allows the attacker to change
the return address of a function to a point in memory where
they have already inserted executable code. Then control
can be transferred to the malicious attack code contained
with the buffer, called the payload (Peikari and Chuvakin,
2004). The payload is normally a command to allow remote
access or some other command that would get the attacker
closer to having control of the system. As Holden explains,
"a computer is flooded with more information than it can
handle, and some of it may contain instructions that could
damage files on the computer or disclose information that
is normally protected- or give the hacker root access to
the system." (Holden, 2004)

The best defense against any of these attacks is to have
perfect programs. In ideal circumstances, every input in
every program would do bounds checks to allow only a given
number of characters. Therefore, the best way to deal with
buffer overflow problems is to not allow them to occur in
the first place. Unfortunately, not all programs are perfect
and some have bugs that permit the attacks discussed in this
paper. As described by Farrow, "because programs are not
perfect, programmers have come up with schemes to defend
against buffer overflow attacks." (Farrow, 2002) One
technique entails enforcing the computer to use the stack
and the heap for data only and to never to execute any
instructions found there. This approach can work for UNIX
systems, but it can't be used on Windows systems. Farrow
describes another scheme using a canary to protect against
buffer overflows, but only the kind that overwrite the stack.
(Farrow, 2002) The stack canary protects the stack by being
put in sensitive locations in memory like the return address
(that tells the computer where to find the next commands to
execute after it completes its current function). As
described by Farrow, "before return addresses get used, the
program checks to see if the canary is okay." (Farrow, 2002)
If the canary has been hit, the program then quits because
it knows that something has gone wrong. As a user of the
programs, the best countermeasure is to make sure your systems
are fully patched in order to protect yourself from exploits
targeting vulnerabilities.

Read Full Article:
http://www.linuxsecurity.com/content/view/118881/49/

----------------------

EnGarde Secure Community 3.0.4 Released

Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.4 (Version 3.0, Release 4). This release
includes several bug fixes and feature enhancements to the Guardian
Digital WebTool and the SELinux policy, and several new packages
available for installation.

http://www.linuxsecurity.com/content/view/121560/65/

---

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New zgv packages fix arbitrary code execution
  21st, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122512


* Debian: New xzgv packages fix arbitrary code execution
  22nd, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122518


* Debian: New blender packages fix several vulnerabilities
  24th, April, 2006

Several vulnerabilities have been discoverd in in blender, a very
fast
and versatile 3D modeller/renderer.  The Common Vulnerability and
Exposures Project identifies the following problems: CVE-2005-3302,
CVE-2005-4470

http://www.linuxsecurity.com/content/view/122526


* Debian: New gdm packages fix local root exploit
  24th, April, 2006


A vulnerability has been identified in gdm, a display manager for X,
that could allow a local attacker to gain elevated privileges by
exploiting a race condition in the handling of the .ICEauthority
file.

http://www.linuxsecurity.com/content/view/122527


* Debian: New abc2ps packages fix arbitrary code execution
  25th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122544


* Debian: New Cyrus SASL packages fix denial of service
  25th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122564


* Debian: New abcmidi packages fix arbitrary code execution
  26th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122571


* Debian: New Mozilla Firefox packages fix several vulnerabilities
  26th, April, 2006

Several security related problems have been discovered in Mozilla
Firefox.

http://www.linuxsecurity.com/content/view/122578


* Debian: New Mozilla Firefox packages fix several vulnerabilities
  26th, April, 2006

http://www.linuxsecurity.com/content/view/122581


* Debian: New OpenVPN packages fix arbitrary code execution
  27th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122591


* Debian: New Mozilla packages fix several vulnerabilities
  27th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122592



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: kernel-2.6.16-1.2096_FC4
  20th, April, 2006

This update includes a number of security issues that have been
fixed upstream over the last week or so.

http://www.linuxsecurity.com/content/view/122490


* Fedora Core 4 Update: kernel-2.6.16-1.2096_FC4
  20th, April, 2006

This update includes a number of security issues that have been
fixed upstream over the last week or so.

