Linux Advisory Watch - March 15th 2002

    Date14 Mar 2002
    CategoryForums
    695
    Posted ByAnthony Pell
    This week, advisories were released for zlib, mod_ssl, xtel, pam_pgsql, cyrus-sasl, netscape, mod_frontpage, openssh, rsync, gzip, NetBSD kernel, php, fileutils, and cvs.  The vendors include Conectiva, Debian, EnGarde, FreeBSD, Immunix, Mandrake, NetBSD, Red Hat, Slackware, SuSE, Trustix, and Yellow Dog Linux.  . . . This week, advisories were released for zlib, mod_ssl, xtel, pam_pgsql, cyrus-sasl, netscape, mod_frontpage, openssh, rsync, gzip, NetBSD kernel, php, fileutils, and cvs.  The vendors include Conectiva, Debian, EnGarde, FreeBSD, Immunix, Mandrake, NetBSD, Red Hat, Slackware, SuSE, Trustix, and Yellow Dog Linux.  Many serious advisories affecting nearly all Linux vendors were released this week, it is advisable that you patch your systems immediately.

    ALERT: Significant Vulnerability Afflicts Linux Systems - Today in a coordinated effort between all major Linux vendors, a vulnerability in the zlib library was announced, potentially affecting every installed Linux system in existance.


    Security and Simplicity - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more!

    PackageVendor
    zlibDebian, Mandrake, SuSE, EnGarde, Conectiva, Red Hat, Slackware
    mod_sslDebian, Mandrake, Red Hat
    xtelDebian
    pam_pgsqlFreeBSD
    cyrus-saslFreeBSD
    netscapeFreeBSD
    mod_frontpageFreeBSD
    opensshMandrake, Mandrake, NetBSD, Trustix, YellowDog, Immunix, Red Hat, SuSE
    rsyncMandrake, Slackware
    gzipNetBSD
    NetBSD kernelNetBSD
    phpConectiva
    fileutilsfileutils
    cvsSlackware

    FEATURE: Linux Data Hiding and Recovery - Just when you thought your data was removed forever, Anton Chuvakin shows us how to recover data and even how data can surruptitiously be hidden within space on the filesystem.


    FEATURE: Fingerprinting Web Server Attacks - In this article, zenomorph discusses multiple ways attackers attempt to exploit port 80 to gain control of a web server. Using this information, an administrator can learn to detect potential attacks and steps that are necessary to protect a server from them.


    Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability.



    zlib

    The compression library zlib has a flaw in which it attempts to free memory more than once under certain conditions. This can possibly be exploited to run arbitrary code in a program that includes zlib. If a network application running as root is linked to zlib, this could potentially lead to a remote root compromise. No exploits are known at this time.

    Debian:
    PLEASE SEE VENDOR ADVISORY

    Debian Vendor Advisory:
    http://www.linuxsecurity.com/advisories/debian_advisory-1968.html
     

    Mandrake Linux 8.1:
    8.1/RPMS/zlib1-1.1.3-16.1mdk.i586.rpm
    6dca9c0ff7dac9759d735150139182da

    8.1/RPMS/zlib1-devel-1.1.3-16.1mdk.i586.rpm
    320d06d5f1acc841965ad6c16db396cf

    http://www.mandrakesecure.net/en/ftp.php
    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-1976.html

    Mandrake Vendor Advisory [UPDATE]:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-1983.html
     

    SuSE Vendor Advisory I:
    http://www.linuxsecurity.com/advisories/suse_advisory-1967.html

    SuSE Vendor Advisory II:
    http://www.linuxsecurity.com/advisories/suse_advisory-1966.html

    EnGarde Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1960.html

    Conectiva Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1982.html

    Red Hat Vendor Advisory I:
    http://www.linuxsecurity.com/advisories/redhat_advisory-1965.html

    Red Hat Vendor Advisory II:
    http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html

    Slackware Vendor Advisory:
    http://www.linuxsecurity.com/advisories/slackware_advisory-1973.html


     

    mod/ssl apache/ssl

    To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server.

    Debian Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/main/
    binary-i386/apache-ssl_1.3.9.13-4_i386.deb
    MD5 checksum: 5085998b8751242a7e9c59b4806a7b24
     
    http://security.debian.org/dists/stable/updates/main/binary-i386/
    libapache-mod-ssl_2.4.10-1.3.9-1potato1_i386.deb
    MD5 checksum: e9a64fab4b7891f00b7e66f524ec0ec9

    Debian Vendor Advisory:
    http://www.linuxsecurity.com/advisories/debian_advisory-1951.html
     

    Mandrake Linux 8.1:
    8.1/RPMS/mod_ssl-2.8.5-2.1mdk.i586.rpm
    020058f4fd26dc78480804caf5cd0044
    http://www.mandrakesecure.net/en/ftp.php

    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-1947.html
     

    Red Hat: i386:
    ftp://updates.Red Hat.com/7.2/en/os/i386/mod_ssl-2.8.5-4.i386.rpm
    b7c91618cfb9110ce1ad620b9df05ab7

    Red Hat Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-1941.html
     


     

    xtell

    Several security related problems have been found in the xtell package, a simple messaging client and server.  In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains "..".  These problems could lead into an attacker being able to execute arbitrary code on the server machine.  The server runs with nobody privileges by default, so this would be the account to be exploited.

    Debian  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/
    main/binary-i386/xtell_1.91.1_i386.deb
    MD5 checksum: 15dba43eec2b9b24a04523b27e621bbd

    Debian Vendor Advisory:
    http://www.linuxsecurity.com/advisories/debian_advisory-1964.html


     

    pam-pgsql

    The affected versions of the pam-pgsql port contain a vulnerability that may allow a remote user to cause arbitrary SQL code to be executed.  pam-pgsql constructs a SQL statement to be executed by the PostgreSQL server in order to lookup user information, verify user passwords, and change user passwords.  The username and password given by the user is inserted into the SQL statement without any quoting or other safety checks.

