[ISN] Linux Advisory Watch - May 14th 2004

InfoSec News isn at c4i.org
Mon May 17 04:41:52 EDT 2004

|  LinuxSecurity.com                        Linux Advisory Watch |
|  May 14th, 2004                           Volume 5, Number 20a |

  Editors:     Dave Wreski                Benjamin Thomas
               dave at linuxsecurity.com     ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each

This week, advisories were released for lha, rsync, film, exim, mc,
OpenSSL, heimdal, libneon, clamav, utempter, propftd, apache2, systrace,
cvs, procfs, libpng, openoffice, kernel, sysklogd, and live.  The
distributors include Conectiva, Debian, Fedora, FreeBSD, Gentoo, Mandrake,
NetBSD, OpenBSD, Red Hat, Slackware, and SuSE.


>> Need to Secure Multiple Domain or Host Names? <<

Securing multiple domain or host names need not burden you with unwanted
administrative hassles. Learn more about how the cost-effective Thawte
Starter PKI program can streamline management of your digital

Download a guide to learn more:


Why Security

As security professionals and systems administrators we often forget
exactly why we're adding additional security.  In the daily grime of
configuring firewalls, intrusion detection systems, and other controls, we
tend to loose sight of the real objective.  In any organization the
purpose of information security is to support long-term growth and
stability, and ensuring confidentiality, integrity, and availability.  In
a business environment, information security is critical.

A typical business objective is to maximize profit, while having a high
and sustainable rate of growth.  Today, businesses are increasingly
dependent on IT to support the automation of tasks, and e-Business
functions.  Email and Web access are no longer just a 'nice thing to
have,' they are a necessity.  With this, comes increased risks.

Information is an essential resource for all businesses, and is often a
key factor for achieving business goals.  Having the right information in
the hands of the right people, at the right time is a critical success
factor.  It could be the difference between success and failure.  Today,
businesses are so dependent on IT that if any event interrupted service,
productivity would grind to a halt.  In many cases, doing a task manually
is no longer an option or even possible.

We have information security initiatives in business to help prevent those
catastrophic occurrences.  We must also realize it is impossible to
prevent every incident.  With that in mind, it is important to have a plan
to appropriately deal with situations as they occur, possibly limiting any
consequential damage.  Information security is about maintaining
confidentiality, integrity, and availability with appropriate controls.
It is not about having the latest-and-greatest experimental technology.
Although fun to play with, it is important to keep the real objectives in

Until next time, cheers!
Benjamin D. Thomas
ben at linuxsecurity.com


Guardian Digital Security Solutions Win Out At Real World Linux

Enterprise Email and Small Business Solutions Impres at Linux Exposition.
Internet and network security was a consistent theme and Guardian Digital
was on hand with innovative solutions to the most common security issues.
Attending to the growing concern for cost-effective security, Guardian
Digital's enterprise and small business applications were stand-out



Interview with Siem Korteweg: System Configuration Collector

In this interview we learn how the System Configuration Collector (SCC)
project began, how the software works, why Siem chose to make it open
source, and information on future developments.



>> Internet Productivity Suite:  Open Source Security <<
Trust Internet Productivity Suite's open source architecture to give you
the best security and productivity applications available. Collaborating
with thousands of developers, Guardian Digital security engineers
implement the most technologically advanced ideas and methods into their


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Conectiva        | ----------------------------//

 5/10/2004 - lha
   Multiple vulnerabilities

   Specially crafted LHarc archives, when processed by lha, may
   execute arbitrary code or overwrite arbitrary files.

|  Distribution: Debian           | ----------------------------//

 5/10/2004 - rsync
   Directory traversal vulneraiblity

   Patch fixes issue where a remote user could cause an rsync daemon
   to write files outside of the intended directory tree unless
   'chroot' option is on.

 5/10/2004 - flim
   Insecure temporary file vulnerability

   This vulnerability could be exploited by a local user to overwrite
   files with the privileges of the user running emacs.

 5/10/2004 - exim
   Buffer overflow vulnerabilities

   Neither of these stack-based buffer overflows is exploitable with
   the default Debian configuration.

 5/12/2004 - exim-tls Buffer overflow vulnerabilities
   Buffer overflow vulnerabilities

   These can not be exploited with the default configuration from the
   Debian system.

 5/13/2004 - mah-jong Denial of service vulnerability
   Buffer overflow vulnerabilities

   A problem has been discovered in mah-jong that can be utilised to
   crash the game server after dereferencing a NULL pointer.

|  Distribution: Fedora           | ----------------------------//

 5/10/2004 - mc
   Multiple vulnerabilities

   Several buffer overflows, several temporary file creation
   vulnerabilities, and one format string vulnerability have been
   discovered in Midnight Commander.

