|
Information Security News
mailing list archives
Linux Advisory Watch - September 19th 2003
From: InfoSec News <isn () c4i org>
Date: Mon, 22 Sep 2003 01:56:34 -0500 (CDT)
+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 19, 2003 Volume 4, Number 37a |
+---------------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
Linux Advisoiry Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
Folks, there are a lot of advisories this week. Be sure to check your
distribution carefully, as many of them are significant.
This week, advisories were released for mana, pine, gtkhtml, openssh,
sendmail, MySQL, xfree86, buffer, kernel, and KDE.
The distributors include SCO, Conectiva, Debian, EnGarde, FreeBSD, Gentoo,
Immunix, NetBSD, Red Hat, Slackware, SuSE, Trustix, TurboLinux, and Yellow
Dog.
FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache
----
FEATURE: A Practical Approach of Stealthy Remote Administration This paper
is written for those paranoid administrators who are looking for a
stealthy technique of managing sensitive servers (like your enterprise
firewall console or IDS).
http://www.linuxsecurity.com/feature_stories/feature_story-149.html
--------------------------------------------------------------------
CONCERNED ABOUT THE NEXT THREAT? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice award
thanks to the depth of its security strategy..." Find out what the other
Linux vendors are not telling you.
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
--------------------------------------------------------------------
Expert vs. Expertise: Computer Forensics and the Alternative OS
No longer a dark and mysterious process, computer forensics have been
significantly on the scene for more than five years now. Despite this,
they have only recently gained the notoriety they deserve.
http://www.linuxsecurity.com/feature_stories/feature_story-147.html
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------------------+
| Distribution: SCO | ----------------------------//
+---------------------------------+
9/15/2003 - mana
local vulnerability
There are multiple local environment variable vulnerabilities in mana.
http://www.linuxsecurity.com/advisories/caldera_advisory-3622.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
9/12/2003 - pine
Multiple remote vulnerabilities
A buffer overflow and an integer overflow that can be exploited by
remote attackers through the sending of specially crafted messages have
been fixed.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3616.html
9/12/2003 - gtkhtml
Buffer overflow vulnerability
Multiple buffer overflow vulnerabilities existed that could be
exploited to at least crash programs linked to gtkhtml by using
malformed HTML. In the case of Evolution, a remote attacker can use an
HTML mail as an attack vector.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3617.html
9/16/2003 - openssh
buffer management error
This update fixes a potential remote vulnerability in the buffer
handling code of OpenSSH.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3623.html
9/17/2003 - openssh
Remote vulnerabilities
This update fixes new vulnerabilities found in the code that handles
buffers in OpenSSH. These vulnerabilities are similiar to the ones
fixed in the CLSA-2003:739 announcement and can be exploited by a
remote attacker to cause a denial of service condition and potentially
execute arbitrary code
http://www.linuxsecurity.com/advisories/connectiva_advisory-3648.html
9/18/2003 - sendmail
buffer overflow vulnerabilities
Michal Zalewski reported a remote vulnerability in sendmail versions
8.12.9 and earlier.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3656.html
9/18/2003 - MySQL
Multiple vulnerabilities
World writable configuration files, a double-free vulnerability, and a
password handler buffer overflow have been fixed in this update.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3658.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
9/12/2003 - xfree86
Multiple vulnerabilities
Four vulnerabilities have been identified and fixed in XFree86
including potential denial of service vulnerability.
http://www.linuxsecurity.com/advisories/debian_advisory-3618.html
9/15/2003 - mysql
buffer overflow vulnerability
MySQL contains a buffer overflow condition which could be exploited by
a user who has permission to execute "ALTER TABLE" commands on the
tables in the "mysql" database.
http://www.linuxsecurity.com/advisories/debian_advisory-3619.html
9/16/2003 - ssh
buffer management error
A bug has been found in OpenSSH's buffer handling where a buffer could
be marked as grown when the actual reallocation failed.
http://www.linuxsecurity.com/advisories/debian_advisory-3624.html
9/17/2003 - openssh
multiple vulnerabilities
This advisory is an addition to the earlier DSA-382-1 advisory: two
more buffer handling problems have been found in addition to the one
described in DSA-382-1
http://www.linuxsecurity.com/advisories/debian_advisory-3633.html
9/17/2003 - openssh-krb5 buffer handling vulnerability
multiple vulnerabilities
Several bugs have been found in OpenSSH's buffer handling. It is not
known if these bugs are exploitable, but as a precaution an upgrade is
advised.
