[ISN] Linux Advisory Watch - October 8th 2004
InfoSec News
isn at c4i.org
Sat Oct 9 05:02:42 EDT 2004
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 8th, 2004 Volume 5, Number 40a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin D. Thomas
dave at linuxsecurity.com ben at linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for syscons, shareutils, netpbm,
kdelibs, PHP, samba, kernel, XFree86, samba, getmail, zlib, mozilla, and
squid. The distributors include Debian, Slackware, SuSE, Trustix, and
Turbolinux.
-----
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
-----
Password Cracking
If for some reason your passwd program is not enforcing non easily
guessable passwords, you might want to run a password cracking program and
make sure your users passwords are secure.
Password cracking programs work on a simple idea. They try every word in
the dictionary, and then variations on those words. They encrypt each one
and check it against your encrypted password. If they get a match they are
in. Also, the "dictionary" may include usernames, Star Trek ships,
foreign words, keyboard patterns, etc.
There are a number of programs out there...the two most notable of which
are ``Crack'' and ``John the Ripper''
http://www.false.com/security/john/index.html
They will take up a lot of your CPU time, but you should be able to tell
if an attacker could get in using them by running them first yourself and
notifying users with weak passwords. Note that an attacker would have to
use some other hole first in order to get your passwd (Unix /etc/passwd)
file, but these are more common than you might think.
Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
Written by: Dave Wreski (dave at guardiandigital.com)
-----
AIDE and CHKROOTKIT
Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.
http://www.linuxsecurity.com/feature_stories/feature_story-173.html
---------------------------------------------------------------------
An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code
Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com
http://www.linuxsecurity.com/feature_stories/feature_story-171.html
------
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
10/2/2004 - netkit-telnet invalid free(3)
Michal Zalewski discovered a bug in the netkit-telnet server
(telnetd) whereby a remote attacker could cause the telnetd
process to free an invalid pointer.
http://www.linuxsecurity.com/advisories/debian_advisory-4886.html
10/4/2004 - rp-pppoe, pppoe missing privilegue dropping
Max Vozeler discovered a vulnerability in pppoe, the PPP over
Ethernet driver from Roaring Penguin. When the program is running
setuid root (which is not the case in a default Debian
installation), an attacker could overwrite any file on the file
system.
http://www.linuxsecurity.com/advisories/debian_advisory-4887.html
10/6/2004 - libapache-mod-dav potential denial of service
Julian Reschke reported a problem in mod_dav of Apache 2 in
connection with a NULL pointer dereference. When running in a
threaded model, especially with Apache 2, a segmentation fault can
take out a whole process and hence create a denial of service for
the whole server.
http://www.linuxsecurity.com/advisories/debian_advisory-4910.html
10/6/2004 - net-acct insecure temporary file creation
Stefan Nordhausen has identified a local security hole in
net-acct, a user-mode IP accounting daemon. Old and redundant code
from some time way back in the past created a temporary file in an
insecure fashion.
http://www.linuxsecurity.com/advisories/debian_advisory-4913.html
+---------------------------------+
| Distribution: Fedora | ----------------------------//
+---------------------------------+
10/5/2004 - cups-1.1.20-11.4 Update
This update fixes an information leakage problem when printing to
SMB shares requiring authentication. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0923 to this issue.
http://www.linuxsecurity.com/advisories/fedora_advisory-4908.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
10/4/2004 - syscons
Boundary checking errors in syscons
The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of
its input arguments. In particular, negative coordinates or large
coordinates may cause unexpected behavior.
