[ISN] Linux Advisory Watch - April 16th 2004

InfoSec News isn at c4i.org
Mon Apr 19 04:58:49 EDT 2004


+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  April 16th, 2004                         Volume 5, Number 16a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave at linuxsecurity.com     ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for apache, the Linux kernel, mysql,
xonix, ssmtp, openoffice, squid, cvs, Heimdal, iproute, pwlib, scorched,
tcpdump, cadaver, and mailman. The distributors include Conectiva, Debian,
Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, and SuSE.

----

>> Secure Online Data Transfer with SSL <<

Get Thawte's new introductory guide to SSL security which covers the
basics of how it operates. A discussion of the various applications of SSL
certificates and their appropriate deployment is also included along with
details of how to test SSL on your web server.

http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=thawte02

----

Professional Associations

Those of you who have been in the IT industry for years are probably
already familiar with most professional organizations.  Some of the more
popular include ISSA (Information Systems Security Association),
USENIX/SAGE, ACM, IAPSC, and countless others.  Most organizations require
its members to pay dues, but that is not without value. Because there are
so many different organizations, it is a better idea to pick one or two
and get heavily involved.  Many organizations are worldwide, but have
local chapters.  This provides many opportunities for benefit.

Did you ever wish you knew the right people?  Local chapter meetings are
great for professional networking.  Some organizations have quarterly
meetings, others hold them monthly.  Chapter events are a great
opportunity to meet people that have similar interests and needs. If you
are in search for a specific security solution, often you will find
someone at a meeting who can offer it.  Conversely, if you're a business
owner and wish to extend your services, meetings can be helpful.

Organizations such as the ISSA offer educational benefits.  Usually
meetings include a lecture that is centered around an information security
topic.  Other meetings can include practical demonstrations and
round-table discussions.  Also, ad hoc study groups are often formed to
prepare for certification exams.

Do you need additional credentials on your resume/cv?  Do you wish you
could prove to management that you are ready for a leadership position?
Professional organizations also offer its members the chance to lead.
Positions such as chapter president, vice president, secretary, etc. open
for election each year.  Although time consuming, it can be a worthwhile
commitment.

Finally, most professional organizations have monthly/quarterly journals
that are written by members.  Rather than being subject to corporate
pressures, you'll find the articles in these journals are of high quality
and relatively unbiased.  Usually you can also find archives of past
papers/publications on each organization's Web site.

For more information about some of the professional organizations that
I've mentioned, please see the following Web sites:

Information Systems Security Association
http://www.issa.org

Association for Computing Machinery
http://www.acm.org

USENIX/SAGE
http://www.usenix.org

International Association of Professional Security Consultants
http://www.iapsc.org/


Until next time, cheers!
Benjamin D. Thomas
ben at linuxsecurity.com

----

Guardian Digital Launches Next Generation Internet
Defense & Detection System

Guardian Digital has announced the first fully open source system designed
to provide both intrusion detection and prevention functions. Guardian
Digital Internet Defense & Detection System (IDDS) leverages best-in-class
open source applications to protect networks and hosts using a unique
multi-layered approach coupled with the security expertise and ongoing
security vigilance provided by Guardian Digital.

http://www.linuxsecurity.com/feature_stories/feature_story-163.html

--------------------------------------------------------------------

Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.

http://www.linuxsecurity.com/feature_stories/feature_story-162.html

--------------------------------------------------------------------

>> Internet Productivity Suite:  Open Source Security <<

Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their
design.


http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn10


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 4/12/2004 - 'mod_python' DoS


   This update fixes a remote denial of service vulnerabiliy in
   Apache web-servers which have mod_python enabled.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4216.html

 4/13/2004 - 'squid' ACL bypass vulnerability

   This update fixes a vulnerability that allows a malicious user to
   bypass url_regex  ACLs by using a specially crafted URL.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4217.html

 4/14/2004 - apache
   Multiple vulnerabilities

   Patch corrects non-filtered escape sequences and a DoS attack.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4219.html



+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 4/14/2004 - kernel
   Multiple vulnerabilities

   This is three advisories in one, each for the same group of kernel
   2.4.x vulnerabilities.  The first is for the PA-RISC architecture,
   the second for the IA-64 architecture, and the third for the
   PowerPC/apus and S/390 architectures.
   http://www.linuxsecurity.com/advisories/debian_advisory-4229.html

 4/14/2004 - mysql
   Insecure temporary file vulnerabilities

   Two scripts contained in the package don't create temporary files
   in a secure fashion, which could lead to a root exploit.
   http://www.linuxsecurity.com/advisories/debian_advisory-4230.html

 4/15/2004 - kernel
   2.4.18 Multiple vulnerabilities

   Here is a patch release specifically for kernel 2.4.18 on the i386
   architecture, fixing multiple kernel security issues, and fixing a
   build error from a previous patch to same.
   http://www.linuxsecurity.com/advisories/debian_advisory-4231.html

 4/15/2004 - xonix
   Privilege retention vulnerability

   A local attacker could exploit this vulnerability to gain gid
   "games".
   http://www.linuxsecurity.com/advisories/debian_advisory-4232.html

 4/15/2004 - ssmtp
   Format string vulnerability

   These vulnerabilities could potentially be exploited by a remote
   mail relay to gain the privileges of the ssmtp process (including
   potentially root).
   http://www.linuxsecurity.com/advisories/debian_advisory-4233.html



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 4/14/2004 - kernel
   Multiple vulnerabilities

   This patch fixes a variety of buffer overflow and information leak
   vulnerabilities.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4228.html

 4/15/2004 - kernel
   Corrected md4sums

   Something went wrong with the md5sums in yesterdays announcement.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4234.html

 4/15/2004 - openoffice
   Multiple format string vulnerabilities

   This patch fixes vulnerabilities that may allow execution of
   arbitrary code, as well as other bugfixes.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4238.html

 4/15/2004 - squid
   2.5 ACL escape vulnerability

   This is a backport of an older patch which prevented crafted URLs
   from being able to ignore Squid's ACLs.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4239.html



+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

 4/15/2004 - cvs
   Chroot escape vulnerability

   This patch fixes two cvs errors, one with the client and one with
   the server.  Both allow chroot escapes.
   http://www.linuxsecurity.com/advisories/freebsd_advisory-4240.html



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 4/9/2004 - Heimdal
   Cross-realm scripting vulnerability

   Heimdal contains cross-realm vulnerability allowing someone with
   control over a realm to impersonate anyone in the cross-realm
   trust path.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4211.html

 4/9/2004 - iproute
   Denial of service vulnerability

   The iproute package allows local users to cause a denial of
   service.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4212.html

 4/9/2004 - pwlib
   Multiple vulnerabilities

   Multiple vulnerabilites have been found in pwlib that may lead to
   a remote denial of service or buffer overflow attack.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4213.html

 4/9/2004 - Scorched
   3D Format string attack vulnerability

   Scorched 3D is vulnerable to a format string attack in the chat
   box that leads to Denial of Service on the game server and
   possibly allows execution of arbitrary code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4214.html

 4/15/2004 - cvs
   Multiple vulnerabilities

   There are two vulnerabilities in CVS; one in the server and one in
   the client. These vulnerabilities allow the reading and writing of
   arbitrary files on both client and server.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4235.html



+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 4/9/2004 - ipsec-tools Signature non-verification vulnerability
   Multiple vulnerabilities

   Racoon does not verify the RSA signature during phase one of a
   connection using either main or aggressive mode.  Only the
   certificate of the client is verified, the certificate is not used
   to verify the client's signature.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4215.html

 4/14/2004 - cvs
   Chroot escape vulnerability

   A maliciously configured server could then create any file with
   content on the local user's disk.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4226.html

 4/14/2004 - kernel
   Multiple vulnerabilities

   This patch fixes a large variety of kernel bugs, including an
   assortment of filesystem related vulnerabilities.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4227.html

 4/15/2004 - tcpdump
   Multiple vulnerabilities

   Corrects out of bounds read and DoS attack.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4236.html



+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

 4/14/2004 - cvs
   Chroot escape vulnerability

   Updated cvs packages that fix a client vulnerability that could be
   exploited by a malicious server are now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4222.html

 4/14/2004 - cadaver
   Multiple format string vulnerabilities

   An updated cadaver package that fixes a vulnerability in neon
   exploitable by a malicious DAV server is now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4223.html

 4/14/2004 - mailman
   Denial of service vulnerability

   An updated mailman package that closes a DoS vulnerability in
   mailman introduced by RHSA-2004:019 is now available.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4224.html

 4/14/2004 - OpenOffice
   Multiple format string vulnerabilities

   An attacker could create a malicious WebDAV server in such a way
   as to allow arbitrary code execution on the client.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4225.html

 4/15/2004 - subversion
   Multiple format string vulnerabilities

   An attacker could create a malicious WebDAV server in such a way
   as to allow arbitrary code execution on the client connecting via
   subserversion.
   http://www.linuxsecurity.com/advisories/redhat_advisory-4237.html



+---------------------------------+
|  Distribution: Suse             | ----------------------------//
+---------------------------------+

 4/14/2004 - kernel
   Multiple vulnerabilities

   Two vulnerabilities, one involving symlink names and one involving
   the JFS filesystem, can both be used to gain root privileges.
   http://www.linuxsecurity.com/advisories/suse_advisory-4220.html

 4/14/2004 - cvs
   Chroot escape vulnerability

   Patches an ability for a rogue CVS server to remotely create
   arbitrary absolute-path files with the user's permission.
   http://www.linuxsecurity.com/advisories/suse_advisory-4221.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------





More information about the ISN mailing list