Information Security News mailing list archives
Linux Advisory Watch, September 1st, 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 1 Sep 2000 14:59:26 -0400
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | September 1st, 2000 Volume 1, Number 18a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com Welcome to Linux Advisory Watch. This newsletter is derived from our existing publication, 'Linux Security Week.' We have decided to break the newsletter up into two separate sections (News and Advisories) because advisories require special attention. The security of one's system depends on diligence in upgrading packages. The Advisories portion will be sent on Fridays and the News section will continue be distributed Mondays. We chose to take this action to improve readability and reduce excess information. ### Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for xpdf, glibc, xchat, netscape, ntop, mgetty, go-gnome, and usermode. The advisories released were from Mandrake, TurboLinux, Debian, Conectiva, Red Hat, and Caldera. If you use any of these packages or distributions, update these packages immediately. This was quite a busy week for FreeBSD. They released advisories for the esound, mopd, netscape, xlockmore, and brouted packages. A local DOS and Linux binary compatibility vulnerability were also outlined. +---------------------------------+ | Installing a new package: | ----------------------------// +---------------------------------+ # rpm -Uvh <package-name.rpm> # dpkg -i <package-name.deb> Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the advisory. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum <package-name> ebf0d4a0d236453f63a797ea20f0758b <package-name> The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing it. +---------------------------------+ | Mandrake Advisories | +---------------------------------+ * Mandrake: xpdf vulnerability There is a potential race condation when using tmpnam() and fopen() in xpdf versions prior to 0.91. This exploit can be only used as root to overwrite arbitrary files if a symlink is created between the calls to tmpname() and fopen(). http://www.linuxsecurity.com/advisories/mandrake_advisory-670.html * Mandrake: glibc vulnerability A bug was discovered in ld.so that could allow local users to obtain root privileges. The dynamic loader, ld.so, is responsible for making shared libraries available within a program at run-time. Normally, a user is allowed to load additional shared libraries when executing a program; they can be specified with environment variables such as LD_PRELOAD. http://www.linuxsecurity.com/advisories/mandrake_advisory-667.html * Mandrake: xchat vulnerability To open the URL in a browser, XChat passes the command to /bin/sh. This allows a malicious URL the ability to execute arbitrary shell commands as the user that is running XChat. http://www.linuxsecurity.com/advisories/mandrake_advisory-669.html +---------------------------------+ | TurboLinux Advisory | +---------------------------------+ * TurboLinux: 'netscape' vulnerability It is possible for the browser to act as a web server for the client's entire machine and can also allow access into the client machine via a buffer overrun condition. http://www.linuxsecurity.com/advisories/turbolinux_advisory-677.html +---------------------------------+ | Debian Advisories | +---------------------------------+ * Debian: Updated 'xchat' packages available. The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands. http://www.linuxsecurity.com/advisories/debian_advisory-671.html * Debian: UPDATE: ntop remote exploit vulnerability The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode. http://www.linuxsecurity.com/advisories/debian_advisory-668.html +---------------------------------+ | Conectiva Advisory | +---------------------------------+ * Conectiva: 'mgetty' vulnerability. Versions prior to 1.1.22 have a vulnerability which could lead to mgetty overwriting any file in the system via a symlink attack. http://www.linuxsecurity.com/advisories/other_advisory-674.html +---------------------------------+ | Helix GNOME Advisory | +---------------------------------+ * Helix GNOME: 'go-gnome' vulnerability A vulnerability in the go-gnome pre-installer allows non-root users to exploitworld-writable permissions in /tmp, permitting files normally only accessible by root to be overwritten. http://www.linuxsecurity.com/advisories/other_advisory-675.html +---------------------------------+ | RedHat Advisory | +---------------------------------+ * RedHat: Updated 'usermode' packages available The usermode package allows unprivileged users logged in at the system console to run the halt, poweroff, reboot, and shutdown commands without using the superuser's password. The halt, poweroff, and reboot abilities are useful, but an unprivileged user can also bring the system to single-user mode by running "shutdown now" with no additional flags. This update removes the "shutdown" command from the list of commands unprivileged users can run. http://www.linuxsecurity.com/advisories/redhat_advisory-673.html +---------------------------------+ | Caldera Advisory | +---------------------------------+ * Caldera: /tmp file race in faxrunq The mgetty package contains a number of tools for sending an receiving facsimiles. One of the tools, faxrunq, ses a marker file in a world writable directory in an unsecure fashion. This bug allows malicious users to clobber files on the system owned by the user invoking faxrunq. http://www.linuxsecurity.com/advisories/caldera_advisory-672.html +---------------------------------+ | FreeBSD Advisories | +---------------------------------+ * FreeBSD: 'esound' vulnerability. Local users can cause files or directories owned by the target user to become world-writable when that user runs the esd daemon (e.g. by starting a GNOME session), allowing a security breach of that user account (or the entire system if esd is run by root) If you have not chosen to install the esound port/package, then your system is not vulnerable to this problem. http://www.linuxsecurity.com/advisories/freebsd_advisory-676.html * FreeBSD: Malformed ELF image vulnerability Local users can cause the system to lock up for an extended period of time (15 minutes or more, depending on CPU speed), during which time the system is completely unresponsive to local and remote users. http://www.linuxsecurity.com/advisories/freebsd_advisory-666.html * FreeBSD: Linux binary compatibility vulnerability Filenames in this shadow hierarchy are treated incorrectly by the linux kernel module under certain circumstances, and a kernel stack overflow leading to a system compromise by an unprivileged user may be possible when very long filenames are used. This is only possible when the linux kernel module is loaded, or the equivalent functionality is statically compiled into the kernel. It is not enabled by default. http://www.linuxsecurity.com/advisories/freebsd_advisory-662.html * FreeBSD: Local DoS vulnerability Local users can cause the system to lock up for an extended period of time (15 minutes or more, depending on CPU speed), during which time the system is completely unresponsive to local and remote users. http://www.linuxsecurity.com/advisories/freebsd_advisory-663.html * FreeBSD: Netscape vulnerabilities Remote users can read files on the local system accessible to the user running netscape, if java is enabled, and may be able to execute arbitrary code on the local system as that user. If you have not chosen to install a netscape port/package, then your system is not vulnerable to this problem. http://www.linuxsecurity.com/advisories/freebsd_advisory-665.html * FreeBSD: mopd remote root compromise The mopd port contains several remotely exploitable vulnerabilities. An attacker exploiting these can execute arbitrary code on the local machine as root. The mopd port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3700 third-party applications in a ready-to-install format. The ports collections shipped with FreeBSD 3.5-RELEASE and 4.1-RELEASE contain this problem, since it was discovered after the releases. http://www.linuxsecurity.com/advisories/freebsd_advisory-664.html * FreeBSD: xlockmore vulnerability Unprivileged local users may be able to gain unauthorised access to parts of the /etc/spwd.db file, allowing them to mount guessing attacks against user passwords. If you have not chosen to install the xlockmore port/package, then your system is not vulnerable to this problem. http://www.linuxsecurity.com/advisories/freebsd_advisory-660.html * FreeBSD: brouted vulnerability Unprivileged local users can obtain group kmem privileges, and upgrade further to full root privileges. If you have not chosen to install the brouted port/package, then your system is not vulnerable to this problem. http://www.linuxsecurity.com/advisories/freebsd_advisory-661.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, September 1st, 2000 vuln-newsletter-admins (Sep 04)