Information Security News mailing list archives
Linux Advisory Watch - February 23rd 2001
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 23 Feb 2001 10:37:33 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | February 23rd, 2001 Volume 2, Number 8a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for pgp4pine, vixie-cron, ssh, CUPS, glibc, bind, and sendmail. The vendors include Immunix, NetBSD, Mandrake, Red Hat, SuSE, TurboLinux. It is critical that you update all vulnerable packages. FREE SECURITY BOOKS - Guardian Digital has just announced an offer for free 2 free security books with the purchase of any secure Linux Lockbox. The Lockbox is an Open Source network server appliance engineered to be a complete secure e-business solution. It can be used as a commerce server, web server, DNS, mail, and database server. http://www.guardiandigital.com/bookoffer.html HTML Version of Newsletter: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing --- * pgp4pine expired keys vulnerability February 21st, 2001 pgp4pine is a program which is used to interface various PGP implementations with the popular Pine mail reading package. Version 1.75-6 of pgp4pine fails to properly identify expired keys when working with the Gnu Privacy Guard program (GnuPG). This failure may result in the transmission of sensitive information in clear text across the network. http://www.linuxsecurity.com/advisories/other_advisory-1162.html --- +---------------------------------+ | Immunix | ----------------------------// +---------------------------------+ * Immunix: 'vixie-cron' update February 21st, 2001 RedHat has released an updated version of the vixie-cron packages which fixes a number of buffer overflows that could lead to a possible security problem by allowing a local user to gain elevated privileges. Precompiled binary package for Immunix 7.0-beta and 7.0 is available at: http://immunix.org/ImmunixOS/7.0/updates/RPMS/ vixie-cron-3.0.1-61_imnx.i386.rpm ad9a2a5a1e359943b64f5d812508b672 Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1161.html +---------------------------------+ | NetBSD | ----------------------------// +---------------------------------+ * NetBSD: kernel USER_LDT February 16th, 2001 A subtle bug in validation of user-supplied arguments to a syscall can allow allow user applications on the i386 platform to transfer control to arbitrary addresses in kernel memory, bypassing normal system protections. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-1157.html * NetBSD: 'ssh' vulnerabilities February 16th, 2001 A recent RAZOR Bindview Advisory (CAN-2001-0144) describes a buffer overrun vulnerability in Secure Shell daemons which may be present on some NetBSD systems. In addition, a system configuration flaw could result in weak key generation on some systems. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-1156.html +---------------------------------+ | Mandrake | ----------------------------// +---------------------------------+ * Mandrake: 'CUPS' update February 22nd, 2001 A number of problems were found by the SuSE security team recently during an internal audit of the CUPS printing package. These problems have been resolved with the latest CUPS release which include temp file creation vulnerabilities, potential buffer overflows, and other security enhancements. http://www.linux-mandrake.com/en/ftp.php3 7.2/RPMS/cups-1.1.6-10.1mdk.i586.rpm 706b2bd00f2d7087e67d9049a256686c 7.2/RPMS/cups-devel-1.1.6-10.1mdk.i586.rpm b61f19494cb94a322e603ba5f6c5d840 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1164.html * Mandrake: 'vixie-cron' buffer overflow February 21st, 2001 A buffer overflow exists in the 'crontab' command if it was called by a user with a username longer than 20 characters. If the system administrator has created usernames of that length, it would be possible for those users to gain elevated privileges. http://www.linux-mandrake.com/en/ftp.php3 7.2/RPMS/vixie-cron-3.0.1-46.1mdk.i586.rpm ad51423d9bcfa372640219d8e8e1f9ce Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1163.html +---------------------------------+ | Red Hat | ----------------------------// +---------------------------------+ * Red Hat: 'vixie-cron' buffer overflow February 19th, 2001 New vixie-cron packages are available that fix a buffer overflow in the 'crontab' command; this could allow certain users to gain elevated privileges. It is recommended that all users update to the fixed packages. alpha: ftp://updates.redhat.com/7.0/alpha/vixie-cron-3.0.1-61.alpha.rpm b0cfceed1c6d1df1229f434d7adec14d i386: ftp://updates.redhat.com/7.0/i386/vixie-cron-3.0.1-61.i386.rpm 13707ef913e7801da32f9d47a419f81b Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1159.html +---------------------------------+ | SuSE | ----------------------------// +---------------------------------+ * SuSE: 'ssh' remote compromise February 16th, 2001 Attackers can remotely brute-force passwords without getting noticed or logged. In the ssh package from the SuSE distribution, root login is allowed, as well as password authentication. Even though brute-forcing a password may take an enormous amount of time and resources, the issue is to be taken seriously. Other problems also exist. SuSE-7.1 ftp://ftp.suse.de/pub/suse/i386/update/7.1/sec2/ ssh-1.2.27-226.i386.rpm ae68bf3ac28b5e81f9c5f2a1d1d8980e SuSE-7.0 ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/ ssh-1.2.27-220.i386.rpm f88b339dea96ef186e70872ce9444c24 Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1154.html SuSE: UPDATED: 'ssh' vulnerabilities - 2/16/2001 http://www.linuxsecurity.com/advisories/suse_advisory-1155.html * SuSE: UPDATED: 'ssh' vulnerabilities February 16th, 2001 http://www.linuxsecurity.com/advisories/suse_advisory-1155.html +---------------------------------+ | TurboLinux | ----------------------------// +---------------------------------+ * TurboLinux: 'bind' vulnerabilities February 22nd, 2001 This vulnerability may allow an attacker to execute code with the same privileges as the BIND server. Because BIND is typically run by a superuser account, the execution would occur with superuser privileges. ftp://ftp.turbolinux.com/pub/updates/6.0/security/ bind-8.2.3-2.i386.rpm dec967e3a1dd16bdcca0c6fe6e9114d6 ftp://ftp.turbolinux.com/pub/updates/6.0/security/ bind-contrib-8.2.3-2.i386.rpm 2e84bbbcd6a09d7c5060dd01480ff3de ftp://ftp.turbolinux.com/pub/updates/6.0/security/ bind-devel-8.2.3-2.i386.rpm 06612093126372f8d618ea842fd402ec ftp://ftp.turbolinux.com/pub/updates/6.0/security/ bind-utils-8.2.3-2.i386.rpm 3f390ce4d1b7ceaa477df62cc3fe3174 Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-1165.html * TurboLinux: 'sendmail' segmentation fault February 22nd, 2001 Sendmail, launched with the -bt command-line switch, enters its special "address test" mode. Under these conditions, it is vulnerable to a segmentation fault which can occur when trying to set a class in ad- dress test mode due to a negative array index. ftp://ftp.turbolinux.com/pub/updates/6.0/security/ sendmail-8.11.2-5.i386.rpm 38eee0653839595aedad386cc8d2346f Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-1166.html * TurboLinux: 'glibc' vulnerability February 16th, 2001 It is therefore possible to load a library from /lib or /usr/lib prior to the execution of a SUID or SGID program. This flaw makes it possible for a user with malicious motives to create files in re- stricted locations, or overwrite files outside of the access of this user, including system files. ftp://ftp.turbolinux.com/pub/updates/6.0/security/ glibc-2.1.3-27.i386.rpm 13afe999cdcc5133aca98fc0a59c4340 ftp://ftp.turbolinux.com/pub/updates/6.0/security/ glibc-devel-2.1.3-27.i386.rpm 4a55428c154311387844fbf84600e789 ftp://ftp.turbolinux.com/pub/updates/6.0/security/ glibc-profile-2.1.3-27.i386.rpm 6b48d26d9dc0ce224e4ea9c7a56fcc92 Vendor Advisory: http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch - February 23rd 2001 vuln-newsletter-admins (Feb 24)