Information Security News mailing list archives
Linux Advisory Watch, October 13th 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 13 Oct 2000 16:38:39 -0400
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 13th, 2000 Volume 1, Number 24a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
This week, advisories were released for mod_rewrite, mod_php3, tmpwatch,
traceroute, boa, esound, usermode, gnorpm, openssh, apache, and cfengine.
The vendors include Caldera, Conectiva, Debian, FreeBSD, Immunix,
LinuxPPC, Mandrake, SuSE, and Trustix. It is critical that you update all
vulnerable packages to reduce the risk of being compromised.
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
-- OpenDoc Publishing --
Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive
security book, Securing and Optimizing Linux, takes a hands-on approach to
installing, optimizing, configuring, and securing Red Hat Linux. Topics
include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more!
Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition.
http://www.linuxsecurity.com/sponsors/opendocs.html
+---------------------------------+
| Installing a new package: | ----------------------------//
+---------------------------------+
# rpm -Uvh
# dpkg -i
Packages can be installed easily by using rpm (Red Hat Package Manager) or
dpkg (Debian Package Manager). Most advisories issued by vendors are
packaged in either an rpm or dpkg. Additional installation instructions
can be found in the body of the Advisories.
+---------------------------------+
| Checking Package Integrity: | -----------------------------//
+---------------------------------+
The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is applied.
It can be used to compare against a previously-generated sum to determine
whether the file has changed. It is commonly used to ensure the integrity
of updated packages distributed by a vendor.
# md5sum
ebf0d4a0d236453f63a797ea20f0758b
The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package also may
have modified the published checksum, it is especially useful for
establishing a great deal of assurance in the integrity of a package
before installing it.
+---------------------------------+
| Caldera Advisories | ----------------------------//
+---------------------------------+
* Caldera: 'mod_rewrite' vulnerability
The Apache HTTP server comes with a module named mod_rewrite which can be
used to rewrite URLs presented by the client before further processing.
The processing logic in mod_rewrite contains a flaw that allows attackers
to view arbitrary files on the server system. In the default
configuration shipped with OpenLinux, mod_rewrite is disabled.
Package Name: apache-1.3.4-5.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
MD5 checksum: c01531115e05d0371db7b1ac83c85b3b
Package Name: apache-1.3.9-5S.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
MD5 checksum: 45bd05d80b8c5ca5ef87da39de9c19dd
Package Name: apache-1.3.11-2D.i386.rpm
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
MD5 checksum: c303c215facbe330fd454e502a50e798
Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-783.html
+---------------------------------+
| Conectiva Advisories | ----------------------------//
+---------------------------------+
* Conectiva: 'mod_php3' format string vulnerability
Logging functions in PHP3 are vulnerable to format string attacks that can
lead to remote execution of arbitrary code. This vulnerability can only be
exploited if the logging functions are enabled, which is *not* the default
configuration for this package. This vulnerability also affects PHP4, but
it is not shipped in any Conectiva Linux distribution as of this date.
Updated Package: Available in Vendor Advisory
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-793.html
* Conectiva: 'tmpwatch' local DoS
Versions of the tmpwatch package as shipped with Conectiva Linux contain a
vulnerability which could lead to a local DoS. These versions, though,
are not vulnerable to the local root exploit published earlier because
they do not have the fuser option, which appeared only in later versions.
Updated Package: tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/
Updated Package: tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/
Updated Package: tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/
Updated Package: tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/
Updated Package: tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/
Updated Package: tmpwatch-2.6.2-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-771.html
* Conectiva: 'traceroute' vulnerability
Previous releases of traceroute contained some problems that could be
exploited to gain local root access.
Updated Package: traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/
Updated Package: traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/
Updated Package: traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/
Updated Package: traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/
Updated Package: traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/
Updated Package: traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-776.html
* Conectiva: 'mod_rewrite' vulnerability
There are two vulnerabilities in the Apache web server as shipped with
Conectiva Linux. 1. Under certain configurations, the mod_rewrite module
could be used to access any file on the server, provided that filesystem
access rights permitted that. Now the mod_rewrite module makes a one-pass
expansion and is no longer vulnerable to this. 2. The other vulnerability
is regarding the handling of Host: headers in mass virtual hosting
configurations. The check for dot (".") charactes in that header was not
complete and could permit access to a parent directory.