http://www.linuxsecurity.com/advisories/debian_advisory-3634.html
9/18/2003 - sendmail
buffer overlow vulnerabilities
There are multiple buffer overflow vulnerabilities in the sendmail
package.
http://www.linuxsecurity.com/advisories/debian_advisory-3651.html
+---------------------------------+
| Distribution: EnGarde | ----------------------------//
+---------------------------------+
9/16/2003 - OpenSSH
buffer management error
The OpenSSH daemon shipped with all versions of EnGarde Secure Linux
contains a potentially exploitable buffer management error.
http://www.linuxsecurity.com/advisories/engarde_advisory-3621.html
9/18/2003 - Additional
'OpenSSH' buffer management bugs
After the release of ESA-20030916-023, the OpenSSH team discovered more
buffer management bugs (fixed in OpenSSH 3.7.1) of the same type.
Additionally, Solar Designer fixed additional bugs of this class. His
fixes are included in this update.
http://www.linuxsecurity.com/advisories/engarde_advisory-3649.html
9/18/2003 - 'MySQL' buffer overflow
'OpenSSH' buffer management bugs
The MySQL daemon contains a buffer overflow which may be exploited by
any user who has ALTER TABLE permissions on the "mysql" database.
http://www.linuxsecurity.com/advisories/engarde_advisory-3650.html
+---------------------------------+
| Distribution: FreeBSD | ----------------------------//
+---------------------------------+
9/16/2003 - buffer
management error
A bug has been found in OpenSSH's buffer handling where a buffer could
be marked as grown when the actual reallocation failed.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3625.html
9/17/2003 - sendmail
Multiple overflow vulnerabilities
A buffer overflow that may occur during header parsing was identified.
An attacker could create a specially crafted message that may cause
sendmail to execute arbitrary code with the privileges of the user
running sendmail, typically root.
http://www.linuxsecurity.com/advisories/freebsd_advisory-3647.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
9/15/2003 - mysql
buffer overflow vulnerability
Anyone with global administrative privileges on a MySQL server may
execute arbitrary code even on a host he isn't supposed to have a shell
on, with the privileges of the system account running the MySQL server.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3620.html
9/16/2003 - exim
buffer overflow vulnerability
There's a heap overflow in all versions of exim3 and exim4 prior to
version 4.21. It can be exercised by anyone who can make an SMTP
connection to the exim daemon.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3626.html
9/16/2003 - openssh
Buffer management error
All versions of OpenSSH's sshd prior to 3.7 contain a buffer management
error. It is uncertain whether this error is potentially exploitable,
however, we prefer to see bugs fixed proactively.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3629.html
9/17/2003 - sendmail
Buffer overflow vulnerabilities
Fix a buffer overflow in address parsing. Fix a potential buffer
overflow in ruleset parsing. This problem is not exploitable in the
default sendmail configuration.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3646.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
9/16/2003 - openssh
buffer management error
A bug has been found in OpenSSH's buffer handling where a buffer could
be marked as grown when the actual reallocation failed.
http://www.linuxsecurity.com/advisories/immunix_advisory-3627.html
9/17/2003 - openssh
buffer management error
This advisory has been updated to reflect that the OpenSSH team has
found more instances of the programming idiom in question in their
codebase.
http://www.linuxsecurity.com/advisories/immunix_advisory-3635.html
9/18/2003 - sendmail
buffer overflow vulnerabilities
Michal Zalewski discovered flaws in sendmail's prescan() function.
http://www.linuxsecurity.com/advisories/immunix_advisory-3652.html
+---------------------------------+
| Distribution: NetBSD | ----------------------------//
+---------------------------------+
9/17/2003 - openssh
buffer overflow vulnerability
A buffer overwrite with unknown consequences has been found in OpenSSH.
http://www.linuxsecurity.com/advisories/netbsd_advisory-3636.html
9/17/2003 - kernel
memory disclosure vulnerability
The iBCS2 system call translator for statfs erroneously used the
user-supplied length parameter when copying a kernel data structure
into userland.
http://www.linuxsecurity.com/advisories/netbsd_advisory-3637.html
9/17/2003 - sysctl
multiple vulnerabilities
Three unrelated problems with inappropriate argument handling were
found in the kernel sysctl code, which could be exploited by malicious
local user.
http://www.linuxsecurity.com/advisories/netbsd_advisory-3638.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
9/16/2003 - openssh
buffer management error
A bug has been found in OpenSSH's buffer handling where a buffer could
be marked as grown when the actual reallocation failed.
http://www.linuxsecurity.com/advisories/redhat_advisory-3628.html
9/16/2003 - KDE
Multiple vulnerabilities
Updated KDE packages that resolve a local security issue with KDM PAM
support and weak session cookie generation are now available.
http://www.linuxsecurity.com/advisories/redhat_advisory-3631.html
9/17/2003 - OpenSSH
Buffer manipulation vulnerabilities
Updated packages are now available to fix additional buffer
manipulation problems which were fixed in OpenSSH 3.7.1.
http://www.linuxsecurity.com/advisories/redhat_advisory-3644.html
9/17/2003 - sendmail
Multiple overflow vulnerabilities
Updated Sendmail packages that fix a potentially-exploitable
vulnerability are now available. The sucessful exploitation of this bug
can lead to heap and stack structure overflows.
http://www.linuxsecurity.com/advisories/redhat_advisory-3645.html
+---------------------------------+
| Distribution: Slackware | ----------------------------//
+---------------------------------+
9/16/2003 - openssh
Buffer management error
These fix a buffer management error found in versions of OpenSSH
earlier than 3.7. The possibility exists that this error could allow a
remote exploit, so we recommend all sites running OpenSSH upgrade to
the new OpenSSH package immediately.
http://www.linuxsecurity.com/advisories/slackware_advisory-3630.html
9/17/2003 - openssh
buffer management errors
These packages fix additional buffer management errors that were not
corrected in the recent 3.7p1 release.
http://www.linuxsecurity.com/advisories/slackware_advisory-3639.html
9/17/2003 - sendmail
multiple vulnerabilities
There are multiple vulnerabilities in the sendmail package.
http://www.linuxsecurity.com/advisories/slackware_advisory-3640.html
+---------------------------------+
| Distribution: SuSE | ----------------------------//
+---------------------------------+
9/16/2003 - openssh
Buffer management vulnerability
A programming error has been found in code responsible for buffer
management. If exploited by a (remote) attacker, the error may lead to
unauthorized access to the system, allowing the execution of arbitrary
commands.
http://www.linuxsecurity.com/advisories/suse_advisory-3632.html
9/18/2003 - openssh
management errors
A programming error has been found in code responsible for buffer
management.
http://www.linuxsecurity.com/advisories/suse_advisory-3657.html
+---------------------------------+
| Distribution: Trustix | ----------------------------//
+---------------------------------+
9/17/2003 - openssh
buffer management error
All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management
errors.
http://www.linuxsecurity.com/advisories/trustix_advisory-3641.html
9/17/2003 - mysql
buffer overflow vulnerability
Fixed buffer overflow in SET PASSWORD which could potentially be
exploited by MySQL users with root privileges to execute random code or
to gain shell access.
http://www.linuxsecurity.com/advisories/trustix_advisory-3642.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
9/17/2003 - openssh
buffer management error
This vulnerability may allow a remote attacker to execute arbitrary
code.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3643.html
9/18/2003 - sendmail
buffer overflow vulnerabilities
The potential buffer overflows are in ruleset parsing and address
parsing for sendmail.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3653.html
+---------------------------------+
| Distribution: YellowDog | ----------------------------//
+---------------------------------+
9/18/2003 - openssh
buffer management errors
Updated packages are now available to fix additional buffer
manipulation problems which were fixed in OpenSSH 3.7.1.
http://www.linuxsecurity.com/advisories/yellowdog_advisory-3654.html
9/18/2003 - sendmail
buffer overflow vulnerabilities
Michal Zalewski found a bug in the prescan() function of unpatched
Sendmail versions prior to 8.12.10.
http://www.linuxsecurity.com/advisories/yellowdog_advisory-3655.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request () linuxsecurity com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
 By Date 
By Thread
Current thread:
- Linux Advisory Watch - September 19th 2003 InfoSec News (Sep 22)
|
Intro
