Information Security News mailing list archives
Linux Advisory Watch - July 11th 2003
From: InfoSec News <isn () c4i org>
Date: Mon, 14 Jul 2003 03:33:30 -0500 (CDT)
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 11th, 2003 Volume 4, Number 27a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released xpdf, ml85p, openldap, imp, php, semi,
x-face-el, liece, mozart, skk, unzip, xbl, phpsysinfo, and teapop. The
distributors include Conectiva, Debian, Mandrake, and TurboLinux. Again,
there were no particularly serious vulnerabilities this week. However, it
is imperative that you make an effort to keep your servers up-to-date.
It's mid-July, which means 'vacation month' for many of our readers. When
going on leave from work, there are often many things that needs to be
prepared for. Often, a system administrator will ensure that all systems
are fully patched and up-to-date, backup and restore functions are working
correctly, and other users have the appropriate access so that minor
problems can be taken care of while away. Hypothetically, this could mean
a senior administrator is giving a junior admin full rights, or perhaps
the root passwords to the servers.
Next, if he senior admin has an over-sized ego (most likely) he/she will
feel compelled to add an autoreply message to his/her email. Because this
senior admin is very proactive, he/she is subscribed to over 30 security
related mailing lists. Because this hypothetical senior admin took only a
1/2 day on Friday, he/she did not take the time to ensure that autoreply
was setup to only reply to emails from the same domain. Instead, the
account was configured to reply to every single email received. By
mid-Saturday, the autoreply "feature" has kicked out over 100 emails.
Although primarily replies to bogus spam addresses, several were sent to
un-moderated mailing list. What does this mean? The entire world knows
the senior admin is "in Florida, please contact my staff Jr. Admin, Ryan
Typesalot." It's now Monday morning, quiet, and Ryan is just now getting
settled in at this desk. He receives a call from "patient social
engineer" who has been waiting for the perfect time to attack this this
company. What happens next? Because our patient social engineer knows
that the senior admin is out of the office for the next two weeks, and
that Ryan Typesalot is eger to solve problems, the attack is started.
You can probably figure out what will happen next. Ryan is conned into
believing that the person on the other side of the phone is a company
executive who is on the road and needs immediate access to his network
home directory and several passwords resets.
What is the moral of this story? Don't give out more information that you
have to. If you're going on vacation, you should only let the minimum
number of people know. If you must use autoreply, it is necessary to keep
it intracompany. Many of you probably already know this and already take
every necessary precaution. However, each time we send this newsletter
out, we receive quite a few auto replies. I don't want to tell you that
it should never be used, only that "features" such as autoreply should be
used carefully.
Until next time,
Benjamin D. Thomas
ben () linuxsecurity com
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. Click Command: http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25 FEATURE: Real-Time Alerting with Snort Real-time alerting is a feature of an IDS or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable is different for every person. http://www.linuxsecurity.com/feature_stories/feature_story-144.html -------------------------------------------------------------------- * Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. --> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2 -------------------------------------------------------------------- LINSECURITY.COM FEATURE: Intrusion Detection Systems: An Introduction By: Alberto Gonzalez Intrusion Detection is the process and methodology of inspecting data for malicious, inaccurate or anomalous activity. At the most basic levels there are two forms of Intrusion Detection Systems that you will encounter: Host and Network based. http://www.linuxsecurity.com/feature_stories/feature_story-143.html +---------------------------------+ | Distribution: Conectiva | ----------------------------// +---------------------------------+ 7/7/2003 - xpdf arbitrary command execution This update fixes a vulnerability that allows attackers to embed commands in document hyperlinks. http://www.linuxsecurity.com/advisories/connectiva_advisory-3430.html 7/7/2003 - ml85p insecure tmp file vulnerability This is a SUID root program and it creates temporary files in an insecure way, which makes it vulnerable to a race condition exploit. http://www.linuxsecurity.com/advisories/connectiva_advisory-3431.html 7/7/2003 - openldap denial of service vulnerability A failed password extended operation (password EXOP) can cause openldap to, if using the back-ldbm backend, attempt to free memory which was never allocated, resulting in a segfault. http://www.linuxsecurity.com/advisories/connectiva_advisory-3432.html 7/8/2003 - imp SQL code injection vulnerability A remote attacker can use this vulnerability to execute SQL commands and possibly get session IDs and steal another user's webmail session. http://www.linuxsecurity.com/advisories/connectiva_advisory-3439.html 7/10/2003 - PHP4 mulitple vulnerabilities There are mutliple vulnerabiles in php. http://www.linuxsecurity.com/advisories/connectiva_advisory-3440.html +---------------------------------+ | Distribution: Debian | ----------------------------// +---------------------------------+ 7/7/2003 - semi, wemi insecure temporary file vulnerability mulitple vulnerabilities due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3435.html 7/7/2003 - x-face-el insecure temporary file vulnerability mulitple vulnerabilities due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3436.html 7/7/2003 - liece insecure temporary file vulnerability due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3437.html 7/7/2003 - mozart unsafe mailcap configuration due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee. http://www.linuxsecurity.com/advisories/debian_advisory-3438.html 7/10/2003 - skk insecure tmp file vulnerability skk does not take appropriate security precautions when creating temporary files. http://www.linuxsecurity.com/advisories/debian_advisory-3441.html 7/10/2003 - unzip directory traversal vulnerability A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters. http://www.linuxsecurity.com/advisories/debian_advisory-3442.html 7/10/2003 - xbl buffer overflow vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the display command line option. http://www.linuxsecurity.com/advisories/debian_advisory-3443.html 7/10/2003 - phpsysinfo directory traversal vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. http://www.linuxsecurity.com/advisories/debian_advisory-3444.html 7/10/2003 - teapop SQL injection vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. http://www.linuxsecurity.com/advisories/debian_advisory-3445.html +---------------------------------+ | Distribution: Mandrake | ----------------------------// +---------------------------------+ 7/8/2003 - unzip directory traversal vulnerability Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. http://www.linuxsecurity.com/advisories/mandrake_advisory-3446.html +---------------------------------+ | Distribution: TurboLinux | ----------------------------// +---------------------------------+ 7/9/2003 - unzip directory traversal vulnerability When certain encoded characters are inserted into '../' directory traversal sequences, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem - including paths containing system binaries and other sensitive or confidential information. http://www.linuxsecurity.com/advisories/turbolinux_advisory-3447.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Linux Advisory Watch - July 11th 2003 InfoSec News (Jul 14)