+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 4th, 2002 Volume 4, Number 26a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
[EMAIL PROTECTED] [EMAIL PROTECTED]
Linux Advisoiry Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for kopete, kde, unzip, acm, xgalaga,
mantis, kernel, proftpd, gtksee, proftpd, xpdf, acroread, tcptraceroute,
phpbb, noweb, gnocatan, mikmod, XFree86, PHP, ethereal, and ypserv. The
distributors include Conectiva, Debian, Gentoo, Immunix, Mandrake, Red
Hat, TurboLinux, and YellowDog. A number of advisories were released for
Debian and Gentoo. Red Hat released a moderate amount, and Immunix, Turbo
Linux, and Yellow Dog released only a few. There were several new
vulnerabilities found, but a majority of the advisories released were
patches to old issues.
Last week, many of you enjoyed the insightful comments submitted by others
readers. This week, many of our American readers are preparing for a long
holiday weekend. Other readers across the world are also on holiday
enjoying time with family and friends. Last weekend, I was quite busy
because I got married. What do we do with our servers during this time?
Many of us would like to shut them off and restart when we return. This
option is never feasible. Others have no worries and leave their systems
alone while away. No matter camp you're in, it is a great time to go
'back-to-the-basics.'
Today, many of us concern ourselves with complex security mechanisms and
newer technologies. However, many of us need to remember and return to
the basics. Are all accounts on the system legitimate and used regularly?
What is my password policy? Are only the minimum necessary applications on
the system? No matter how many times a system is patched, if a
disgruntled former employee still has an account on a system, it remains
extremely vulnerable.
People ask me almost daily, "I am new to Linux, how can I make sure that
my system is secure?" I always point new users to several resources.
First, the Linux Security Quick Reference card:
http://www.linuxsecurity.com/docs/QuickRefCard.pdf
Although it was written several years ago, almost all of it is sill
relevant. Topics on the quick reference card includes permissions, kernel
security, apache security, tcpwrappers, NIDS, critical system files, and
others. It is advisable to print it on a single sheet double sided.
Also, several other documents include the Linux Security Administrator's
Guide, and the Linux Security Howto:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html
http://www.linuxsecurity.com/docs/LDP/Security-HOWTO/
Both documents can provide you with a strong foundation in Linux security.
Often systems remain vulnerable because the basics have been ignored or
forgotten.
In this season of vacationing, it is a good time to remember the basics of
security administration. Double check your firewall rules, check for
unnecessary applications and users, and verify critical file permissions.
Until next time,
Benjamin D. Thomas
[EMAIL PROTECTED]
>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
Click Command:
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte25
FEATURE: Real-Time Alerting with Snort
Real-time alerting is a feature of an IDS or any other monitoring
application that notifies a person of an event in an acceptably short
amount of time. The amount of time that is acceptable is different for
every person.
http://www.linuxsecurity.com/feature_stories/feature_story-144.html
--------------------------------------------------------------------
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
--------------------------------------------------------------------
LINSECURITY.COM FEATURE:
Intrusion Detection Systems: An Introduction
By: Alberto Gonzalez
Intrusion Detection is the process and methodology of inspecting data for
malicious, inaccurate or anomalous activity. At the most basic levels
there are two forms of Intrusion Detection Systems that you will
encounter: Host and Network based.
http://www.linuxsecurity.com/feature_stories/feature_story-143.html
+---------------------------------+
| Distribution: Conectiva | ----------------------------//
+---------------------------------+
7/1/2003 - radiusd-cistron buffer overflow vulnerability
David Luyer reported[1] a buffer overflow vulnerability in
radiusd-cistron versions <= 1.6.6 that could allow remote
attackers to cause a denial of service (DoS) and possibly execute
arbitrary code in the server context.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3407.html
7/1/2003 - kopete
arbitrary command execution vulnerability
A vulnerability in the GnuPG plugin in kopete versions prior to
0.6.2 allows remote attackers to execute arbitrary commands in the
client context by sending specially crafted messages to it.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3408.html
7/1/2003 - kde
mulitple vulnerabilities
There are multiple vulnerabilities in KDE.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3409.html
7/3/2003 - unzip
directory traversal vulnerability
A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names.
http://www.linuxsecurity.com/advisories/connectiva_advisory-3426.html
+---------------------------------+
| Distribution: Debian | ----------------------------//
+---------------------------------+
6/28/2003 - acm
Integer overflow
A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names.
http://www.linuxsecurity.com/advisories/debian_advisory-3402.html
6/28/2003 - xgalaga
Buffer overflow vulnerability
A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names.
http://www.linuxsecurity.com/advisories/debian_advisory-3403.html
6/28/2003 - kernel-2.4.17 Multiple vulnerabilities
Buffer overflow vulnerability
A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names.
http://www.linuxsecurity.com/advisories/debian_advisory-3404.html
6/28/2003 - imagemagick
temporary file
A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names.
http://www.linuxsecurity.com/advisories/debian_advisory-3405.html
6/28/2003 - mantis
Incorrect permissions vulnerability
A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names.
http://www.linuxsecurity.com/advisories/debian_advisory-3406.html
7/1/2003 - proftpd
SQL injection vulnerability
ProFTPD's PostgreSQL authentication module is vulnerable to a SQL
injection attack.