http://www.linuxsecurity.com/content/view/122491


* Fedora Core 5 Update: gnome-pilot-2.0.13-7.fc5.6
  20th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122492


* Fedora Core 4 Update: gnome-pilot-2.0.13-5.fc4.2
  20th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122493


* Fedora Core 4 Update: qt-3.3.4-15.5
  20th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122494


* Fedora Core 5 Update: tzdata-2006d-1.fc5
  20th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122495


* Fedora Core 4 Update: tzdata-2006d-1.fc4
  20th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122496


* Fedora Core 5 Update: procps-3.2.6-3.3
  21st, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122506


* Fedora Core 5 Update: procinfo-18-18.2.2
  21st, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122507


* Fedora Core 5 Update: gnome-user-share-0.9-4
  21st, April, 2006

Fixes login when using password.

http://www.linuxsecurity.com/content/view/122508


* Fedora Core 5 Update: beagle-0.2.5-1.fc5.1
  21st, April, 2006

This upgrade to 0.2.5 fixes various bugs, including making the
firefox extension work again. It also contains fixes for a minor
security issue where you could inject command line argument into the
indexer helpers.

http://www.linuxsecurity.com/content/view/122509


* Fedora Core 4 Update: jwhois-3.2.3-3.3.fc4.1
  21st, April, 2006

Updates jwhois to 3.2.3 and updates the default configuration.

http://www.linuxsecurity.com/content/view/122510


* Fedora Core 5 Update: cscope-15.5-13.3
  21st, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122513


* Fedora Core 5 Update: ethereal-0.99.0-fc5.1
  25th, April, 2006


Many security vulnerabilities have been fixed since the
previous release.

http://www.linuxsecurity.com/content/view/122561


* Fedora Core 4 Update: ethereal-0.99.0-fc4.1
  26th, April, 2006

 Many security vulnerabilities have been fixed since the
previous release.

http://www.linuxsecurity.com/content/view/122574


* Fedora Core 4 Update: system-config-date-1.8.3-0.fc4.1
  26th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122586


* Fedora Core 5 Update: system-config-date-1.8.3-0.fc5.1
  26th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122587


* Fedora Core 5 Update: pygtk2-2.8.6-0.fc5.1
  26th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122588


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Cyrus-SASL DIGEST-MD5 Pre-Authentication Denial of Service
  21st, April, 2006

Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that
could lead to a Denial of Service.

http://www.linuxsecurity.com/content/view/122498


* Gentoo: zgv, xzgv Heap overflow
  21st, April, 2006

xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK
colour space incorrectly, potentially resulting in the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/122499


* Gentoo: Crossfire server Denial of Service and potential
  22nd, April, 2006

The Crossfire game server is vulnerable to a Denial of Service and
potentially to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122519


* Gentoo: Mozilla Firefox Multiple vulnerabilities
  23rd, April, 2006

Several vulnerabilities in Mozilla Firefox allow attacks ranging from
execution of script code with elevated privileges to information
leaks.

http://www.linuxsecurity.com/content/view/122520


* Gentoo: fbida Insecure temporary file creation
  23rd, April, 2006

fbida is vulnerable to linking attacks, potentially allowing a local
user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/122521


* Gentoo: Dia Arbitrary code execution through XFig import
  23rd, April, 2006

Buffer overflows in Dia's XFig import could allow remote attackers to
execute arbitrary code.

http://www.linuxsecurity.com/content/view/122522


* Gentoo: xine-ui Format string vulnerabilities
  26th, April, 2006

Format string vulnerabilities in xine-ui may lead to the execution of

arbitrary code.

http://www.linuxsecurity.com/content/view/122579


* Gentoo: xine-lib Buffer overflow vulnerability
  26th, April, 2006

xine-lib contains a buffer overflow vulnerability which may lead to
the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122580


* Gentoo: Ethereal Multiple vulnerabilities in protocol dissectors
  27th, April, 2006

Ethereal is vulnerable to numerous vulnerabilities, potentially
resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/122590


+---------------------------------+
|  Distribution: Mandriva         | ----------------------------//
+---------------------------------+

