Linux Advisory Watch - December 24th 2004

    Date23 Dec 2004
    CategoryNewsletters
    12535
    Posted ByBenjamin D. Thomas
    Happy Holidays! This week, advisories were released for cscope, htget, a2ps, ethereal, xzgv, debmake, xcdroast, udev, cups, postgresql, namazu, pam, samba, glibc, krb5, php, gnumeric, abiword, libtiff, kfax, abcm2ps, phpMyAdmin, WordPress, NASM, mplayer, mpg123, wget, urpmi, aspell, krb5, logcheck, samba, Linux kernel, kerberos5, libxml, gd, XFree86, and nfs-utils. The distributors include Debian, Fedora, Gentoo, Mandrake, NetBSD, Trustix, Red Hat, and SuSE.


    Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

    State of Linux Security 2004

    In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.

    2004 started off on shaky ground with a flaw found in mremap(), a piece of kernel code that controls virtual memory. It affected versions 2.2, 2.4, and 2.6. It was later discovered that the same vulnerability was used to exploit several high-profile Linux development sites in November 2003. Patches were released in early January by each of the major distributions. The flaw was fixed in further kernel releases. In February, a second mremap vulnerability was discovered by the Polish security consulting firm ISec. The second mremap flaw was unrelated, but just as serious as the first. In theory, it could result in a denial of service or privilege escalation to root. Vendors responded much more quickly in this second instance. Fixes for 2.4 and 2.6 were released only in a matter of hours this second time. In March, Paul Starzetz of ISec released proof-of-concept exploit code for the second mremap flaw that was released in February. Several news sites failed to accurately read the report released in March and reported that a third kernel flaw as found. This was wrong, but it sparked a lot of interest in rumors. Many were relieved to find out that the "third vulnerability" was in fact a misinterpretation. It was beginning to look like the "year of the kernel flaw," but luckily things quieted down in second quarter. The remaining portion of the year was scattered with other kernel vulnerabilities, but non received as much press as mremap. Another notable one was discovered in 2.6 last October. It was claimed that the vulnerability could be used to shut down 2.6-based systems remotely. It only affected those systems using iptables based firewalls, because the flaw had to do with the way 2.6 handled firewall logging. Patches were released and the problem was resolved.

    Read the rest of the article here:
    http://www.linuxsecurity.com/content/view/117655/49/

     

    LinuxSecurity.com Feature Extras:

    Users Respond with Constructive Feedback - When the new version of LinuxSecurity.com was launched on December 1st, we also asked our readers to " Tell us what you think ." You have spoken, and we appreciate that! We received hundreds of comments & requests, and have been addressing a majority of them. We thought it was important to share some of the comments with you. While some were purely positive acknowledgements, others were thoughtful criticisms. We take every critique into account and address each as resources become available or when the criticism becomes the concern of many.

    Vincenzo Ciaglia Speaks Security 2004- Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

    Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

     

    Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network.Click to find out more!

    Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

    Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

     

      Debian
     Debian: cscope insecure temporary file
     17th, December, 2004

    A vulnerability has been discovered in cscope, a program to interactively examine C source code, which may allow local users to overwrite files via a symlink attack.

    http://www.linuxsecurity.com/content/view/117531
     
     Debian: htget arbitrary code execution fix
     20th, December, 2004

    "infamous41md" discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL.

    http://www.linuxsecurity.com/content/view/117568
     
     Debian: a2ps arbitrary command execution fix
     20th, December, 2004

    Rudolf Polzer discovered a vulnerability in a2ps, a converter and pretty-printer for many formats to PostScript. The program did not escape shell meta characters properly which could lead to the execution of arbitrary commands as a privileged user if a2ps is installed as a printer filter.

    http://www.linuxsecurity.com/content/view/117569
     
     Debian: ethereal denial of service fix
     21st, December, 2004

    Brian Caswell discovered that an improperly formatted SMB packet could make ethereal hang and eat CPU endlessly.

    http://www.linuxsecurity.com/content/view/117609
     
     Debian: xzgv arbitrary code execution fix
     21st, December, 2004

    Luke "infamous41md" discoverd multiple vulnerabilities in xzgv, a picture viewer for X11 with a thumbnail-based selector. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/117610
     
