Linux Advisory Watch - May 2nd 2003

    Date01 May 2003
    CategoryForums
    777
    Posted ByAnthony Pell
    This week, advisories were released for apcupsd, sendmail, apache, balsa, pptp, kdebase, snort, tcpdump, monkeyd, mgetty, ethereal, squirrelmail, lprng, micq, zlib, man, and xinetd.  The distributors include Caldera, Conectiva, Debian, EnGarde, Gentoo, Mandrake, Red Hat, and Turbo Linux.. . . This week, advisories were released for apcupsd, sendmail, apache, balsa, pptp, kdebase, snort, tcpdump, monkeyd, mgetty, ethereal, squirrelmail, lprng, micq, zlib, man, and xinetd.  The distributors include Caldera, Conectiva, Debian, EnGarde, Gentoo, Mandrake, Red Hat, and Turbo Linux.
    Free SSL guide from Thawte  - Security is of the utmost importance when doing business on the Web. Using a Thawte SSL Web Server Certificate demonstrates a commitment to security and will provide your business with a competitive advantage by establishing a relationship of trust with your customers. Download your Free SSL Guide from Thawte Now!


    LinuxSecurity Feature Extras:

    At the RealWorld Linux Expo in Toronto, Guardian Digital launched the next generation of the Community edition of our EnGarde Secure Linux. - Guardian Digital is an Internet security company, focusing on the Linux operating system. We have developed a suite of open source Internet security products aimed at companies that recognize the requirement to be secure on the Internet today.

    Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits, running a honeynet makes one acutely aware about "what is going on" out there. While placing a network IDS outside one's firewall might also provide a similar flood of alerts, a honeypot provides a unique prospective on what will be going on when a related server is compromised used by the intruders.

    [ Linux Advisory Watch ] - [ Linux Security Week ] - [ PacketStorm Archive ] - [ Linux Security Documentation ]


    PackagesVendors
    apcupsdCaldera
    sendmailCaldera, Conectiva
    apache Conectiva
    balsaConectiva, Gentoo
    pptpDebian, Gentoo
    kdebaseDebian, SuSE
    snortDebian, EnGarde, Gentoo, Mandrake
    tcpdumpEnGarde
    monkeydGentoo
    mgettyGentoo
    etherealMandrake
    squirrelmailMandrake
    lprngMandrake
    micqRed Hat
    zlibRed Hat
    manRed Hat
    xinetdTurbo Linux 

     
     
    Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is unparalleled in security, ease of management, and features. Open source technology constantly adapts to new threats. Email firewall, simplified administration, automatically updated. Click to learn more!

    Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.  It includes pointers to updated packages and descriptions of each vulnerability.
    [ Subscribe ]
     



     
     
    Package:apcupsd
    Description:Multiple buffer overflows in apcupsd may allow attackers to cause a denial of service or execute arbitrary code, related
    to usage of the vsprintf function.
    Vendor Alerts:Caldera:
    Caldera Vendor Advisory:
    http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html

     
    Package:sendmail
    Description:From CERT CA-2003-12: There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root.
    Vendor Alerts:Caldera:
    Caldera Vendor Advisory:
    http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html
    Conectiva:
    Conectiva Vendor Advisory:
    http://www.linuxsecurity.com/advisories/conectiva_advisory-3220.html

     
    Package:apache
    Description:There is a memory leak in these apache versions which can be remotely triggered by sending large chunks of consecutive linefeed characters. Each linefeed will cause the server to allocate 80 bytes of memory.
    Vendor Alerts:Conectiva:
    Conectiva Vendor Advisory:
    http://www.linuxsecurity.com/advisories/conectiva_advisory-3219.html

     
    Package:balsa
    Description:An attacker who is able to control an IMAP server accessed by balsa can exploit this vulnerability to remotely crash the client or execute arbitrary code with the privileges of the user running it.  This update fixes this vulnerability.
    Vendor Alerts:Conectiva:
    Conectiva Vendor Advisory:
    http://www.linuxsecurity.com/advisories/conectiva_advisory-3221.html
    Gentoo:
    Gentoo Vendor Advisory:
    http://www.linuxsecurity.com/advisories/gentoo_advisory-3216.html

     
    Package:pptp
    Description:Timo Sirainen discovered a vulnerability in pptpd, a Point to Point Tunneling Server, which implements PPTP-over-IPSEC and is commonly used to create Virtual Private Networks (VPN).  By specifying a small packet length an attacker is able to overflow a buffer and execute code under the user id that runs pptpd, probably root.  An exploit for this problem is already circulating.
    Vendor Alerts:Debian:
    Debian Vendor Advisory:
    http://www.linuxsecurity.com/advisories/debian_advisory-3214.html
    Gentoo:
    Gentoo Vendor Advisory:
    http://www.linuxsecurity.com/advisories/gentoo_advisory-3209.html

     
    Package:kdebase
    Description:The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files.  An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewing the file or when the browser generates a directory listing with thumbnails.
    Vendor Alerts:Debian:
    Debian Vendor Advisory:
    http://www.linuxsecurity.com/advisories/debian_advisory-3215.html
     
    SuSE:
    SuSE Vendor Advisory:
    http://www.linuxsecurity.com/advisories/suse_advisory-3201.html

     
    Package:snort
    Description:Two vulnerabilities have been discoverd in Snort, a popular network intrusion detection system.  Snort comes with modules and plugins that perform a variety of functions such as protocol analysis. 
    Vendor Alerts:Debian:
    Debian Vendor Advisory:
    http://www.linuxsecurity.com/advisories/debian_advisory-3223.html
    EnGarde:
    EnGarde Vendor Advisory:
    http://www.linuxsecurity.com/advisories/engarde_advisory-3217.html
    Gentoo:
    Gentoo Vendor Advisory:
    http://www.linuxsecurity.com/advisories/gentoo_advisory-3207.html
     
    Mandrake:
    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-3212.html

     
    Package:tcpdump
    Description:There are several vulnerabilities in the tcpdump package shipped with EnGarde Secure Linux.
    Vendor Alerts:EnGarde:
    EnGarde Vendor Advisory:
    http://www.linuxsecurity.com/advisories/engarde_advisory-3218.html

     
    Package:monkeyd
    Description:A buffer overflow vulnerability exists in Monkey's handling of forms submitted with the POST request method.  The unchecked buffer lies in the PostMethod() procedure.
    Vendor Alerts:Gentoo:
    Gentoo Vendor Advisory:
    http://www.linuxsecurity.com/advisories/gentoo_advisory-3208.html

     
    Package:mgetty
    Description:Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
    Vendor Alerts:Gentoo:
    Gentoo Vendor Advisory:
    http://www.linuxsecurity.com/advisories/gentoo_advisory-3210.html

     
    Package:ethereal
    Description:A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a remote attacker to use specially crafted SOCKS packets to cause a denial of service (DoS) and possibly execute arbitrary code.
     
    Vendor Alerts:Mandrake:
    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/mandrake_advisory-3203.html

     
    Package:squirrelmail
    Description:Cross-site scripting vulnerabilities in SquirrelMail version 1.2.10 and earlier allow remote attackers to execute script as other Web users via mailbox displays, message displays, or search results displays.  The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0160 to these issues.
    Vendor Alerts:Mandrake:
    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-3204.html

     
    Package:lprng
    Description:A vulnerability has been found in psbanner, which creates a temporary file with a known filename in an insecure manner.  An attacker could create a symbolic link and cause arbitrary files to be written as the 'lp' user.
    Vendor Alerts:Mandrake:
    Mandrake Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-3205.html

     
    Package:micq
    Description:mICQ versions 0.4.9 and earlier allow remote attackers to cause a denial of service (crash) using malformed ICQ message types without a 0xFE separator character.
    Vendor Alerts:Red Hat:
    Red Hat Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-3206.html

     
    Package:zlib
    Description:Updated zlib packages are now available which fix a buffer overflow vulnerability.
    Vendor Alerts:Red Hat:
    Red Hat Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-3211.html

     
    Package:mysql
    Description:A double-free vulnerability in mysqld, for MySQL before version 3.23.55, allows attackers with MySQL access to cause a denial of service (crash) by creating a carefully crafted client application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0073 to this issue.
    Vendor Alerts:Red Hat:
    Red Hat Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-3211.html

     
    Package:man
    Description:Updated man packages fix a minor security vulnerability.
     
    Vendor Alerts:Red Hat:
    Red Hat Vendor Advisory:
    http://www.linuxsecurity.com/advisories/redhat_advisory-3224.html

     
    Package:xinetd
    Description:The remote attackers can create DoS condition on the xined server.
     
    Vendor Alerts:Turbo Linux:
    Turbo Linux Vendor Advisory:
    http://www.linuxsecurity.com/advisories/turbolinux_advisory-3202.html

     

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.