Information Security News mailing list archives
Linux Advisory Watch - February 16th 2001
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 16 Feb 2001 00:16:23 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | February 16th, 2001 Volume 2, Number 7a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for sysctl(), OpenSSH, proftpd, xfree86-1, libkrb, and bind. The vendors include Debian, FreeBSD, LinuxPPC, Mandrake, NetBSD, Red Hat, Smoothwall, and Trustix. Linux Kernel 2.4 Firewalling Matures: netfilter In yet another set of advancements to the kernel IP packet filtering code, netfilter allows users to set up, maintain, and inspect the packet filtering rules in the new 2.4 kernel. This document explains those changes and tips on how to get started. http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html # OpenDoc Publishing # Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html HTML Version of Newsletter: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing --- * Kernel: 'sysctl()' vulnerability February 10th, 2001 There exists a Linux system call sysctl() which is used to query and modify runtime system settings. Unprivileged users are permitted to query the value of many of these settings. The unprivileged user passes in a buffer location and the length of this buffer. Unfortunately, by specifying a negative buffer length, a user can read pretty arbitrary kernel memory. Kernel Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html +---------------------------------+ | Debian | ----------------------------// +---------------------------------+ * Debian: 'xfree86-1' vulnerabilities February 14th, 2001 The scope of this advisory is XFree86 3.3.6 only, since that is the version released with Debian GNU/Linux 2.2 ("potato"); Debian packages of XFree86 4.0 and later have not been released as part of a Debian distribution. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1151.html * Debian: m68k 'xfree86-1' vulnerabilities February 14th, 2001 Several people have noted a number of problems in several components of the X Window System sample implementation (from which XFree86 is derived). Please read DSA 030-1 for a detailed description. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1152.html * Debian: 'proftpd' vulnerabilities February 11th, 2001 1. There is a memory leak in the SIZE command which can result in a denial of service, as reported by Wojciech Purczynski. This is only a problem if proftpd cannot write to its scoreboard file; the default configuration of proftpd in Debian is not vulnerable. Intel ia32 architecture: http://security.debian.org/debian-security/dists/stable/ updates/main/binary-i386/proftpd_1.2.0pre10-2potato1_i386.deb MD5 checksum: 13f9f7bfb44c09dc1a69fb678aad5f2c Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1155.html +---------------------------------+ | LinuxPPC | ----------------------------// +---------------------------------+ * LinuxPPC: 'OpenSSH' vulnerability February 9th, 2001 The problem occurs in the OpenSSH Client. The client does not sufficiently check for the ssh-agent and X11 forwarding options after an SSH session has been negotiated. This allows the server end of the SSH session to gain access to either of these two resources on the client side. This could result in a malicious server gaining access to the X11 display and remotely watching the desktop and keystokes. This problem can also allow a malicious server access to the local ssh-agent. http://linuxppc.org/security/advisories/LPPCSA-2001-004-1.php3 Updated Package: openssh-2.3.0p1-1 Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1154.html +---------------------------------+ | FreeBSD | ----------------------------// +---------------------------------+ * FreeBSD: 'libkrb' and 'telnetd' vulnerabilities February 14th, 2001 The advisory describes three vulnerabilities: first, an overflow in the libkrb KerberosIV authentication library, second, improper filtering of environmental variables by the kerberosIV-adapted telnet daemon, and finally, a temporary file vulnerability in the KerberosIV ticket management code. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/ telnetd-krb.4.2.patch Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html +---------------------------------+ | Mandrake | ----------------------------// +---------------------------------+ * Mandrake: 'proftpd' DoS February 9th, 2001 A memory leak will happen every time a SIZE command was given provided that the scoreboard file is not writable, which is not the case in a default Linux-Mandrake installation. A similar problem also existed with the USER command where every time it was given the server would use more memory. Additionally, some format string vulnerabilities were reported by Przemyslaw Frasunek which have also been fixed. 7.2/RPMS/proftpd-1.2.0rc3-1.1mdk.i586.rpm a2e330bd49855d74bfbb2f1e80c3e312 7.2/SRPMS/proftpd-1.2.0rc3-1.1mdk.src.rpm 3ec2a5ee6b834e1193de5e3b738eaa53 http://www.linux-mandrake.com/en/ftp.php3 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1150.html +---------------------------------+ | NetBSD | ----------------------------// +---------------------------------+ * NetBSD: 'bind' vulnerabilities February 12th, 2001 Several security problems were recently found in the ISC BIND software, used in NetBSD (and many other systems) to provide Domain Name System (DNS) services. At least one of these vulnerabilities included the possibility of a remote root exploit through execution of arbitrary code in an overflowed buffer. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/netbsd_advisory-1156.html +---------------------------------+ | Red Hat | ----------------------------// +---------------------------------+ * Red Hat: three 'kernel' vulnerabilities February 9th, 2001 Three security holes have been fixed in the kernel. One involves ptrace, another involves sysctl, and the last is specific to some Intel CPUs. All three security holes involve local access only (they do not provide a hole to remote attackers without a local account). The ptrace and sysctl bugs provide local users with the potential to compromise the root account. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1151.html +---------------------------------+ | Smoothwall | ----------------------------// +---------------------------------+ * Smoothwall: 'ssh' vulnerability February 9th, 2001 All Versions currently using the OpenSSH protocol are affected, please upgrade to the new version available An updated version of OpenSSH v2.3 is available on the Smoothwall FTP server, and HOWTO is also included within the tarball ftp://146.101.126.9/pub/updates/ Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1152.html +---------------------------------+ | Trustix | ----------------------------// +---------------------------------+ * Trustix: 'kernel' and 'proftpd' updates February 14th, 2001 A race condition in ptrace allows a malicious user to gain root. A signedness error in the sysctl interface also potentially allows a user to gain root ftp://ftp.trustix.net/pub/Trustix/updates/ 1.2/kernel-2.2.17-6tr.i586.rpm 0c5f58bdaa46a3548a249e88458e713e 1.2/proftpd-1.2.0rc3-1tr.i586.rpm 2c4448c6ff20753ea6d56132657e377d 1.1/proftpd-1.2.0rc3-1tr.i586.rpm b378af55cdf0cb09aa239eee5254fca9 Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1150.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch - February 16th 2001 vuln-newsletter-admins (Feb 16)