http://www.linuxsecurity.com/advisories/freebsd_advisory-4904.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
10/1/2004 - sharutils
Buffer overflows
sharutils contains two buffer overflow vulnerabilities that could
lead to arbitrary code execution.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4883.html
10/4/2004 - netpbm
Multiple temporary file issues
Utilities included in old Netpbm versions are vulnerable to
multiple temporary files issues, potentially allowing a local
attacker to overwrite files with the rights of the user running
the utility.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4898.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
10/4/2004 - kdelibs
and kdebase security issues
Updated kdelib and kdebase packages that resolve multiple security
issues are now available.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4899.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
10/5/2004 - NetKit-telnetd buffer overflows in telnet and telnetd
and kdebase security issues
Buffer overflows exist in the telnet client and daemon provided by
netkit-telnetd, which could possibly allow a remote attacker to
gain root privileges and compromise the system.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4909.html
10/5/2004 - PHP
Memory disclosure and arbitrary location file upload
Two bugs in PHP may allow the disclosure of portions of memory and
allow remote attackers to upload files to arbitrary locations.
http://www.linuxsecurity.com/advisories/gentoo_advisory-4911.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
10/1/2004 - samba
fix vulnerability
Karol Wiesek discovered a bug in the input validation routines
used to convert DOS path names to path names on the Samba host's
file system. This bug can be exploited to gain access to files
outside of the share's path as defined in the smb.conf
configuration file.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4888.html
10/5/2004 - kernel
various enhancements
New kernels are available for Mandrakelinux 10.0 that fix a few
bugs and/or adds enhancements.
http://www.linuxsecurity.com/advisories/mandrake_advisory-4906.html
+---------------------------------+
| Distribution: Red Hat | ----------------------------//
+---------------------------------+
10/4/2004 - XFree86
security issues and bugs
Updated XFree86 packages that fix several security flaws in
libXpm, as well as other bugs, are now available for Red Hat
Enterprise Linux 3.
http://www.linuxsecurity.com/advisories/redhat_advisory-4900.html
10/4/2004 - samba
security issue
Updated samba packages that fix an input validation vulnerability
are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-4901.html
10/6/2004 - XFree86
security issues and bugs
Updated XFree86 packages that fix several security issues in
libXpm, as well as other bug fixes, are now available for Red Hat
Enterprise Linux 2.1.
http://www.linuxsecurity.com/advisories/redhat_advisory-4914.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
10/4/2004 - getmail
security issue
New getmail packages are available for Slackware 9.1, 10.0 and
-current to fix a security issue. If getmail is used as root to
deliver to user owned files or directories, it can be made to
overwrite system files.
http://www.linuxsecurity.com/advisories/slackware_advisory-4902.html
10/4/2004 - zlib
DoS
New zlib packages are available for Slackware 10.0 and -current to
fix a possible denial of service security issue.
http://www.linuxsecurity.com/advisories/slackware_advisory-4903.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
10/5/2004 - samba
remote file disclosure
The Samba server, which allows to share files and resources via
the SMB/CIFS protocol, contains a bug in the sanitation code of
path names which allows remote attackers to access files outside
of the defined share.
http://www.linuxsecurity.com/advisories/suse_advisory-4907.html
10/6/2004 - mozilla
various vulnerabilities
During the last months a number of security problems have been
fixed in Mozilla and Mozilla based brwosers.
http://www.linuxsecurity.com/advisories/suse_advisory-4912.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
10/1/2004 - samba
access files outside of defined path
A security vulnerability has been located in Samba 2.2.x <= 2.2.11
and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain
access to files which exist outside of the share's defined path.
http://www.linuxsecurity.com/advisories/trustix_advisory-4884.html
10/1/2004 - mod_php4, hwdata bugfix update
access files outside of defined path
This update contains bug fixes and additional features for
mod_php4 and hwdata.
http://www.linuxsecurity.com/advisories/trustix_advisory-4885.html
+---------------------------------+
| Distribution: Turbolinux | ----------------------------//
+---------------------------------+
10/5/2004 - squid
DoS vulnerability
A vulnerability in the NTLM helpers in squid. The vulnerabilities
allow remote attackers to cause a denial of service of sauid
server services.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-4905.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
More information about the ISN
mailing list