Information Security News mailing list archives
Linux Advisory Watch - July 27th 2001
From: InfoSec News <isn () c4i org>
Date: Sun, 29 Jul 2001 04:53:32 -0500 (CDT)
Forwarded by: vuln-newsletter-admins () linuxsecurity com
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 27th, 2001 Volume 2, Number 30a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability
This week, advisories were released for sugid-exec, telnet, ssh, procmail,
squid, sendmsg, xil, imp, elm, and phplib. The vendors include Calera,
Conectiva, FreeBSD, Mandrake, NetBSD, Red Hat, SuSE, Trustix.
EnGarde Secure Linux v1.0.1 - EnGarde is a secure distribution of Linux
engineered from the ground-up to provide organizations with the level of
security required to create a corporate Web presence or even conduct
e-business on the Web. It can be used as a Web, DNS, e-mail, database,
e-commerce, and general Internet server where security is a primary
concern.
--> Download: http://www.engardelinux.org/download.html
HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html
+---------------------------------+
| sugid-exec | ----------------------------//
+---------------------------------+
A race condition between the setuid/setgid handling in the execve(2)
system call and the ptrace(2) system call can allow a local user to
cause a setuid-root executable to execute arbitrary code as the
superuser.
NetBSD
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/
SA2001-009-ptrace-1.5.patch
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1514.html
+---------------------------------+
| telnet | ----------------------------//
+---------------------------------+
A vulnerability in all BSD derived implementations of the TELNET
server daemon was published during the weekend that allows attackers
to gain root privilege on the attacked machine.
OpenLinux 2.3:
ftp://ftp.caldera.com/pub/openlinux/updates/2.3/022/
RPMS/netkit-telnet-0.16-1.i386.rpm
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1513.html
FreeBSD:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/
SA-01:49/telnetd.patch
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1512.html
+---------------------------------+
| ssh 3.0 | ----------------------------//
+---------------------------------+
A potential remote root exploit has been discovered in SSH Secure
Shell 3.0.0, for Unix only, concerning accounts with password fields
consisting of two or fewer characters. Unauthorized users could
potentially log in to these accounts using any password, including an
empty password. This affects SSH Secure Shell 3.0.0 for Unix only.
This is a problem with password authentication to the sshd2 daemon.
The SSH Secure Shell client binaries (located by default in
/usr/local/bin) are not affected.
SSH Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1511.html
NetBSD Users Please see vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1515.html
+---------------------------------+
| Procmail | ----------------------------//
+---------------------------------+
Procmail, an autonomous mail processor, as shipped in Red Hat Linux
5.2, 6.2, 7, and 7.1, handles signals unsafely.
i386: Linux 7.1
ftp://updates.redhat.com/7.1/en/os/i386/
procmail-3.21-0.71.i386.rpm
51ad4ad3241887e2eb631e1799c94972
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1509.html
+---------------------------------+
| squid | ----------------------------//
+---------------------------------+
New squid packages are available for Red Hat Linux 7.0 that fix a
possible security problem with Squid's HTTP accelerator eature. If
Squid was configured in accelerator-only mode, it was possible for
remote users to portscan machines through the Squid proxy,
potentially allowing for access to machines not otherwise available.
Red Hat 7.0
ftp://updates.redhat.com/7.0/en/os/i386/
squid-2.3.STABLE4-9.7.i386.rpm
adad3217cd16346eb5dcfa13a46d6289
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1510.html
Mandrake Linux 8.0:
8.0/RPMS/squid-2.3.STABLE5-1.1mdk.i586.rpm
14153011ab7acbd47931cf9132668c66
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1520.html
+---------------------------------+
| sendmsg | ----------------------------//
+---------------------------------+
Due to insufficient length checking in the kernel, sendmsg(2) can be
used by a local user to cause a kernel trap, or an 'out of space in
kmem_map' panic.
NetBSD
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/
SA2001-011-sendmsg-current.patch
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-1516.html
+---------------------------------+
| xil | ----------------------------//
+---------------------------------+
xli, aka xloadimage, a image viewer for X11 is used by Netscape's
plugger to display TIFF-, PNG- and Sun-Raster-images. The plugger
configuration file is /etc/pluggerrc. Due to missing boundary
checks in the xli code a buffer overflow could be triggered by an
external attacker to execute commands on the victim's system. An
exploit is publically available.
i386 Intel Platform:
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/gra2/
xli-1.16-351.i386.rpm
d35b3ee5b02bfb1bf4f9d8ccefdfa889
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1517.html
+---------------------------------+
| imp | ----------------------------//
+---------------------------------+
A remote attacker could trick the server into fetching scripts from
another host and then execute them. This could be used to get access
to the server running this webmail system. An attacker might also
execute malicious javascript code in the browser of an user who is
reading an email sent by the attacker with special "javascript:"
encodings.
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1519.html
+---------------------------------+
| elm | ----------------------------//
+---------------------------------+
A buffer overflow exists in the elm email client when handling very
long message-ids. This would overwrite other header fields and could
potentially cause further damage.
Mandrake Linux 8.0:
8.0/RPMS/elm-2.5.5-1.1mdk.i586.rpm
19ea620f1635928c679ccd8a6a1c7d93
http://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1521.html
+---------------------------------+
| phplib | ----------------------------//
+---------------------------------+
By providind a value for the the array element $_PHPLIB[libdir], an
intruder can force a script to load and execute scripts from another
server. This is because the value of $_PHPLIB[libdir] gets
initalized *only* if not already set.
http://www.trustix.net/errata/trustix-1.5/
9d3f0706c8c91d5e25a2477b2e764bdd
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1522.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request () linuxsecurity com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Current thread:
- Linux Advisory Watch - July 27th 2001 InfoSec News (Jul 29)