Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch - February 23rd 2001

From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 23 Feb 2001 10:37:33 -0500
+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux  Advisory Watch  |
|  February 23rd, 2001                     Volume 2, Number 8a   |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                  Benjamin Thomas
               dave () linuxsecurity com       ben () linuxsecurity com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout
the week. It includes pointers to updated packages and descriptions
of each vulnerability.

This week, advisories were released for pgp4pine, vixie-cron, ssh,
CUPS, glibc, bind, and sendmail.  The vendors include Immunix,
NetBSD, Mandrake, Red Hat, SuSE, TurboLinux.  It is critical that you
update all vulnerable packages.

FREE SECURITY BOOKS - Guardian Digital has just announced an offer
for free 2 free security books with the purchase of any secure Linux
Lockbox. The Lockbox is an Open Source network server appliance
engineered to be a complete secure e-business solution. It can be
used as a commerce server, web server, DNS, mail, and database
server.

http://www.guardiandigital.com/bookoffer.html


HTML Version of Newsletter:
http://www.linuxsecurity.com/vuln-newsletter.html


+---------------------------------+
| Installing a new package:       | ------------------------------//
+---------------------------------+

# rpm -Uvh
# dpkg -i

Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.

+---------------------------------+
| Checking Package Integrity:     | -----------------------------//
+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

# md5sum
ebf0d4a0d236453f63a797ea20f0758b

The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing

---

* pgp4pine expired keys vulnerability
February 21st, 2001

pgp4pine is a program which is used to interface various PGP
implementations with the popular Pine mail reading package. Version
1.75-6 of pgp4pine fails to properly identify expired keys when
working with the Gnu Privacy Guard program (GnuPG). This failure may
result in the transmission of sensitive information in clear text
across the network.

http://www.linuxsecurity.com/advisories/other_advisory-1162.html

---


+---------------------------------+
|  Immunix                        | ----------------------------//
+---------------------------------+


* Immunix:  'vixie-cron' update
February 21st, 2001

RedHat has released an updated version of the vixie-cron packages
which fixes a number of buffer overflows that could lead to a
possible security problem by allowing a local user to gain elevated
privileges.

 Precompiled binary package for Immunix 7.0-beta and 7.0
 is available at:

 http://immunix.org/ImmunixOS/7.0/updates/RPMS/
 vixie-cron-3.0.1-61_imnx.i386.rpm
 ad9a2a5a1e359943b64f5d812508b672

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/other_advisory-1161.html




+---------------------------------+
|  NetBSD                         | ----------------------------//
+---------------------------------+

* NetBSD: kernel USER_LDT
February 16th, 2001

A subtle bug in validation of user-supplied arguments to a syscall
can allow allow user applications on the i386 platform to transfer
control to arbitrary addresses in kernel memory, bypassing normal
system protections.

 PLEASE SEE VENDOR ADVISORY

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1157.html



* NetBSD: 'ssh' vulnerabilities
February 16th, 2001

A recent RAZOR Bindview Advisory (CAN-2001-0144) describes a buffer
overrun vulnerability in Secure Shell daemons which may be present on
some NetBSD systems. In addition, a system configuration flaw could
result in weak key generation on some systems.

 PLEASE SEE VENDOR ADVISORY

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1156.html




+---------------------------------+
|  Mandrake                       | ----------------------------//
+---------------------------------+

* Mandrake:  'CUPS' update
February 22nd, 2001

A number of problems were found by the SuSE security team recently
during an internal audit of the CUPS printing package. These problems
have been resolved with the latest CUPS release which include temp
file creation vulnerabilities, potential buffer overflows, and other
security enhancements.

 http://www.linux-mandrake.com/en/ftp.php3
 7.2/RPMS/cups-1.1.6-10.1mdk.i586.rpm
 706b2bd00f2d7087e67d9049a256686c

 7.2/RPMS/cups-devel-1.1.6-10.1mdk.i586.rpm
 b61f19494cb94a322e603ba5f6c5d840

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1164.html



* Mandrake:  'vixie-cron' buffer overflow
February 21st, 2001

A buffer overflow exists in the 'crontab' command if it was called by
a user with a username longer than 20 characters. If the system
administrator has created usernames of that length, it would be
possible for those users to gain elevated privileges.