Updated Package: apache-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/
Updated Package: apache-devel-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/
Updated Package: apache-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/
Updated Package: apache-devel-1.3.6-16cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/
Updated Package: apache-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/
Updated Package: apache-devel-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/
Updated Package: apache-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/
Updated Package: apache-devel-1.3.9-17cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/
Updated Package: apache-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/
Updated Package: apache-doc-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/
Updated Package: apache-devel-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/
Updated Package: apache-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/
Updated Package: apache-doc-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/
Updated Package: apache-devel-1.3.12-14cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-788.html
+---------------------------------+
| Debian Advisories | ----------------------------//
+---------------------------------+
* Debian: updated 'Boa' packages
In versions of boa before 0.94.8.3, it is possible to access files outside
of the server's document root by the use of properly constructed URL
requests. This problem is fixed in version 0.94.8.3-1, uploaded to
Debian's unstabledistribution on October 3, 2000. Fixed packages are also
available in proposed-updates and will be included in the next revision of
Debian/2.2 (potato).
Alpha architecture Package: boa_0.94.8.3-1_alpha.deb
http://security.debian.org/dists/potato/updates/main/binary-alpha/
MD5 checksum: 49bb09162ce840153779b5911cca29af
Intel ia32 architecture Package: boa_0.94.8.3-1_i386.deb
http://security.debian.org/dists/potato/updates/main/binary-i386/
MD5 checksum: e8122856917c02ca23e03cf49fcdc3ed
Motorola 680x0 architecture Package: boa_0.94.8.3-1_m68k.deb
http://security.debian.org/dists/potato/updates/main/binary-m68k/
MD5 checksum: 1670d6f1e57453e4a22e15175d398c7e
PowerPC architecture Package: boa_0.94.8.3-1_powerpc.deb
http://security.debian.org/dists/potato/updates/main/binary-powerpc/
MD5 checksum: 9fdb496abcdc24f2234c1930bc9b9913
Sun Sparc architecture Package: boa_0.94.8.3-1_sparc.deb
http://security.debian.org/dists/potato/updates/main/binary-sparc/
MD5 checksum: 7f4e1ac3afff1442fec6cd5b92ed2771
Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-774.html
+---------------------------------+
| FreeBSD Advisories | ----------------------------//
+---------------------------------+
* FreeBSD: TCP sequence number predication weakness
Systems running insecure protocols which blindly trust a TCP connection
which appears to come from a given IP address without requiring other
authentication of the originator are vulnerable to spoofing by a remote
attacker, potentially yielding privileges or access on the local system.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch.asc
Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-761.html
+---------------------------------+
| Immunix Advisories | ----------------------------//
+---------------------------------+
* Immunix: 'esound' vulnerability
Updated Package: esound-0.2.20-0_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 checksum: ab285ded3a6e451d294ed2f056d7df80
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-766.html
* Immunix: 'traceroute' vulnerability
Updated Packages: traceroute-1.4a5-24.6x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 checksum: cb497c4c15ca728056d5e20d4378a3f0
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-767.html
* Other: Immunix 'tmpwatch' update
Updated Package: tmpwatch-2.6.2-1.6.2_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 checksum: 3fbec19f6691d95a7c142a88d5f07c8d
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-768.html
* Immunix: 'usermode' vulnerability
Updated Package: usermode-1.36-2.6.x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 checksum: ae9e90e8008a267149fa079c7af478ea
Updated Package: SysVinit-2.78-5_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 checksum: 10f5e461b559bd7ce45572515f212147
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-781.html
* Immunix: 'gnorpm' update
Updated Package: gnorpm-0.95.1-2.62_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 checksum: ef438ecb8577085a0b9c5da49852b323
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-789.html
+---------------------------------+
| LinuxPPC Advisories | ----------------------------//
+---------------------------------+
* LinuxPPC: Boot security problem
All computers with existing versions of LinuxPPC installed are accessible
as root by anyone if they are able to boot the machine in single user
mode. Fortunately, The solution is very simple. You can disable the
automatic login as root when the machine is booted into single user mode.
The method for doing this is described below.
http://www.linuxppc.com/support/updates/security/
?category=2000&subject=single-user-mode
Vendor Advisory:
http://www.linuxsecurity.com/advisories/linuxppc_advisory-765.html
+---------------------------------+
| Mandrake Advisories | ----------------------------//
+---------------------------------+
* Mandrake: 'gnorpm' update
Versions of GnoRPM prior to 0.95 used files in the /tmp directory in an
insecure manner. If GnoRPM is run as root, a local user can exploit this
behaviour to trick GnoRPM into writing to arbitrary files anywhere on the
system.
Package Name: gnorpm-0.9-5mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/
MD5 Checksum: 42f258faadf07ac6d4bd8dfdbf1ecc6d
Package Name: gnorpm-0.9-5mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 Checksum: 6418822070f5579a5d0ae103bb28568b
Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-759.html
* Mandrake: 'tmpwatch' vulnerability
Previous versions of tmpwatch contained a local denial of service and root
exploits. This is due to using the fork() command to recursively process
subdirectories which would allow a local user to perform a denial of
service attack.
Package Name: tmpwatch-2.6.2-1mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/
MD5 checksum: d6e7442f4c3a9af30e9158e7ae9ecf72
Package Name: tmpwatch-2.6.2-1mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/
MD5 checksum: 04b86f78b1bf908219c5ddc94767c7a8
Package Name: tmpwatch-2.6.2-1mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: 07267b2907b9e9454a967c4323b17f17
Package Name: tmpwatch-2.6.2-1mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 04e2717f14f0b4f8f991ea9cc0926b2e
Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-763.html
* Mandrake: 'openssh' vulnerability
A problem exists with openssh's scp program. If a user uses scp to move
files from a server that has been compromised, the operation an be used to
replace arbitrary files on the user's system. The problem is made more
serious by setuid versions of ssh which allow overwriting any file on the
local user's system. If the ssh program is not setuid or is setuid to
someone other than root, the intrustion is limited to files with write
access granted to the owner of the ssh program.
7.0
Package Name: openssh-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: 305e0198128f0ff9c1c9292ec09b4dcc
Package Name: openssh-askpass-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: b9926356f70c27be00d2b50c96b11bd0
Package Name: openssh-clients-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: c4264c9b9ab857ddd4555c05096e4697
Package Name: openssh-server-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: 21f1d76dc514f6e59c6023affc80dc54
Package Name: openssl-0.9.5a-3mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: a3dd007c212763d4ece19b50e013edd0
Package Name: openssl-devel-0.9.5a-3mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: b8d23e53945a0c53525701c0ed298d01
7.1
Package Name: openssh-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 859074e6bea599faf97ead477a8e97fe
Package Name: openssh-askpass-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 5df518f2b4cb308fee7b78b127972733
Package Name: openssh-clients-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: a00ae71dadecbde77ccd9b4d0d0b818a
Package Name: openssh-server-2.1.1p3-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 8abf7df4ed56bcbb517ebe9b549d2df7
Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-782.html
* Mandrake: 'boa' vulnerability
There is a problem with versions of the boa web server prior to 0.94.8.3
that make it possible to access files outside of the server's document
root by the use of properly constructed URL requests. Linux-Mandrake
started shipping the boa web server with 7.2 beta which uses the fixed
0.94.8.3 version. Linux-Mandrake users who have installed this package on
their own are encouraged to upgrade to the version found in 7.2 beta or
cooker.
Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-786.html
* Mandrake: 'apache' update
The Apache web server comes with a module called mod_rewrite which is used
to rewrite URLs presented by the client prior to further processing.
There is a flaw in the mod_rewrite logic that allows an attacker to view
arbitrary files on the server system if they contain regular expression
references. All Linux-Mandrake users using Apache are encouraged to
upgrade to these updated versions that fix this flaw.
