[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux Advisory Watch - August 26th 2005



+---------------------------------------------------------------------+
|  LinuxSecurity.com                             Weekly Newsletter    |
|  August 26th, 2005                          Volume 6, Number 35a    |
+---------------------------------------------------------------------+

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave@xxxxxxxxxxxxxxxxx          ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were releaed for bluez-utils, thunderbird, mysql,
epiphany, system-config-netboot, kdbg, doxygen, kdeedu, ncpfs, gaim,
system-config-bind, tar, vnc, metacity, cups, pygtk, slocate, myodbc,
xpdf, libgal2, dhcpv, diskdumputils, kdebase, cvs, hwdata, eject,
pcre, kismet, wikiwiki, apache, tor, netpbm, vim, and elm.  The
distributors include Debian, Fedora, Gentoo, and Red Hat.

---

## Master of Science in Information Security ##

Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a
solid education in the management of information assurance, and the
unique case study method melds theory into practice.  Using today's
e-Learning technology, you can earn this esteemed degree, without
disrupting your career or home life.

LEARN MORE:
http://www.msia.norwich.edu/linux_en

---

Introduction: IP Spoofing


An article on "Security Problems in the TCP/IP Protocol Suite" by
S.M.Bellovin in 1989 initially explored IP Spoofing attacks . He
described how Robert Morris, creator of the now infamous Internet
Worm, figured out how TCP created sequence numbers and forged a TCP
packet sequence.

This TCP packet included the destination address of his victim and
using as IP spoofing attack Morris was able to obtain root access
to his targeted system without a User ID or password.

Introduction:

IP spoofing is a technique used to gain unauthorized access to
computers, whereby the attacker sends messages to a computer with
a forging IP address indicating that the message is coming from a
trusted host. There are a few variations on the types of attacks
that using IP spoofing.

1.non-blind spoofing

This attack takes place when the attacker is on the same subnet
as the target that could see sequence and acknowledgement of
packets. The threat of this type of spoofing is session hijacking
and an attacker could bypass any authentication measures taken
place to build the connection. This is accomplished by corrupting
the DataStream of an established connection, then re-establishing
it based on correct sequence and acknowledgement numbers with the
attack machine.

2.Blind spoofing

This attack may take place from outside where sequence and
acknowledgement numbers are unreachable. Attackers usually send
several packets to the target machine in order to sample sequence
numbers, which is doable in older days. Today, most OSs implement
random sequence number generation, making it difficult to predict
them accurately. If, however, the sequence number was compromised,
data could be sent to the target.


READ ENTIRE ARTICLE:
http://www.linuxsecurity.com/content/view/120225/49/

----------------------

Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I'll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If
you'd like a refresher, one is available right here on linuxsecurity.com.

http://www.linuxsecurity.com/content/view/119415/49/

---

Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to store more
data in a temporary data storage area than it was intended to hold. Since
buffers are created to contain a finite amount of data, the extra
information can overflow into adjacent buffers, corrupting or overwriting
the valid data held in them.

http://www.linuxsecurity.com/content/view/119087/49/

---

Review: The Book of Postfix: State-of-the-Art Message Transport

I was very impressed with "The Book of Postfix" by authors Ralf
Hildebrandt and Pattrick Koetter and feel that it is an incredible
Postfix reference. It gives a great overall view of the operation
and management of Postfix in an extremely systematic and practical
format. It flows in a logical manner, is easy to follow and the
authors did a great job of explaining topics with attention paid
to real world applications and how to avoid many of the associated
pitfalls. I am happy to have this reference in my collection.

http://www.linuxsecurity.com/content/view/119027/49/


--------

-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf


+---------------------------------+
|  Distribution: Debian           | ----------------------------//
+---------------------------------+

* Debian: New bluez-utils packages fix arbitrary command execution
  23rd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120184


* Debian: New Mozilla Thunderbird packages fix several
vulnerabilities
  23rd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120185


* Debian: New mysql packages fix insecure temporary file
  24th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120196


+---------------------------------+
|  Distribution: Fedora           | ----------------------------//
+---------------------------------+

* Fedora Core 4 Update: epiphany-1.6.5-1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120132


* Fedora Core 4 Update: system-config-netboot-0.1.26-1_FC4
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120133


* Fedora Core 3 Update: kdbg-2.0.0-0.fc3.1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120134


* Fedora Core 4 Update: doxygen-1.4.4-0.fc4.1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120135


* Fedora Core 4 Update: kdbg-2.0.0-0.fc4.1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120136


