[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux Advisory Watch - July 15th 2005



+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  July 15th, 2005                            Volume 6, Number 29a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for fuse, drupal, egroupware,
ettercap,
dhcpcd, ruby, squid, gzip, gedit, centericq, tiff, squirrelmail,
kdegraphics,
dlm-kernel, gnbd-kernel, cman-kernel, GFS-kernel, procps, libwnck,
metacity,
gaim, audit, libxml2, dhcp, lam, vixie-cron, krb5, net-snmp,
selinux-policy-targeted, bind, rpm, openssh, pam, phpWebSite,
phpGroupWare,
Adobe Acrobat Reader, Ruby, MIT Kerberos 5, Bugzilla, pam_ldap, nss_ldap,
Mozilla Firefox, krb5, cups. The distributors include Debian, Fedora,
Gentoo,
and Red Hat.

---

## Internet Productivity Suite: Open Source Security ##
Trust Internet Productivity Suite's open source architecture to
give you the best security and productivity applications available.
Collaborating with thousands of developers, Guardian Digital
security engineers implement the most technologically advanced
ideas and methods into their design.

Click to find out more!
http://store.guardiandigital.com/html/eng/products/software/ips_overview.shtml

---

Linux File & Directory Permissions Mistakes
By: Pax Dickinson

Greetings, gentle reader, and welcome to linuxsecurity.com and our new
recurring series of articles on security related mistakes and how to
avoid them. I'm your host, Pax Dickinson, and today we'll be reviewing
basic Linux file and directory permissions and how to avoid some common
pitfalls in their use, in this episode of Hacks From Pax.

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If you'd
like a refresher, one is available right here on linuxsecurity.com.

I've witnessed systems administrators whose response to a user complaining
about being denied access to a given file is to chmod 777 the file (or
entire directory tree) in question. This is an absolutely disastrous
security practice, the administrator has just granted write access to the
file to any user on the system. Any compromised service will allow an
attacker to modify the file, which could result in further access
depending on the file in question. For example, an attacker gaining
write access to a script that is occasionally run by root can parlay
this seemingly minor security hole into full root access for himself.

 * Never make files world-writable. Most files do not need to be
   world readable either.

 * You can search for world-writable files under your current
   directory by issuing the following command:

   find . -perm -2 -print

A related mistake is in the misuse of suid root binaries. These are
programs which can be launched by a user but run with all the privileges
of root. These programs are needed to perform tasks such as changing a
user's password, since that requires a write to the system's password
file which normally cannot be modified by anyone but root. A flaw that
allows an attacker to gain a shell prompt in such a program can give an
attacker root access to the system. These binaries should be carefully
limited and must be kept up to date with appropriate security patches
to minimize their risk. A common backdoor installed by successful
attackers is a copy of /bin/sh set suid root. This can be run by any
user on the system, without a password, and will result in full root
access.


Read Complete Article:
http://www.linuxsecurity.com/content/view/119415/49/

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/


--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf



+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New ht packages fix arbitrary code execution
  8th, July, 2005

Several problems have been discovered in ht, a viewer, editor and
analyser for various executables, that may lead to the execution of
arbitrary code.

http://www.linuxsecurity.com/content/view/119530


* Debian: New fuse packages fix information disclosure
  8th, July, 2005

Sven Tantau discovered a security problem in fuse, a filesystem in
userspace, that can be exploited by malicious local users to disclose

potentially sensitive information.

http://www.linuxsecurity.com/content/view/119532


* Debian: New drupal package fixes multiple vulnerabilities
  9th, July, 2005

Two input validation errors were discovered in drupal and its bundled

xmlrpc module. These errors can lead to the execution of arbitrary
commands on the web server running drupal.

http://www.linuxsecurity.com/content/view/119537


* Debian: New egroupware packages fix remote command execution
  10th, July, 2005

A vulnerability has been identified in the xmlrpc library included in

the egroupware package. This vulnerability could lead to the
execution
of arbitrary commands on the server running egroupware.