Linux Mandrake 6.0
Package Name:apache-1.3.6-29mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/
MD5 checksum: 77fa37ac213493d94f5817f93710cbb8
Package Name: apache-devel-1.3.6-29mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/
MD5 checksum: 8c51afd87ab8be5b08bc2d02fdc37298
Linux-Mandrake 6.1
Package Name: apache-1.3.9-8mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/
MD5 checksum: 890f342e3d33a73978b9ec60d53f3c54
Package Name: apache-devel-1.3.9-8mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/
MD5 checksum: 4308ebc3b5c496b74173d0af0cb43de9
Linux-Mandrake 7.0
Package Name: apache-1.3.9-18mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: 094ae1b8764bd6c71519fe051b735e21
Package Name: apache-devel-1.3.9-18mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: dc298d04f25fe4f5a895e898606b8551
Package Name: apache-suexec-1.3.9-18mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 checksum: 7fe54f76cf8f5b46d35ba44944783811
Linux-Mandrake 7.1
Package Name: apache-1.3.12-13mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 990b35197aee4fe36d9c26b709279108
Package Name: apache-devel-1.3.12-13mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 973cf2b01f1d1030b672011288188c50
Package Name: apache-suexec-1.3.12-13mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 checksum: 69e5ff252a7481b36d2f44bc17c48e63
Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-790.html
+---------------------------------+
| RedHat Advisories | ----------------------------//
+---------------------------------+
* RedHat: 'esound' vulnerability
Esound, the sound daemon used for Gnome, creates a world-writable
directory, /tmp/.esd. This directory is owned by the user running esound,
and is used to store a socket which is used by programs connecting to the
sound server. During startup, this socket's permissions are adjusted. An
attacker on the system can theoretically create a symbolic link, and cause
any file or directory owned by the user running esound to be madeworld
writable.
alpha:
ftp://updates.redhat.com/6.2/alpha/esound-0.2.20-0.alpha.rpm
MD5 checksum: 648746086daa7bbc6bef00697e62bf51
sparc:
ftp://updates.redhat.com/6.2/sparc/esound-0.2.20-0.sparc.rpm
MD5 checksum: 2127fdd7654b80506952dce08c3f5014
386:
ftp://updates.redhat.com/6.2/i386/esound-0.2.20-0.i386.rpm
MD5 checksum: 2127fdd7654b80506952dce08c3f5014
ftp://updates.redhat.com/7.0/i386/esound-0.2.20-1.i386.rpm
MD5 checksum: a61209acb87ed7f4fa5b1d63d161c85d
Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-760.html
* RedHat: 'traceroute' suid root vulnerability
A root exploit due to a segfault when using multiple -g options is fixed
for Red Hat Linux 6.x and Red Hat Linux 5.x.A potential denial-of-service
attack is alleviated by enforcing a maximum buffer size of 64Kb.
ftp://updates.redhat.com/5.2/alpha/traceroute-1.4a5-24.5x.alpha.rpm
MD5 checksum: 25a92211082e65df9f89fd71ac7a6888
ftp://updates.redhat.com/5.2/sparc/traceroute-1.4a5-24.5x.sparc.rpm
MD5 checksum: d60c337c3fa3d23ba2c1cde082c8fee5
ftp://updates.redhat.com/5.2/i386/traceroute-1.4a5-24.5x.i386.rpm
MD5 checksum: 2fc1c66152f3fbd723b695472aadc0a6
ftp://updates.redhat.com/6.2/alpha/traceroute-1.4a5-24.6x.alpha.rpm
MD5 checksum: f279d9e415a7d806daae86e8112fe8c6
ftp://updates.redhat.com/6.2/sparc/traceroute-1.4a5-24.6x.sparc.rpm
MD5 checksum: 498a1e08221e1d9e0115edb7f34ecef9
ftp://updates.redhat.com/6.2/i386/traceroute-1.4a5-24.6x.i386.rpm
MD5 checksum: 49bd824f9f4784ce9c45fa54285c7aa0
Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-762.html
* Redhat: 'usermode' update
The usermode package contains a binary (/usr/bin/userhelper), which is
used to control access to programs which are to be executed as root.