    FreeBSD:
    PLEASE SEE VENDOR ADVISORY FOR UPDATE

    FreeBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/freebsd_advisory-1969.html

    cyrus-sasl

    Affected versions of the cyrus-sasl port contain a format string vulnerability.  The format string vulnerability occurs during a call to the syslog(3) function.

    FreeBSD:
    PLEASE SEE VENDOR ADVISORY FOR UPDATE

    FreeBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/freebsd_advisory-1970.html


     

    netscape

    The GIF89a and JPEG standards permit images to have embedded comments, in which any kind of textual data may be stored. Versions 4.76 and earlier of the Netscape browser will execute JavaScript contained in such a comment block, if execution of JavaScript is enabled in the configuration of the browser.

    FreeBSD:
    ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
    linux-netscape-communicator-4.79.tgz
    linux-netscape-navigator-4.79.tgz

    FreeBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/freebsd_advisory-1971.html

    mod_frontpage

    Affected versions of the mod_frontpage port contains several exploitable buffer overflows in the fpexec wrapper, which is installed setuid root.  A local attacker may obtain superuser privileges by exploiting the buffer overflow bugs in fpexec.

    FreeBSD:
    PLEASE SEE VENDOR ADVISORY

    FreeBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/freebsd_advisory-1972.html
     

    Mandrake Linux 8.1:
    http://www.mandrakesecure.net/en/ftp.php
    8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm
    8c2baeebb796353035f8816ed6cdfbed

    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-1945.html


     

    openssh

    Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2.  This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client.  OpenSSH 3.1 is not vulnerable to this problem.  The provided packages fix this vulnerability.

    Mandrake Linux 8.1:
    8.1/RPMS/openssh-3.1p1-1.1mdk.i586.rpm
    44ff50aad9a9696ee747d201b9a3bd5f

    8.1/RPMS/openssh-askpass-3.1p1-1.1mdk.i586.rpm
    a8d4315ed3b5fab0e8d8f3abcae36ce7

    8.1/RPMS/openssh-askpass-gnome-3.1p1-1.1mdk.i586.rpm
    4df4ec7a72c4c5dbda179799738b8bd7

    8.1/RPMS/openssh-clients-3.1p1-1.1mdk.i586.rpm
    a332044cf9eaeaaae0af923d55678e2b

    8.1/RPMS/openssh-server-3.1p1-1.1mdk.i586.rpm
    a2a39c0c29d0c3a7660d8c58023edbe4

    http://www.mandrakesecure.net/en/ftp.php

    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-1946.html
     

    NetBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/netbsd_advisory-1978.html

    Trustix Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1943.html

    YellowDog Linux Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1950.html

    Immunix Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1961.html

    Red Hat Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-1948.html

    SuSE Vendor Advisory:
    http://www.linuxsecurity.com/advisories/slackware_advisory-1944.html


     

    rsync

    Ethan Benson discovered a bug in rsync where the supplementary groups that the rsync daemon runs as (such as root) would not be removed from the server process after changing to the specified unprivileged uid and gid.

    Mandrake Linux 8.1:
    8.1/RPMS/rsync-2.5.4-1.1mdk.i586.rpm
    e3733dc91021b997e656fafe86915fe9

    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-1981.html

    Slackware 8.0:
    ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/rsync.tgz
    e88390bae124be2af4b707ad3fbfc791

    Slackware Vendor Advisory:
    http://www.linuxsecurity.com/advisories/slackware_advisory-1974.html


     

    gzip

    There are ftp daemon programs that invoke gzip on demand (like wu-ftpd). If your systems run these daemons, depending on the configuration it could lead to a remote root compromise.

    NetBSD:
    PLEASE SEE VENDOR ADVISORY FOR UPDATE

    NetBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/netbsd_advisory-1977.html


     

    NetBSD kernel

    There was a bug in the IPv4 forwarding path, and the inbound SPD (security policy database) was not consulted on forwarding.  As a result, NetBSD routers configured to be a VPN gateway failed to reject unencrypted packets.

    NetBSD:
    PLEASE SEE VENDOR ADVISORY FOR UPDATE

    NetBSD Vendor Advisory:
    http://www.linuxsecurity.com/advisories/netbsd_advisory-1979.html


     

    php

    Stefan Esser of E-matters security discovered and published[2,3]  several vulnerabilities[4] in the php_mime_split function used for  file uploads that could allow an attacker to execute arbitrary commands on the server. This affects both PHP4 and PHP3.

    Conectiva:
    PLEASE SEE VENDOR ADVISORY FOR UPDATE

    Conectiva Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1942.html


     

    fileutils

    The GNU File Utilities are the basic file-manipulation utilities of the GNU operating system.  Race condition in various utilities from fileutils GNU package may cause root user to delete the whole filesystem.

    PLEASE SEE VENDOR ADVISORY FOR UPDATE

    Vendor Advisory:
    http://www.linuxsecurity.com/advisories/other_advisory-1959.html

    cvs

    Package updated: Patched to link to the shared zlib on the system instead of statically linking to the included zlib source.  Also, use mktemp to create files in /tmp files more safely.

    Slackware 8.0:
    ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/cvs.tgz
    6758d0f323e9ebbd9aa1272c6c9dc482

    Slackware Vendor Advisory:
    http://www.linuxsecurity.com/advisories/slackware_advisory-1974.html


     

     
     
     

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    20
    radio
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]},{"id":"75","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.