* Fedora Core 4 Update: kdeedu-3.4.2-0.fc4.2
  18th, August, 2005

Ben Burton notified the KDE security team about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion script
for kvoctrain. The script must be manually invoked.

http://www.linuxsecurity.com/content/view/120137


* Fedora Core 3 Update: ncpfs-2.2.4-4.FC3.1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120138


* Fedora Core 3 Update: gaim-1.5.0-1.fc3
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120139


* Fedora Core 4 Update: gaim-1.5.0-1.fc4
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120140


* Fedora Core 3 Update: system-config-bind-4.0.0-30
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120141


* Fedora Core 4 Update: system-config-bind-4.0.0-30_FC4
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120142


* Fedora Core 3 Update: pcre-4.5-3.1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120143


* Fedora Core 4 Update: tar-1.15.1-8.FC4
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120144


* Fedora Core 4 Update: gstreamer-plugins-0.8.8-9
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120145


* Fedora Core 4 Update: vnc-4.1.1-10.1
  18th, August, 2005

This package disables the render patch, which was causing problems
when using the loadable X module.

http://www.linuxsecurity.com/content/view/120146


* Fedora Core 3 Update: netpbm-10.28-1.FC3.2
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120147


* Fedora Core 4 Update: metacity-2.10.3-1
  18th, August, 2005

This update of metacity fixes the behavior of minimized transient
dialogs for some applications.

http://www.linuxsecurity.com/content/view/120148


* Fedora Core 4 Update: cups-1.1.23-15.1
  18th, August, 2005

These updated packages fix a problem handling PDF files that could
have security implications.

http://www.linuxsecurity.com/content/view/120149


* Fedora Core 3 Update: cups-1.1.22-0.rc1.8.6
  18th, August, 2005

These updated packages fix a problem handling PDF files that could
have security implications.

http://www.linuxsecurity.com/content/view/120150


* Fedora Core 4 Update: pygtk2-2.6.2-0.fc4.1
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120151


* Fedora Core 4 Update: shadow-utils-4.0.7-10.FC4
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120152


* Fedora Core 4 Update: netpbm-10.28-1.FC4.2
  18th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120153


* Fedora Core 4 Update: slocate-2.7-22.fc4.1
  22nd, August, 2005

A carefully prepared directory structure could stop the updatedb file
system scan, resulting in an incomplete slocate database. The Common
Vulnerabilities and Exposures project has assigned the name
CAN-2005-2499 to this issue.

http://www.linuxsecurity.com/content/view/120166


* Fedora Core 3 Update: slocate-2.7-12.fc3.1
  22nd, August, 2005

A carefully prepared directory structure could stop the updatedb file
system scan, resulting in an incomplete slocate database. The Common
Vulnerabilities and Exposures project has assigned the name
CAN-2005-2499 to this issue.

http://www.linuxsecurity.com/content/view/120167


* Fedora Core 4 Update: MyODBC-2.50.39-25.FC4.1
  22nd, August, 2005

Fix a problem with extra rows inserted because of mistaken
pre-execution of a query.  See also
http://bugs.mysql.com/bug.php?id=4264

http://www.linuxsecurity.com/content/view/120168


* Fedora Core 3 Update: MyODBC-2.50.39-25.FC3.1
  22nd, August, 2005

Fix a problem with extra rows inserted because of mistaken
pre-execution of a query. See also
http://bugs.mysql.com/bug.php?id=4264

http://www.linuxsecurity.com/content/view/120169


* Fedora Core 3 Update: doxygen-1.4.4-0.fc3.1
  22nd, August, 2005

update to 1.4.4

http://www.linuxsecurity.com/content/view/120170


* Fedora Core 4 Update: xpdf-3.01-0.FC4.1
  22nd, August, 2005

update to 3.01

http://www.linuxsecurity.com/content/view/120171


* Fedora Core 3 Update: xpdf-3.01-0.FC3.1
  22nd, August, 2005

update to 3.01

http://www.linuxsecurity.com/content/view/120172


* Fedora Core 4 Update: libgal2-2.4.3-1.fc4
  22nd, August, 2005

Fix for crash when selecting type of server in Evolution's account
editor

http://www.linuxsecurity.com/content/view/120173


* Fedora Core 3 Update:
  22nd, August, 2005

It probably is not a good idea to push a CVS snapshot here, but
upstream screwed up their 1.4.5 release and CVS contains further
fixes like PHP5 related stuff that might make squirrelmail usable on
FC4. This snapshot worked on my personal server for the past week, so
hopefully it will be good for everyone else too.

