Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch - December 8th 2000

From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 8 Dec 2000 01:35:19 -0500
+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux  Advisory Watch  |
|   December 8th, 2000                     Volume 1, Number 32a  |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                  Benjamin Thomas
               dave () linuxsecurity com       ben () linuxsecurity com

This week, advisories were released for tcsh, openssh, bash,
ghostscript, ncurses, diskcheck and pam.  The vendors include
Caldera, Conectiva, Immunix, and Red Hat.  It is critical that you
update all vulnerable packages to reduce the risk of being
compromised.

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.


###  OpenDoc Publishing   ###

Our sponsor this week is OpenDoc Publishing.  Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.

http://www.linuxsecurity.com/sponsors/opendocs.html


HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html


+---------------------------------+
|   Installing a new package:     | ------------------------------//
+---------------------------------+

   # rpm  -Uvh
   # dpkg -i

Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager).  Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.

+---------------------------------+
|   Checking Package Integrity:   | -----------------------------//
+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied.  It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

  # md5sum
    ebf0d4a0d236453f63a797ea20f0758b

The string of numbers can then be compared against the MD5 checksum
published by the packager.  While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing


+---------------------------------+
|        Caldera Advisories       | ----------------------------//
+---------------------------------+


* Caldera:  'tcsh' vulnerability
December 6th, 2000

When evaluating a so-called "here script", tcsh writes the contents
of that script to a temporary file, which is created insecurely.
Symlink attacks can be used to make tcsh overwrite arbitrary files
owned by the invoking user.

 OpenLinux Desktop 2.3
 ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
 Packages:  tcsh-6.10.00-2.i386.rpm, tcsh-doc-html-6.10.00-2.i386.rpm

 MD5 Checksum:
 9b89b9670997f3352f2e4c8a436db7ff     tcsh-6.10.00-2.i386.rpm
 b917e204011a7df41b0bcdfb3d3669eb   tcsh-doc-html-6.10.00-2.i386.rpm

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/caldera_advisory-958.html



+---------------------------------+
|       Conectiva Advisories      | ----------------------------//
+---------------------------------+


* Conectiva:  'openssh' update
December 6th, 2000

In versions prior to 2.3.0, if the openssh client receives a request
for ssh-agent or X11 forwarding, it does not check if this feature
has been negotiated during session setup and grants access. This
could allow remote access to the client's display and ssh-agent
service.

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 openssh-2.3.0p1-1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 openssh-askpass-2.3.0p1-1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 openssh-askpass-gnome-2.3.0p1-1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 openssh-clients-2.3.0p1-1cl.i386.rpm

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 openssh-server-2.3.0p1-1cl.i386.rpm

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-959.html



* Conectiva:  'bash' vulnerability
December 5th, 2000

Bash is the default shell used in a standard Conectiva Linux
installation. There is a vulnerability regarding the use of "<<"
redirectors. If used, the shell creates a temporary file in /tmp with
a predictable filename (the only variant is the PID). Additionally,
it was not being opened exclusively. This can be used by an attacker
to overwrite arbitrary files in the system. At least one
initialization script (rc.sysinit) uses "<<", and it is run as root
at boot time

 ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
 bash1-1.14.7-31cl.i386.rpm

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-956.html




+---------------------------------+
|       Immunix Advisories        | ----------------------------//
+---------------------------------+


* Immunix:  'ghostscript' vulnerability
December 5th, 2000

The ghostscript program creates easily guessable temp files which can
lots of potential problems. It also uses improper LD_RUN_PATH values
which can cause it to search for libraries in the current directory.

 Package Name:  ghostscript-5.50-8_StackGuard.i386.rpm
 http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/
 MD5 Checksum:  863ae311e2ac05717a9a84b26faf2c37

 Vendor Advisory:
 http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/



* Immunix:  'ncurses' vulnerability
December 1st, 2000

A exploit was recently found by Jouko Pynn?nen in the ncurses package
that affected any setuid or setguid programs that use the ncurses
library.

 Package Name:  ncurses-5.2-2_StackGuard.i386.rpm
 http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/
 MD5 Checksum:  fefb2a040003b8e5964996451855ec10

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-951.html





+---------------------------------+
|       Red Hat Advisories        | ----------------------------//
+---------------------------------+


* Redhat:  'diskcheck' race condition
December 5th, 2000

A race vulnerability exists where a user can replace the tempfile
used by diskcheck with symlinks to other files on the system, making
it possible to corrupt those files.

 Red Hat Powertools 6.0, 6.1, and 6.2: noarch:
  ftp://updates.redhat.com/powertools/6.2/noarch/
 diskcheck-3.1.1-10.6x.noarch.rpm

 MD5 Checksum: ab3afbea96341fce252c72e304039362

 Vendory Advisory:
 http://www.linuxsecurity.com/advisories/redhat_advisory-955.html




* Redhat:  'tcsh' symlink vulnerability
December 1st, 2000

Versions 6.09 and below of tcsh are vulnerable to a symbolic link
attack. This attack can be used to cause users to destroy the
contents of any file to which they have write access.

 Red Hat Linux 7.0:
 alpha:
 ftp://updates.redhat.com/7.0/alpha/tcsh-6.10-1.alpha.rpm
 MD5 Checksum: c4ce83f418496f40e3e802da03db3e6f

 i386:
 ftp://updates.redhat.com/7.0/i386/tcsh-6.10-1.i386.rpm
 MD5 Checksum: 1fee54c9b1fc394c03a8d960937a9747

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/redhat_advisory-953.html



* Redhat:  'pam' update
December 1st, 2000

Red Hat Linux 7 and a previous PAM errata issued for Red Hat Linux
6.x both included a new module, pam_localuser. Although this module
is not used in any default configurations, the version included was
vulnerable to a buffer overflow. These updates remove this
vulnerability and fix various otherbugs.

 Red Hat Linux 7.0
 alpha:
 ftp://updates.redhat.com/7.0/alpha/pam-0.72-37.alpha.rpm
 MD5 Checksum: 35b9f1e8b06a18f091fd7d9f4e61caa9

 i386:
 ftp://updates.redhat.com/7.0/i386/pam-0.72-37.i386.rpm
 MD5 Checksum: 9357b4322e4b08e140e7a5a1558fef48

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/redhat_advisory-952.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: