Information Security News mailing list archives
Linux Advisory Watch, January 12th 2001
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 12 Jan 2001 00:30:56 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | January 12th, 2001 Volume 2, Number 2a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com This week, advisories were released for mgetty, perl, xchat, umb-scheme, wu-ftpd, man, getty_ps, in, squid, arpwatch, useradd, rdist, gpm, and glibc. The vendors include Debian, LinuxPPC, Immunix, Mandrake and Red Hat. It is critical that you update all vulnerable packages. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. ** OpenDoc Publishing ** Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing +---------------------------------+ | Debian Advisories | ----------------------------// +---------------------------------+ * Debian: 'mgetty' temp file vulnerability January 10th, 2001 Immunix reports that mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1. Intel ia32 architecture: http://security.debian.org/debian-security/dists/stable/ updates/main/binary-i386/mgetty-fax_1.1.21-3potato1_i386.deb MD5 checksum: fc841c1e78fa0d3347115cf8a50d63cf http://security.debian.org/debian-security/dists/stable/ updates/main/binary-i386/mgetty-viewfax_1.1.21-3potato1_i386.deb MD5 checksum: 57992604cc9437ce1b3362f8e05403ab http://security.debian.org/debian-security/dists/stable/ updates/main/binary-i386/mgetty-voice_1.1.21-3potato1_i386.deb MD5 checksum: 14f6f890c3595c020508b936204fa177 http://security.debian.org/debian-security/dists/stable/ updates/main/binary-i386/mgetty_1.1.21-3potato1_i386.deb MD5 checksum: 52c203e583636f32389244c851823afa Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1033.html +---------------------------------+ | LinuxPPC Advisories | ----------------------------// +---------------------------------+ * LinuxPPC: 'xchat' vulnerability January 8th, 2001 A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing. X-Chat launches Netscape without checking for shell metacharacters in the supplied URL. This allows for an attacker to exploit shell expansion capabilities to execute commands as the user running Netscape. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1029.html * LinuxPPC: 'umb-scheme' vulnerability January 8th, 2001 According to an advisory released by Red Hat, the package umb-scheme contains files which have been inappropriately given world-writeable permissions. The extent to which this might be exploited to gain privileges depends on whether or not root routinely runs the affected programs, file ownership, etc. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1030.html * LinuxPPC: 'man' vulnerability January 8th, 2001 Due to insecure handling of /tmp files by the 'makewhatis' portion of the man(1) command it is possible for a user to manipulate files to which they should not have access or to possibly to elevate their privileges. This is possible because 'makewhatis' creates non-randomly named files in the /tmp directory which are subject to symlink attacks. man 1.5e and higher is vulnerable. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1031.html * LinuxPPC: 'wu-ftpd' buffer overflow January 8th, 2001 buffer overrun exists in wu-ftpd versions prior to 2.6.1. Due to improper bounds checking, SITE EXEC may enable remote root execution, without having any local user account required. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1032.html * LinuxPPC: 'perl' vulnerability January 8th, 2001 A malicous user can create a file with an escape sequence and commands embedded in the file name, then execute suidperl in such a way that the security check fails. suidperl will send a message to root via /bin/mail with the escape sequence embedded in the message. This will cause /bin/mail to start a root shell and execute the commands. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1028.html +---------------------------------+ | Immunix Advisories | ----------------------------// +---------------------------------+ * ImmunixOS: Several Temp File Vulnreabilities January 10th, 2001 In an internal audit conducted while preparing Immunix Linux 7.0 we noticed a loads of potential temp file race problems in lots of different programs. This came to light due to the "new" linker warning message in glibc whenever mktemp(), tempname() or other insecure temp file generation functions are used. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1034.html +---------------------------------+ | Mandrake Advisories | ----------------------------// +---------------------------------+ * Mandrake: 'useradd' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the useradd program contained in the shadow-utils package. The useradd program creates it's temporary files in the protected directory /etc/default, but if this directory is changed to world writable, a problem could occur. This update corrects the problem. 7.2/RPMS/shadow-utils-19990827-8.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 416d563bbbbbb4d81b02efa79331aa3e Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1041.html * Mandrake: 'gpm' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file condition in the gpm program. This update corrects the problem. 7.2/RPMS/gpm-1.19.3-3.