Information Security News mailing list archives
Linux Advisory Watch - December 8th 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 8 Dec 2000 01:35:19 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | December 8th, 2000 Volume 1, Number 32a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com This week, advisories were released for tcsh, openssh, bash, ghostscript, ncurses, diskcheck and pam. The vendors include Caldera, Conectiva, Immunix, and Red Hat. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. ### OpenDoc Publishing ### Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing +---------------------------------+ | Caldera Advisories | ----------------------------// +---------------------------------+ * Caldera: 'tcsh' vulnerability December 6th, 2000 When evaluating a so-called "here script", tcsh writes the contents of that script to a temporary file, which is created insecurely. Symlink attacks can be used to make tcsh overwrite arbitrary files owned by the invoking user. OpenLinux Desktop 2.3 ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ Packages: tcsh-6.10.00-2.i386.rpm, tcsh-doc-html-6.10.00-2.i386.rpm MD5 Checksum: 9b89b9670997f3352f2e4c8a436db7ff tcsh-6.10.00-2.i386.rpm b917e204011a7df41b0bcdfb3d3669eb tcsh-doc-html-6.10.00-2.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-958.html +---------------------------------+ | Conectiva Advisories | ----------------------------// +---------------------------------+ * Conectiva: 'openssh' update December 6th, 2000 In versions prior to 2.3.0, if the openssh client receives a request for ssh-agent or X11 forwarding, it does not check if this feature has been negotiated during session setup and grants access. This could allow remote access to the client's display and ssh-agent service. ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ openssh-2.3.0p1-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ openssh-askpass-2.3.0p1-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ openssh-askpass-gnome-2.3.0p1-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ openssh-clients-2.3.0p1-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ openssh-server-2.3.0p1-1cl.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-959.html * Conectiva: 'bash' vulnerability December 5th, 2000 Bash is the default shell used in a standard Conectiva Linux installation. There is a vulnerability regarding the use of "<<" redirectors. If used, the shell creates a temporary file in /tmp with a predictable filename (the only variant is the PID). Additionally, it was not being opened exclusively. This can be used by an attacker to overwrite arbitrary files in the system. At least one initialization script (rc.sysinit) uses "<<", and it is run as root at boot time ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ bash1-1.14.7-31cl.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-956.html +---------------------------------+ | Immunix Advisories | ----------------------------// +---------------------------------+ * Immunix: 'ghostscript' vulnerability December 5th, 2000 The ghostscript program creates easily guessable temp files which can lots of potential problems. It also uses improper LD_RUN_PATH values which can cause it to search for libraries in the current directory. Package Name: ghostscript-5.50-8_StackGuard.i386.rpm http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ MD5 Checksum: 863ae311e2ac05717a9a84b26faf2c37 Vendor Advisory: http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ * Immunix: 'ncurses' vulnerability December 1st, 2000 A exploit was recently found by Jouko Pynn?nen in the ncurses package that affected any setuid or setguid programs that use the ncurses library. Package Name: ncurses-5.2-2_StackGuard.i386.rpm http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ MD5 Checksum: fefb2a040003b8e5964996451855ec10 Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-951.html +---------------------------------+ | Red Hat Advisories | ----------------------------// +---------------------------------+ * Redhat: 'diskcheck' race condition December 5th, 2000 A race vulnerability exists where a user can replace the tempfile used by diskcheck with symlinks to other files on the system, making it possible to corrupt those files. Red Hat Powertools 6.0, 6.1, and 6.2: noarch: ftp://updates.redhat.com/powertools/6.2/noarch/ diskcheck-3.1.1-10.6x.noarch.rpm MD5 Checksum: ab3afbea96341fce252c72e304039362 Vendory Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-955.html * Redhat: 'tcsh' symlink vulnerability December 1st, 2000 Versions 6.09 and below of tcsh are vulnerable to a symbolic link attack. This attack can be used to cause users to destroy the contents of any file to which they have write access. Red Hat Linux 7.0: alpha: ftp://updates.redhat.com/7.0/alpha/tcsh-6.10-1.alpha.rpm MD5 Checksum: c4ce83f418496f40e3e802da03db3e6f i386: ftp://updates.redhat.com/7.0/i386/tcsh-6.10-1.i386.rpm MD5 Checksum: 1fee54c9b1fc394c03a8d960937a9747 Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-953.html * Redhat: 'pam' update December 1st, 2000 Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux 6.x both included a new module, pam_localuser. Although this module is not used in any default configurations, the version included was vulnerable to a buffer overflow. These updates remove this vulnerability and fix various otherbugs. Red Hat Linux 7.0 alpha: ftp://updates.redhat.com/7.0/alpha/pam-0.72-37.alpha.rpm MD5 Checksum: 35b9f1e8b06a18f091fd7d9f4e61caa9 i386: ftp://updates.redhat.com/7.0/i386/pam-0.72-37.i386.rpm MD5 Checksum: 9357b4322e4b08e140e7a5a1558fef48 Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-952.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch - December 8th 2000 vuln-newsletter-admins (Dec 09)