OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Trustix Security Advisory - bind and openssh (and modutils)
From: TSL Team (tslTRUSTIX.COM)
Date: Wed Nov 15 2000 - 10:53:47 CST


Hi

Trustix has created updated packages for Trustix Secure Linux 1.0x and
1.1 that fixes one security problem and one DOS attack:

openssh, openssh-clients, openssh-server:

The openssh client does not enforce the "ForwardX11 no", and
"ForwardAgent no" configuration options, so that a malicious server
could force a client to forward these even if they are turned off.

The X11 forwarding part is not a big issue for Trustix Secure Linux, as
the OS does not have any X11. The agent forwarding could however be an
issue.

bind, bind-devel, bind-utils:

Fixes a DOS attack against the name daemon. Note that TSL comes with
all network services turned off by default, and will thus only run named
on systems where this has been explicitly configured. This DOS attack
has to do with zone transfers, and will therefore only be possible from
the servers configured slaves.

The modutils part is just to reassure that Trustix Secure Linux comes
with modutils version 2.1.121, which should not be susceptible to the
attacks seen in later versions.

MD5sums:
fdd14c09864e3deef43fe5e5bdabcf64 openssh-2.3.0p1-1tr.i586.rpm
06ede52d3461a98b3128a1bb181cf836 openssh-clients-2.3.0p1-1tr.i586.rpm
6b49cf18ac659591e8c1fa2c0c69125a openssh-server-2.3.0p1-1tr.i586.rpm
81954383f8199dcf1c81806e2129d731 bind-8.2.2_P7-2tr.i586.rpm
133aeb6a90adc402cad2d2b597193d1c bind-devel-8.2.2_P7-2tr.i586.rpm
13a81108e19c2560f98e31e337217659 bind-utils-8.2.2_P7-2tr.i586.rpm

Get the packages from:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/

Regards,

        Trustix Security Advisor