OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: InfoSec News (isn_at_c4i.org)
Date: Mon Jul 22 2002 - 02:30:08 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    +----------------------------------------------------------------+
    | LinuxSecurity.com Linux Advisory Watch |
    | July 19th, 2002 Volume 3, Number 29a |
    +----------------------------------------------------------------+

      Editors: Dave Wreski Benjamin Thomas
                   davelinuxsecurity.com benlinuxsecurity.com

    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week. It
    includes pointers to updated packages and descriptions of each
    vulnerability.

    This week, advisories were relased for tcpdump, ktrace, bind, squid,
    modssl, openssh, and libpng. The vendors include Caldera, Conectiva,
    FreeBSD, Mandrake, Red Hat, and Trustix.

     NEW HTML VERSION OF NEWSLETTER AVAILABLE:
     http://www.linuxsecurity.com/vuln-newsletter.html

    - Guardian Digital Combats Proprietary Software Licensing Deadline -

    Guardian Digital, Inc., the first full-service open source Internet server
    security company, has announced a special incentive program designed to
    provide companies with an alternative to Windows-based servers and
    applications as the July 31st deadline for Microsoft's new licensing
    program approaches.

     Press Release:
     http://www.guardiandigital.com/company/press/
     EnGarde-Licensing-Promotion.pdf

     Save Now:
     http://store.guardiandigital.com/html/eng/493-AA.shtml
     

    Threat Becomes Vulnerability Becomes Exploit - The recent situation
    regarding the Apache Chunk Encoding Vulnerability has caused plenty of
    controversy in the security industry. It initially began with the
    community dislike of the release of information.

    http://www.linuxsecurity.com/feature_stories/feature_story-113.html
     
    +---------------------------------+
    | Package: tcpdump | ----------------------------//
    | Date: 07-12-2002 |
    +---------------------------------+

    Description:

    It is not currently known whether this buffer overflow is exploitable. If
    it were, an attacker could inject specially crafted packets into the
    network which, when processed by tcpdump, could lead to arbitrary code
    execution with the privileges of the user running tcpdump (typically
    `root').

    Vendor Alerts:
      FreeBSD Vendor Advisory:
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2195.html

      
    +---------------------------------+
    | Package: ktrace | ----------------------------//
    | Date: 07-12-2002 |
    +---------------------------------+

    Description:
    In theory, local users on systems where ktrace is enabled through the
    KTRACE kernel option might obtain sensitive information, such as password
    files or authentication keys. No specific utility is currently known to be
    vulnerable to this particular problem.

    Vendor Alerts:
      FreeBSD Vendor Advisory:
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2196.html

      
    +---------------------------------+
    | Package: bind | ----------------------------//
    | Date: 07-15-2002 |
    +---------------------------------+

    Description:
    "A buffer overflow vulnerability exists in multiple implementations of DNS
    resolver libraries. Operating systems and applications that utilize
    vulnerable DNS resolver libraries may be affected. A remote attacker who
    is able to send malicious DNS responses could potentially exploit this
    vulnerability to execute arbitrary code or cause a denial of service on a
    vulnerable system."

    Vendor Alerts:
      Trustix:
      http://www.trustix.net/pub/Trustix/updates/

      ./1.5/RPMS/bind-utils-8.2.6-1tr.i586.rpm
      d00de9cc58d179d1aea5a2a76f1f3369

      ./1.5/RPMS/bind-devel-8.2.6-1tr.i586.rpm
      646eabafe4c77ed3b60ebb1d2e3e0292

      ./1.5/RPMS/bind-8.2.6-1tr.i586.rpm
      25ab9b38033cdff4b4236340dd9dbb8e

      Trustix Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2197.html
     

      Mandrake 7.2:
      http://www.mandrakesecure.net/en/ftp.php

      7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm
      85334842b02275f9ebea86821a9f4300
      7.2/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm
      47e4c8afba3147f8035d8579d98764a1

      7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm
      9f0803a609e9a734182850f966085ba3

      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2200.html

      
    +---------------------------------+
    | Package: squid | ----------------------------//
    | Date: 07-15-2002 |
    +---------------------------------+

    Description:
    Numerous security problems were fixed in squid-2.4.STABLE7. This releases
    has several bugfixes to the Gopher client to correct some security issues.
    Security fixes to how squid parses FTP directory listings into HTML have
    been implemented. A security fix to how squid forwards proxy
    authentication credentials has been applied, as well as the MSNT auth
    helper has been updated to fix buffer overflows in the helper. Finally,
    FTP data channels are now sanity checked to match the address of the
    requested FTP server, which prevents injection of data or theft.

