[ISN] Linux Advisory Watch - September 17th 2004

InfoSec News isn at c4i.org
Mon Sep 20 05:11:31 EDT 2004

|  LinuxSecurity.com                             Weekly Newsletter    |
|  September 17th, 2004                        Volume 5, Number 37a   |

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each

This week, advisories were released for wv, kde, zlib, webmin, cupsys,
samba, gtk2, gallery, samba, sus, cdrtools, squid, apache2, mod_ssl,
httpd, mc, imlib, and multi.  The distributors include Conectiva, Debian,
Fedora, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.


SSL123 - New from Thawte

Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US $159.00. Free reissues and experienced 24/5
multi-lingual support included for the life of the certificate.

 Click Here to Read More:


Security Through Obscurity

One type of security that must be discussed is 'security through
obscurity'. This means that by doing something like changing the login
name from 'root' to 'toor', for example, to try and obscure someone from
breaking into your system as root may be thought of as a false sense of
security, and can result in very unpleasant and unexpected consequences.

However, it can also be used to your benefit if done properly. If you tell
all the users who are authorized to use the root account on your machines
to use the root equivilent instead, entries in the /var/log/secure for the
real root user would surely indicate an attempted break-in, giving you
some advance notice. You'll have to decide if this advantage outweighs the
additional administration overhead.

In most cases, though, any system attacker will quickly see through such
empty security measures.  Simply because you may have a small site, or
relatively low profile does not mean an intruder won't be interested in
what you have.  We'll discuss what your protecting in the next sections.

Excerpt from the LinuxSecurity Administrator's Guide:

Written by: Dave Wreski (dave at guardiandigital.com)



Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.



An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Conectiva        | ----------------------------//

 9/10/2004 - wv
   Fix for buffer overflow vulnerability

   iDefense discovered a buffer overflow vulnerability in the wv

 9/13/2004 - kde
   Fix for multiple security vulnerabilities

   This announcement fixes several vulnerabilities.

 9/13/2004 - zlib
   Fix for denial of service vulnerabilities

   A denial of service vulnerability was discovered in the zlib
   compression library versions 1.2.x.

|  Distribution: Debian           | ----------------------------//

 9/14/2004 - webmin
   insecure temporary directory

   Ludwig Nussel discovered a problem in webmin, a web-based
   administration toolkit.  A temporary directory was used but
   without checking for the previous owner.  This could allow an
   attacker to create the directory and place dangerous symbolic
   links inside.

 9/15/2004 - cupsys
   denial of service

   Alvaro Martinez Echevarria discovered a problem in CUPS, the
   Common UNIX Printing System.  An attacker can easily disable
   browsing in CUPS by sending a specially crafted UDP datagram to
   port 631 where cupsd is running.

|  Distribution: Fedora           | ----------------------------//

 9/10/2004 - imlib-1.9.13-15.fc Security update (core1)
   denial of service

   Several heap overflow vulnerabilities have been found in the imlib
   BMP image handler. An attacker could create a carefully crafted
   BMP file in such a way that it would cause an application linked
   with imlib to execute arbitrary code when the file was opened by a

 9/13/2004 - samba
   DoS (Core 1)

   Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808.

 9/13/2004 - samba
   DoS (Core 2)

   Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808.

 9/15/2004 - gdk-pixbuf vulnerabilities (Core 1)
   DoS (Core 2)

   Several vulnerabilities

 9/15/2004 - gtk2
   vulnerabilities (Core 2)

   Several vulnerabilities.

 9/15/2004 - gdk-pixbuf vulnerabilities (Core 2)
   vulnerabilities (Core 2)

   Several vulnerabilities.

 9/15/2004 - gtk2
   vulnerabilities (Core 2)

   Several vulnerabilities.

|  Distribution: Gentoo           | ----------------------------//

 9/15/2004 - gallery
   arbitrary command execution

   An attacker could run arbitrary code as the user running PHP.

 9/15/2004 - Mozilla, Firefox, Thunderbird, Galeon, Epiphany
   arbitrary command execution

   Security roll-up.

 9/10/2004 - samba
   remote printing vulnerability

   After further verifications, it appears that a remote user can
   only deny service to himself, so this bug does not induce any
   security issue at all.

