Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch - February 15th 2002

From: InfoSec News <isn () c4i org>
Date: Mon, 18 Feb 2002 00:32:23 -0600 (CST)
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  February 15th, 2002                      Volume 3, Number  7a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave () linuxsecurity com     ben () linuxsecurity com
 

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for rsync, mutt, OpenLDAP, uccp,
faqomatic, cupsys, ucd-snmp, and at.  The vendors include Caldera,
Conectiva, Debian, FreeBSD, and Red Hat.

Also this week, there is a great deal of news surrounding the SNMP
vulnerabilities.  The CERT advisory states "Numerous vulnerabilities have
been reported in multiple vendors' SNMP implementations. These
vulnerabilities may allow unauthorized privileged access,
denial-of-service attacks, or cause unstable behavior. "

The full CERT Advisory text can be found here:
  http://www.linuxsecurity.com/articles/
  network_security_article-4431.html 

A SNMP Advisory FAQ can be found here:
  http://www.linuxsecurity.com/articles/
  security_sources_article-4433.html   


Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
 
 http://store.guardiandigital.com
 
 
+---------------------------------+
|  rsync                          | ----------------------------//
+---------------------------------+

Sebastian Krahmer of SuSE discovered a vulnerability in rsync that allows
an attacker to modify memory of the rsync server process. There is no know
exploit yet, but this vulernability could be used against servers
providing downloads via anonymous rsync. Note that the problem can also be
exploited by a rogue server, attacking a client who uses rsync.

 ftp://ftp.caldera.com/pub/updates/eDesktop/2.4/current/RPMS 
 319f52b332937a9ec9b6b3a84a1a2818 
 RPMS/rsync-2.5.0-2.i386.rpm 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1887.html 
  

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1889.html



+---------------------------------+
|  mutt                           | ----------------------------//
+---------------------------------+

The mail user agent mutt is susceptible to a remote attack. By sending a
message with an overlong email address, the attacker is able to overwrite
a single memory location with a zero byte, which can be exploited to
execute arbitary code within the account of the email recipient.

 ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS 
 700b96d068e212e9f68bff794b60acc1 
 RPMS/mutt-1.2.5-12OL.i386.rpm 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1886.html


  

+---------------------------------+
|  OpenLDAP                       | ----------------------------//
+---------------------------------+

Recently a security flaw was discovered in OpenLDAP 2.0.19 slapd(8)
regarding application of access controls upon modify operations issued by
authenticated users. Specifically, slapd(8) did not disallow a replace
with no values from deleting the attribute which was protected by ACLs (if
such was allowed by checked schema rules). That is, this flaw allowed any
authenticated user to delete any non-mandatory attribute of an object. In
2.0 versions prior to 2.0.8, this flaw is NOT restricted to authenticated
users (that is, anonymous users can abuse the flaw as well).

 ftp://ftp.caldera.com/pub/updates/OpenLinux/2.3/current/RPMS 
 b333cf77ecde92a6c3b6e4c313361e09 
 RPMS/openldap-2.0.11-11S.i386.rpm 

 360db3b5a0f9d0321b00ff0f87b82597 
 RPMS/openldap-devel-2.0.11-11S.i386.rpm 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1885.html


  

+---------------------------------+
|  UUCP                           | ----------------------------//
+---------------------------------+

Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1.  It
permits a local user to copy any file to anywhere which is writable by the
uucp uid, which effectively means that a local user can completely subvert
the UUCP subsystem, including stealing mail, etc.


 Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1882.html

  


+---------------------------------+
|  faqomatic                      | ----------------------------//
+---------------------------------+

Due to unescaped HTML code Faq-O-Matic returned unverified scripting code
to the browser.  With some tweaking this enables an attacker to steal
cookies from one of the Faq-O-Matic moderators or the admin.

 http://security.debian.org/dists/stable/updates/main/ 
 binary-all/faqomatic_2.603-1.2_all.deb 
 MD5 checksum: cd2dfe85ed8fb844dad23e61f15e07f3 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1892.html


  

+---------------------------------+
|  cupsys                         | ----------------------------//
+---------------------------------+

The authors of CUPS, the Common UNIX Printing System, have found a
potential buffer overflow bug in the code of the CUPS daemon where it
reads the names of attributes. This affects all versions of CUPS.