http://www.linuxsecurity.com/advisories/debian_advisory-3411.html
7/1/2003 - gtksee
buffer overflow vulnerability
Viliam Holub discovered a bug in gtksee whereby, when loading PNG
images of certain color depths, gtksee would overflow a
heap-allocated buffer.
http://www.linuxsecurity.com/advisories/debian_advisory-3412.html
7/1/2003 - 2.2 kernel multiple vulnerabilities
buffer overflow vulnerability
This advisory is being released as a factual correction to
DSA-336-1.
http://www.linuxsecurity.com/advisories/debian_advisory-3413.html
+---------------------------------+
| Distribution: Gentoo | ----------------------------//
+---------------------------------+
6/27/2003 - proftpd
sql inject vulnerability
A SQL Inject exists in ProFTPD server using the mod_sql module to
authenticate against PostgreSQL database server. This
vulnerability may allow a remote user to login whithout user and
password.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3397.html
6/27/2003 - xpdf
arbitrary code execution vulnerability
Valid PDF files can contain malicious external-type hyperlinks
that can execute arbitrary shell commands underneath Unix with
various PDF viewers/readers.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3398.html
6/27/2003 - acroread
arbitrary code execution vulnerability
Valid PDF files can contain malicious external-type hyperlinks
that can execute arbitrary shell commands underneath Unix with
various PDF viewers/readers.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3399.html
6/27/2003 - ethereal
arbitrary code execution vulnerability
It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire, or by
convincing someone to read a malformed packet trace file.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3400.html
7/1/2003 - tcptraceroute
privilege escalation vulnerability
tcptraceroute 1.4 and earlier does not fully drop privileges after
obtaining a file descriptor for capturing packets, which may allow
local users to gain access to the descriptor via a separate
vulnerability in tcptraceroute.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3414.html
7/1/2003 - phpbb
SQL injection vulnerability
QL injection vulnerability in viewtopic.php for phpBB 2.0.5 and
earlier allows remote attackers to steal password hashes via the
topic_id parameter.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3415.html
7/1/2003 - noweb
insecure tmp file vulnerability
Multiple vulnerabilities in noweb 2.9 and earlier creates
temporary files insecurely, which allows local users to overwrite
arbitrary files via multiple vectors including the noroff script.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3416.html
7/1/2003 - gnocatan
multiple vulnerabilities
Bas Wijnen discovered that the gnocatan server is vulnerable to
several buffer overflows which could be exploited to execute
arbitrary code on the server system.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3417.html
7/3/2003 - mikmod
arbitrary code execution vulnerability
Buffer overflow in mikmod 3.1.6 and earlier allows remote
attackers to execute arbitrary code via an archive file that
contains a file with a long filename.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3427.html
+---------------------------------+
| Distribution: Immunix | ----------------------------//
+---------------------------------+
7/3/2003 - unzip
directory traversal vulnerabilities
Jelmer has discovered it is possible to bypass unzip's ".."
protections by including garbage characters between the two
periods.
http://www.linuxsecurity.com/advisories/immunix_advisory-3428.html
+---------------------------------+
| Distribution: Mandrake | ----------------------------//
+---------------------------------+
6/30/2003 - xpdf
arbitrary code execution vulnerability
Martyn Gilmore discovered flaws in various PDF viewers, including
xpdf.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3418.html
6/30/2003 - ypserv
denial of service vulnerability
A vulnerability was found in versions of ypserv prior to version
2.7.
http://www.linuxsecurity.com/advisories/mandrake_advisory-3419.html
+---------------------------------+
| Distribution: RedHat | ----------------------------//
+---------------------------------+
6/27/2003 - XFree86
multiple vulnerabilities
Since the last XFree86 update for Red Hat Linux 7.1 and 7.2, a
number of security vulnerabilities have been found and fixed.
http://www.linuxsecurity.com/advisories/redhat_advisory-3401.html
7/1/2003 - unzip
trojan vulnerability
A vulnerabilitiy in unzip version 5.50 and earlier allows
attackers to overwrite arbitrary files during archive extraction
by placing invalid (non-printable) characters between two "."
characters.
http://www.linuxsecurity.com/advisories/redhat_advisory-3420.html
7/2/2003 - PHP
multiple vulnerabilities
his update contains fixes for a number of bugs discovered in the
version of PHP included in Red Hat Linux 8.0 and 9.
http://www.linuxsecurity.com/advisories/redhat_advisory-3425.html
7/3/2003 - ethereal
multiple vulnerabilities
A number of security issues affect Ethereal.
http://www.linuxsecurity.com/advisories/redhat_advisory-3429.html
+---------------------------------+
| Distribution: TurboLinux | ----------------------------//
+---------------------------------+
7/2/2003 - radiusd-cistron arbitrary code execution vulnerability
multiple vulnerabilities
This may allow remote attackers to cause a denial of service or
even execute arbitrary code.
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3421.html
7/2/2003 - kernel
multiple vulnerabilities
Local users may be able to gain read or write access to certain
I/O ports. Attackers may be able to cause a denial of service .
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3422.html
+---------------------------------+
| Distribution: YellowDog | ----------------------------//
+---------------------------------+
7/2/2003 - ypserv
denial of service vulnerability
A vulnerability has been discovered in the ypserv NIS server prior
to version 2.7.
http://www.linuxsecurity.com/advisories/yellowdog_advisory-3423.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email [EMAIL PROTECTED]
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn'
in the BODY of the mail.
