Linux Advisory Watch - October 1st 2004

[vuln-newsletter-admins@xxxxxxxxxxxxxxxxx]

+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  October 1st, 2004                           Volume 5, Number 39a   |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for kernel, imlib, getmail, sendmail,
vnc, CUPS, cadaver, tcpdump, freenet6, apache, subversion, sharutils,
webmin, and NetPBM.  The distributors include Conectiva, Debian, Fedora,
Gentoo, Mandrake, and Trustix.

-----

SSL123 - New from Thawte

Get SSL123 the new full 128-bit capable digital certificate - issued
within minutes for US $159.00. Free reissues and experienced 24/5
multi-lingual support included for the life of the certificate.

 Click Here to Read More:
 http://ad.doubleclick.net/clk;9216017;9649395;w

-----

Physical Security

The first ``layer'' of security you need to take into account is the
physical security of your computer systems. Who has direct physical access
to your machine? Should they? Can you protect your machine from their
tampering? Should you?

How much physical security you need on your system is very dependent on
your situation, and/or budget.

If you are a home user, you probably don't need a lot (although you might
need to protect your machine from tampering by children or annoying
relatives).  If you are in a Lab environment, you need considerably more,
but users will still need to be able to get work done on the machines.
Many of the following sections will help out. If you are in a Office, you
may or may not need to secure your machine off hours or while you are
away. At some companies, leaving your console unsecured is a termination
offense.

Obvious physical security methods such as locks on doors, cables, locked
cabinets, and video surveillance are all a good idea, but beyond the scope
of this document.

Make use of /etc/shutdown.allow to prevent someone from rebooting your
machine.  This file is consulted when the machine is rebooted using the
Control-Alt-Del keys.  It contains a list of usernames that are authorized
to reboot the machine.

Excerpt from the LinuxSecurity Administrator's Guide:
http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html

Written by: Dave Wreski (dave@xxxxxxxxxxxxxxxxxxx)

-----

AIDE and CHKROOTKIT

Network security is continuing to be a big problem for companies and home
users. The problem can be resolved with an accurate security analysis. In
this article I show how to approach security using aide and chkrootkit.

http://www.linuxsecurity.com/feature_stories/feature_story-173.html

---------------------------------------------------------------------

An Interview with Gary McGraw, Co-author of Exploiting Software:
How to Break Code

Gary McGraw is perhaps best known for his groundbreaking work on securing
software, having co-authored the classic Building Secure Software
(Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund
a companion volume, Exploiting Software, which details software security
from the vantage point of the other side, the attacker. He has graciously
agreed to share some of his insights with all of us at LinuxSecurity.com

http://www.linuxsecurity.com/feature_stories/feature_story-171.html

------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

+---------------------------------+
|  Distribution: Conectiva        | ----------------------------//
+---------------------------------+

 9/27/2004 - kernel
   vulnerability fix

   This announcement fixes a missing[1] Discretionary Access Control
   (DAC) check in the chown system call that allowed a local user to
   change the group ownership of arbitrary files to a group that he
   or she belongs to, leading to a privileges escalation
   vulnerability.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4868.html

 9/28/2004 - imlib
   and imlib2 Fix for a buffer overflow

   Marcus Meissner noticed that due to improper bounds checking,
   imlib[3] and imlib2[4] are vulnerable to a buffer overflow when
   decoding runlength-encoded bitmaps.
   http://www.linuxsecurity.com/advisories/conectiva_advisory-4871.html


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

 9/27/2004 - getmail
   symlink vulnerability

   A security problem has been discovered in getmail, a POP3 and APOP
   mail gatherer and forwarder.  An attacker with a shell account on
   the victims host could utilise getmail to overwrite arbitrary
   files when it is running as root.
   http://www.linuxsecurity.com/advisories/debian_advisory-4840.html