* Mandriva: Updated cyrus-sasl packages addresses vulnerability
  24th, April, 2006

A vulnerability in the CMU Cyrus Simple Authentication and Security
Layer (SASL) library < 2.1.21, has an unknown impact and remote
unauthenticated attack vectors, related to DIGEST-MD5 negotiation.

http://www.linuxsecurity.com/content/view/122541


* Mandriva: Updated php packages address multiple vulnerabilities.
  24th, April, 2006

A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP
<= 5.1.2 allows remote attackers to inject arbitrary web script or
HTML via long array variables, including (1) a large number of
dimensions or (2) long values, which prevents HTML tags from being
removed.

http://www.linuxsecurity.com/content/view/122542


* Mandriva: Updated mozilla-firefox packages fix numerous
vulnerabilities
  25th, April, 2006

A number of vulnerabilities have been discovered in the Mozilla
Firefox browser that could allow a remote attacker to craft malicious
web pages that could take advantage of these issues to execute
arbitrary code with elevated privileges, spoof content, and steal
local files, cookies, or other information from web pages.

http://www.linuxsecurity.com/content/view/122543


* Mandriva: Updated mozilla packages fix numerous vulnerabilities
  25th, April, 2006

A number of vulnerabilities have been discovered in the Mozilla Suite
that could allow a remote attacker to craft malicious web pages that
could take advantage of these issues to execute arbitrary code with
elevated privileges, spoof content, and steal local files, cookies,
or other information from web pages.

http://www.linuxsecurity.com/content/view/122565


* Mandriva: Updated ethereal packages fix numerous vulnerabilities
  25th, April, 2006

A number of vulnerabilities have been discovered in the Ethereal
network analyzer.  These issues have been corrected in Ethereal
version 0.99.0 which is provided with this update.

http://www.linuxsecurity.com/content/view/122566


* Mandriva: Updated mozilla-thunderbird packages fix numerous
vulnerabilities
  25th, April, 2006

A number of vulnerabilities have been discovered in the Mozilla
Thunderbird email client that could allow a remote attacker to craft
malicious web emails that could take advantage of these issues to
execute arbitrary code with elevated privileges, spoof content, and
steal local files, or other  nformation.

http://www.linuxsecurity.com/content/view/122567


* Mandriva: Updated ruby packages fix vulnerability
  25th, April, 2006

A vulnerability in how ruby's HTTP module uses blocking sockets was
reported by Yukihiro Matsumoto.  By sending large amounts of data to
a server application using this module, a remote attacker could
exploit it to render the application unusable and not respond to
other client requests.

http://www.linuxsecurity.com/content/view/122570


* Mandriva: Updated module-init-tools packages fix CUPS-related bug
  27th, April, 2006

The default configuration of module-init-tools was to send a HUP
signal to the CUPS daemon whenever the "usblp" kernel module is
loaded, for example when a USB printer is plugged in. Due to udev
also sending a HUP signal to the CUPS daemon on pluggin in a USB
printer there were two HUPs one shortly after the other which often
makes the CUPS daemon crashing.

http://www.linuxsecurity.com/content/view/122589


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Critical: thunderbird security update
  21st, April, 2006

An updated thunderbird package that fixes various bugs is now
available for Red Hat Enterprise Linux 4. This update has been
rated as having critical security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/122511


* RedHat: Moderate: ipsec-tools security update
  25th, April, 2006

Updated ipsec-tools packages that fix a bug in racoon are now
available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122550


* RedHat: Moderate: php security update
  25th, April, 2006

Updated PHP packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 and 4. This update has
been rated as having moderate security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/122551


+---------------------------------+
|  Distribution: SuSE             | ----------------------------//
+---------------------------------+

* SuSE: Mozilla Firefox, Mozilla Suite
  20th, April, 2006

Updated package.

http://www.linuxsecurity.com/content/view/122489


* SuSE: MozillaThunderbird various problems
  25th, April, 2006

Multiple vulnerabilities fixed.

http://www.linuxsecurity.com/content/view/122549

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list