Information Security News mailing list archives
Linux Advisory Watch - February 16th 2001
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 16 Feb 2001 00:16:23 -0500
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| February 16th, 2001 Volume 2, Number 7a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for sysctl(), OpenSSH, proftpd,
xfree86-1, libkrb, and bind. The vendors include Debian, FreeBSD,
LinuxPPC, Mandrake, NetBSD, Red Hat, Smoothwall, and Trustix.
Linux Kernel 2.4 Firewalling Matures: netfilter
In yet another set of advancements to the kernel IP packet filtering
code, netfilter allows users to set up, maintain, and inspect the
packet filtering rules in the new 2.4 kernel. This document explains
those changes and tips on how to get started.
http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html
# OpenDoc Publishing #
Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red
Hat 6.2 and Red Hat 6.2 PowerTools edition.
http://www.linuxsecurity.com/sponsors/opendocs.html
HTML Version of Newsletter:
http://www.linuxsecurity.com/vuln-newsletter.html
+---------------------------------+
| Installing a new package: | ------------------------------//
+---------------------------------+
# rpm -Uvh
# dpkg -i
Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.
+---------------------------------+
| Checking Package Integrity: | -----------------------------//
+---------------------------------+
The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.
# md5sum
ebf0d4a0d236453f63a797ea20f0758b
The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing
---
* Kernel: 'sysctl()' vulnerability
February 10th, 2001
There exists a Linux system call sysctl() which is used to query and
modify runtime system settings. Unprivileged users are permitted to
query the value of many of these settings. The unprivileged user
passes in a buffer location and the length of this buffer.
Unfortunately, by specifying a negative buffer length, a user can
read pretty arbitrary kernel memory.
Kernel Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html
+---------------------------------+
| Debian | ----------------------------//
+---------------------------------+
* Debian: 'xfree86-1' vulnerabilities
February 14th, 2001
The scope of this advisory is XFree86 3.3.6 only, since that is the
version released with Debian GNU/Linux 2.2 ("potato"); Debian
packages of XFree86 4.0 and later have not been released as part of a
Debian distribution.
PLEASE SEE VENDOR ADVISORY
Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1151.html
* Debian: m68k 'xfree86-1' vulnerabilities
February 14th, 2001
Several people have noted a number of problems in several components
of the X Window System sample implementation (from which XFree86 is
derived). Please read DSA 030-1 for a detailed description.
PLEASE SEE VENDOR ADVISORY
Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1152.html
* Debian: 'proftpd' vulnerabilities
February 11th, 2001
1. There is a memory leak in the SIZE command which can result in a
denial of service, as reported by Wojciech Purczynski. This is only a
problem if proftpd cannot write to its scoreboard file; the default
configuration of proftpd in Debian is not vulnerable.
Intel ia32 architecture:
http://security.debian.org/debian-security/dists/stable/
updates/main/binary-i386/proftpd_1.2.0pre10-2potato1_i386.deb
MD5 checksum: 13f9f7bfb44c09dc1a69fb678aad5f2c
Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1155.html
+---------------------------------+
| LinuxPPC | ----------------------------//
+---------------------------------+
* LinuxPPC: 'OpenSSH' vulnerability
February 9th, 2001
The problem occurs in the OpenSSH Client. The client does not
sufficiently check for the ssh-agent and X11 forwarding options after
an SSH session has been negotiated. This allows the server end of the
SSH session to gain access to either of these two resources on the
client side. This could result in a malicious server gaining access
to the X11 display and remotely watching the desktop and keystokes.
This problem can also allow a malicious server access to the local
ssh-agent.
http://linuxppc.org/security/advisories/LPPCSA-2001-004-1.php3
Updated Package: openssh-2.3.0p1-1
Vendor Advisory:
http://www.linuxsecurity.com/advisories/linuxppc_advisory-1154.html
+---------------------------------+
| FreeBSD | ----------------------------//
+---------------------------------+
* FreeBSD: 'libkrb' and 'telnetd' vulnerabilities
February 14th, 2001
The advisory describes three vulnerabilities: first, an overflow in
the libkrb KerberosIV authentication library, second, improper
filtering of environmental variables by the kerberosIV-adapted telnet
daemon, and finally, a temporary file vulnerability in the KerberosIV
ticket management code.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/
telnetd-krb.4.2.patch
Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html
+---------------------------------+
| Mandrake | ----------------------------//
+---------------------------------+
* Mandrake: 'proftpd' DoS
February 9th, 2001
A memory leak will happen every time a SIZE command was given
provided that the scoreboard file is not writable, which is not the
case in a default Linux-Mandrake installation. A similar problem also
existed with the USER command where every time it was given the
server would use more memory. Additionally, some format string
vulnerabilities were reported by Przemyslaw Frasunek which have also
been fixed.
7.2/RPMS/proftpd-1.2.0rc3-1.1mdk.i586.rpm
a2e330bd49855d74bfbb2f1e80c3e312
7.2/SRPMS/proftpd-1.2.0rc3-1.1mdk.src.rpm
3ec2a5ee6b834e1193de5e3b738eaa53
http://www.linux-mandrake.com/en/ftp.php3
Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1150.html
+---------------------------------+
| NetBSD | ----------------------------//
+---------------------------------+
* NetBSD: 'bind' vulnerabilities
February 12th, 2001
Several security problems were recently found in the ISC BIND
software, used in NetBSD (and many other systems) to provide Domain
Name System (DNS) services. At least one of these vulnerabilities
included the possibility of a remote root exploit through execution
of arbitrary code in an overflowed buffer.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1156.html
+---------------------------------+
| Red Hat | ----------------------------//
+---------------------------------+
* Red Hat: three 'kernel' vulnerabilities
February 9th, 2001
Three security holes have been fixed in the kernel. One involves
ptrace, another involves sysctl, and the last is specific to some
Intel CPUs. All three security holes involve local access only (they
do not provide a hole to remote attackers without a local account).
The ptrace and sysctl bugs provide local users with the potential to
compromise the root account.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1151.html
+---------------------------------+
| Smoothwall | ----------------------------//
+---------------------------------+
* Smoothwall: 'ssh' vulnerability
February 9th, 2001
All Versions currently using the OpenSSH protocol are affected,
please upgrade to the new version available An updated version of
OpenSSH v2.3 is available on the Smoothwall FTP server, and HOWTO is
also included within the tarball
ftp://146.101.126.9/pub/updates/
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1152.html
+---------------------------------+
| Trustix | ----------------------------//
+---------------------------------+
* Trustix: 'kernel' and 'proftpd' updates
February 14th, 2001
A race condition in ptrace allows a malicious user to gain root. A
signedness error in the sysctl interface also potentially allows a
user to gain root
ftp://ftp.trustix.net/pub/Trustix/updates/
1.2/kernel-2.2.17-6tr.i586.rpm
0c5f58bdaa46a3548a249e88458e713e
1.2/proftpd-1.2.0rc3-1tr.i586.rpm
2c4448c6ff20753ea6d56132657e377d
1.1/proftpd-1.2.0rc3-1tr.i586.rpm
b378af55cdf0cb09aa239eee5254fca9
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1150.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request () linuxsecurity com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Current thread:
- Linux Advisory Watch - February 16th 2001 vuln-newsletter-admins (Feb 16)