 5/10/2004 - OpenSSL
   Denial of service vulnerability

   Testing uncovered a bug in older versions of OpenSSL 0.9.6 prior
   to 0.9.6d that  can lead to a denial of service attack (infinite

|  Distribution: FreeBSD          | ----------------------------//

 5/10/2004 - heimdal
   Cross-realm trust vulnerability

   It is possible for the Key Distribution Center (KDC) of a realm to
   forge part or all of the `transited' field to fake zone

 5/10/2004 - crypto_heimdal
   Heap overflow vulnerability

   A remote attacker may send a specially formatted message to
   k5admind, causing it to crash or possibly resulting in arbitrary
   code execution.

|  Distribution: Gentoo           | ----------------------------//

 5/10/2004 - LHa
   Multiple vulnerabilities

   Patch corrects two stack-based buffer overflows and two directory
   traversal problems in LHa.

 5/10/2004 - libneon
   Format string vulnerabilities

   Allows malicious WebDAV server to execute arbitrary code.

 5/12/2004 - ClamAV
   Privilege escalation vulnerability

   With a specific configuration Clam AntiVirus is vulnerable to an
   attack allowing execution of arbitrary commands.

 5/12/2004 - OpenOffice.org Format string vulnerabilities
   Privilege escalation vulnerability

   Several format string vulnerabilities are present in the Neon
   library allowing remote execution of arbitrary code when connected
   to an untrusted WebDAV server.

 5/13/2004 - utempter
   Insecure temporary file vulnerability

   Utempter contains a vulnerability that may allow local users to
   overwrite arbitrary files via a symlink attack.

|  Distribution: Mandrake         | ----------------------------//

 5/10/2004 - proftpd
   Access control escape vulnerability

   CIDR ACLs in version 1.2.9 allow access even to files and
   directories that are otherwise specifically denied.

 5/12/2004 - rsync
   Directory traversal vulnerability

   Rsync before 2.6.1 does not properly sanitize paths when running a
   read/write daemon without using chroot, allows remote attackers to
   write files outside of the module's path.

 5/12/2004 - apache2
   Denial of service vulnerability

   A memory leak in mod_ssl in the Apache HTTP Server prior to
   version 2.0.49 allows a remote denial of service attack against an
   SSL-enabled server.

|  Distribution: NetBSD           | ----------------------------//

 5/13/2004 - systrace
   Privilege escalation vulnerability

   A local user that is allowed to use /dev/systrace can obtain root

|  Distribution: OpenBSD          | ----------------------------//

 5/10/2004 - cvs
   Pathname validation vulnerabilities

   Patches for both client and server prevent file creation and
   modification outside of allowed directories.

 5/13/2004 - procfs
   Incorrect bounds checking vulnerability

   Incorrect bounds checking in several procfs functions could allow
   an unprivileged malicious user to read arbitrary kernel memory.

|  Distribution: Red Hat          | ----------------------------//

 5/10/2004 - utempter
   Temporary file vulnerability

   Utemper can be userd to overwrite privileged files with symlink.

 5/10/2004 - libpng
   Denial of service vulnerability

   An attacker could carefully craft a PNG file in such a way that it
   would cause an application linked to libpng to crash when opened
   by a victim.

 5/10/2004 - OpenOffice
   Format string vulnerability

   An attacker could create a malicious WebDAV server in such a way
   as to allow arbitrary code execution on the client should a user
   connect to it using OpenOffice.

 5/10/2004 - mc
   Multiple vulnerabilities

   This patch corrects many vulnerabilities of Midnight Commander.

 5/12/2004 - kernel
   Multiple vulnerabilities

   This patches the 2.4.x kernel for a wide variety of platforms to
   fix a large number of bugs, including several with security

 5/12/2004 - ipsec-tools Multiple vulnerabilities
   Multiple vulnerabilities

   This patch fixes three seperate vulnerabilities in IPSec under Red

|  Distribution: Slackware        | ----------------------------//

 5/10/2004 - rsync
   Improper write access vulnerability

   When running an rsync server without the chroot option it is
   possible for an attacker to write outside of the allowed

 5/10/2004 - sysklogd
   Denial of service vulnerability

   New sysklogd packages are available for Slackware 8.1, 9.0, 9.1,
   and -current to fix a security issue where a user could cause
   syslogd to crash.

 5/10/2004 - xine-lib Arbitrary code execution vulnerability
   Denial of service vulnerability

   Playing a specially crafted Real RTSP stream could run malicious
   code as the user playing the stream.

 5/10/2004 - libpng
   Denial of service vulnerability

   libpng could be caused to crash, creating a denial of service
   issue if network services are linked with it.

 5/10/2004 - lha
   Multiple vulneraiblities

   Fixes buffer overflows and directory traversal vulnerabilities.

 5/13/2004 - apache
   Multiple vulnerabilities

   Patch corrects denial of service and shell escape vulnerabilities.

|  Distribution: SuSE             | ----------------------------//

 5/10/2004 - kernel
   Multiple vulnerabilities

   This patch fixes a large number of minor vulnerabilities and bugs
   related to the SuSE 8.1 and SuSE 9.0 kernels.

 5/10/2004 - Live
   CD 9.1 Passwordless superuser

   A configuration error on the Live CD allows for a passwordless,
   remote root login to the system via ssh, if the computer has
   booted from the Live CD and if it is connected to a network.

Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list