     Debian: debmake insecure temporary directories fix
     22nd, December, 2004

    Javier Fern‡ndez-Sanguino Pe–a noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim.

    http://www.linuxsecurity.com/content/view/117630
     
      Fedora
     Fedora: selinux-policy-targeted-1.17.30-2.51 update
     16th, December, 2004

    Fix problems with winbind, nscd, apache and others.

    http://www.linuxsecurity.com/content/view/117525
     
     Fedora: xcdroast-0.98a15-8 update
     16th, December, 2004

    fixed frozen progress bars with patch from Didier Heyden (bug #134334)

    http://www.linuxsecurity.com/content/view/117529
     
     Fedora: udev-039-10.FC3.6 update
     16th, December, 2004

    fixed a case where reading /proc/ide/hd?/media returns EIO (bug rh#142713) and added simple dvb rules

    http://www.linuxsecurity.com/content/view/117530
     
     Fedora: cups-1.1.20-11.7 update
     17th, December, 2004

    Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed.

    http://www.linuxsecurity.com/content/view/117540
     
     Fedora: cups-1.1.22-0.rc1.8.1 update
     17th, December, 2004

    Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed.

    http://www.linuxsecurity.com/content/view/117541
     
     Fedora: postgresql-7.4.6-1.FC2.2 update
     17th, December, 2004

    Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003)

    http://www.linuxsecurity.com/content/view/117542
     
     Fedora: postgresql-7.4.6-1.FC3.2 update
     17th, December, 2004

    Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003)

    http://www.linuxsecurity.com/content/view/117543
     
     Fedora: namazu-2.0.14-0.FC2.0 update
     20th, December, 2004

    Security fix release.

    http://www.linuxsecurity.com/content/view/117604
     
     Fedora: namazu-2.0.14-0.FC3.0 update
     20th, December, 2004

    Security fix release.

    http://www.linuxsecurity.com/content/view/117605
     
     Fedora: pam-0.77-66.1 update
     20th, December, 2004

    add argument to pam_console_apply to restrict its work to specified files. #140451 parse passwd entries correctly and test for failure

    http://www.linuxsecurity.com/content/view/117606
     
     Fedora: samba-3.0.10-1.fc2 update
     20th, December, 2004

    New upstream release that closes CAN-2004-1154 bz#142544. Include the -64bit patch from Nalin. This closes bz#142873. Update the -logfiles patch to work with 3.0.10

    http://www.linuxsecurity.com/content/view/117623
     
     Fedora: samba-3.0.10-1.fc3 update
     20th, December, 2004

    New upstream release that closes CAN-2004-1154 bz#142544. Include the -64bit patch from Nalin. This closes bz#142873. Update the -logfiles patch to work with 3.0.10

    http://www.linuxsecurity.com/content/view/117624
     
     Fedora: glibc-2.3.4-2.fc3 update
     21st, December, 2004

    work around rpm bug some more, this time by copying iconvconfig to iconvconfig.%{_target_cpu}.

    http://www.linuxsecurity.com/content/view/117625
     
     Fedora: krb5-1.3.6-1 update
     21st, December, 2004

    A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC.

    http://www.linuxsecurity.com/content/view/117626
     
     Fedora: krb5-1.3.6-2 update
     21st, December, 2004

    A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC.

    http://www.linuxsecurity.com/content/view/117627
     
     Fedora: php-4.3.10-3.2 update
     21st, December, 2004

    This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019) and exif image parsing (CVE CAN-2004-1065).

    http://www.linuxsecurity.com/content/view/117628
     
     Fedora: php-4.3.10-2.4 update
     21st, December, 2004

    This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019), exif image parsing (CVE CAN-2004-1065), and form upload parsing (CVE CAN-2004-0958 and CAN-2004-0959).

    http://www.linuxsecurity.com/content/view/117629
     
     Fedora: gnumeric-1.2.13-10 update
     22nd, December, 2004

    #rh133662# printer font fallback

    http://www.linuxsecurity.com/content/view/117648
     
     Fedora: selinux-policy-targeted-1.17.30-2.58 update
     22nd, December, 2004

    Several updates to fix problems with Apache, Squid, postgresql

    http://www.linuxsecurity.com/content/view/117649
     
     Fedora: abiword-2.0.12-9 update
     22nd, December, 2004

    RH#143180# backport fix for really stupid ownership of string bug

    http://www.linuxsecurity.com/content/view/117650
     
     Fedora: libtiff-3.5.7-21.fc2 update
     22nd, December, 2004

    Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisory: CAN-2004-1308

    http://www.linuxsecurity.com/content/view/117651
     
     Fedora: libtiff-3.6.1-8.fc3 update
     22nd, December, 2004

    Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisory: CAN-2004-1308

    http://www.linuxsecurity.com/content/view/117652
     
      Gentoo
     Gentoo: cscope Insecure creation of temporary files
     16th, December, 2004

    Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

    http://www.linuxsecurity.com/content/view/117558
     
     Gentoo: Adobe Acrobat Reader Buffer overflow vulnerability
     16th, December, 2004

    Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/117559
     
     Gentoo: samba Integer overflow
     17th, December, 2004

    Samba contains a bug that could lead to remote execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/117560
     
     Gentoo: PHP Multiple vulnerabilities
     19th, December, 2004

    Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/117576
     
     Gentoo: Ethereal Multiple vulnerabilities
     19th, December, 2004

    Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

    http://www.linuxsecurity.com/content/view/117577
     
     Gentoo: kdelibs, kdebase Multiple vulnerabilities
     19th, December, 2004

    kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.

    http://www.linuxsecurity.com/content/view/117578
     
     Gentoo: kfax Multiple overflows in the included TIFF library
     19th, December, 2004

    kfax contains several buffer overflows potentially leading to execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/117579
     
     Gentoo: abcm2ps Buffer overflow vulnerability
     19th, December, 2004

    abcm2ps is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/117580
     
     Gentoo: phpMyAdmin Multiple vulnerabilities
     19th, December, 2004

    phpMyAdmin contains multiple vulnerabilities which could lead to file disclosure or command execution.

    http://www.linuxsecurity.com/content/view/117581
     
     Gentoo: WordPress HTTP response splitting and XSS vulnerabilities
     19th, December, 2004

    Thomas Waldegger, who discovered these vulnerabilities, reported that these issues were not fixed in version 1.2.1. After notifying the developers, they released 1.2.2 to fix these flaws.

    http://www.linuxsecurity.com/content/view/117582
     
     Gentoo: NASM Buffer overflow vulnerability
     20th, December, 2004

    NASM is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious object file.

    http://www.linuxsecurity.com/content/view/117583
     
     Gentoo: MPlayer Multiple overflows
     20th, December, 2004

    Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.

    http://www.linuxsecurity.com/content/view/117584
     
     Gentoo: mpg123 Playlist buffer overflow
     21st, December, 2004

    mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.

    http://www.linuxsecurity.com/content/view/117611
     
     Gentoo: Zwiki XSS vulnerability
     21st, December, 2004

    Zwiki is vulnerable to cross-site scripting attacks.

    http://www.linuxsecurity.com/content/view/117622
     
      Mandrake
     Mandrake: wget download bug fix
     17th, December, 2004

    A problem in wget prevents it from downloading very large data files. The updated packages are patched to fix the problem.

    http://www.linuxsecurity.com/content/view/117536
     
     Mandrake: urpmi ssh parallel support fix
     17th, December, 2004

    A bug in the parallel ssh extension in urpmi would prevent parallel installations using ssh; urpmi would crash. The updated pacakges fix the problem.

    http://www.linuxsecurity.com/content/view/117537
     
     Mandrake: urpmi ssh parallel support fix
     18th, December, 2004

    A bug in the parallel ssh extension in urpmi would prevent parallel installations using ssh; urpmi would crash. The updated pacakges fix the problem.

    http://www.linuxsecurity.com/content/view/117574
     
     Mandrake: php multiple vulnerabilities fix
     18th, December, 2004

    A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the vulnerabilities, thanks to the efforts of the OpenPKG team who extracted and backported the fixes.

    http://www.linuxsecurity.com/content/view/117575
     
     Mandrake: aspell vulnerability fix
     20th, December, 2004

    A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code.

    http://www.linuxsecurity.com/content/view/117607
     
     Mandrake: ethereal multiple vulnerabilities fix
     20th, December, 2004

    A number of vulnerabilities were discovered in Ethereal.

