Information Security News mailing list archives
Linux Advisory Watch, September 22nd, 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 22 Sep 2000 00:30:55 -0400
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 22nd, 2000 Volume 1, Number 21a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
Linux Advisory Watch is a comprehensive newsletter that outlines
the security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
A majority of the advisories released this week were for
syslogd/klogd. Caldera, SuSE, Mandrake, Trustix, Slackware, Debian,
and RedHat have all made updated packages available. It is
important that you update this package because the vulnerability
could result in a local root compromise.
Other advisories included glint, screen, and xchat. Screen also has
the risk of a local root compromise. The glint vulnerability can be
used to maliciously destruct files.
Also of note is that Debian is phasing out support for the 2.1
distribution. More on this in the Debian section.
-- OpenDoc Publishing ---------------------------------------------
Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.
http://www.linuxsecurity.com/sponsors/opendocs.html
+---------------------------------+
| Installing a new package: | ----------------------------//
+---------------------------------+
# rpm -Uvh <package-name.rpm>
# dpkg -i <package-name.deb>
Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.
+---------------------------------+
| Checking Package Integrity: | -----------------------------//
+---------------------------------+
The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.
# md5sum <package-name>
ebf0d4a0d236453f63a797ea20f0758b <package-name>
The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing it.
+---------------------------------+
| Caldera Advisories | ----------------------------//
+---------------------------------+
* Caldera: 'syslogd'klogd' vunlerabilities
September 20th, 2000
Several problems have been discovered in syslogd and klogd, the
daemon programs responsible for system logging on Linux. 1. There is
a format bug in klogd. 2.There is a single byte buffer overflow in
syslogd. 3. When given long messages, syslogd broadcasts the message
to all users currently logged in.
Package Name: sysklogd-1.4-2
Updated Packages:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/
http://www.linuxsecurity.com/advisories/caldera_advisory-733.html
+---------------------------------+
| Debian Advisories | ----------------------------//
+---------------------------------+
* Debian: 'sysklogd' vulnerability
September 19th, 2000
Multiple vulnerabilities have been reported in syslogd and klogd. A
local root exploit is possible, and remote exploits may be possible
in some cases (though we are not currently aware of a remote
exploit.)
Package Name: sysklogd_1.3-33
Updated Packages:
ftp://security.debian.org/debian-security
http://www.linuxsecurity.com/advisories/debian_advisory-727.html
* Debian: Info: Phasing out support for 2.1
Debian is phasing out support for Debian 2.1 (slink). We believe that this
will have a minimal impact on our user community as we expect that most
slink users have already upgraded to potato. We had originally announced
that support would end Sep 30, 2000.
http://www.linuxsecurity.com/advisories/debian_advisory-720.html
+---------------------------------+
| FreeBSD Advisories | ----------------------------//
+---------------------------------+
* FreeBSD: 'screen' update
September 20th, 2000
The screen port, versions 3.9.5 and before, contains a vulnerability
which allows local users to gain root privileges. This is
accomplished by inserting string-formatting operators into
configuration parameters, which may allow arbitrary code to be
executed.
Package Name: screen-3.9.8.tgz
Updated Packages: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/
http://www.linuxsecurity.com/advisories/freebsd_advisory-734.html
+---------------------------------+
| Mandrake Advisories | ----------------------------//
+---------------------------------+
* Mandrake: 'sysklogd' vulnerability
September 19th, 2000
A problem exists with the kernel logging daemon (klogd) in the
sysklogd package. A "format bug" makes klogd vulnerable to local root
compromise, as well as the possibility for remote vulnerabilities
under certain circumstances, which are unprobable. There is also a
more probable semi-remote exploit via knfsd. This update provides a
patched version of klogd that fixes these vulnerabilities.