    Vendor Alerts:
      Mandrake Linux 8.2:
      http://www.mandrakesecure.net/en/ftp.php

      8.2/RPMS/squid-2.4.STABLE7-1.1mdk.i586.rpm
      56c4827d13017f984833825912ebe937

      Mandrake Vendor Advisory:
      http://www.linuxsecurity.com/advisories/mandrake_advisory-2204.html

      Trustix:
      http://www.trustix.net/pub/Trustix/updates/
      ./1.5/RPMS/squid-2.4.STABLE7-1tr.i586.rpm
      a0c9828ccb33c5a41b39a21174eaa02b

      Trustix Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2198.html
     

      
      
    +---------------------------------+
    | Package: modssl | ----------------------------//
    | Date: 07-16-2002 |
    +---------------------------------+

    Description:
    The mod_ssl module provides strong cryptography for the Apache Web server
    via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
    protocols. Versions of mod_ssl prior to 2.8.10 are subject to a single
    NULL overflow that can cause arbitrary code execution.

    In order to exploit this vulnerability, the Apache Web server has to be
    configured to allow overriding of configuration settings on a
    per-directory basis, and untrusted local users must be able to modify a
    directory in which the server is configured to allow overriding. The
    local attacker maythen become the user that Apache is running as (usually
    'www' or 'nobody').
     
    Vendor Alerts:
      Red Hat Linux 7.3: i386:
      ftp://updates.redhat.com/7.3/en/os/i386/
      mod_ssl-2.8.7-6.i386.rpm
      8c9e4f55866bd16df07bc945766bc680

      Red Hat Vendor Advisory:
      http://www.linuxsecurity.com/advisories/redhat_advisory-2201.html

      Caldera:
      PLEASE SEE VENDOR ADVISORY FOR UPDATE

      Caldera Vendor Advisory:
      http://www.linuxsecurity.com/advisories/caldera_advisory-2202.html

      
    +---------------------------------+
    | Package: openssh | ----------------------------//
    | Date: 07-15-2002 |
    +---------------------------------+

    Description:
    An remote attacker using an SSH client modified to send carefully crafted
    SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain superuser
    privileges on the server.

    Vendor Alerts:
      FreeBSD Vendor Advisory:
      http://www.linuxsecurity.com/advisories/freebsd_advisory-2199.html

      
    +---------------------------------+
    | Package: libpng | ----------------------------//
    | Date: 07-17-2002 |
    +---------------------------------+

    Description:
    The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow
    vulnerability[1] in some functions related to progressive image loading.
    Programs such as mozilla and various others use these functions. An
    attacker could exploit this to remotely run arbitrary code or crash an
    application by using a specially crafted png image.

    Vendor Alerts:
      Conectiva:
      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      libpng-1.0.14-1U8_1cl.i386.rpm

      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      libpng3-1.2.4-1U8_1cl.i386.rpm

      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      libpng-devel-1.2.4-1U8_1cl.i386.rpm

      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      libpng-devel-static-1.2.4-1U8_1cl.i386.rpm

      ftp://atualizacoes.conectiva.com.br/8/RPMS/
      libpng-doc-1.2.4-1U8_1cl.i386.rpm

      Conectiva Vendor Advisory:
      http://www.linuxsecurity.com/advisories/other_advisory-2203.html
     

    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc. LinuxSecurity.com

         To unsubscribe email vuln-newsletter-requestlinuxsecurity.com
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------

    -
    ISN is currently hosted by Attrition.org

    To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
    in the BODY of the mail.