Home page logo
/

isn logo Information Security News mailing list archives

Linux Advisory Watch - July 27th 2001
From: InfoSec News <isn () c4i org>
Date: Sun, 29 Jul 2001 04:53:32 -0500 (CDT)

Forwarded by: vuln-newsletter-admins () linuxsecurity com

+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux  Advisory Watch  |
|  July 27th, 2001                          Volume 2, Number 30a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                  Benjamin Thomas
               dave () linuxsecurity com       ben () linuxsecurity com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.  
It includes pointers to updated packages and descriptions of each
vulnerability

This week, advisories were released for sugid-exec, telnet, ssh, procmail,
squid, sendmsg, xil, imp, elm, and phplib.  The vendors include Calera,
Conectiva, FreeBSD, Mandrake, NetBSD, Red Hat, SuSE, Trustix.
  
EnGarde Secure Linux v1.0.1 - EnGarde is a secure distribution of Linux
engineered from the ground-up to provide organizations with the level of
security required to create a corporate Web presence or even conduct
e-business on the Web. It can be used as a Web, DNS, e-mail, database,
e-commerce, and general Internet server where security is a primary
concern.

--> Download: http://www.engardelinux.org/download.html 


HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html
   


+---------------------------------+
|   sugid-exec                    | ----------------------------//
+---------------------------------+

A race condition between the setuid/setgid handling in the execve(2)
system call and the ptrace(2) system call can allow a local user to
cause a setuid-root executable to execute arbitrary code as the
superuser. 

 NetBSD 
 ftp://ftp.netbsd.org/pub/NetBSD/security/patches/ 
 SA2001-009-ptrace-1.5.patch 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1514.html 
 


+---------------------------------+
|  telnet                         | ----------------------------//
+---------------------------------+

A vulnerability in all BSD derived implementations of the TELNET
server daemon was published during the weekend that allows attackers
to gain root privilege on the attacked machine. 

 OpenLinux 2.3: 
 ftp://ftp.caldera.com/pub/openlinux/updates/2.3/022/ 
 RPMS/netkit-telnet-0.16-1.i386.rpm 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1513.html 

 FreeBSD: 
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/ 
 SA-01:49/telnetd.patch 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1512.html



  
+---------------------------------+
|  ssh 3.0                        | ----------------------------//
+---------------------------------+

A potential remote root exploit has been discovered in SSH Secure
Shell 3.0.0, for Unix only, concerning accounts with password fields
consisting of two or fewer characters. Unauthorized users could
potentially log in to these accounts using any password, including an
empty password.  This affects SSH Secure Shell 3.0.0 for Unix only. 
This is a problem with password authentication to the sshd2 daemon. 
The SSH Secure Shell client binaries (located by default in
/usr/local/bin) are not affected. 

 SSH Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1511.html 

 NetBSD Users Please see vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1515.html


  
  
+---------------------------------+
|   Procmail                      | ----------------------------//
+---------------------------------+

Procmail, an autonomous mail processor, as shipped in Red Hat Linux
5.2, 6.2, 7, and 7.1, handles signals unsafely. 

 i386: Linux 7.1 
 ftp://updates.redhat.com/7.1/en/os/i386/ 
 procmail-3.21-0.71.i386.rpm 

 51ad4ad3241887e2eb631e1799c94972 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1509.html




+---------------------------------+
|   squid                         | ----------------------------//
+---------------------------------+

New squid packages are available for Red Hat Linux 7.0 that fix a
possible security problem with Squid's HTTP accelerator  eature. If
Squid was configured in accelerator-only mode, it was possible for
remote users to portscan machines through the Squid proxy,
potentially allowing for access to machines not otherwise available. 


 Red Hat 7.0 
 ftp://updates.redhat.com/7.0/en/os/i386/ 
 squid-2.3.STABLE4-9.7.i386.rpm 
 adad3217cd16346eb5dcfa13a46d6289 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1510.html 

 Mandrake Linux 8.0: 
 8.0/RPMS/squid-2.3.STABLE5-1.1mdk.i586.rpm 
 14153011ab7acbd47931cf9132668c66 
 http://www.linux-mandrake.com/en/ftp.php3  

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1520.html


  

+---------------------------------+
|   sendmsg                       | ----------------------------//
+---------------------------------+

Due to insufficient length checking in the kernel, sendmsg(2) can be
used by a local user to cause a kernel trap, or an 'out of space in
kmem_map' panic. 

 NetBSD 
 ftp://ftp.netbsd.org/pub/NetBSD/security/patches/ 
 SA2001-011-sendmsg-current.patch 

 NetBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/netbsd_advisory-1516.html 


  

+---------------------------------+
|   xil                           | ----------------------------//
+---------------------------------+

xli, aka xloadimage, a image viewer for X11 is used by Netscape's
plugger to display TIFF-, PNG- and Sun-Raster-images. The plugger
configuration  file is /etc/pluggerrc. Due to missing boundary
checks in the xli code a buffer overflow could be triggered by an
external attacker to execute commands on the victim's system. An
exploit is publically available. 

 i386 Intel Platform: 

 SuSE-7.2 
 ftp://ftp.suse.com/pub/suse/i386/update/7.2/gra2/ 
 xli-1.16-351.i386.rpm 
 d35b3ee5b02bfb1bf4f9d8ccefdfa889  

SuSE Vendor Advisory: 
http://www.linuxsecurity.com/advisories/suse_advisory-1517.html


  

+---------------------------------+
|   imp                           | ----------------------------//
+---------------------------------+

A remote attacker could trick the server into fetching scripts from
another host and then execute them. This could be used to get access
to the server running this webmail system. An attacker might also
execute malicious javascript code in the browser of an user who is
reading an email sent by the attacker with special "javascript:"
encodings. 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1519.html

  

+---------------------------------+
|   elm                           | ----------------------------//
+---------------------------------+

A buffer overflow exists in the elm email client when handling very
long message-ids.  This would overwrite other header fields and could
potentially cause further damage. 

 Mandrake Linux 8.0: 

 8.0/RPMS/elm-2.5.5-1.1mdk.i586.rpm 
 19ea620f1635928c679ccd8a6a1c7d93 
 http://www.linux-mandrake.com/en/ftp.php3  

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1521.html 

  
   

+---------------------------------+
|   phplib                        | ----------------------------//
+---------------------------------+

By providind a value for the the array element $_PHPLIB[libdir], an
intruder can force a script to load and execute scripts from another
server.  This is because the value of $_PHPLIB[libdir] gets
initalized *only* if not already set. 

 http://www.trustix.net/errata/trustix-1.5/ 
 9d3f0706c8c91d5e25a2477b2e764bdd 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1522.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
  • Linux Advisory Watch - July 27th 2001 InfoSec News (Jul 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]