Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch, January 12th 2001

From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 12 Jan 2001 00:30:56 -0500
+----------------------------------------------------------------+
|  LinuxSecurity.com                       Linux Advisory Watch  |
|  January 12th, 2001                      Volume 2, Number 2a   |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                  Benjamin Thomas
               dave () linuxsecurity com       ben () linuxsecurity com

This week, advisories were released for mgetty, perl, xchat,
umb-scheme, wu-ftpd, man, getty_ps, in, squid, arpwatch, useradd,
rdist, gpm, and glibc. The vendors include Debian, LinuxPPC,
Immunix, Mandrake and Red Hat. It is critical that you update all
vulnerable packages.

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

** OpenDoc Publishing **

Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.

http://www.linuxsecurity.com/sponsors/opendocs.html

HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html



+---------------------------------+
| Installing a new package:       | ------------------------------//
+---------------------------------+

# rpm -Uvh
# dpkg -i
Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.

+---------------------------------+
| Checking Package Integrity:     | -----------------------------//
+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

# md5sum
ebf0d4a0d236453f63a797ea20f0758b

The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing

+---------------------------------+
|  Debian Advisories              | ----------------------------//
+---------------------------------+


* Debian:  'mgetty' temp file vulnerability
January 10th, 2001

Immunix reports that mgetty does not create temporary files in a
secure manner, which could lead to a symlink attack. This has been
corrected in mgetty 1.1.21-3potato1.

 Intel ia32 architecture:
 http://security.debian.org/debian-security/dists/stable/
 updates/main/binary-i386/mgetty-fax_1.1.21-3potato1_i386.deb
   MD5 checksum: fc841c1e78fa0d3347115cf8a50d63cf

 http://security.debian.org/debian-security/dists/stable/
 updates/main/binary-i386/mgetty-viewfax_1.1.21-3potato1_i386.deb
   MD5 checksum: 57992604cc9437ce1b3362f8e05403ab

 http://security.debian.org/debian-security/dists/stable/
 updates/main/binary-i386/mgetty-voice_1.1.21-3potato1_i386.deb
   MD5 checksum: 14f6f890c3595c020508b936204fa177

 http://security.debian.org/debian-security/dists/stable/
 updates/main/binary-i386/mgetty_1.1.21-3potato1_i386.deb
   MD5 checksum: 52c203e583636f32389244c851823afa

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/debian_advisory-1033.html




+---------------------------------+
|  LinuxPPC Advisories            | ----------------------------//
+---------------------------------+


* LinuxPPC:  'xchat' vulnerability
January 8th, 2001

A vulnerability exists in versions 1.4.2 and earlier of the X-Chat
IRC client. By supplying commands enclosed in backticks (``) in URL's
sent to X-Chat, it is possible to execute arbitrary commands should
the X-Chat user decide to view the link by clicking on it. This is
due to the manner in which X-Chat launches pages for viewing. X-Chat
launches Netscape without checking for shell metacharacters in the
supplied URL. This allows for an attacker to exploit shell expansion
capabilities to execute commands as the user running Netscape.

 PLEASE SEE VENDOR ADVISORY

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/linuxppc_advisory-1029.html



* LinuxPPC:  'umb-scheme' vulnerability
January 8th, 2001

According to an advisory released by Red Hat, the package umb-scheme
contains files which have been inappropriately given world-writeable
permissions. The extent to which this might be exploited to gain
privileges depends on whether or not root routinely runs the affected
programs, file ownership, etc.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/linuxppc_advisory-1030.html




* LinuxPPC:  'man' vulnerability
January 8th, 2001

Due to insecure handling of /tmp files by the 'makewhatis' portion of
the man(1) command it is possible for a user to manipulate files to
which they should not have access or to possibly to elevate their
privileges. This is possible because 'makewhatis' creates
non-randomly named files in the /tmp directory which are subject to
symlink attacks. man 1.5e and higher is vulnerable.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/linuxppc_advisory-1031.html



* LinuxPPC:  'wu-ftpd' buffer overflow
January 8th, 2001

buffer overrun exists in wu-ftpd versions prior to 2.6.1. Due to
improper bounds checking, SITE EXEC may enable remote root execution,
without having any local user account required.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/linuxppc_advisory-1032.html




* LinuxPPC:  'perl' vulnerability
January 8th, 2001

A malicous user can create a file with an escape sequence and
commands embedded in the file name, then execute suidperl in such a
way that the security check fails. suidperl will send a message to
root via /bin/mail with the escape sequence embedded in the message.
This will cause /bin/mail to start a root shell and execute the
commands.

 PLEASE SEE VENDOR ADVISORY

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/linuxppc_advisory-1028.html




+---------------------------------+
|  Immunix Advisories             | ----------------------------//
+---------------------------------+

* ImmunixOS:  Several Temp File Vulnreabilities
January 10th, 2001

In an internal audit conducted while preparing Immunix Linux 7.0 we
noticed a loads of potential temp file race problems in lots of
different programs. This came to light due to the "new" linker
warning message in glibc whenever mktemp(), tempname() or other
insecure temp file generation functions are used.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-1034.html



+---------------------------------+
|  Mandrake Advisories            | ----------------------------//
+---------------------------------+


* Mandrake:  'useradd' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the
useradd program contained in the shadow-utils package. The useradd
program creates it's temporary files in the protected directory
/etc/default, but if this directory is changed to world writable, a
problem could occur. This update corrects the problem.

 7.2/RPMS/shadow-utils-19990827-8.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 416d563bbbbbb4d81b02efa79331aa3e

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1041.html



* Mandrake:  'gpm' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file condition in the gpm
program. This update corrects the problem.

 7.2/RPMS/gpm-1.19.3-3.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 da3943cbbd6c30aee1faed7b0c575214

 7.2/RPMS/gpm-devel-1.19.3-3.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 870fe23356df020b6db3e62995f0ff97

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1042.html





* Mandrake:  'rdist' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the
rdist program. This update corrects the problem.

 7.2/RPMS/rdist-6.1.5-17.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 f3b09d07f5afd421975601678f2673c7

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1043.html




* Mandrake:  'mgetty' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the
mgetty program. All versions of mgetty prior to 1.1.24 are
vulnerable.

 7.2/RPMS/mgetty-1.1.24-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 0d72b3de15212ce206af41d46838b159

 7.2/RPMS/mgetty-contrib-1.1.24-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 eba1600c76aa69b694477d38eeedb700

 7.2/RPMS/mgetty-sendfax-1.1.24-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 95cdd3e1c4af4a796e391bd6ee1e5fe7

 7.2/RPMS/mgetty-viewfax-1.1.24-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 45f0503abb4777102f2b39d57e180eda

 7.2/RPMS/mgetty-voice-1.1.24-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 8ed583b907af46171d69f7e211388070

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1044.html




* Mandrake:  'wu-ftpd' vulnerability
January 11th, 2001

WireX discovered a temporary file creation bug in the 2.6.1 release
of wu-ftpd. The problem exists in the privatepw helper program. As
well, Linux-Mandrake 7.2 users must update to this package as it
fixes security problems as discussed in the prior advisory,
MDKSA-2000:014, which had not been previously addressed for 7.2.

http://www.linuxsecurity.com/advisories/mandrake_advisory-1036.html


* Mandrake:  'getty_ps' vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the
getty_ps program. This update corrects the problem

 PLEASE SEE VENDOR ADVISORY FOR OTHER VERSIONS
 Linux-Mandrake 7.2:

 7.2/RPMS/getty_ps-2.0.7j-14.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 2a7cb2a1095d350eb7cb823f2a6aabe6

 7.2/SRPMS/getty_ps-2.0.7j-14.1mdk.src.rpm.
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 7e0ff386b74fb604db01a9b8c858617d

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1037.html



* Mandrake:  'inn' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the inn
program. This condition is due partly to the way inn is compiled and
configured on some Linux distributions, including Linux-Mandrake, and
partly due to the lack of information in the inn package detailing
potential security problems if you do not tell inn to use a private
temporary directory. The patch supplied by WireX that creates
temporary files correctly has been applied, and the temporary
directory that inn uses has been moved from /usr/tmp to
/var/spool/news/tmp which is available solely to the news user which
inn runs as.

 Linux-Mandrake 7.2:
 7.2/RPMS/inews-2.2.3-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 8ef8d2af5d2117bbb922300193602098

 7.2/RPMS/inn-2.2.3-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 bb6cae5782ffc98f83f5ed4b49ca2017

 7.2/RPMS/inn-devel-2.2.3-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 1633a12236555d36b97d862385cfdbce

 7.2/SRPMS/inn-2.2.3-1.1mdk.src.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 bccd827c3cba37b0b5168e591f3baa6a

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1038.html




* Mandrake:  'squid' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the way
that squid sends out email messages notifying the administrator about
updating the program. Usually this will only happen if you are
running a development version of squid or if the clock on your system
is incorrect. This problem has been corrected in the latest stable
and development versions of squid.

 7.2/RPMS/squid-2.3.STABLE2-3.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 6335568ac347c760531f4c7042c160c7

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1039.html




* Mandrake:  'arpwatch' temp file vulnerability
January 11th, 2001

WireX discovered a potential temporary file race condition in the
arpwatch program. This problem has been corrected in arpwatch version
2.1a10.

 7.2/RPMS/arpwatch-2.1a10-1.1mdk.i586.rpm
 ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.2/RPMS/
 53954f4b4a89afabfd6c9eaf1844a257

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1040.html





+---------------------------------+
|  Red Hat Advisories             | ----------------------------//
+---------------------------------+

* Red Hat:  'glibc' vulnerability
January 11th, 2001

A couple of bugs in GNU C library 2.2 allow unpriviledged user to
read restricted files and preload libraries in /lib and /usr/lib
directories into SUID programs even if those libraries have not been
marked as such by system administrator.

 ftp://updates.redhat.com/7.0/i386/glibc-2.2-12.i386.rpm
 91b935bfb0d5fb43394d8557fe754bb4
 ftp://updates.redhat.com/7.0/i386/glibc-common-2.2-12.i386.rpm
 b1218c0c2b6f5bd1e161c3158d0418a5

 ftp://updates.redhat.com/7.0/i386/glibc-devel-2.2-12.i386.rpm
 0d0bc7d1cd31c548e474146a7cdfea51

 ftp://updates.redhat.com/7.0/i386/glibc-profile-2.2-12.i386.rpm
 9891a9d1967be619ca74a1de5d0b1f63

 ftp://updates.redhat.com/7.0/i386/nscd-2.2-12.i386.rpm
 d56ba6b8f82c92b9a872e7ee94c706a9

Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1045.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: