Information Security News mailing list archives
Linux Advisory Watch, Nov 17th 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 17 Nov 2000 13:20:20 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | November 17th, 2000 Volume 1, Number 29a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for named, bind, gnupg, tcsh, ncurses, telnetd, nss_ldap, openssh, cups, modutiles, pine, and imap. The vendors include Caldera, Debian, FreeBSD, Mandrake, Conectiva, Immunix, Trustix, Red Hat, Slackware and SuSE. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Many of the vulnerabilites described are root compromises. Also, if you are running bind/named, make sure that you upgrade so you are not vulnerable to DoS attacks. OpenDoc Publishing Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing +---------------------------------+ | Caldera Advisories | ----------------------------// +---------------------------------+ * Caldera: 'named' DoS November 13th, 2000 There's a bug in named's handling of compressed zone transfers (ZXFR) that causes it to crash under certain circumstances. At the very least, this is a denial of service attack. As the bug is still being investigated, it cannot be ruled out that this bug has a more severe security impact. Package Name: RPMS/bind-8.2.2p7-1.i386.rpm ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ MD5 Checksum: 9d8429f25c5fb3bebe2d66b1f9321e61 Package Name: RPMS/bind-doc-8.2.2p7-1.i386.rpm ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ MD5 Checksum: 0e958eb01f40826f000d779dbe6b8cb3 Package Name: RPMS/bind-utils-8.2.2p7-1.i386.rpm ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ MD5 Checksum: 866ff74c77e9c04a6abcddcc11dbe17b Vendor Advisory: * http://www.linuxsecurity.com/advisories/caldera_advisory-873.html +---------------------------------+ | Conectiva Advisories | ----------------------------// +---------------------------------+ * Conectiva: 'bind' DoS November 10th, 2000 The bind nameserver has a vulnerability regarding compressed zone tansfers that can be used in a DoS attack. This vulnerability can only be exploited by authorized zone transfers. The named daemon will crash if it receives such a zone transfer request from an authorized source address. The crash can be immediate or happen after a few seconds or minutes, and results in a disabled DNS service. PLEASE SEE VENDOR ADVISORY FOR UPDATED PACKAGES * Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-860.html * Conectiva: 'bind' update removes bind user November 10th, 2000 Due to a packaging error, the updated bind packages for Conectiva Linux 5.1 (CLSA-2000:338) remove the "named" user and group after upgrading. As a result, the named daemon can not be started. ftp://atualizacoes.conectiva.com.br/5.1/i386/ bind-8.2.2P7-2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/ bind-devel-8.2.2P7-2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/ bind-doc-8.2.2P7-2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/ bind-utils-8.2.2P7-2cl.i386.rpm Vendor Advisory: * http://www.linuxsecurity.com/advisories/other_advisory-863.html +---------------------------------+ | Debian Advisories | ----------------------------// +---------------------------------+ * Debian: 'gnupg' update November 10th, 2000 The version of gnupg that was distributed in Debian GNU/Linux 2.2 had a logic error in the code that checks for valid signatures which could cause false positive results: Jim Small discovered that if the input contained multiple signed sections the exit-code gnupg returned was only valid for the last section, so improperly signed other sections were not noticed. Alpha architecture: gnupg_1.0.4-1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/ MD5 checksum: f572217d63102a55a9e4704aed9b1c9d ARM architecture: gnupg_1.0.4-1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/ MD5 checksum: eb43fb088b488002fa4c06c0d8d69eb2 Intel ia32 architecture: gnupg_1.0.4-1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/ MD5 checksum: ef2ed6b922db2ed215f2fb857db80730 Motorola 680x0 architecture: gnupg_1.0.4-1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/ MD5 checksum: 607202c40ec908fa2ab10b20a1235ff2 PowerPC architecture: gnupg_1.0.4-1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ MD5 checksum: ade5f42869502dfb128bd2b6279ab111 Sun Sparc architecture: gnupg_1.0.4-1_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/ MD5 checksum: 37a850c6363498f90d3f719ada8d71db Vendor Advisory: * http://www.linuxsecurity.com/advisories/debian_advisory-865.html * Debian: 'bind' DoS November 12th, 2000 The version of BIND shipped with Debian GNU/Linux 2.2 is vulnerable to a remote denial of service attack, which can cause the nameserver to crash after accessing an uninitialized pointer. This problem is fixed in the current maintenance release of BIND, 8.2.2P7, and in the Debian package version 8.2.2p7-1 for both stable and unstable releases. Alpha architecture: bind-dev_8.2.2p7-1_alpha.deb http://security.debian.org/dists/potato/updates/main/binary-alpha/ MD5 checksum: 2315ecbe3d12e3b63990d3c3865757c7 bind_8.2.2p7-1_alpha.deb http://security.debian.org/dists/potato/updates/main/binary-alpha/ MD5 checksum: 714123acb9343215f1db7069a852097b dnsutils_8.2.2p7-1_alpha.deb http://security.debian.org/dists/potato/updates/main/binary-alpha/ MD5 checksum: 52674605ace1f92dace748d2f395a25e ARM architecture: bind-dev_8.2.2p7-1_arm.deb http://security.debian.org/dists/potato/updates/main/binary-arm/ MD5 checksum: ee34a99274fb5c39d7827022f97f90cd bind_8.2.2p7-1_arm.deb http://security.debian.org/dists/potato/updates/main/binary-arm/ MD5 checksum: 479bc6ee1ec7420dd66492ee86a0b4f2 dnsutils_8.2.2p7-1_arm.deb http://security.debian.org/dists/potato/updates/main/binary-arm/ MD5 checksum: 9f2993e930fe124b7d781f7fcf7dd9f5 Intel ia32 architecture: bind-dev_8.2.2p7-1_i386.deb http://security.debian.org/dists/potato/updates/main/binary-i386/ MD5 checksum: 513489234a54cf0ec315614ad4d3eb6c bind_8.2.2p7-1_i386.deb http://security.debian.org/dists/potato/updates/main/binary-i386/ MD5 checksum: e43bcbf9ea61557df87a96d3554d4a51 dnsutils_8.2.2p7-1_i386.deb http://security.debian.org/dists/potato/updates/main/binary-i386/ MD5 checksum: bda3b5b518413f158b7e22c86bcd256e Motorola 680x0 architecture: bind-dev_8.2.2p7-1_m68k.deb http://security.debian.org/dists/potato/updates/main/binary-m68k/ MD5 checksum: fa8e79eb6df63bdb61571e0de4fd104d bind_8.2.2p7-1_m68k.deb http://security.debian.org/dists/potato/updates/main/binary-m68k/ MD5 checksum: a20d3db55060efffe2751d06d73d2e3b dnsutils_8.2.2p7-1_m68k.deb http://security.debian.org/dists/potato/updates/main/binary-m68k/ MD5 checksum: e882f568805162ded8d96d88a69f6bdb PowerPC architecture: bind-dev_8.2.2p7-1_powerpc.deb http://security.debian.org/dists/potato/updates/main/binary-powerpc/ MD5 checksum: 7224113410d6c8d35facbb8a017c612b bind_8.2.2p7-1_powerpc.deb http://security.debian.org/dists/potato/updates/main/binary-powerpc/ MD5 checksum: 8cad0e6aedcbbd73d6341dcc7dda23f9 dnsutils_8.2.2p7-1_powerpc.deb http://security.debian.org/dists/potato/updates/main/binary-powerpc/ MD5 checksum: c25d9943a4a508eb80e6e9d1c564eb29 Sun Sparc architecture: bind-dev_8.2.2p7-1_sparc.deb http://security.debian.org/dists/potato/updates/main/binary-sparc/ MD5 checksum: 022fe932c1b25fb6d59d5031de8a04ba bind_8.2.2p7-1_sparc.deb http://security.debian.org/dists/potato/updates/main/binary-sparc/ MD5 checksum: b7c02ca550277dce564375ff28ef0f2a dnsutils_8.2.2p7-1_sparc.deb http://security.debian.org/dists/potato/updates/main/binary-sparc/ MD5 checksum: c98c594c4846ff7a639a020e42ae7462 Vendor Advisory: * http://www.linuxsecurity.com/advisories/debian_advisory-869.html * Debian: 'tcsh' update November 10th, 2000 Proton reported on bugtraq that tcsh did not handle in-here documents correctly. The version of tcsh that is distributed with Debian GNU/Linux 2.2r0 also suffered from this problem. When using in-here documents using the << syntax tcsh uses a temporary file to store the data. Unfortunately the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary files. Alpha architecture: tcsh-kanji_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/ MD5 checksum: d94b88f967a30b29d0fd428651c24ee7 tcsh_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/ MD5 checksum: 35493353e4b7a0c73dc481fb114f992e ARM architecture: tcsh-kanji_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/ MD5 checksum: 41e52451e23c910040d13252a95ccd02 tcsh_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/ MD5 checksum: 37c93cc0c71267e1a8e9a2a0478de274 Intel ia32 architecture: tcsh-kanji_6.09.00-10_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/ MD5 checksum: 08638761e6526431cdac955e1c4e18bc tcsh_6.09.00-10_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/ MD5 checksum: 0893dabcc592c8d32dadc09e479e998f Motorola 680x0 architecture: tcsh-kanji_6.09.00-10_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/ MD5 checksum: 5cdff861f9ffec03013a3b84e6045ed8 tcsh_6.09.00-10_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/ MD5 checksum: c7d7e41f56fc7478abb27cbf81d5aec6 PowerPC