[ISN] Linux Advisory Watch - October 8th 2004

InfoSec News isn at c4i.org
Sat Oct 9 05:02:42 EDT 2004

|  LinuxSecurity.com                             Weekly Newsletter    |
|  October 8th, 2004                           Volume 5, Number 40a   |

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each

This week, advisories were released for syscons, shareutils, netpbm,
kdelibs, PHP, samba, kernel, XFree86, samba, getmail, zlib, mozilla, and
squid.  The distributors include Debian, Slackware, SuSE, Trustix, and

>> The Perfect Productivity Tools <<

WebMail, Groupware and LDAP Integration provide organizations with the
ability to securely access corporate email from any computer, collaborate
with co-workers and set-up comprehensive addressbooks to consistently keep
employees organized and connected.


Password Cracking

If for some reason your passwd program is not enforcing non easily
guessable passwords, you might want to run a password cracking program and
make sure your users passwords are secure.

Password cracking programs work on a simple idea. They try every word in
the dictionary, and then variations on those words. They encrypt each one
and check it against your encrypted password. If they get a match they are
in.  Also, the "dictionary" may include usernames, Star Trek ships,
foreign words, keyboard patterns, etc.

There are a number of programs out there...the two most notable of which
are ``Crack'' and ``John the Ripper''


They will take up a lot of your CPU time, but you should be able to tell
if an attacker could get in using them by running them first yourself and
notifying users with weak passwords. Note that an attacker would have to
use some other hole first in order to get your passwd (Unix /etc/passwd)
file, but these are more common than you might think.

Excerpt from the LinuxSecurity Administrator's Guide:

Written by: Dave Wreski (dave at guardiandigital.com)



Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Debian           | ----------------------------//

 10/2/2004 - netkit-telnet invalid free(3)

   Michal Zalewski discovered a bug in the netkit-telnet server
   (telnetd) whereby a remote attacker could cause the telnetd
   process to free an invalid pointer.

 10/4/2004 - rp-pppoe, pppoe missing privilegue dropping

   Max Vozeler discovered a vulnerability in pppoe, the PPP over
   Ethernet driver from Roaring Penguin. When the program is running
   setuid root (which is not the case in a default Debian
   installation), an attacker could overwrite any file on the file

 10/6/2004 - libapache-mod-dav potential denial of service

   Julian Reschke reported a problem in mod_dav of Apache 2 in
   connection with a NULL pointer dereference. When running in a
   threaded model, especially with Apache 2, a segmentation fault can
   take out a whole process and hence create a denial of service for
   the whole server.

 10/6/2004 - net-acct insecure temporary file creation

   Stefan Nordhausen has identified a local security hole in
   net-acct, a user-mode IP accounting daemon. Old and redundant code
   from some time way back in the past created a temporary file in an
   insecure fashion.

|  Distribution: Fedora           | ----------------------------//

 10/5/2004 - cups-1.1.20-11.4 Update

   This update fixes an information leakage problem when printing to
   SMB shares requiring authentication.  The Common Vulnerabilities
   and Exposures project (cve.mitre.org) has assigned the name
   CAN-2004-0923 to this issue.

|  Distribution: FreeBSD          | ----------------------------//

 10/4/2004 - syscons
   Boundary checking errors in syscons

   The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of
   its input arguments.  In particular, negative coordinates or large
   coordinates may cause unexpected behavior.

|  Distribution: Gentoo           | ----------------------------//

 10/1/2004 - sharutils
   Buffer overflows

   sharutils contains two buffer overflow vulnerabilities that could
   lead to arbitrary code execution.

 10/4/2004 - netpbm
   Multiple temporary file issues

   Utilities included in old Netpbm versions are vulnerable to
   multiple temporary files issues, potentially allowing a local
   attacker to overwrite files with the rights of the user running
   the utility.

|  Distribution: RedHat           | ----------------------------//

 10/4/2004 - kdelibs
   and kdebase security issues

   Updated kdelib and kdebase packages that resolve multiple security
   issues are now available.

|  Distribution: Gentoo           | ----------------------------//

 10/5/2004 - NetKit-telnetd buffer overflows in telnet and telnetd
   and kdebase security issues

   Buffer overflows exist in the telnet client and daemon provided by
   netkit-telnetd, which could possibly allow a remote attacker to
   gain root privileges and compromise the system.

 10/5/2004 - PHP
   Memory disclosure and arbitrary location file upload

   Two bugs in PHP may allow the disclosure of portions of memory and
   allow remote attackers to upload files to arbitrary locations.

|  Distribution: Mandrake         | ----------------------------//

 10/1/2004 - samba
   fix vulnerability

   Karol Wiesek discovered a bug in the input validation routines
   used to convert DOS path names to path names on the Samba host's
   file system. This bug can be exploited to gain access to files
   outside of the share's path as defined in the smb.conf
   configuration file.

 10/5/2004 - kernel
   various enhancements

   New kernels are available for Mandrakelinux 10.0 that fix a few
   bugs and/or adds enhancements.

|  Distribution: Red Hat          | ----------------------------//

 10/4/2004 - XFree86
   security issues and bugs

   Updated XFree86 packages that fix several security flaws in
   libXpm, as well as other bugs, are now available for Red Hat
   Enterprise Linux 3.

 10/4/2004 - samba
   security issue

   Updated samba packages that fix an input validation vulnerability
   are now available.

 10/6/2004 - XFree86
   security issues and bugs

   Updated XFree86 packages that fix several security issues in
   libXpm, as well as other bug fixes, are now available for Red Hat
   Enterprise Linux 2.1.

|  Distribution: Slackware        | ----------------------------//

 10/4/2004 - getmail
   security issue

   New getmail packages are available for Slackware 9.1, 10.0 and
   -current to fix a security issue.  If getmail is used as root to
   deliver to user owned files or directories, it can be made to
   overwrite system files.

 10/4/2004 - zlib

   New zlib packages are available for Slackware 10.0 and -current to
   fix a possible denial of service security issue.

|  Distribution: SuSE             | ----------------------------//

 10/5/2004 - samba
   remote file disclosure

   The Samba server, which allows to share files and resources via
   the SMB/CIFS protocol, contains a bug in the sanitation code of
   path names which allows remote attackers to access files outside
   of the defined share.

 10/6/2004 - mozilla
   various vulnerabilities

   During the last months a number of security problems have been
   fixed in Mozilla and Mozilla based brwosers.

|  Distribution: Trustix          | ----------------------------//

 10/1/2004 - samba
   access files outside of defined path

   A security vulnerability has been located in Samba 2.2.x <= 2.2.11
   and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain
   access to files which exist outside of the share's defined path.

 10/1/2004 - mod_php4, hwdata bugfix update
   access files outside of defined path

   This update contains bug fixes and additional features for
   mod_php4 and hwdata.

|  Distribution: Turbolinux       | ----------------------------//

 10/5/2004 - squid
   DoS vulnerability

   A vulnerability in the NTLM helpers in squid. The vulnerabilities
   allow remote attackers to cause a denial of service of sauid
   server services.

Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list