Because programs invoked by userhelper are not actually running
setuid-root, security measures built into recent versions of glibc are not
active.
ftp://updates.redhat.com/6.2/alpha/usermode-1.36-2.6.x.alpha.rpm
MD5 checksum: afb4ad3a5715c0df6596a19db4d2b3c8
ftp://updates.redhat.com/6.2/sparc/usermode-1.36-2.6.x.sparc.rpm
MD5 checksum: 8567bb088fb7cab3e298d0df24f8c626
ftp://updates.redhat.com/6.2/i386/usermode-1.36-2.6.x.i386.rpm
MD5 checksum: c2bac5d41ee077d2db48ed9462802ff0
ftp://updates.redhat.com/7.0/i386/usermode-1.36-3.i386.rpm
MD5 checksum: 5d40e125fa0a31f05b8dac9321a1fa88
Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-770.html
* Redhat: 'gnorpm' update
While fixing other problems with the gnorpm package, a locally-exploitable
security hole was found where a normal user could trick root running
GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp
filehandling.
ftp://updates.redhat.com/6.2/alpha/gnorpm-0.95.1-2.62.alpha.rpm
MD5 checksum: 1296b065d646657205042c97d7102961
ftp://updates.redhat.com/6.2/sparc/gnorpm-0.95.1-2.62.sparc.rpm
MD5 checksum: e1048b5dcb50f73e015105deb456265e
ftp://updates.redhat.com/6.2/i386/gnorpm-0.95.1-2.62.i386.rpm
MD5 checksum: 593efce0c95012b16ee266944e394371
ftp://updates.redhat.com/7.0/i386/gnorpm-0.95.1-3.i386.rpm
MD5 checksum: 4398b0b737d7ac9f75fff35472884cad
Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-784.html
+---------------------------------+
| PHP Advisories | ----------------------------//
+---------------------------------+
* PHP format string vulnerability
The problem was tested on a Red Hat Linux system having Apache and
mod_php3 installed. Error logging was enabled in php.ini. With a test
exploit program, a shellcode could be run remotely under the web server
user id, which is typically not the root user.
Updated Package:
http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gz
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-791.html
+---------------------------------+
| SuSE Advisories | ----------------------------//
+---------------------------------+
* SuSE: 'esound' update
Esound, a daemon program for the Gnome desktop, is used for sound replay
by various programs such as windowmanagers and other applications. The
esound daemon creates a directory /tmp/.esd to host a unix domain socket.
Upon startup, the daemon changes the modes of the socket, but a race
condition allows an attacker to place a symlink into the directory to
point to an arbitrary file belonging to the victim. By consequence, an
attacker may be able to change the permissions of any file belonging to
the victim. If the victim's userid is root, the attacker may be able to
change the modes of any file in the system.
i386 Intel Platform:
SuSE-7.0 Updated Package: esound-0.2.19-15.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/snd1/
MD5 checksum: 9d8addaa5ba29554a727eb34ae5189f4
SuSE-6.4 Updated Package: esound-0.2.16-75.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/snd1/
MD5 checksum: 6f32f0867d1597a5129d0516438d9cca
SuSE-6.3 Updated Package: esound-0.2.15-21.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/snd1/
MD5 checksum: 16a5804a2f27e62d73df40d206b047ca
Sparc Platform:
SuSE-7.0 Updated Package: esound-0.2.19-15.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/snd1/
MD5 checksum: 112648ef64c351952f832b180fcca23c
AXP Alpha Platform:
SuSE-6.4 Updated Package: esound-0.2.16-75.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/snd1/
MD5 checksum: d2efefb21a6424a81e63788d972db49d
SuSE-6.3 Updated Package: esound-0.2.15-21.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.3/snd1/
MD5 checksum: 19942e308eda0c0d505bb64da734ad8d
PPC Power PC Platform:
SuSE-7.0 Updated Package: esound-0.2.19-16.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/snd1/
MD5 checksum: be6daabfee0e7e629b848814be81d9d0
SuSE-6.4 Updated Package: esound-0.2.16-75.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/snd1/
MD5 checksum: f0e1aa54c3fdf7c6c02b34bedc51ee0f
Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-785.html
* SuSE: 'cfengine' vulnerability
GNU cfengine is an abstract programming language for system administrators
of large heterogeneous networks, used for maintenance and administration.