architecture: tcsh-kanji_6.09.00-10_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ MD5 checksum: fa31d16133308159b72ae9eda0bb52a7 tcsh_6.09.00-10_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/ MD5 checksum: a158e78ee02c263b729f23b642f6835e Sun Sparc architecture: tcsh-kanji_6.09.00-10_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/ MD5 checksum: b75a93eb0fee0289bda3ffbc13fdd797 tcsh_6.09.00-10_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/ MD5 checksum: 556d8e1fc4d7aa25b436c65c70c9c314 Vendor Advisory: * http://www.linuxsecurity.com/advisories/debian_advisory-866.html +---------------------------------+ | FreeBSD Advisories | ----------------------------// +---------------------------------+ * FreeBSD: 'ncurses' vulnerability November 13th, 2000 There exists an overflowable buffer in the libncurses library in the processing of cursor movement capabilities. An attacker can force a privileged application to use the attacker's termcap file containing a specially crafted terminal entry, which will trigger the vulnerability when the vulnerable ncurses code is called. This allows them to execute arbitrary code on the local system with the privileges of the exploited binary. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: * http://www.linuxsecurity.com/advisories/freebsd_advisory-872.html * FreeBSD: 'gnupg' ports vulnerability November 10th, 2000 Versions of gnupg prior to 1.04 fail to correctly verify multiple signatures contained in a single document. Only the first signature encountered is actually verified, meaning that other data with invalid signatures (e.g. data which has been tampered with by an attacker) will not be verified, and the entire document will be treated as having valid signatures. Updated Package: gnupg-1.04.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/ packages-5-current/security/ Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-862.html * FreeBSD: 'telnetd' vulnerability November 14th, 2000 Remote users without a valid login account on the server can cause resources such as CPU and disk read bandwidth to be consumed, causing increased server load and possibly denying service to legitimateusers. Vendor Patch: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch Vendor Advisory: * http://www.linuxsecurity.com/advisories/freebsd_advisory-876.html * FreeBSD: 'ppp deny_incoming' vulnerability November 14th, 2000 Remote users can cause incoming traffic which is not part of an existing NAT session to pass the NAT gateway, which may constitute a breach of security policy. Thus, users who are using the deny_incoming functionality in the expectation that it provides a "deny by default" firewall which only allows through packets known to be part of an existing NAT session, are in fact allowing other types of unsolicited IP traffic into their internal network. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendory Advisory: * http://www.linuxsecurity.com/advisories/freebsd_advisory-877.html +---------------------------------+ | Immunix Advisories | ----------------------------// +---------------------------------+ * Immunix: 'bind' DoS November 13th, 2000 BIND version 8.2.2-P5 has a denial of service bug. The code intended to provide support for the transfer of compressed zone files can crash the name server. More BIND security information can be found at: http://www.isc.org/products/BIND/bind8.html Package Name: bind-8.2.2_P7-1 http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/RPMS/ MD5 Checksum: 70339c6294f64e9693819038c56316d4 Vendor Advisory: * http://www.linuxsecurity.com/advisories/other_advisory-871.html +---------------------------------+ | Mandrake Advisories | ----------------------------// +---------------------------------+ * Mandrake: 'tcsh' vulnerability November 14th, 2000 A vulnerability exists with tcsh when using the in-here documents with the << syntax. When doing this, tcsh uses a temporary file to store the data. Unfortunately, the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary files Linux-Mandrake 7.0: 7.0/RPMS/tcsh-6.09.04-1.2mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: b2ff9906f77f4f8f738f85aedcd6d1ce Linux-Mandrake 7.1: 7.1/RPMS/tcsh-6.09.04-1.2mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 8e917a65861dd246f2a55786415395f5 Linux-Mandrake 7.2: 7.2/RPMS/tcsh-6.09.04-1.