[ISN] Linux Advisory Watch - August 13, 2004

InfoSec News isn at c4i.org
Mon Aug 16 04:17:26 EDT 2004

|  LinuxSecurity.com                         Weekly Newsletter        |
|  August 13, 2004                           Volume 5, Number 32a     |

  Editors:	Dave Wreski			Benjamin Thomas
		dave at linuxsecurity.com		ben at linuxsecurity.com

This week, advisories were released for apache, Cfengine, Courier,
Ethereal, Gaim, glibc, gnome-vfs, gv, imagemagick, kernel, libpng,
libpng10, mozilla, MPlayer, Nessus, Opera, PuTTY, Roundup, sox,
SpamAssassin, squirrelmail, and shorewall.

The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake,
Openwall, Red Hat, Slackware, Suse, Trustix, and Turbolinux.


>> Internet Productivity Suite:  Open Source Security <<

Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available.  Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their



Root Security

Keeping the superuser account secure should be a top priority for any
system. The most sought-after account on your machine is the superuser
account.  This account has authority over the entire machine, which may
also include authority over other machines on the network. Remember that
you should only use the root account for very short specific tasks and
should mostly run as a normal user. Running as root all the time is a very
very very bad idea.

Several tricks to avoid messing up your own box as root:

- When doing some complex command, try running it first in a non
  destructive way...especially commands that use globbing:  e.g., you
  are going to do a rm foo*.bak, instead, first do: ls foo*.bak and
  make sure you are going to delete the files you think you are. Using
  echo in place of destructive commands also works.

- Provide your users with a default alias to the /bin/rm command to
  ask for confirmation for deletion of files.

- Only become root to do single specific tasks. If you find yourself
  trying to figure out how to do something, go back to a normal user
  shell until you are sure what needs to be done by root.

- The command path for the root user is very important. The command
  path, or the PATH environment variable, defines the location the
  shell searches for programs. Try and limit the command path for
  the root user as much as possible, and never use '.', meaning 'the
  current directory', in your PATH statement. Additionally, never
  have writable directories in your search path, as this can allow
  attackers to modify or place new binaries in your search path,
  allowing them to run as root the next time you run that command.

- Never use the rlogin/rsh/rexec (called the "r-utilities") suite of
  tools as root. They are subject to many sorts of attacks, and are
  downright dangerous run as root. Never create a .rhosts file for

- The /etc/securetty file contains a list of terminals that root can
  login from. By default (on Red Hat Linux) this is set to only the
  local virtual consoles (vtys). Be very careful of adding anything
  else to this file. You should be able to login remotely as your
  regular user account and then use su if you need to (hopefully over
  ssh or other encrypted channel), so there is no need to be able to
  login directly as root.

- Always be slow and deliberate running as root. Your actions could
  affect a lot of things. Think before you type!

 Security Tip Written by Dave Wreski (dave at guardiandigital.com)
 Additional tips are available at the following URL:


An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



Security Expert Dave Wreski Discusses Open Source Security

LinuxSecurity.com editors have a seat with Dave Wreski, CEO of Guardian
Digital, Inc. and respected author of various hardened security and Linux
publications, to talk about how Guardian Digital is changing the face of
IT security today. Guardian Digital is perhaps best known for their
hardened Linux solution EnGarde Secure Linux, touted as the premier
secure, open-source platform for its comprehensive array of general
purpose services, such as web, FTP, email, DNS, IDS, routing, VPN,
firewalling, and much more.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Conectiva        | ----------------------------//

 8/11/2004 - libpng
   Multiple vulnerabilities

   Chris Evans found several vulnerabilities in unpatched libpng
   versions pior to 1.0.16rc1 and 1.2.6rc1

 8/11/2004 - apache
   Format string vulnerability

   Ralf S. Engelschall found[1] a dangerous call[2] to ssl_log
   function in ssl_engine_log.c that could allow remote attackers to
   execute arbitrary messages

 8/13/2004 - squirrelmail
   Multiple vulnerabilities

   This patch addresses four vulnerabilities in SquirrelMail,
   including XSS and SQL injection attacks.

|  Distribution: Debian           | ----------------------------//

 8/11/2004 - squirrelmail
   Multiple vulnerabilities

   This patch addresses multiple Cross Site Scripting and SQL
   Injection vulnerabilities.