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ da3943cbbd6c30aee1faed7b0c575214 7.2/RPMS/gpm-devel-1.19.3-3.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 870fe23356df020b6db3e62995f0ff97 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1042.html * Mandrake: 'rdist' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the rdist program. This update corrects the problem. 7.2/RPMS/rdist-6.1.5-17.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ f3b09d07f5afd421975601678f2673c7 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1043.html * Mandrake: 'mgetty' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the mgetty program. All versions of mgetty prior to 1.1.24 are vulnerable. 7.2/RPMS/mgetty-1.1.24-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 0d72b3de15212ce206af41d46838b159 7.2/RPMS/mgetty-contrib-1.1.24-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ eba1600c76aa69b694477d38eeedb700 7.2/RPMS/mgetty-sendfax-1.1.24-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 95cdd3e1c4af4a796e391bd6ee1e5fe7 7.2/RPMS/mgetty-viewfax-1.1.24-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 45f0503abb4777102f2b39d57e180eda 7.2/RPMS/mgetty-voice-1.1.24-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 8ed583b907af46171d69f7e211388070 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1044.html * Mandrake: 'wu-ftpd' vulnerability January 11th, 2001 WireX discovered a temporary file creation bug in the 2.6.1 release of wu-ftpd. The problem exists in the privatepw helper program. As well, Linux-Mandrake 7.2 users must update to this package as it fixes security problems as discussed in the prior advisory, MDKSA-2000:014, which had not been previously addressed for 7.2. http://www.linuxsecurity.com/advisories/mandrake_advisory-1036.html * Mandrake: 'getty_ps' vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the getty_ps program. This update corrects the problem PLEASE SEE VENDOR ADVISORY FOR OTHER VERSIONS Linux-Mandrake 7.2: 7.2/RPMS/getty_ps-2.0.7j-14.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 2a7cb2a1095d350eb7cb823f2a6aabe6 7.2/SRPMS/getty_ps-2.0.7j-14.1mdk.src.rpm. ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 7e0ff386b74fb604db01a9b8c858617d Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html * Mandrake: 'inn' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the inn program. This condition is due partly to the way inn is compiled and configured on some Linux distributions, including Linux-Mandrake, and partly due to the lack of information in the inn package detailing potential security problems if you do not tell inn to use a private temporary directory. The patch supplied by WireX that creates temporary files correctly has been applied, and the temporary directory that inn uses has been moved from /usr/tmp to /var/spool/news/tmp which is available solely to the news user which inn runs as. Linux-Mandrake 7.2: 7.2/RPMS/inews-2.2.3-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 8ef8d2af5d2117bbb922300193602098 7.2/RPMS/inn-2.2.3-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ bb6cae5782ffc98f83f5ed4b49ca2017 7.2/RPMS/inn-devel-2.2.3-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 1633a12236555d36b97d862385cfdbce 7.2/SRPMS/inn-2.2.3-1.1mdk.src.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ bccd827c3cba37b0b5168e591f3baa6a Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1038.html * Mandrake: 'squid' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. Usually this will only happen if you are running a development version of squid or if the clock on your system is incorrect. This problem has been corrected in the latest stable and development versions of squid. 7.2/RPMS/squid-2.3.STABLE2-3.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 6335568ac347c760531f4c7042c160c7 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1039.html * Mandrake: 'arpwatch' temp file vulnerability January 11th, 2001 WireX discovered a potential temporary file race condition in the arpwatch program. This problem has been corrected in arpwatch version 2.1a10. 7.2/RPMS/arpwatch-2.1a10-1.1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/ 53954f4b4a89afabfd6c9eaf1844a257 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1040.html +---------------------------------+ | Red Hat Advisories | ----------------------------// +---------------------------------+ * Red Hat: 'glibc' vulnerability January 11th, 2001 A couple of bugs in GNU C library 2.2 allow unpriviledged user to read restricted files and preload libraries in /lib and /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator. ftp://updates.redhat.com/7.0/i386/glibc-2.2-12.i386.rpm 91b935bfb0d5fb43394d8557fe754bb4 ftp://updates.redhat.com/7.0/i386/glibc-common-2.2-12.i386.rpm b1218c0c2b6f5bd1e161c3158d0418a5 ftp://updates.redhat.com/7.0/i386/glibc-devel-2.2-12.i386.rpm 0d0bc7d1cd31c548e474146a7cdfea51 ftp://updates.redhat.com/7.0/i386/glibc-profile-2.2-12.i386.rpm 9891a9d1967be619ca74a1de5d0b1f63 ftp://updates.redhat.com/7.0/i386/nscd-2.2-12.i386.rpm d56ba6b8f82c92b9a872e7ee94c706a9 Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1045.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, January 12th 2001 vuln-newsletter-admins (Jan 12)