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 14284cbb343a88bcceca0fff6a0e6416 Vendor Advisory: * http://www.linuxsecurity.com/advisories/mandrake_advisory-874.html * Mandrake: 'openssh' vulnerability November 15th, 2000 A vulnerability exists with all versions of OpenSSH prior to 2.3.0 with regards to the X11 forwarding and ssh-agent. If agent or X11 forwarding is disabled in the ssh client configuration, the client does not request these features during session setup. However, when the ssh client receives an actual request asking for access to the ssh-agent, the client fails to check whether this feature has been negotiated during session setup. The client does not check whether the request is in compliance with the client configuration and grants access to the ssh-agent. A similar problem exists in the X11 forwarding implementation. PLEASE SEE VENDOR ADVISORY FOR UPDATED PACKAGES Vendor Advisory: * http://www.linuxsecurity.com/advisories/mandrake_advisory-878.html * Mandrake: 'modutils' vulnerability November 16th, 2000 When a device is specified at the command line that doesn't exist, request_module is called with the user-supplied arguments passed to the kernel. The kernel then takes the arguments and executes modprobe with them. Arbitrary commands included in the argument for module name (device name to ping) are then executed when popen() is called as root. Linux-Mandrake 7.1: 7.1/RPMS/modutils-2.3.20-1.2mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: de9f58e8def6af9174eb53227422bb70 Linux-Mandrake 7.2: 7.2/RPMS/modutils-2.3.20-1.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 83071582ed7ae9dbe93f13a386c9f500 Vendor Advisory: * http://www.linuxsecurity.com/advisories/mandrake_advisory-884.html * Mandrake: 'CUPS' vulnerability November 16th, 2000 A problem existed with previous versions of CUPS that made CUPS printers accessible from anywhere on the internet. A bug also existed where CUPS would broadcast to everywhere and thus keep open dial-on- demand lines. Both problems have been addressed in this update and by an automatic configuration script. Linux-Mandrake 7.2: 7.2/RPMS/cups-1.1.4-5.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 1e22b9f181bfccb1d8cb1242090ac458 7.2/RPMS/cups-devel-1.1.4-5.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 43a494baa824f7b3cdf7be7c59f34b00 Vendor Advisory: * http://www.linuxsecurity.com/advisories/mandrake_advisory-883.html * Mandrake: 'nss_ldap' update November 10th, 2000 A race condition exists in versions of nss_ldap prior to version 121. On a system running nscd, a malicious user can cause the system to hang. http://www.linuxsecurity.com/advisories/mandrake_advisory-861.html * Mandrake: 'bind' update November 10th, 2000 A vulnerability exists with the bind nameserver dealing with compressed zone transfers. This vulnerability can be exploited by authorized zone transfers and used in a DoS attack. The named daemon will crash if it receives this type of zone transfer from an authorized source address. The crash is not necessarily immediate, but can range from a few seconds to a few minutes from the time of the attack. Linux-Mandrake 7.0: 7.0/RPMS/nss_ldap-122-1.2mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 13907614252952438931877a2dca472a Linux-Mandrake 7.1: nss_ldap-122-1.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: cde48c8a7e334ebd6a604dd034a294f4 7.1/RPMS/ Linux-Mandrake 7.2: 7.2/RPMS/nss_ldap-122-1.1mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3 MD5 Checksum: 82a506e8c958f054275a027ead7b8b15 Vendor Advisory: * http://www.linuxsecurity.com/advisories/mandrake_advisory-861.html +---------------------------------+ | RedHat Advisories | ----------------------------// +---------------------------------+ * Redhat: 'modutils' vulnerability November 16th, 2000 modutils, a package that helps the kernel automatically load kernel modules (device drivers etc.) when they're needed, could be abused to execute code as root. Red Hat Linux 6.2 alpha: ftp://updates.redhat.com/6.2/alpha/modutils-2.3.20-0.6.2.alpha.rpm MD5 Checksum: 7540818796b9ab0961465f67118ffac9 sparc: ftp://updates.redhat.com/6.2/sparc/modutils-2.3.20-0.6.2.sparc.rpm MD5 Checksum: d8226ab998719f79f3df9d4e9a6bb88a i386: ftp://updates.redhat.com/6.2/i386/modutils-2.3.20-0.6.2.i386.rpm MD5 Checksum: 206cb6ccd33a0f16803695e0246abb35 Red Hat Linux 7.0: i386: ftp://updates.redhat.com/7.0/i386/modutils-2.3.20-1.i386.rpm MD5 Checksum: 166b7512c784ffaa4233e8f71ef712cd Vendor Advisory: * http://www.linuxsecurity.com/advisories/redhat_advisory-882.html * Redhat: 'bind' DoS vulnerability November 11th, 2000 A bug in bind 8.2.2_P5 allows for a denial of service attack. If named is open to zone transfers and recursive resolving, it will crash after a ZXFR for the authoritative zone and a query of a remote hostname. Red Hat Linux 7.0: alpha: ftp://updates.redhat.com/7.0/alpha/bind-8.2.2_P7-1.alpha.rpm MD5 Checksum: cdaad5917739f5c20e4d01a37750386d sparc: ftp://updates.redhat.com/7.0/sparc/bind-8.2.2_P7-1.sparc.rpm MD5 Checksum: 105382156bffc1543e3907b12c2a417c i386: ftp://updates.redhat.com/7.0/i386/bind-8.2.2_P7-1.i386.rpm MD5 Checksum: 3ca7a0db5c91992478737bf7564ad148 Vendor Advisory: * http://www.linuxsecurity.com/advisories/redhat_advisory-867.html * Redhat: 'usermode' update November 10th, 2000 The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. Red Hat Linux 7.0:i386: ftp://updates.redhat.com/7.0/i386/usermode-1.37-2.i386.rpm FOR OTHER VERSIONS PLEASE SEE VENDOR ADVISORY Vendor Advisory: * http://www.linuxsecurity.com/advisories/redhat_advisory-858.html * Redhat: 'pine' and 'imap' updates November 10th, 2000 By adding specific headers to messages, the pine mail reader and the imap server could be made to exit with an error message when users attempted to manipulate mail folders containing those messages. Red Hat Linux 7.0:i386: ftp://updates.redhat.com/7.0/i386/pine-4.30-2.i386.rpm MD5 Checksum: 14e10c0d1d5752708acafd31135e72cf ftp://updates.redhat.com/7.0/i386/imap-2000-3.i386.rpm MD5 Checksum: 0cc070b4a5092208bebbf567cf319582 ftp://updates.redhat.com/7.0/i386/imap-devel-2000-3.i386.rpm MD5 Checksum: a94850f16ea2bb07dc1f172db422916b FOR OTHER VERSIONS PLEASE SEE VENDOR ADVISORY Vendor Advisory: * http://www.linuxsecurity.com/advisories/redhat_advisory-859.html +---------------------------------+ | Slackware Advisories | ----------------------------// +---------------------------------+ * Slackware: 'pine' update November 10th, 2000 Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder. ftp://ftp.slackware.com/pub/slackware/slackware-current/ slakware/n1/pine.tgz MD5 Checksum: 2f7cdbca84e9d3473c74c6cf6ed24b79 ftp://ftp.slackware.com/pub/slackware/slackware-current/ slakware/n1/imapd.tgz MD5 Checksum: 81a5c7373e30357679fe613e38e07a01 Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-857.html * Slackware: 'bind' DoS November 11th, 2000 BIND version 8.2.2-P5 has a denial of service bug. The code intended to provide support for the transfer of compressed zone files can crash the name server. More BIND security information can be found at: http://www.isc.org/products/BIND/bind8.html ftp://ftp.slackware.com/pub/slackware/slackware-current/ slakware/n1/bind.tgz MD5 Checksum: acce19918ebb3cf0159f0690e5d167ae Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-868.html +---------------------------------+ | SuSE Advisories | ----------------------------// +---------------------------------+ * SuSE: 'bind' DoS November 16th, 2000 BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request (ZXFR) and if an SRV record (defined in RFC2782) is sent to the server. SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1 /bind8-8.2.2-139.i386.rpm MD5 Checksum: c6f2242efe722aaa4320010e00ddc080 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/ bind8-8.2.2-139.i386.rpm MD5 Checksum: d3f51528ad2120cd3dc6517c2bc26c0a PLEASE SEE VENDOR ADVISORY FOR OTHER PLATFORMS Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-881.html * SuSE: 'modules' vulnerability November 13th, 2000 Newer versions of the modprobe program contain a bug which allows local users to gain root priviledges. modprobe expands given arguments via /bin/echo and can easily be tricked into executing commands. In order for this bug to be exploitable, a setuid root program must be installed that can trigger the loading of modules (such as ping6). i386 Intel Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/ modules-2.3.11-73.i386.rpm MD5 Checksum: 9643216a1e0c147635ef62d894a9d7ad SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/ modules-2.3.9-63.i386.rpm MD5 Checksum: d3a95b93e549aae9a462e84d179efe45 PLEASE SEE VENDOR ADVISORY FOR OTHER PLATFORMS Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-870.html +---------------------------------+ | Trustix Advisories | ----------------------------// +---------------------------------+ * Trustix: bind, openssh, and modutils November 15th, 2000 The openssh client does not enforce the "ForwardX11 no", and "ForwardAgent no" configuration options, so that a malicious server could force a client to forward these even if they are turned off. http://www.linuxsecurity.com/advisories/other_advisory-880.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, Nov 17th 2000 vuln-newsletter-admins (Nov 18)