Pekka Savola <pekkas () netcore fi> has found several format string
vulnerabilities in syslog() calls that can be abused to either make the
cfengine program to segfault and die or to execute arbitrary commands as
the user the cfengine process runs as (usually root).
i386 Intel Platform:
SuSE-7.0 Updated Package: cfengine-1.5.4-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/
MD5 checksum: dc42c40f3d38756f03d0fe120854438f
SuSE-6.4 Updated Package: cfengine-1.5.4-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/
MD5 checksum: 751acfe93106296ce1109a2502756802
SuSE-6.3 Updated Package: cfengine-1.5.4-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/
MD5 checksum: c8acb6a4cb25bf5794a58cbdddeadb3c
SuSE-6.2 Updated Package: cfengine-1.5.4-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/
MD5 checksum: 414b3b1ba8d1f6c54e8edf1bc06e3fd4
SuSE-6.1 Updated Package: cfengine-1.5.4-82.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/
MD5 checksum: c90ee6da76d111f537ae3bf0e3a8410d
SuSE-6.0
please use the update packages for the SuSE-6.1 distribution.
SuSE-5.3 Updated Package: cfengine-1.5.4-87.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/5.3/ap1/
MD5 checksum: a47f6a4a9affbe258d3c83b569b1dba4
Sparc Platform:
SuSE-7.0 Updated Package: cfengine-1.5.4-83.sparc.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/
MD5 checksum: 3517304c0fd9ff411631ea4c8191516f
AXP Alpha Platform:
SuSE-6.4 Updated Package: cfengine-1.5.4-82.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/
MD5 checksum: 409a3b91a67f383a330ea26faccb5eef
SuSE-6.3
Please use the update packages for the SuSE-6.4 distribution.
SuSE-6.1 Updated Package: cfengine-1.5.4-84.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/
MD5 checksum: b15950b227f1e77e783dba1ebf512df4
PPC Power PC Platform:
SuSE-7.0 Updated Package: cfengine-1.5.4-85.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/
MD5 checksum: 2ee85ef27d51cac7ac1d574e8233aae5
SuSE-6.4 Updated Package: cfengine-1.5.4-82.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/
MD5 checksum: ddc0e11f730e2fbb2ef5462987eadffa
Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-787.html
+---------------------------------+
| Trustix Advisories | ----------------------------//
+---------------------------------+
* Trustix: Several Security Updates
Due to recently discovered security holes, we have released several
updates for Trustix Secure Linux v1.1 and 1.0x. Users of the recent BETA
version should also install these packages.
Updated Package: apache-1.3.12-6tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
MD5 checksum: 688e83f1cd3c679cf5e52ecef29b01a0
Updated Package: apache-devel-1.3.12-6tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
MD5 checksum: a00d7ef794973961f099ef71e38259c5
Updated Package: apache-ssl-1.3.12_1.39-8tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
MD5 checksum: 1aafa759655a998eb79bea314d8e9149
Updated Package: LPRng-3.6.24-1tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
MD5 checksum: ebd7859ff9f63f53ae1c23088bd9684c
Updated Package: traceroute-1.4a5-18tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
MD5 checksum: 906a5b62f1e4232a826ecf2a94fc5c6f
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-758.html
* Trustix: 'tmpwatch' update.
All versions of Trustix Secure Linux have hitherto been shipped with a
version of tmpwatch that can be tricked into excessive fork()ing filling
up the process table, requiring the box to be rebooted. The version of
tmpwatch can also, in certain cases, be tricked into giving local users a
root shell.
Updated Package: tmpwatch-2.6.2-1tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
MD5 checksum: 3200b3812bfe6e87f326e240fed0686a
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-769.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request () linuxsecurity com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, October 13th 2000 vuln-newsletter-admins (Oct 16)