Information Security News mailing list archives
Linux Advisory Watch, January 5th 2001
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 5 Jan 2001 16:07:51 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | January 15th, 2001 Volume 2, Number 1a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com This week, advisories were released for slocate, gnupg, procfs, bitchx, gpm, piranha, ircii, openldap, and emacs. The vendors include Conectiva, FreeBSD, LinuxPPC, and Mandrake. It was a big week for LinuxPPC advisories. If you are maintaining any PPC servers we recommend that you update or remove any vulnerable packages. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. ** OpenDoc Publishing ** Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html HTML Version: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing +---------------------------------+ | Conectiva Advisories | ----------------------------// +---------------------------------+ * Conectiva: 'slocate' vulnerability January 4th, 2001 "slocate" is a program which catalogues existing files and allows for a quick lookup later. There is a vulnerability present in previous versions. By giving it a crafted database, an attacker could take slocate execute arbitrary code as the "slocate" user. Additionally, a bug which caused slocate to segfault with large pathnames was fixed. ftp://atualizacoes.conectiva.com.br/5.1/i386/slocate-2.5-2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slocate-2.5-2cl.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1027.html * Conectiva: 'gnupg' vulnerability December 29th, 2000 There was a problem with detached signatures checking. If the signature file was not a detached signature but just a signed file, gnupg would only check this signature file and not the file itself. Thus: gpg --verify signedfile.txt.asc myfile.tar.gz would only check signedfile.txt.asc and completely ignore myfile.tar.gz if signedfile.txt.asc were a signed file and not a detached signature, giving a dangerous false impression to the user that myfile.tar.gz was actually checked. ftp://atualizacoes.conectiva.com.br/5.1/i386/gnupg-1.0.4-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/gnupg-1.0.4-5cl.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1025.html +---------------------------------+ | LinuxPPC Advisories | ----------------------------// +---------------------------------+ * LinuxPPC: 'gpm' vulnerability December 29th, 2000 The problem is a design error, caused when a programmer chose to attempt to revert to the running users groups, after having called setuid to the users id already. The setgid call fails, and the process maintains the groups the gpm-root program is running as. This is usually the 'root' group. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1019.html * LinuxPPC: 'piranha' vulnerability December 29th, 2000 Version 0.4.12 of the piranha-gui program contains a default account, piranha, with the password 'q' (no quotes). Using this username and password, in conjunction with flaws in the passwd.php3 script (also part of piranha) will allow remote users to execute arbitrary commands on the machine PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1020.html * LinuxPPC: 'ircii' vulnerability December 29th, 2000 It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1021.html * LinuxPPC: 'OpenLDAP' vulnerability December 29th, 2000 OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp directory. As OpenLDAP does not check for a files existence prior to opening the files in /usr/tmp, it is possible for an attacker to point an appropriately named symbolic link at any file on the filesystem, and cause it to be destroyed. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1022.html * LinuxPPC: 'emacs' vulnerability December 29th, 2000 A vulnerability exists in Emacs 20 that allows any user on a multiuser system to eavesdrop on, or forge responses to, an Emacs client. The vulnerability stems from Emacs failure to properly set permissions for slave PTY devices. PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/linuxppc_advisory-1023.html +---------------------------------+ | FreeBSD Advisories | ----------------------------// +---------------------------------+ * FreeBSD: 'bitchx' and 'ko-bitchx' vulnerability [UPDATED] December 29th, 2000 Malicious remote users may execute arbitrary code as the user runningbitchx. If you have not chosen to install the bitchx or ko-bitchx port/packages, then your system is not vulnerable to this problem. ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ packages-5-current/irc/BitchX-1.0c17_1.tgz Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1018.html * FreeBSD: 'procfs' vulnerabilities [UPDATED] December 29th, 2000 On vulnerable FreeBSD systems where procfs is mounted, unprivileged local users can obtain root privileges.On vulnerable FreeBSD systems where procfs is mounted, unprivileged local users can cause the system to hang. On vulnerable FreeBSD systems, superusers who can load the procfs filesystem, or on systems where it is already mounted, can bypass access control checks in the kernel which would otherwise limit their abilities. Consequences include the ability to break out of a jail environment, to lower securelevel or to introduce malicious code into the kernel on systems where loading of KLDs has been disabled. For many systems this vulnerability is likely to have minor impact. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/ patches/SA-00:77/procfs.4.2.patch Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1024.html +---------------------------------+ | Mandrake Advisories | ----------------------------// +---------------------------------+ * Mandrake: 'emacs' vulnerability January 2nd, 2001 A vulnerability exists in Emacs 20.6 and prior that allows any user on a multiuser system to eavesdrop on, or forge responses to, an Emacs client. The vulnerability stems from Emacs' failure to properly set permissions for slave PTY devices. PLEASE SEE VENDOR ADVISORY FOR UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1026.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, January 5th 2001 vuln-newsletter-admins (Jan 06)