Linux Advisory Watch - August 15th 2003

    Date14 Aug 2003
    Posted ByAnthony Pell
    This week, advisories were released for lynx, zblast, perl, kernel, signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix, and php. The distributors include Conectiva, Debian, FreeBSD, Gentoo, Red Hat, SuSe, Trustix, and TurboLinux.. . . This week, advisories were released for lynx, zblast, perl, kernel, signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix, and php. The distributors include Conectiva, Debian, FreeBSD, Gentoo, Red Hat, SuSe, Trustix, and TurboLinux.

    For many, it has been an eventful week. Blaster has affected nearly every windows users on the net. Although I'm sure many Linux administrators smirked while saying "not my servers," an equal number had "to deal with it." Whether you maintain Windows boxes or not, there are several lessons to be learned. First, as most readers of this newsletter are already aware, patching is critical. Also, incident preparation is extremely important. It is important to develop a weekly schedule where time can be allocated for regular server maintenance. Also, a documented set of incident procedures should be written. It is important to have emergency contacts and system procedures documented before an incident so that damage can be minimized.

    Last week I reviewed the O'Reilly book, Secure Coding: Principles & Practices. I received several emails about the book including one from David Wheeler, author of the "Secure Programming for Linux and Unix HOWTO." Because I've found this document helpful in the past, I thought that I should share it with you. The latest PDF version of the document is 168 pages, written in twelve chapters. It is distributed under the GNU Free Documentation License, therefore copying and distributing is perfectly legal. In the past, I've sent previous versions of this document to friends who are full time software developers. Everyone that has read this document has been impressed.

    The HOWTO includes chapters on input validation, avoiding buffer overflows, using system resources, as well as special topics include passwords, random numbers, cryptography, and authentication. The book also includes a chapter with specific information for popular languages such as C/C++, PERL, python, shell, Ada, Java, Tcl, and PHP.

    This HOWTO is worth the bandwidth! Download it! It is a great addition to last week's book because it focuses on many specific issues. If you have a problem related to secure program to solve, this is definitely one of the first places you should check.

    Until next time,
    Benjamin D. Thomas


    LinuxSecurity Feature Extras:

    Expert vs. Expertise: Computer Forensics and the Alternative OS - No longer a dark and mysterious process, computer forensics have been significantly on the scene for more than five years now. Despite this, they have only recently gained the notoriety they deserve.

    REVIEW: Linux Security Cookbook - There are rarely straightforward solutions to real world issues, especially in the field of security. The Linux Security Cookbook is an essential tool to help solve those real world problems. By covering situations that apply to everyone from the seasoned Systems Administrator to the security curious home user, the Linux Security Cookbook distinguishes itself as an indispensible reference for security oriented individuals.

    [ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]

    FREE Apache SSL Guide from Thawte - Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs.

    Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. [ Subscribe ]


       CRLF injection vulnerability

    Ulf Harnhammar reported a CRLF injection vulnerability in lynx.
     8/8/2003'man-db' vulnerability
       CRLF injection vulnerability

    The previous man-db update (DSA-364-1) introduced an error whichresulted in a segmentation fault in the "mandb" command, which runspart of the daily cron job. This error was caused by allocating amemory region which was one byte too small to hold the data writteninto it.
     8/8/2003'xtokkaetama' buffer overflow
       CRLF injection vulnerability

    Another buffer overflow was discovered in xtokkaetama, involving the"-nickname" command line option. This vulnerability could beexploited by a local attacker to gain gid 'games'.
     8/8/2003'xpcd' buffer overflow
       CRLF injection vulnerability

    Steve Kemp discovered a buffer overflow in xpcd-svga which can betriggered by a long HOME environment variable. This vulnerabilitycould be exploited by a local attacker to gain root privileges.
       buffer overflow vulnerability

    Steve Kemp discovered a buffer overflow in zblast-svgalib, when savingthe high score file.
     8/11/2003pam-pgsql format string vulnerability
       buffer overflow vulnerability

    There is a vulnerability in pam-pgsql whereby theusername to be used for authentication is used as a format string whenwriting a log message.
     8/9/2003kdelibs-crypto multiple vulnerabilities
       buffer overflow vulnerability

    There are multiple vulnerabilities in kdelibs.
     8/11/2003perl XSS vulnerability

    A cross-site scripting vulnerability exists in the start_form()function in

    This advisory provides a correction to the previous kernel updates,which contained an error introduced in kernel-source-2.4.18 version2.4.18-10.
       kernel vulnerability

    Some mechanisms for causing a signal to be sent did not properlyvalidate the signal number, in some cases allowing the kernel toattempt to deliver a negative or out-of-range signal number.
       kernel vulnerability

    The iBCS2 system call translator for statfs erroneously used theuser-supplied length parameter when copying a kernel data structureinto userland. If the length parameter were larger than required,then instead of copying only the statfs-related data structure,additional kernel memory would also be made available to the user.
       signal vulnerability

    Some mechanisms for causing a signal to be sent did not properlyvalidate the signal number, in some cases allowing the kernel toattempt to deliver a negative or out-of-range signal number.

    There are multiple vulnerabilities in Gentoo Linux source tree.
    Distribution:Red Hat
     8/8/2003'up2date' gpg signature verification vulnerability

    up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG signatures. These are the versions found in Red Hat Linux 8.0 and 9.
       tmp file vulnerability

    ddskk does not take appropriate security precautions when creatingtemporary files.
       information disclosure vulnerability

    Konqueror may inadvertently sendauthentication credentials to websites other than the intended website inclear text via the HTTP-referer header.
       multiple vulnerabilities

    There are multiple vulnerabilities in the kernel.
     8/8/2003'stunnel' DoS vulnerability
       multiple vulnerabilities

    Stunnel prior to 3.25 and 4.04 has an error in the SIGCHILD handling code which could lead to a denial of service attack if the child processes were terminated too fast.
     8/8/2003'postfix' DoS vulnerability
       multiple vulnerabilities

    This patch fixes a denial of service condition in the Postfix smtpd, qmgr, and other programs that use the trivial-rewrite service. The problem is triggered when an invalid address resolves to an impossible result. This causes the affected programs to reject the result and to retry the trivial-rewrite request indefinitely.
       XSS vulnerability

    An attacker could use this vulnerability to execute embedded scripts within the context of the generated page.


    INTRODUCING: Secure Mail Suite from Guardian Digital
    Unparalleled E-Mail Security. Secure Mail Suite is the most Dynamic, Rigorous Protection for Your Email System on the market today. It Clobbers Spam. Detects and Disables Viruses. And its Killer Firewall Keeps Your Data -- and Your System and Safe and Secure. All in an Easy-to-Manage Application that's Simple to Administer and Maintain.

    Secure Mail Suite is Guardian Digital's Optimum Solution to Mail Security. It's based on Open-Source Engineering, so it's constantly Improving. And with Guardian Digital Engarde Support, Secure Mail Suite Stays On Guard for You -- for Many Reliable Years.

    Secure Mail Suite. Sweet!
    From the First Name in Open-Source Security. Guardian Digital.



    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/technology?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"61","title":"High levels of security","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"62","title":"High levels of quality ","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"63","title":"Cost-effectiveness ","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"64","title":"Freedom and flexibility ","votes":"5","type":"x","order":"4","pct":83.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.