http://www.linuxsecurity.com/content/view/119539


* Debian: New ettercap packages fix arbitrary code execution
  10th, July, 2005

A vulnerability was discovered in the ettercap package which could
allow
a remote attacker to execute arbitrary code on the system running
ettercap.

http://www.linuxsecurity.com/content/view/119540


* Debian: New dhcpcd packages fix denial of service
  11th, July, 2005

dhcpcd, a DHCP client for automatically
configuring IPv4 networking, can be tricked into reading past the end

of the supplied DHCP buffer which could lead to the daemon crashing.

http://www.linuxsecurity.com/content/view/119543


* Debian: New ruby1.8 packages fix arbitrary command execution
  11th, July, 2005

A vulnerability has been discovered in ruby1.8 that could allow
arbitrary
command execution on a server running the ruby xmlrpc server.

http://www.linuxsecurity.com/content/view/119544


* Debian: New squid packages fix IP spoofing vulnerability
  11th, July, 2005

The upstream developers have discovered a bug in the DNS lookup code
of Squid, the popular WWW proxy cache.

http://www.linuxsecurity.com/content/view/119550


* Debian: New gzip packages fix several vulnerabilities
  11th, July, 2005

Two problems have been discovered in gzip, the GNU compression
utility.

http://www.linuxsecurity.com/content/view/119551


* Debian: New gedit packages fix denial of service
  12th, July, 2005

A format string vulnerability has been discovered in gedit, a
light-weight text editor for GNOME, that may allow attackers to cause
a denial of service (application crash) via a binary file with format
string specifiers in the filename.

http://www.linuxsecurity.com/content/view/119565


* Debian: centericq 4.20.0
  13th, July, 2005

Eric Romang discovered that centericq, a text-mode multi-protocol
instant messenger client, creates some temporary files with
predictable filenames and is hence vulnerable to symlink attacks by
local attackers.

http://www.linuxsecurity.com/content/view/119584


* Debian: New tiff packages fix arbitrary code execution
  13th, July, 2005

Frank Warmerdam discovered a stack-based buffer overflow in libtiff,
the Tag Image File Format library for processing TIFF graphics files
that can lead to the executionof arbitrary code via malformed TIFF
files.

http://www.linuxsecurity.com/content/view/119585


* Debian: New squirrelmail packages fix several vulnerabilities
  13th, July, 2005

Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system.

http://www.linuxsecurity.com/content/view/119594


* Debian: New packages fix remote command execution in phpgroupware
  13th, July, 2005

A vulnerability had been identified in the xmlrpc library included
with phpgroupware, a web-based application including email, calendar
and other groupware functionality. This vulnerability could lead to
the execution of arbitrary commands on the server running
phpgroupware.

http://www.linuxsecurity.com/content/view/119602



+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: kdegraphics-3.4.1-0.fc4.2
  11th, July, 2005

The new package fixes the rendering problem in kdvi.

http://www.linuxsecurity.com/content/view/119552


* Fedora Core 4 Update: dlm-kernel-2.6.11.5-20050601.152643.FC4.9
  11th, July, 2005


Update for latest FC4 kernel.

http://www.linuxsecurity.com/content/view/119554


* Fedora Core 4 Update: gnbd-kernel-2.6.11.2-20050420.133124.FC4.42
  11th, July, 2005


Updated for latest kernel.

http://www.linuxsecurity.com/content/view/119555


* Fedora Core 4 Update: cman-kernel-2.6.11.5-20050601.152643.FC4.8
  11th, July, 2005


Update for latest kernel.

http://www.linuxsecurity.com/content/view/119556


* Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.1
  11th, July, 2005


Update for latest kernel.

http://www.linuxsecurity.com/content/view/119557


* Fedora Core 4 Update: GFS-kernel-2.6.11.8-20050601.152643.FC4.1
  11th, July, 2005


Update for latest kernel.