 Intel ia32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 cupsys-bsd_1.0.4-10_i386.deb 
 MD5 checksum: 05400bb194af07b79287a6390125b3ee 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 cupsys_1.0.4-10_i386.deb 
 MD5 checksum: cc857d9a2a629dd14074d4d6469fbcd3 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libcupsys1-dev_1.0.4-10_i386.deb 
 MD5 checksum: ef741829699442ddc5b754ac693cfd39 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libcupsys1_1.0.4-10_i386.deb 
 MD5 checksum: dfeafd588730f20b3b0426722e9f0ba0 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1893.html


  

+---------------------------------+
|  ucd-snmp                       | ----------------------------//
+---------------------------------+

The Secure Programming Group of the Oulu University did a study on SNMP
implementations and uncovered multiple problems which can cause problems
ranging from Denial of Service attacks to remote exploits.
  

 Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/ 
 binary-i386/libsnmp4.1-dev_4.1.1-2.1_i386.deb 
 MD5 checksum: 5addf966bc067f943b4ca6c7d604a48f 

 http://security.debian.org/dists/stable/updates/ 
 main/binary-i386/libsnmp4.1_4.1.1-2.1_i386.deb 
 MD5 checksum: e1ebaeaee18859d1e58aae658e4b1564 

 http://security.debian.org/dists/stable/updates/ 
 main/binary-i386/snmp_4.1.1-2.1_i386.deb 
 MD5 checksum: 7d13633a4e8a922eb36d6bfe8a04f0f3 

 http://security.debian.org/dists/stable/updates/ 
 main/binary-i386/snmpd_4.1.1-2.1_i386.deb 
 MD5 checksum: bb63f353a4e3bba6d0bd3acc54f6a138 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1896.html 

 FreeBSD Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/freebsd_advisory-1890.html 

 Yellow-Dog Linux Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1894.html 

 Conectiva Linux Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1895.html 
  

 Red Hat 7.2 i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 ucd-snmp-4.2.3-1.7.2.3.i386.rpm 
 0b124baa0ad9d6dfff163bedefbd2cf8 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 ucd-snmp-utils-4.2.3-1.7.2.3.i386.rpm 
 2111e9ba725167a3f6d87db056a8bda2 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 ucd-snmp-devel-4.2.3-1.7.2.3.i386.rpm 
 c2bd228d204ee3c7668209d8e26e02c1 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 ethereal-0.8.18-10.7.2.1.i386.rpm 
 0e5cb05d81426fbee44e4c5fc4b2d176 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 ethereal-gnome-0.8.18-10.7.2.1.i386.rpm 
 bc176a2fba2fa979f2aa28a82570c6cf 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1891.html


  
  
+---------------------------------+
|  groff                          | ----------------------------//
+---------------------------------+

zen-parse discovered an exploitable buffer overflow in groff's
preprocessor.  If groff is invoked using the LPRng printing system, an
attacker can gain rights as the "lp" user.  Likewise, this may be remotely
exploitable if lpd is running and remotely accessible and the attacker
knows the name of the printer and it's spool file.

 Mandrake Linux 8.1: 
 6cc7c8c5936c4a15dca519219c4f078a 
 8.1/RPMS/groff-1.17.2-3.3mdk.i586.rpm 
 c8a8ae0e7848c60b922c8d8326afe01e 
 8.1/RPMS/groff-for-man-1.17.2-3.3mdk.i586.rpm 

 3dd6a64b3007bcd6bc3f807f5373462 
 8.1/RPMS/groff-gxditview-1.17.2-3.3mdk.i586.rpm 

 a92f47ab6a6d3a46509f3dd0d76ea9e3 
 8.1/RPMS/groff-perl-1.17.2-3.3mdk.i586.rpm 

 fdae065cd64b4527919d44dbcf126497 
 8.1/SRPMS/groff-1.17.2-3.3mdk.src.rpm 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1883.html


  
  

+---------------------------------+
|  at                             | ----------------------------//
+---------------------------------+

This updated at package fixes two minor problems and one major problem
where the environment can get wiped out prior to the execution of a
scheduled command. For versions of Red Hat Linux prior to 7.2, this
package also fixes a potential security vulnerability which can result in
heap corruption (Red Hat Linux 7.2 is not vulnerable to this security
exploit).

 Red Hat Linux 7.2:  i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/at-3.1.8-23.i386.rpm 
 ea793fd803f10c8fa66abb8191fefb9b 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1884.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: