Linux Advisory Watch - August 15th 2003

[vuln-newsletter-admins@xxxxxxxxxxxxxxxxx]

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  August 15th, 2003                        Volume 4, Number 32a |
+----------------------------------------------------------------+

    Editors:     Dave Wreski                Benjamin Thomas
                 dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for lynx, zblast, perl, kernel,
signal, iBCS2, ddskk, konquerer, man-db, xpcd, stunnel, postfix, and php.
The distributors include Conectiva, Debian, FreeBSD, Gentoo, Red Hat,
SuSe, Trustix, and TurboLinux.

>> FREE Apache SSL Guide from Thawte <<
Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

 Click Command:
 http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=vertad_thawteapache

For many, it has been an eventful week.  Blaster has affected nearly every
windows server on the net.  Although I'm sure many Linux administrators
smirked while saying "not my servers," an equal number had "to deal with
it."  Whether you maintain Windows boxes or not, there are several lessons
to be learned.  First, as most readers of this newsletter are already
aware, patching is critical.  Also, incident preparation is extremely
important.  It is important to develop a weekly schedule where time can be
allocated for regular server maintenance.  Also, a documented set of
incident procedures should be written.  It is important to have emergency
contacts and system procedures documented before an incident so that
damage can be minimized.

Last week I reviewed the O'Reilly book, Secure Coding: Principles &
Practices.  I received several emails about the book including one from
David Wheeler, author of the "Secure Programming for Linux and Unix
HOWTO."  Because I've found this document helpful in the past, I thought
that I should share it with you.  The latest PDF version of the document
is 168 pages, written in twelve chapters.  It is distributed under the GNU
Free Documentation License, therefore copying and distributing is
perfectly legal.  In the past, I've sent previous versions of this
document to friends who are full time software developers.  Everyone that
has read this document has been impressed.

The HOWTO includes chapters on input validation, avoiding buffer
overflows, using system resources, as well as special topics that include
passwords, random numbers, cryptography, and authentication.  The book
also includes a chapter with specific information for popular languages
such as C/C++, PERL, python, shell, Ada, Java, Tcl, and PHP.

This HOWTO is worth the bandwidth!  Download it!  It is a great addition
to last week's book because it focuses on many specific issues.  If you
have a problem related to secure program to solve, this is definitely one
of the first places you should check.

http://www.dwheeler.com/secure-programs/

Until next time,
Benjamin D. Thomas
ben@xxxxxxxxxxxxxxxxx



Expert vs. Expertise: Computer Forensics and the Alternative OS

No longer a dark and mysterious process, computer forensics have
been significantly on the scene for more than five years now.
Despite this, they have only recently gained the notoriety they
deserve.

http://www.linuxsecurity.com/feature_stories/feature_story-147.html

--------------------------------------------------------------------

REVIEW: Linux Security Cookbook

There are rarely straightforward solutions to real world issues,
especially in the field of security. The Linux Security Cookbook is an
essential tool to help solve those real world problems. By covering
situations that apply to everyone from the seasoned Systems Administrator
to the security curious home user, the Linux Security Cookbook
distinguishes itself as an indispensible reference for security oriented
individuals.

http://www.linuxsecurity.com/feature_stories/feature_story-145.html


-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

   8/11/2003 - lynx
     CRLF injection vulnerability

     Ulf Harnhammar reported a CRLF  injection vulnerability in lynx.
     http://www.linuxsecurity.com/advisories/connectiva_advisory-3552.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

   8/8/2003 - 'man-db' vulnerability
     CRLF injection vulnerability

     The previous man-db update (DSA-364-1) introduced an error
     whichresulted in a segmentation fault in the "mandb" command, which
     runspart of the daily cron job.  This error was caused by allocating
     a memory region which was one byte too small to hold the data
     written into it.
     http://www.linuxsecurity.com/advisories/debian_advisory-3542.html

   8/8/2003 - 'xtokkaetama' buffer overflow
     CRLF injection vulnerability

     Another buffer overflow was discovered in xtokkaetama, involving
     the"-nickname" command line option. This vulnerability could
     be exploited by a local attacker to gain gid 'games'.
     http://www.linuxsecurity.com/advisories/debian_advisory-3543.html

   8/8/2003 - 'xpcd' buffer overflow
     CRLF injection vulnerability

     Steve Kemp discovered a buffer overflow in xpcd-svga which can
     be triggered by a long HOME environment variable.  This
     vulnerability could be exploited by a local attacker to gain root
     privileges.
     http://www.linuxsecurity.com/advisories/debian_advisory-3544.html