 8/11/2004 - libpng
   Multiple vulnerabilities

   This patch addresses a large number of vulnerabilities in libpng.

|  Distribution: Fedora           | ----------------------------//

 8/11/2004 - kernel
   Multiple vulnerabilities

   This update kernel for Fedora Core 2 contains the security fixes
   as found by Paul Starzetz from isec.pl.

 8/11/2004 - libpng10
   Multiple vulnerabilities

   Multiple libpng vulnerabilities are backpatched to the old 1.0.x
   libpng libraries.

 8/11/2004 - libpng
   Multiple vulnerabilities

   This patch fixes numerous buffer overflow and pointer dereference
   vulnerabilities that a security audit turned up in libpng 1.2.x

 8/11/2004 - kernel
   Unsafe pointer vulnerabilities

   A local unprivileged user could make use of these flaws to access
   large portions of kernel memory.

|  Distribution: Gentoo           | ----------------------------//

 8/11/2004 - MPlayer
   Buffer overflow vulnerability

   When compiled with GUI support MPlayer is vulnerable to a remotely
   exploitable buffer overflow attack.

 8/11/2004 - Courier
   Cross-site scripting vulnerability

   The SqWebMail web application, included in the Courier suite, is
   vulnerable to cross-site scripting attacks.

 8/11/2004 - libpng
   Multiple vulnerabilities

   libpng contains numerous vulnerabilities potentially allowing an
   attacker to perform a Denial of Service attack or even execute
   arbitrary code.

 8/11/2004 - PuTTY
   Buffer overflow vulnerability

   PuTTY contains a vulnerability allowing a SSH server to execute
   arbitrary code on the connecting client.

 8/11/2004 - Opera
   Multiple vulnerabilities

   Several new vulnerabilities were found and fixed in Opera,
   including one allowing an attacker to read the local filesystem

 8/11/2004 - SpamAssassin
   Denial of service vulnerability

   SpamAssassin is vulnerable to a Denial of Service attack when
   handling certain malformed messages.

 8/11/2004 - Horde-IMP Input validation vulnerability
   Denial of service vulnerability

   Horde-IMP fails to properly sanitize email messages that contain
   malicious HTML or script code so that it is not safe for users of
   Internet Explorer when using the inline MIME viewer for HTML

 8/11/2004 - Cfengine
   Heap corruption vulnerability

   Cfengine is vulnerable to a remote root exploit from clients in

 8/13/2004 - Roundup
   Filesystem access vulnerability

   Roundup will make files owned by the user that it's running as
   accessable to a remote attacker.

 8/13/2004 - gv
   Buffer overflow vulnerability

   gv contains an exploitable buffer overflow that allows an attacker
   to execute arbitrary code.

 8/13/2004 - Nessus
   Race condition vulnerability

   Nessus contains a vulnerability allowing a user to perform a
   privilege escalation attack using "adduser".

 8/13/2004 - Gaim
   Buffer overflow vulnerability

   Gaim contains a remotely exploitable buffer overflow vulnerability
   in the MSN-protocol parsing code that may allow remote execution
   of arbitrary code.

 8/13/2004 - kdebase,kdelibs Multiple vulnerabilities
   Buffer overflow vulnerability

   KDE contains three security issues that can allow an attacker to
   compromise system accounts, cause a Denial of Service, or spoof
   websites via frame injection.

|  Distribution: Mandrake         | ----------------------------//

 8/11/2004 - libpng
   Buffer overflow vulnerabilities

   Chris Evans discovered numerous vulnerabilities in the libpng
   graphics library.