 9/12/2004 - webmin, usermin multiple vulnerabilities
   remote printing vulnerability

   There is an input validation bug in the webmail feature of
   Usermin.  Additionally, the Webmin and Usermin installation
   scripts write to /tmp/.webmin without properly checking if it
   exists first.

 9/13/2004 - samba
   denial of service vulnerabilities

   There is a defect in smbd's ASN.1 parsing. Another defect was
   found in nmbd's processing of mailslot packets, where a bad
   NetBIOS request could crash the nmbd process.

 9/14/2004 - sus
   local root vulnerability

   Leon Juranic found a bug in the logging functionality of SUS that
   can lead to local privilege escalation. A format string
   vulnerability exists in the log() function due to an incorrect
   call to the syslog() function.

 9/14/2004 - cdrtools
   local root vulnerability

   Max Vozeler discovered that the cdrecord utility, when set to SUID
   root, fails to drop root privileges before executing a
   user-supplied RSH program.

|  Distribution: Mandrake         | ----------------------------//

 9/13/2004 - samba
   multiple vulnerabilities

   Two vulnerabilities were discovered in samba 3.0.x.

 9/15/2004 - squid
   denial of service

   A vulnerability in the NTLM helpers in squid 2.5 could allow for
   malformed NTLMSSP packets to crash squid, resulting in a DoS.  The
    provided packages have been patched to prevent this problem.

 9/15/2004 - printer-drivers vulnerability
   denial of service

   The foomatic-rip filter, which is part of foomatic-filters
   package,  contains a vulnerability that allows anyone with access
   to CUPS, local  or remote, to execute arbitrary commands on the

 9/15/2004 - gdk-pixbuf image loading vulnerabilities
   denial of service

   A vulnerability was found in the gdk-pixbug bmp loader where a bad
   BMP  image could send the bmp loader into an infinite loop. Chris
   Evans found a heap-based overflow and a stack-based overflow in
   the xpm loader of gdk-pixbuf.

 9/15/2004 - apache2
   multiple vulnerabilities

   Two Denial of Service conditions were discovered in the input
   filter  of mod_ssl, the module that enables apache to handle HTTPS

 9/15/2004 - cups
   denial of service

   Alvaro Martinez Echevarria discovered a vulnerability in the CUPS
   print server where an empty UDP datagram sent to port 631 would
   disable browsing.

|  Distribution: Red Hat          | ----------------------------//

 9/15/2004 - mod_ssl
   security flaw

   Updated httpd packages that include a security fix for mod_ssl and
   various enhancements are now available.

 9/15/2004 - openoffice.org resolve security issue
   security flaw

   Secunia Research reported an issue with the handling of temporary
   files.  A malicious local user could use this flaw to access the
   contents of another user's open documents.

 9/15/2004 - gdk-pixbuf security flaws
   security flaw

   Several vulnerabilities.

 9/15/2004 - cups
   security vulnerability

   Alvaro Martinez Echevarria reported a bug in the CUPS Internet
   Printing Protocol (IPP) implementation in versions of CUPS prior
   to 1.1.21.

 9/15/2004 - httpd
   security issues

   Updated httpd packages that include fixes for security issues are
   now available.

 9/15/2004 - mc
   security vulnerabilities

   An updated mc package that resolves several shell escape security
   issues is now available.

 9/15/2004 - imlib
   security vulnerability

   An updated imlib package that fixes several heap overflows is now

 9/15/2004 - gtk2
   security flaws and bugs

   Updated gtk2 packages that fix several security flaws and bugs are
   now available.

|  Distribution: Slackware        | ----------------------------//

 9/13/2004 - samba

   New samba packages are available for Slackware 10.0 and -current.
   These fix two denial of service vulnerabilities reported by

|  Distribution: SuSE             | ----------------------------//

 9/15/2004 - cups
   remote code execution

   Alvaro Martinez Echevarria has found a remote Denial of Service
   condition    within CUPS which allows remote users to make the
   cups server unresponsive.      Additionally the SUSE Security Team
   has discovered a flaw in the    foomatic-rip print filter which is
   commonly installed along with cups.

 9/15/2004 - apache2
   remote denial-of-service

   The Red Hat ASF Security-Team and the Swedish IT Incident Center
   within     the National Post and Telecom Agency (SITIC) have found
   a bug in apache2     each.

|  Distribution: Trustix          | ----------------------------//

 9/14/2004 - multi
   Multiple bugfixes

   Security roll-up

Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list