 9/27/2004 - sendmail
   pre-set password

   Hugo Espuny discovered a problem in sendmail, a commonly used
   program to deliver electronic mail.  When installing "sasl-bin" to
   use sasl in connection with sendmail, the sendmail configuration
   script use fixed user/pass information to initialise the sasl
   database.
   http://www.linuxsecurity.com/advisories/debian_advisory-4880.html


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

 9/28/2004 - vnc
   update fixes several bugs

   This package updates VNC to the latest released version, 4.0.  It
   also fixes several bugs not fixed upstream.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4872.html

 9/28/2004 - CUPS
   update fixes a denial of service problem

   This update fixes a denial of service problem causing loss of
   browse services. The Common Vulnerabilities and Exposures project
   (cve.mitre.org) has assigned the name CAN-2004-0558 to this issue.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4873.html

 9/29/2004 - system-config-display update fixes reconfig mode
   update fixes a denial of service problem

   This release fixes reconfig mode for system-config-display for
   Fedora Core 2.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4874.html

 9/30/2004 - cadaver
   security vulnerabilities

   Updated cadaver packages that fix multiple security vulnerability
   are now available.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4878.html

 9/30/2004 - tcpdump
   multiple security vulnerabilities

   Updated tcpdump packages that fix multiple security
   vulnerabilities are now available.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4879.html

 9/30/2004 - freenet6
   wrong file permissions

   Simon Josefsson noticed that the tspc.conf configuration file in
   freenet6, a client to configure an IPv6 tunnel to freenet6.net, is
   set world readable.
   http://www.linuxsecurity.com/advisories/fedora_advisory-4881.html


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

 9/24/2004 - apache
   Exposure of protected directories

   A bug in the way Apache handles the Satisfy directive can lead to
   the exposure of protected directories to unauthorized users.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4861.html

 9/27/2004 - X.org, XFree86 Integer and stack overflows in libXpm
   Exposure of protected directories

   libXpm, the X Pixmap library that is a part of the X Window
   System, contains multiple stack and integer overflows that may
   allow a carefully-crafted XPM file to crash applications linked
   against libXpm, potentially allowing the execution of arbitrary
   code.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4862.html

 9/29/2004 - subversion
   Metadata information leak

   An information leak in mod_authz_svn could allow sensitive
   metadata of protected areas to be leaked to unauthorized users.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4877.html

 10/1/2004 - sharutils
   Buffer overflows

   sharutils contains two buffer overflow vulnerabilities that could
   lead to arbitrary code execution.
   http://www.linuxsecurity.com/advisories/gentoo_advisory-4883.html


+---------------------------------+
|  Distribution: Mandrake         | ----------------------------//
+---------------------------------+

 9/27/2004 - webmin
   vulnerability

   A vulnerability in webmin was discovered by Ludwig Nussel.  A
   temporary directory was used in webmin, however it did not check
   for the previous owner of the directory.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4851.html

 9/28/2004 - NetPBM
   update fixes a number of temporary file bugs

   A number of temporary file bugs have been found in versions of
   NetPBM. These could allow a local user the ability to overwrite or
   create files as a different user who happens to run one of the the
   vulnerable utilities.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4869.html

 9/28/2004 - Openoffice.org update fixes temporary file vulnerabilities
   update fixes a number of temporary file bugs

   A vulnerability in OpenOffice.org was reported by pmladek where a
   local user may be able to obtain and read documents that belong to
   another user.
   http://www.linuxsecurity.com/advisories/mandrake_advisory-4870.html


+---------------------------------+
|  Distribution: Trustix          | ----------------------------//
+---------------------------------+

 9/30/2004 - gettext, ghostscript, glibc, groff, gzip, kerberos5, lvm,
       mysql, netatalk, openssl, perl, postgresql Insecure tempfile
       handling update fixes a number of temporary file bugs

   Trustix Security Engineers identified that all these packages had
   one or more script(s) that handled temporary files in an insecure
   manner. While it is not believed that any of these holes could
   lead to privilege escalation, it would be possible to trick the
   scripts to overwrite data writable by the user that invokes the
   script.
   http://www.linuxsecurity.com/advisories/trustix_advisory-4882.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------