http://www.linuxsecurity.com/content/view/119558


* Fedora Core 4 Update: procps-3.2.5-6.3
  11th, July, 2005

Package updated.

http://www.linuxsecurity.com/content/view/119559


* Fedora Core 3 Update: procps-3.2.3-5.3
  11th, July, 2005

Package updated.

http://www.linuxsecurity.com/content/view/119560


* Fedora Core 4 Update: libwnck-2.10.0-4.fc4
  11th, July, 2005

Package updated.

http://www.linuxsecurity.com/content/view/119561


* Fedora Core 4 Update: metacity-2.10.0-2.fc4
  11th, July, 2005

Package updated.

http://www.linuxsecurity.com/content/view/119562


* Fedora Core 4 Update: gaim-1.4.0-4.fc4
  11th, July, 2005

Package updated.

http://www.linuxsecurity.com/content/view/119563


* Fedora Core 3 Update: gaim-1.4.0-4.fc3
  11th, July, 2005

Package updated.

http://www.linuxsecurity.com/content/view/119564


* Fedora Core 4 Update: audit-0.9.15-1.FC4
  12th, July, 2005

This update adds interpretive mode for ausearch utility to make
results easier to read, sighup support, big performance improvements,
lots of bug fixes, more documentation in man pages, and more syslog
information for failure conditions.

http://www.linuxsecurity.com/content/view/119570


* Fedora Core 4 Update: libxml2-2.6.20-1.FC4
  12th, July, 2005

This update fixes 162837 about XPath and XSLT problems with 2.6.19 as
well as a number of bug fixes upstream, especially on W3C XML Schemas
conformance.

http://www.linuxsecurity.com/content/view/119571


* Fedora Core 3 Update: dhcp-3.0.1-44_FC3
  12th, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119572


* Fedora Core 4 Update: dhcp-3.0.2-14.FC4
  12th, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119573


* Fedora Core 3 Update: lam-7.1.1-6.FC3
  12th, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119576


* Fedora Core 4 Update: lam-7.1.1-6.FC4
  12th, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119577


* Fedora Core 3 Update: vixie-cron-4.1-36.FC3
  12th, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119579


* Fedora Core 4 Update: vixie-cron-4.1-36.FC4
  12th, July, 2005

Updated package released.

http://www.linuxsecurity.com/content/view/119580


* Fedora Core 3 Update: krb5-1.3.6-7
  12th, July, 2005

A double-free flaw was found in the krb5_recvauth() routine which may
be triggered by a remote unauthenticated attacker.  Fedora Core 3
contains checks within glibc that detect double-free flaws.
Therefore, on Fedora Core 3, successful exploitation of this issue
can only lead to a denial of service (KDC crash).

http://www.linuxsecurity.com/content/view/119581


* Fedora Core 4 Update: krb5-1.4.1-5
  12th, July, 2005

A double-free flaw was found in the krb5_recvauth() routine which may
be triggered by a remote unauthenticated attacker.  Fedora Core 4
contains checks within glibc that detect double-free flaws.
Therefore, on Fedora Core 4, successful exploitation of this issue
can only lead to a denial of service (KDC crash).

http://www.linuxsecurity.com/content/view/119582


* Fedora Core 4 Update: net-snmp-5.2.1.2-fc4.1
  13th, July, 2005

A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent"s which
have opened a stream based protocol (EG, TCP but not UDP; it should
be noted that Net-SNMP does not by default open a TCP port).

http://www.linuxsecurity.com/content/view/119591


* Fedora Core 3 Update: net-snmp-5.2.1.2-FC3.1
  13th, July, 2005

Fixes DoS bug (#162908).

http://www.linuxsecurity.com/content/view/119592


* Fedora Core 4 Update: selinux-policy-targeted-1.25.1-9
  13th, July, 2005

Fix saslauthd.

http://www.linuxsecurity.com/content/view/119593


* Fedora Core 3 Update: bind-9.2.5-2
  13th, July, 2005

New package released.

http://www.linuxsecurity.com/content/view/119595


* Fedora Core 4 Update: bind-9.3.1-6.FC4
  13th, July, 2005

New package released.

http://www.linuxsecurity.com/content/view/119596


* Fedora Core 4 Update: rpm-4.4.1-22
  13th, July, 2005

This update corrects security problem CAN-2005-2096, a zlib fix.

http://www.linuxsecurity.com/content/view/119597


* Fedora Core 4 Update: openssh-4.1p1-3.1
  13th, July, 2005

This update rebases openssh to 4.1p1 upstream. This upstream release
is only a bug fix release so the changes should be minimal. Also
/etc/nologin
processing has been changed so it is not done twice.

http://www.linuxsecurity.com/content/view/119599


* Fedora Core 4 Update: pam-0.79-9.1
  13th, July, 2005

This update fixes a regression in XAUTHORITY handling and updates
auditing support. It requires audit-libs update due to changes in its
API.

http://www.linuxsecurity.com/content/view/119600



+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: phpWebSite Multiple vulnerabilities
  10th, July, 2005

phpWebSite is vulnerable to the remote execution of arbitrary PHP
script code and to other, yet undisclosed, vulnerabilities.

http://www.linuxsecurity.com/content/view/119538


* Gentoo: phpGroupWare, eGroupWare PHP script injection vulnerability
  10th, July, 2005

phpGroupWare and eGroupWare include an XML-RPC implementation which
allows remote attackers to execute arbitrary PHP script commands.

http://www.linuxsecurity.com/content/view/119541


* Gentoo: Adobe Acrobat Reader Buffer overflow vulnerability
  11th, July, 2005

Adobe Acrobat Reader is vulnerable to a buffer overflow that could
lead
to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/119548


* Gentoo: Ruby Arbitrary command execution through XML-RPC
  11th, July, 2005

A vulnerability in XMLRPC.iPIMethods allows remote attackers to
execute
arbitrary commands.

http://www.linuxsecurity.com/content/view/119549


* Gentoo: MIT Kerberos 5 Multiple vulnerabilities
  12th, July, 2005

MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote
execution of arbitrary code, possibly leading to the compromise of
the entire Kerberos realm.

http://www.linuxsecurity.com/content/view/119578


* Gentoo: Bugzilla Unauthorized access and information
  13th, July, 2005

Multiple vulnerabilities in Bugzilla could allow remote users to
modify bug flags or gain sensitive information.

http://www.linuxsecurity.com/content/view/119601


* Gentoo: pam_ldap and nss_ldap Plain text authentication
  14th, July, 2005

The pam_ldap and nss_ldap modules fail to restart TLS when following
a referral, possibly leading to credentials being sent in plain text.

http://www.linuxsecurity.com/content/view/119604


* Gentoo: Mozilla Firefox Multiple Vulnerabilities
  15th, July, 2005

Several vulnerabilities in Mozilla Firefox allow attacks ranging from

execution of script code with elevated privileges to information
leak.

http://www.linuxsecurity.com/content/view/119617



+---------------------------------+
|  Distribution: RedHat           | ----------------------------//
+---------------------------------+

* RedHat: Critical: Adobe Acrobat Reader security update
  8th, July, 2005

Updated acroread packages that fix a security issue are now
available.
This update has been rated as having critical security impact by the
Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119535


* RedHat: Critical: krb5 security update
  12th, July, 2005

Updated krb5 packages which fix multiple security issues are now
available for Red Hat Enterprise Linux 2.1 and 3. This update has
been rated as having critical security impact by the Red Hat Security
Response Team.

http://www.linuxsecurity.com/content/view/119574


* RedHat: Important: krb5 security update
  12th, July, 2005

Updated krb5 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4.  This update has been rated
as having important security impact by the Red Hat Security Response
Team.

http://www.linuxsecurity.com/content/view/119575


* RedHat: cups security update
  14th, July, 2005

Updated CUPS packages that fix a security issue are now available for
Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119613


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Fedora Security]

Add to Google Powered by Linux