    http://www.linuxsecurity.com/content/view/117608
     
     Mandrake: krb5 buffer overflow vulnerability fix
     22nd, December, 2004

    Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server.

    http://www.linuxsecurity.com/content/view/117641
     
     Mandrake: kdelibs multiple vulnerability fix
     22nd, December, 2004

    A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges (through JavaScript calling into Java code). This includes the reading and writing of files with the privileges of the user running the applet.

    http://www.linuxsecurity.com/content/view/117642
     
     Mandrake: logcheck temporary file vulnerability fix
     22nd, December, 2004

    A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges.

    http://www.linuxsecurity.com/content/view/117643
     
     Mandrake: mplayer multiple vulnerabilities fix
     22nd, December, 2004

    A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code.

    http://www.linuxsecurity.com/content/view/117645
     
      NetBSD
     NetBSD: Insufficient argument validation in compat code
     17th, December, 2004

    Some of the translation functions performed unsafe operations using the syscall arguments, and were exploitable to cause kernel traps. Some of the flaws may be exploitable and result in privilege escalation.

    http://www.linuxsecurity.com/content/view/117538
     
      Trustix
     Trustix: samba, php security update
     20th, December, 2004

    Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

    http://www.linuxsecurity.com/content/view/117571
     
     Trustix: kernel Remote hole, local DoS
     20th, December, 2004

    Paul Starzetz discovered a bug in the IGMP networking modules of the Linux kernel. This allows for a remote DoS and local root exploit.

    http://www.linuxsecurity.com/content/view/117572
     
     Trustix: anaconda, mailcap, mkinitrd, vim, postgresql, ntp, sqlgrey, db4, rsync, postgresql bugfixes
     20th, December, 2004

    The previous attempt to get PXE booting working with more network cards turned out not to work. This update fixes that.

    http://www.linuxsecurity.com/content/view/117573
     
     Trustix: kerberos5 execution of arbitary code by authenticated user
     21st, December, 2004

    There is a buffer overflow in the password history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitary code on a Key Distribution Center (KDC) server.

    http://www.linuxsecurity.com/content/view/117612
     
      Red Hat
     Red Hat: zip security issue fix
     16th, December, 2004

    An updated zip package that fixes a buffer overflow vulnerability is now available.

    http://www.linuxsecurity.com/content/view/117532
     
     Red Hat: libxml security vulnerabilities
     16th, December, 2004

    An updated libxml package that fixes multiple buffer overflows is now available.

    http://www.linuxsecurity.com/content/view/117533
     
     Red Hat: samba security issue fix
     16th, December, 2004

    Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 3.

    http://www.linuxsecurity.com/content/view/117534
     
     Red Hat: gd security issues fix
     17th, December, 2004

    Updated gd packages that fix security issues with overflow in various memory allocation calls are now available.

    http://www.linuxsecurity.com/content/view/117535
     
     Red Hat: Xfree86 security issues fix
     20th, December, 2004

    Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 2.1.

    http://www.linuxsecurity.com/content/view/117570
     
     Red Hat: rh-postgresql update
     20th, December, 2004

    Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to this issue.

    http://www.linuxsecurity.com/content/view/117601
     
     Red Hat: nfs-utils security vulnerabilities fix
     20th, December, 2004

    SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1014 to this issue.

    http://www.linuxsecurity.com/content/view/117602
     
     Red Hat: glibc update
     20th, December, 2004

    This errata fixes several bugs in the GNU C Library.

    http://www.linuxsecurity.com/content/view/117603
     
     Red Hat: php security issues and bugs fix
     21st, December, 2004

    Updated php packages that fix various security issues and bugs are now available for Red Hat Enterprise Linux 3.

    http://www.linuxsecurity.com/content/view/117620
     
     Red Hat: samba security issue fix
     21st, December, 2004

    Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1

    http://www.linuxsecurity.com/content/view/117621
     
      SuSE
     SuSE: various kernel problems
     21st, December, 2004

    Several vulnerabilities have been found and fixed in the Linux kernel.

    http://www.linuxsecurity.com/content/view/117618
     
     SuSE: samba remote privilege escalation
     22nd, December, 2004

    The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code.

    http://www.linuxsecurity.com/content/view/117619
     
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.