http://www.linuxsecurity.com/content/view/120174


* Fedora Core 4 Update:
  22nd, August, 2005

It probably is not a good idea to push a CVS snapshot here, but
upstream screwed up their 1.4.5 release and CVS contains further
fixes like PHP5 related stuff that might make squirrelmail usable on
FC4.

http://www.linuxsecurity.com/content/view/120175


* Fedora Core 3 Update: dhcpv6-0.10-14_FC3
  22nd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120176


* Fedora Core 4 Update: dhcpv6-0.10-14_FC4
  22nd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120177


* Fedora Core 3 Update: system-config-netboot-0.1.30-1_FC3
  22nd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120178


* Fedora Core 4 Update: system-config-netboot-0.1.30-1_FC4
  22nd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120179


* Fedora Core 4 Update: diskdumputils-1.1.9-2
  22nd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120180


* Fedora Core 3 Update: kdebase-3.4.2-0.fc3.3
  23rd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120189


* Fedora Core 4 Update: bind-9.3.1-10_FC4
  23rd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120190


* Fedora Core 4 Update: cvs-1.11.19-9
  23rd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120191


* Fedora Core 3 Update: cvs-1.11.17-7.FC3
  23rd, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120192


* Fedora Core 3 Update: hwdata-0.146.1-1
  23rd, August, 2005

This fixes a bug where some MegaRAID controllers were incorrectly
mapped to the megaraid_mbox driver.

http://www.linuxsecurity.com/content/view/120193


* Fedora Core 3 Update: eject-2.1.1-0.fc3.2
  24th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120202


* Fedora Core 4 Update: eject-2.1.1-0.fc4.1
  24th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120203


* Fedora Core 3 Update: pcre-4.5-3.1.1.fc3
  24th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120204


* Fedora Core 4 Update: pcre-5.0-4.1.fc4
  24th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120205


* Fedora Core 3 Update: epiphany-1.4.9-0
  24th, August, 2005

Updated package.

http://www.linuxsecurity.com/content/view/120206


+---------------------------------+
|  Distribution: Gentoo           | ----------------------------//
+---------------------------------+

* Gentoo: Kismet Multiple vulnerabilities
  19th, August, 2005

Kismet is vulnerable to multiple issues potentially resulting in the
execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120160


* Gentoo: Adobe Reader Buffer Overflow
  19th, August, 2005

Adobe Reader is vulnerable to a buffer overflow which could
potentially lead to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120161


* Gentoo: Evolution Format string vulnerabilities
  23rd, August, 2005

Evolution is vulnerable to format string vulnerabilities which may
result in remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/120183


* Gentoo: PEAR XML-RPC, phpxmlrpc New PHP script injection
  24th, August, 2005

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to
execute arbitrary PHP script commands.

http://www.linuxsecurity.com/content/view/120197


* Gentoo: TikiWiki, eGroupWare Arbitrary command execution
  24th, August, 2005

TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to
arbitrary command execution.

http://www.linuxsecurity.com/content/view/120207


* Gentoo: Apache 2.0 Denial of Service vulnerability
  25th, August, 2005

A bug in Apache may allow a remote attacker to perform a Denial of
Service attack.

http://www.linuxsecurity.com/content/view/120208


* Gentoo: Tor Information disclosure
  25th, August, 2005

A flaw in Tor leads to the disclosure of information and the
loss of anonymity, integrity and confidentiality.

http://www.linuxsecurity.com/content/view/120209


+---------------------------------+
|  Distribution: Red Hat          | ----------------------------//
+---------------------------------+

* RedHat: Low: netpbm security update
  22nd, August, 2005

Updated netpbm packages that fix a security issue are now available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120163


* RedHat: Low: vim security update
  22nd, August, 2005

Updated vim packages that fix a security issue are now available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120164


* RedHat: Low: slocate security update
  22nd, August, 2005

An updated slocate package that fixes a denial of service issue is
now available. This update has been rated as having low security
impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120165


* RedHat: Critical: elm security update
  23rd, August, 2005

An updated elm package is now available that fixes a buffer overflow
issue for Red Hat Enterprise Linux 2.1 AS and AW. This update has
been rated as having critical security impact by the Red Hat
Security Response Team.

http://www.linuxsecurity.com/content/view/120194

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Video for Linux]     [Bugtraq]     [USB]     [Fedora Security]

Add to Google Powered by Linux