 http://www.linux-mandrake.com/en/ftp.php3
 7.2/RPMS/vixie-cron-3.0.1-46.1mdk.i586.rpm
 ad51423d9bcfa372640219d8e8e1f9ce

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1163.html




+---------------------------------+
|  Red Hat                        | ----------------------------//
+---------------------------------+

* Red Hat:  'vixie-cron' buffer overflow
February 19th, 2001

New vixie-cron packages are available that fix a buffer overflow in
the 'crontab' command; this could allow certain users to gain
elevated privileges. It is recommended that all users update to the
fixed packages.

 alpha:
 ftp://updates.redhat.com/7.0/alpha/vixie-cron-3.0.1-61.alpha.rpm
 b0cfceed1c6d1df1229f434d7adec14d

 i386:
 ftp://updates.redhat.com/7.0/i386/vixie-cron-3.0.1-61.i386.rpm
 13707ef913e7801da32f9d47a419f81b

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/redhat_advisory-1159.html





+---------------------------------+
|  SuSE                           | ----------------------------//
+---------------------------------+


* SuSE: 'ssh' remote compromise
February 16th, 2001

Attackers can remotely brute-force passwords without getting noticed
or logged. In the ssh package from the SuSE distribution, root login
is allowed, as well as password authentication. Even though
brute-forcing a password may take an enormous amount of time and
resources, the issue is to be taken seriously. Other problems also
exist.

 SuSE-7.1
 ftp://ftp.suse.de/pub/suse/i386/update/7.1/sec2/
 ssh-1.2.27-226.i386.rpm
 ae68bf3ac28b5e81f9c5f2a1d1d8980e

 SuSE-7.0
 ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/
 ssh-1.2.27-220.i386.rpm
 f88b339dea96ef186e70872ce9444c24

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/suse_advisory-1154.html

 SuSE: UPDATED: 'ssh' vulnerabilities - 2/16/2001
 http://www.linuxsecurity.com/advisories/suse_advisory-1155.html


* SuSE: UPDATED: 'ssh' vulnerabilities
February 16th, 2001

http://www.linuxsecurity.com/advisories/suse_advisory-1155.html



+---------------------------------+
|  TurboLinux                     | ----------------------------//
+---------------------------------+


* TurboLinux: 'bind' vulnerabilities
February 22nd, 2001

This vulnerability may allow an attacker to execute code with the
same privileges as the BIND server. Because BIND is typically run by
a superuser account, the execution would occur with superuser
privileges.

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 bind-8.2.3-2.i386.rpm
 dec967e3a1dd16bdcca0c6fe6e9114d6

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 bind-contrib-8.2.3-2.i386.rpm
 2e84bbbcd6a09d7c5060dd01480ff3de

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 bind-devel-8.2.3-2.i386.rpm
 06612093126372f8d618ea842fd402ec

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 bind-utils-8.2.3-2.i386.rpm
 3f390ce4d1b7ceaa477df62cc3fe3174

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/turbolinux_advisory-1165.html




* TurboLinux: 'sendmail' segmentation fault
February 22nd, 2001

Sendmail, launched with the -bt command-line switch, enters its
special "address test" mode. Under these conditions, it is vulnerable
to a segmentation fault which can occur when trying to set a class in
ad- dress test mode due to a negative array index.

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 sendmail-8.11.2-5.i386.rpm
 38eee0653839595aedad386cc8d2346f

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/turbolinux_advisory-1166.html





* TurboLinux: 'glibc' vulnerability
February 16th, 2001

It is therefore possible to load a library from /lib or /usr/lib
prior to the execution of a SUID or SGID program. This flaw makes it
possible for a user with malicious motives to create files in re-
stricted locations, or overwrite files outside of the access of this
user, including system files.

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 glibc-2.1.3-27.i386.rpm
 13afe999cdcc5133aca98fc0a59c4340

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 glibc-devel-2.1.3-27.i386.rpm
 4a55428c154311387844fbf84600e789

 ftp://ftp.turbolinux.com/pub/updates/6.0/security/
 glibc-profile-2.1.3-27.i386.rpm
 6b48d26d9dc0ce224e4ea9c7a56fcc92

 Vendor Advisory:
 http://www.linuxsecurity.com/advisories/turbolinux_advisory-1158.html







------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: