+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 17th, 2002 Volume 3, Number 20a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
[EMAIL PROTECTED] [EMAIL PROTECTED]
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for icecast, shareutils, fileutils,
imapd, shadow/pam modules, lukemftp, openssh, tcpdump, and mpg123. The
Vendors include Caldera, Mandrake, Red Hat, and SuSE.
* SECURE YOUR APACHE SERVERS WITH 128-BIT SSL ENCRYPTION *
Guarantee transmitted data integrity, secure all communication
sessions and more with SSL encryption from Thawte- a leading global
certificate provider for the Open Source community. Learn more in our
FREE GUIDE--click here to get it now:
http://www.gothawte.com/rd250.html
FTP Attack Case Study Part I: The Analysis
This article presents a case study of a company network server compromise.
The attack and other intruder's actions are analyzed. Computer forensics
investigation is undertaken and results are presented. The article
provides an opportunity to follow the trail of incident response for the
real case.
http://www.linuxsecurity.com/feature_stories/ftp-analysis-part1.html
+---------------------------------+
| icecast | ----------------------------//
+---------------------------------+
Buffer overflows in the icecast server allow remote attackers to execute
arbitrary code via a long HTTP GET request, as well as allowing denial of
service attacks.
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/
3.1.1/Server/current/RPMS
icecast-1.3.12-1.i386.rpm
83407efa0c40a9ceac02606ae37237f2
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2067.html
+---------------------------------+
| shareutils | ----------------------------//
+---------------------------------+
The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format. The uudecode utility would
create an output file without checking to see if t was about to write to a
symlink or a pipe. If a user uses uudecode to extract data into open
shared directories, such as /tmp, this vulnerability could be used by a
local attacker to overwrite files or lead to privilege escalation.
Red Hat i386:
ftp://updates.redhat.com/7.2/en/os/i386/
sharutils-4.2.1-8.7.x.i386.rpm
38d89d89bb513d216b1a2a954be6d07b
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2069.html
+---------------------------------+
| fileutils | ----------------------------//
+---------------------------------+
A race condition in various utilities from the GNU fileutils package may
cause a root user to delete the whole filesystem. This updates resolves a
problem in the original fix that would cause an attempt to recursively
remove a directory with trailing slashes to memory fault.
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/current/RPMS/fileutils-4.1-5.i386.rpm
d01d42d41800d0b9c1d02c4fec07a79d
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2070.html
Mandrake Linux 8.1:
http://www.mandrakesecure.net/en/ftp.php
8.1/RPMS/fileutils-4.1-4.1mdk.i586.rpm
593e200c8b2f2c83e7a6bb90a54cd853
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2075.html
+---------------------------------+
| imapd | ----------------------------//
+---------------------------------+
A malicious user may construct a malformed request that will cause a
buffer overflow, allowing the user to run code on the server with the uid
and gid of the e-mail owner.
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/
Server/current/RPMS/imap-2000-14.i386.rpm
3d4c39ed407a122f963f9f508f908c92
imap-devel-2000-14.i386.rpm
5c49edd5001471188ed6da5a20413f42
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2071.html
+---------------------------------+
| shadow/pam modules | ----------------------------//
+---------------------------------+
The shadow package contains several useful programs to maintain the
entries in the /etc/passwd and /etc/shadow files.The SuSE Security Team
discovered a vulnerability that allows local attackers to destroy the
contents of these files or to extend the group privileges of certain
users. This is possible by setting evil filesize limits before invoking
one of the programs modifying the system files. Depening on the
permissions of the system binaries this allows a local attacker to gain
root privileges in the worst case. This however is not possible in a
default installation.
SuSE i386 Intel Platform:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/
shadow-4.0.2-88.i386.rpm
a4e0d03ecf7707eb7ca1f0422cae89f1
ftp://ftp.suse.com/pub/suse/i386/update/8.0/a1/
pam-modules-2002.3.9- 31.i386.rpm
70322584f014ac3e2dc2dad0beecdefb
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2072.html
+---------------------------------+
| lukemftp | ----------------------------//
+---------------------------------+
A buffer overflow could be triggered by an malicious ftp server while the
client parses the PASV ftp command. An attacker who control an ftp server
to which a client using lukemftp is connected can gain remote access to
the clients machine with the privileges of the user running lukeftp.
SuSE i386 Intel Platform:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/
lukemftp-1.5-249.i386.rpm
0ae28f7ca49157bfa5783626d3e82cef
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2073.html
+---------------------------------+
| openssh | ----------------------------//
+---------------------------------+
A buffer overflow exists in OpenSSH if KerberosTgtPassing or
AFSTokenPassing has been enabled in the sshd_config file. A malicious
user, possibly remote, could use this vulnerability to gain privileged
access to the system.
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/
3.1.1/Server/current/RPMS/openssh-2.9p2-6.i386.rpm
f9a494af5e0e6a8eec419f8f94087f7e
openssh-askpass-2.9p2-6.i386.rpm
b9fcc6352bc4c65f63cda1b0caa2b89c
openssh-server-2.9p2-6.i386.rpm
ff4a5bc7e7b1d4fd3f79c647d11d9162
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2074.html
+---------------------------------+
| tcpdump | ----------------------------//
+---------------------------------+
Several buffer overflows were found in the tcpdump package by FreeBSD
developers during a code audit, in versions prior to 3.5. However, newer
versions of tcpdump, including 3.6.2, are also vulnerable to another
buffer overflow in the AFS RPC decoding functions, which was discovered by
Nick Cleaton. These vulnerabilities could be used by a remote attacker to
crash the the tcpdump process or possibly even be exploited to execute
arbitrary code as the user running tcpdump, which is usually root.
Mandrake Linux 8.2:
http://www.mandrakesecure.net/en/ftp.php
8.2/RPMS/tcpdump-3.6.2-2.1mdk.i586.rpm
8c36a78c9a086c2d582d70d431533650
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2076.html
+---------------------------------+
| mpg123 | ----------------------------//
+---------------------------------+
It is possible for mpg321 before version 0.2.9 to segfault if given
certain specifically crafted data. In the case of network streaming, this
data would be remotely supplied, which could lead to remote code
execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0272 to this issue. It is
recommended that users of mpg321 upgrade to these errata packages
containing mpg321 version 0.2.10, which is not vulnerable to this issue.
Red Hat i386:
ftp://updates.redhat.com/7.2/en/os/i386/
mpg321-0.2.9-2.5.i386.rpm
303336e4e07e4df3e4d5eaec1411471a
ftp://updates.redhat.com/7.2/en/os/i386/
libmad-0.14.2b-3.i386.rpm
77ea28f34a20a0aa98287bc018240bab
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2077.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email [EMAIL PROTECTED]
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn'
in the BODY of the mail.