   8/11/2003 - zblast
     buffer overflow vulnerability

     Steve Kemp discovered a buffer overflow in zblast-svgalib, when
     saving the high score file.
     http://www.linuxsecurity.com/advisories/debian_advisory-3545.html

   8/11/2003 - pam-pgsql format string vulnerability
     buffer overflow vulnerability

     There is a vulnerability in pam-pgsql whereby the username to be
     used for authentication is used as a format string when writing a
     log message.
     http://www.linuxsecurity.com/advisories/debian_advisory-3546.html

   8/9/2003 - kdelibs-crypto multiple vulnerabilities
     buffer overflow vulnerability

     There are multiple vulnerabilities in kdelibs.
     http://www.linuxsecurity.com/advisories/debian_advisory-3547.html

   8/11/2003 - perl
     CGI.pm XSS vulnerability

     A cross-site scripting vulnerability exists in the
     start_form()function in CGI.pm.
     http://www.linuxsecurity.com/advisories/debian_advisory-3553.html

   8/14/2003 - kernel
     oops

     This advisory provides a correction to the previous kernel
     updates, which contained an error introduced in
     kernel-source-2.4.18 version2.4.18-10.
     http://www.linuxsecurity.com/advisories/debian_advisory-3554.html


+---------------------------------+
|  Distribution: FreeBSD          | ----------------------------//
+---------------------------------+

   8/11/2003 - signal
     kernel vulnerability

     Some mechanisms for causing a signal to be sent did not
     properly validate the signal number, in some cases allowing the
     kernel to attempt to deliver a negative or out-of-range signal
     number.
     http://www.linuxsecurity.com/advisories/freebsd_advisory-3548.html

   8/11/2003 - iBCS2
     kernel vulnerability

     The iBCS2 system call translator for statfs erroneously used
     the user-supplied length parameter when copying a kernel data
     structure into userland.  If the length parameter were larger than
     required, then instead of copying only the statfs-related data
     structure, additional kernel memory would also be made available to
     the user.
     http://www.linuxsecurity.com/advisories/freebsd_advisory-3549.html

   8/12/2003 - kernel
     signal vulnerability

     Some mechanisms for causing a signal to be sent did not
     properly validate the signal number, in some cases allowing the
     kernel to attempt to deliver a negative or out-of-range signal
     number.
     http://www.linuxsecurity.com/advisories/freebsd_advisory-3555.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

   8/14/2003 - multiple
     vulnerabilities

     There are multiple vulnerabilities in Gentoo Linux source tree.
     http://www.linuxsecurity.com/advisories/gentoo_advisory-3556.html


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

   8/8/2003 - 'up2date' gpg signature verification vulnerability
     vulnerabilities

     up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG
     signatures. These are the versions found in Red Hat Linux 8.0 and
     9.
     http://www.linuxsecurity.com/advisories/redhat_advisory-3539.html

   8/11/2003 - ddskk
     tmp file vulnerability

     ddskk does not take appropriate security precautions when
     creating temporary files.
     http://www.linuxsecurity.com/advisories/redhat_advisory-3550.html

   8/11/2003 - konquerer
     information disclosure vulnerability

     Konqueror may inadvertently send authentication credentials to
     websites other than the intended website inclear text via the
     HTTP-referer header.
     http://www.linuxsecurity.com/advisories/redhat_advisory-3551.html


+---------------------------------+
|  Distribution: SuSe             | ----------------------------//
+---------------------------------+

   8/12/2003 - kernel
     multiple vulnerabilities

     There are multiple vulnerabilities in the kernel.
     http://www.linuxsecurity.com/advisories/suse_advisory-3557.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

   8/8/2003 - 'stunnel' DoS vulnerability
     multiple vulnerabilities

     Stunnel prior to 3.25 and 4.04 has an error in the SIGCHILD
     handling  code which could lead to a denial of service attack if
     the child  processes were terminated too fast.
     http://www.linuxsecurity.com/advisories/trustix_advisory-3540.html

   8/8/2003 - 'postfix' DoS vulnerability
     multiple vulnerabilities

     This patch fixes a denial of service condition in the Postfix
     smtpd,  qmgr, and other programs that use the trivial-rewrite
     service.  The problem is triggered when an invalid address
     resolves to an  impossible result. This causes the affected
     programs to reject the  result and to retry the trivial-rewrite
     request indefinitely.
     http://www.linuxsecurity.com/advisories/trustix_advisory-3541.html


+---------------------------------+
|  Distribution: TurboLinux       | ----------------------------//
+---------------------------------+

   8/13/2003 - php
     XSS vulnerability

     An attacker could use this vulnerability to execute embedded scripts
     within the context of the generated page.
     http://www.linuxsecurity.com/advisories/turbolinux_advisory-3558.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------