 8/11/2004 - shorewall
   Insecure temporary file vulnerability

   The shorewall package has a vulnerability when creating temporary
   files and directories, which could allow non-root users to
   overwrite arbitrary files on the system.

 8/13/2004 - gaim
   Buffer overflow vulnerabilities

   Sebastian Krahmer discovered two remotely exploitable buffer
   overflow vunerabilities in the gaim instant messenger.

 8/13/2004 - mozilla
   Multiple vulnerabilities

   A large number of Mozilla vulnerabilites is addressed by this

|  Distribution: Openwall         | ----------------------------//

 8/11/2004 - kernel
   Multiple vulnerabilities

   his corrects the access control check in the Linux kernel which
   previously wrongly allowed any local user to change the group
   ownership of arbitrary NFS-exported/imported files.

|  Distribution: Red Hat          | ----------------------------//

 8/11/2004 - kernel
   Multiple vulnerabilities

   Updated kernel packages that fix potential information leaks and a
   incorrect driver permission for Red Hat Enterprise Linux 2.1 are
   now available.

 8/11/2004 - kernel
   Multiple vulnerabilities

   Updated kernel packages that fix several security issues in Red
   Hat Enterprise Linux 3 are now available.

 8/11/2004 - libpng
   Buffer overflow vulnerabilities

   An attacker could create a carefully crafted PNG file in such a
   way that it would cause an application linked with libpng to
   execute arbitrary code when the file was opened by a victim.

 8/11/2004 - gnome-vfs
   VFS Multiple vulnerabilities

   An attacker who is able to influence a user to open a
   specially-crafted URI using gnome-vfs could perform actions as
   that user.

 8/11/2004 - glibc
   Multiple vulnerabilities

   Updated glibc packages that fix a security flaw in the resolver as
   well as dlclose handling are now available.

 8/11/2004 - mozilla
   Multiple vulnerabilities

   Updated mozilla packages based on version 1.4.3 that fix a number
   of security issues for Red Hat Enterprise Linux are now available.

 8/11/2004 - Ethereal
   Multiple vulnerabilities

   Updated Ethereal packages that fix various security
   vulnerabilities are now available.

|  Distribution: Slackware        | ----------------------------//

 8/11/2004 - libpng
   Buffer overflow vulnerabilities

   Exploitation could cause program crashes, or possibly allow
   arbitrary code embedded in a malicious PNG image to execute.

 8/11/2004 - mozilla
   Multiple vulnerabilities

   This is a full upgrade of Mozilla, put in place to remove security
   vulnerabilities whose fixes were not backported.

 8/11/2004 - imagemagick
   Buffer overflow vulnerabilities

   This imagemagick patch fixes issues with PNG images.

 8/11/2004 - sox
   Buffer overflow vulnerabilities

   Fixes buffer overflow security issues that could allow a malicious
   WAV file to execute arbitrary code.

|  Distribution: Suse             | ----------------------------//

 8/6/2004 - libpng
   Multiple vulnerabilities

   Several different security vulnerabilities were found in the PNG
   library which is used by applications to support the PNG image

 8/11/2004 - kernel
   Multiple vulnerabilities

   This patch fixes a large number of kernel vulnerabilities,
   including a recently discovered race condition that can be
   exploited for access to kernel memeory.

 8/12/2004 - gaim
   Buffer overflow vulnerabilities

   Remote attackers can execute arbitrary code as the user running
   the gaim client.

|  Distribution: Trustix          | ----------------------------//

 8/6/2004 - libpng
   Multiple vulnerabilities

   This is a roundup patch that fixes all known vulnerabilites with
   respect to libpng.

 8/11/2004 - kernel
   Multiple vulnerabilities

   This roundup patch fixes a large number of kernel vulnerabilites.

|  Distribution: Turbolinux       | ----------------------------//

 8/11/2004 - libpng
   Multiple vulnerabilities

   Multiple buffer overflows and a potential NULL pointer dereference
   in libpng allow remote attackers to execute arbitrary code via
   malformed PNG images.

Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list