Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch, January 5th 2001

From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 5 Jan 2001 16:07:51 -0500
+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux  Advisory Watch  |
|  January 15th, 2001                      Volume 2, Number 1a   |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                  Benjamin Thomas
               dave () linuxsecurity com       ben () linuxsecurity com

This week, advisories were released for slocate, gnupg, procfs,
bitchx, gpm, piranha, ircii, openldap, and emacs.  The vendors
include Conectiva, FreeBSD, LinuxPPC, and Mandrake.  It was a big
week for LinuxPPC advisories.  If you are maintaining any PPC servers
we recommend that you update or remove any vulnerable packages.

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

** OpenDoc Publishing  **

Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.

http://www.linuxsecurity.com/sponsors/opendocs.html


HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html



+---------------------------------+
| Installing a new package:       | ------------------------------//
+---------------------------------+

# rpm -Uvh
# dpkg -i

Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.

+---------------------------------+
| Checking Package Integrity:     | -----------------------------//
+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

# md5sum
ebf0d4a0d236453f63a797ea20f0758b

The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing


+---------------------------------+
| Conectiva Advisories            | ----------------------------//
+---------------------------------+


* Conectiva:  'slocate' vulnerability
January 4th, 2001

"slocate" is a program which catalogues existing files and allows for
a quick lookup later. There is a vulnerability present in previous
versions. By giving it a crafted database, an attacker could take
slocate execute arbitrary code as the "slocate" user. Additionally, a
bug which caused slocate to segfault with large pathnames was fixed.

  ftp://atualizacoes.conectiva.com.br/5.1/i386/slocate-2.5-2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slocate-2.5-2cl.i386.rpm

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/other_advisory-1027.html



* Conectiva:  'gnupg' vulnerability
December 29th, 2000

There was a problem with detached signatures checking. If the
signature file was not a detached signature but just a signed file,
gnupg would only check this signature file and not the file itself.
Thus: gpg --verify signedfile.txt.asc myfile.tar.gz would only check
signedfile.txt.asc and completely ignore myfile.tar.gz if
signedfile.txt.asc were a signed file and not a detached signature,
giving a dangerous false impression to the user that myfile.tar.gz
was actually checked.

  ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-5cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gnupg-1.0.4-5cl.i386.rpm

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/other_advisory-1025.html





+---------------------------------+
|  LinuxPPC Advisories            | ----------------------------//
+---------------------------------+


* LinuxPPC:  'gpm' vulnerability
December 29th, 2000

The problem is a design error, caused when a programmer chose to
attempt to revert to the running users groups, after having called
setuid to the users id already. The setgid call fails, and the
process maintains the groups the gpm-root program is running as. This
is usually the 'root' group.

  PLEASE SEE VENDOR ADVISORY

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/linuxppc_advisory-1019.html



* LinuxPPC:  'piranha' vulnerability
December 29th, 2000

Version 0.4.12 of the piranha-gui program contains a default account,
piranha, with the password 'q' (no quotes). Using this username and
password, in conjunction with flaws in the passwd.php3 script (also
part of piranha) will allow remote users to execute arbitrary
commands on the machine

  PLEASE SEE VENDOR ADVISORY

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/linuxppc_advisory-1020.html



* LinuxPPC:  'ircii' vulnerability
December 29th, 2000

It may be possible to execute arbitrary code on a client attempting
to initiate a dcc chat. Exploitation this vulnerability could result
in a remote compromise with the privileges of the user running the
ircII client

  PLEASE SEE VENDOR ADVISORY

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/linuxppc_advisory-1021.html



* LinuxPPC:  'OpenLDAP' vulnerability
December 29th, 2000

OpenLDAP will create files in /usr/tmp, which is actually a symbolic
link to the world writable /tmp directory. As OpenLDAP does not check
for a files existence prior to opening the files in /usr/tmp, it is
possible for an attacker to point an appropriately named symbolic
link at any file on the filesystem, and cause it to be destroyed.

  PLEASE SEE VENDOR ADVISORY

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/linuxppc_advisory-1022.html




* LinuxPPC:  'emacs' vulnerability
December 29th, 2000

A vulnerability exists in Emacs 20 that allows any user on a
multiuser system to eavesdrop on, or forge responses to, an Emacs
client. The vulnerability stems from Emacs failure to properly set
permissions for slave PTY devices.

  PLEASE SEE VENDOR ADVISORY
  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/linuxppc_advisory-1023.html




+---------------------------------+
|  FreeBSD Advisories             | ----------------------------//
+---------------------------------+

* FreeBSD:  'bitchx' and 'ko-bitchx' vulnerability [UPDATED]
December 29th, 2000

Malicious remote users may execute arbitrary code as the user
runningbitchx. If you have not chosen to install the bitchx or
ko-bitchx port/packages, then your system is not vulnerable to this
problem.

  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/
  packages-5-current/irc/BitchX-1.0c17_1.tgz

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/freebsd_advisory-1018.html



* FreeBSD:  'procfs' vulnerabilities [UPDATED]
December 29th, 2000

On vulnerable FreeBSD systems where procfs is mounted, unprivileged
local users can obtain root privileges.On vulnerable FreeBSD systems
where procfs is mounted, unprivileged local users can cause the
system to hang. On vulnerable FreeBSD systems, superusers who can
load the procfs filesystem, or on systems where it is already
mounted, can bypass access control checks in the kernel which would
otherwise limit their abilities. Consequences include the ability to
break out of a jail environment, to lower securelevel or to introduce
malicious code into the kernel on systems where loading of KLDs has
been disabled. For many systems this vulnerability is likely to have
minor impact.

  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/
  patches/SA-00:77/procfs.4.2.patch

  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/freebsd_advisory-1024.html





+---------------------------------+
|  Mandrake Advisories            | ----------------------------//
+---------------------------------+

* Mandrake:  'emacs' vulnerability
January 2nd, 2001

A vulnerability exists in Emacs 20.6 and prior that allows any user
on a multiuser system to eavesdrop on, or forge responses to, an
Emacs client. The vulnerability stems from Emacs' failure to properly
set permissions for slave PTY devices.

  PLEASE SEE VENDOR ADVISORY FOR UPDATE
  Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-1026.html



------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: