Linux Advisory Watch: July 22nd 2005

    Date22 Jul 2005
    CategoryNewsletters
    8479
    Posted ByBrittany Day
    This week, advisories were released for krb5, heimdal, phpgadmin, ekg, heartbeat, affix, zlib, cacti, java, diskdumputils, radvd, bind, kdelibs, freeradius, firefox, thunderbird, ypserv, mysql, setarch, openoffice, pvm, fetchmail, mozilla, epiphany, devhelp, yelp, php, ruby, acroread, phpgroupware, dhcpd, mediawiki, cpio, shorewall, and kdenetwork. The distributors include Debian, Fedora, Gentoo, and Red Hat.


    Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design.

    Network Server Monitoring With Nmap
    By: Pax Dickinson

    Portscanning, for the uninitiated, involves sending connection requests to a remote host to determine what ports are open for connections and possibly what services they are exporting. Portscanning is the first step a hacker will take when attempting to penetrate your system, so you should be preemptively scanning your own servers and networks to discover vulnerabilities before someone unfriendly gets there first.

    Any open ports that are unnecessary for proper system operation should be closed. Every open port is a possible access point for an unauthorized user, and every service accepting connections from the world could have a vulnerability. Even if you are diligent about applying patches, any unnecessarily running service is still a window an attacker could possibly climb through.

    One way of viewing open ports on your Linux system is with the netstat command. Issue the command netstat --inet -a to view both your established connections and open listening network ports. This command reads from your /etc/services file to determine the service name for a given port number, so seeing *:www under the Local Address heading indicates your server's port 80 is open and listening, not that there is necessarily a webserver running on that port. You should check the list and ensure that the servers listening are indeed desired, and if they are not, they should be disabled. For example, this output shows me that my system is accepting connections on the ports for www, ssh, smtp and https.

    Read Complete Article:
    http://www.linuxsecurity.com/content/view/119808/49/

     

    LinuxSecurity.com Feature Extras:

    Pull The Plug Revisited: An Interview Five Years Later - Five years after our original interview with Brian Gemberling, founder of PullthePlug.org, we catch up with Daniel Alvarez and the rest of the site's administrative management. Its structured management and focus on the community will ensure many years of continued success. You're asking, what is pull the plug? Read more to find out...

    Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

    Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

     

    Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with "subscribe" as the subject.

    Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


      Debian
     Debian: New krb5 packages fix multiple vulnerabilities
     17th, July, 2005

    Daniel Wachdorf reported two problems in the MIT krb5 distribution used for network authentication.

    http://www.linuxsecurity.com/content/view/119798
     
     Debian: New heimdal packages fix arbitrary code execution
     18th, July, 2005

    A buffer overflow has been discovered in the telnet server from Heimdal, a free implementation of Kerberos 5, that could lead to the execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/119802
     
     Debian: New phppgadmin packages fix directory traversal vulnerability
     18th, July, 2005

    A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that "magic_quotes_gpc" is disabled.

    http://www.linuxsecurity.com/content/view/119804
     
     Debian: New ekg packages fix several vulnerabilities
     18th, July, 2005

    Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program.

    http://www.linuxsecurity.com/content/view/119812
     
     Debian: New heartbeat packages fix insecure temporary files
     19th, July, 2005

    Eric Romang discovered several insecure temporary file creations in heartbeat, the subsystem for High-Availability Linux.

    http://www.linuxsecurity.com/content/view/119816
     
     Debian: New affix packages fix arbitrary command and code execution
     19th, July, 2005

    Kevin Finisterre discovered two problems in the Bluetooth FTP client from affix, user space utilities for the Affix Bluetooth protocol stack.

    http://www.linuxsecurity.com/content/view/119817
     
     Debian: New zlib packages fix buffer overflow
     20th, July, 2005

    Flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file.

    http://www.linuxsecurity.com/content/view/119837
     
     Debian: New cacti packages fix several vulnerabilities
     21st, July, 2005

    Several vulnerabilities have been discovered in cacti, a round-robin database (RRD) tool that helps create graphs from database information.

    http://www.linuxsecurity.com/content/view/119838
     
      Fedora
     Fedora Core 4 Update: java-1.4.2-gcj-compat-1.4.2.0-40jpp_31rh.FC4.1
     18th, July, 2005

    Cope with impending libgcj and eclipse-ecj updates and provide aot-compile-rpm.

    http://www.linuxsecurity.com/content/view/119809
     
     Fedora Core 3 Update: diskdumputils-1.1.7-3
     18th, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119810
     
     Fedora Core 4 Update: diskdumputils-1.1.7-4
     18th, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119811
     
     Fedora Core 4 Update: radvd-0.8-1.FC4
     18th, July, 2005

    New package released.

    http://www.linuxsecurity.com/content/view/119814
     
     Fedora Core 3 Update: radvd-0.8-1.FC3
     18th, July, 2005

    New package released.

    http://www.linuxsecurity.com/content/view/119815
     
     Fedora Core 4 Update: bind-9.3.1-8.FC4
     19th, July, 2005

    Fix named.init script bugs.

    http://www.linuxsecurity.com/content/view/119820
     
     Fedora Core 3 Update: bind-9.2.5-3
     19th, July, 2005

    Fix named.init script bugs.

    http://www.linuxsecurity.com/content/view/119821
     
     Fedora Core 3 Update: radvd-0.8-2.FC3
     19th, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119822
     
     Fedora Core 4 Update: radvd-0.8-2.FC4
     19th, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119823
     
     Fedora Core 3 Update: kdelibs-3.3.1-2.14.FC3
     19th, July, 2005

    A flaw was discovered affecting Kate, the KDE advanced text editor, and Kwrite. Depending on system settings it may be possible for a local user to read the backup files created by Kate or Kwrite.

    http://www.linuxsecurity.com/content/view/119824
     
     Fedora Core 4 Update: freeradius-1.0.4-1.FC4.1
     20th, July, 2005

    Fixes missing ldap plugin.

    http://www.linuxsecurity.com/content/view/119828
     
     Fedora Core 3 Update: firefox-1.0.6-1.1.fc3
     20th, July, 2005

    Fix various security related bugs.

    http://www.linuxsecurity.com/content/view/119831
     
     Fedora Core 3 Update: thunderbird-1.0.6-1.1.fc3
     20th, July, 2005

    Fix various security related bugs.

    http://www.linuxsecurity.com/content/view/119832
     
     Fedora Core 4 Update: firefox-1.0.6-1.1.fc4
     20th, July, 2005

    Fix various security related bugs.

    http://www.linuxsecurity.com/content/view/119833
     
     Fedora Core 4 Update: thunderbird-1.0.6-1.1.fc4
     20th, July, 2005

    Fix various security related bugs.

    http://www.linuxsecurity.com/content/view/119834
     
     Fedora Core 4 Update: ypserv-2.13-7
     20th, July, 2005

    Fix crash with ypxfr caused by failing to zero out data.

    http://www.linuxsecurity.com/content/view/119836
     
     Fedora Core 4 Update: mysql-4.1.12-2.FC4.1
     20th, July, 2005

    Update to MySQL 4.1.12 (includes a low-impact security fix, see bz#158689). Repair some issues in openssl support. Re-enable the old ISAM table type.

    http://www.linuxsecurity.com/content/view/119835
     
     Fedora Core 4 Update: setarch-1.8-1.FC4
     21st, July, 2005

    Bugfix package release.

    http://www.linuxsecurity.com/content/view/119842
     
     Fedora Core 4 Update: openoffice.org-1.9.117-3.1.0.fc4
     21st, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119843
     
     Fedora Core 3 Update: pvm-3.4.5-5_FC3
     21st, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119844
     
     Fedora Core 4 Update: pvm-3.4.5-5_FC4
     21st, July, 2005

    Updated package released.

    http://www.linuxsecurity.com/content/view/119845
     
     Fedora Core 4 Update: fetchmail-6.2.5-7.fc4.1
     21st, July, 2005

    A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause fetchmail to execute arbitrary code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2355 to this issue. All fetchmail users should upgrade to the updated package, which fixes this issue.

    http://www.linuxsecurity.com/content/view/119846
     
     Fedora Core 3 Update: fetchmail-6.2.5-7.fc3.1
     21st, July, 2005

    A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause fetchmail to execute arbitrary code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2355 to this issue. All fetchmail users should upgrade to the updated package, which fixes this issue.

    http://www.linuxsecurity.com/content/view/119847
     
     Fedora Core 3 Update: mozilla-1.7.10-1.3.1
     22nd, July, 2005

    Package repairs various vulnerabilities.