Package Name: sysklogd-1.3.31-15
Updated Packages:
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
http://www.linuxsecurity.com/advisories/mandrake_advisory-730.html
+---------------------------------+
| RedHat Advisories | ----------------------------//
+---------------------------------+
* RedHat: 'syslogd' vulnerabilities
September 18th, 2000
Various vulnerabilities exist in syslogd/klogd. By exploiting these
vulnerabilities, it could be possible for local users to gain root
access. No remote exploit exists at this time, but it remains
theoretically possible that this vulnerability could be exploited
remotely under certain rare circumstances.
Package Name: sysklogd-1.3.31-1.6
Updated Packages:
ftp://updates.redhat.com/5.2/
ftp://updates.redhat.com/6.2/
http://www.linuxsecurity.com/advisories/redhat_advisory-722.html
* RedHat: 'glint' symlink vulnerability
September 21st, 2000
If a specific symlink exists in /tmp, glint will open it and write to
it when run by root -- so destruction of any file is possible. Note
that glint does not work with RPM 3.0 or higher. If you have RPM 3.0
or higher installed, just uninstall the glint package to remove this
vulnerability.
Package Name: glint-2.6.3-1
Updated Packages: ftp://updates.redhat.com/5.2/
http://www.linuxsecurity.com/advisories/caldera_advisory-736.html
+---------------------------------+
| Slackware Advisories | ----------------------------//
+---------------------------------+
* Slackware: 'sysklogd' vunlerability
September 19th, 2000
A string format / buffer overflow bug has been discovered in klogd,
the kernel logging daemon. Please upgrade to the new sysklogd 1.4
package available on the Slackware FTP site.
Package Name: sysklogd.tgz
Updated Packages:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/
http://www.linuxsecurity.com/advisories/slackware_advisory-729.html
+---------------------------------+
| SuSE Advisories | ----------------------------//
+---------------------------------+
* SuSE: 'syslogd/klogd' vulnerability
September 20th, 2000
Errors in both the klogd and the syslogd can cause both daemons do
die when specially designed strings get passed to the kernel by the
user, eg. with a malformed structure in a system call.
Package Name: syslogd-1.3.33-161
Updated Packages: ftp://ftp.suse.com/pub/suse/
http://www.linuxsecurity.com/advisories/suse_advisory-732.html
+---------------------------------+
| Trustix Advisories | ----------------------------//
+---------------------------------+
* Trustix: 'sysklogd' vulnerability
September 19th, 2000
Trustix Secure Linux also suffers from a security hole in sysklogd.
Everybody running 1.0x or 1.1 should upgrade. The hole is already
fixed in the new beta (1.1.80).
Package Name: sysklogd-1.3.31-18tr.i586.rpm
Updated Packages: ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS
http://www.linuxsecurity.com/advisories/other_advisory-731.html
+---------------------------------+
| TurboLinux Advisories | ----------------------------//
+---------------------------------+
* TurboLinux: 'xchat' vulnerability
September 19th, 2000
There has been a well-known vulnerability existing with all
un-patched xchat versions 1.4.2 and earlier. By supplying commands
enclosed in backticks (``) in URL's sent to X-Chat, it is possible to
execute arbitrary commands should the X-Chat user decide to view the
link by clicking on it. This is due to the manner in which X-Chat
launches pages for viewing.
Package Name: xchat-1.4.3-1
Updated Packages: ftp://ftp.turbolinux.com/pub/updates/6.0/
http://www.linuxsecurity.com/advisories/turbolinux_advisory-723.html
* TurboLinux: 'sysklogd' vulnerability
September 19th, 2000
Various vulnerabilities exist in syslogd/klogd. By exploiting
these vulnerabilities, it could be possible for local users to gain
root access.
Package Name: sysklogd-1.3.31-6
ftp://ftp.turbolinux.com/pub/updates/6.0/
http://www.linuxsecurity.com/advisories/turbolinux_advisory-725.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request () linuxsecurity com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, September 22nd, 2000 vuln-newsletter-admins (Sep 22)