    http://www.linuxsecurity.com/content/view/119853
     
     Fedora Core 3 Update: epiphany-1.4.4-4.3.5
     22nd, July, 2005

    There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.

    http://www.linuxsecurity.com/content/view/119854
     
     Fedora Core 3 Update: devhelp-0.9.2-2.3.5
     22nd, July, 2005

    There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.

    http://www.linuxsecurity.com/content/view/119855
     
     Fedora Core 4 Update: mozilla-1.7.10-1.5.1
     22nd, July, 2005

    Package repairs various vulnerabilities.

    http://www.linuxsecurity.com/content/view/119856
     
     Fedora Core 4 Update: epiphany-1.6.3-2
     22nd, July, 2005

    There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.

    http://www.linuxsecurity.com/content/view/119857
     
     Fedora Core 4 Update: devhelp-0.10-1.4.1
     22nd, July, 2005

    There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.

    http://www.linuxsecurity.com/content/view/119858
     
     Fedora Core 4 Update: yelp-2.10.0-1.4.1
     22nd, July, 2005

    There were several security flaws found in the mozilla package, which yelp depends on. Users of yelp are advised to upgrade to this updated package which has been rebuilt against a version of mozilla not vulnerable to these flaws.

    http://www.linuxsecurity.com/content/view/119859
     
      Gentoo
     Gentoo: Mozilla Firefox Multiple Vulnerabilities
     15th, July, 2005

    Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak.

    http://www.linuxsecurity.com/content/view/119617
     
     Gentoo: PHP Script injection through XML-RPC
     15th, July, 2005

    PHP includes an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.

    http://www.linuxsecurity.com/content/view/119622
     
     Gentoo: Ruby Arbitrary command execution through XML-RPC
     15th, July, 2005

    A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute arbitrary commands.

    http://www.linuxsecurity.com/content/view/119628
     
     Gentoo: Adobe Acrobat Reader Buffer overflow vulnerability
     15th, July, 2005

    Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/119629
     
     Gentoo: phpGroupWare, eGroupWare PHP script injection vulnerability
     15th, July, 2005

    phpGroupWare and eGroupWare include an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.

    http://www.linuxsecurity.com/content/view/119630
     
     Gentoo: dhcpcd Denial of Service vulnerability
     15th, July, 2005

    A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.

    http://www.linuxsecurity.com/content/view/119632
     
     Gentoo: Mozilla Thunderbird Multiple Vulnerabilities
     18th, July, 2005

    Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leak.

    http://www.linuxsecurity.com/content/view/119803
     
     Gentoo: Mozilla Thunderbird Multiple vulnerabilities
     19th, July, 2005

    Several vulnerabilities in Mozilla Thunderbird allow attacks ranging from execution of script code with elevated privileges to information leaks.

    http://www.linuxsecurity.com/content/view/119825
     
     Gentoo: MediaWiki Cross-site scripting vulnerability
     20th, July, 2005

    MediaWiki is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

    http://www.linuxsecurity.com/content/view/119826
     
     Gentoo: zlib Buffer overflow
     22nd, July, 2005

    zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code.

    http://www.linuxsecurity.com/content/view/119860
     
     Gentoo: Shorewall Security policy bypass
     22nd, July, 2005

    A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.

    http://www.linuxsecurity.com/content/view/119861
     
      Red Hat
     RedHat: Important: firefox security update
     21st, July, 2005

    An updated firefox package that fixes various security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

    http://www.linuxsecurity.com/content/view/119839
     
     RedHat: Low: cpio security update
     21st, July, 2005

    An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

    http://www.linuxsecurity.com/content/view/119848
     
     RedHat: Important: zlib security update
     21st, July, 2005

    Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

    http://www.linuxsecurity.com/content/view/119849
     
     RedHat: Important: thunderbird security update
     21st, July, 2005

    Updated thunderbird package that fixes various bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

    http://www.linuxsecurity.com/content/view/119850
     
     RedHat: Critical: kdenetwork security update
     21st, July, 2005

    Updated kdenetwork packages to correct a security flaw in Kopete are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.

    http://www.linuxsecurity.com/content/view/119852
     
     RedHat: Important: mozilla security update
     22nd, July, 2005

    Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

    http://www.linuxsecurity.com/content/view/119862
     
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.