This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.
This week, advisories were released for hpsockd, viewvcs, nfs-util, cyrus-imapd, netatalk, gaim, rhpl, ttfonts, mc, udev, gnome-bluetooth, rsh, mysql, libpng, glib, gtk, postgresql, shadow-utils, perl, mirrorselect, drakxtools, dietlib, gzip, rp-ppoe, openssl, ImageMagick, samba, and cups. The distributors include Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, Trustix, and Turbo Linux.
Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
Packet Sniffers
One of the most common ways intruders gain access to more systems on your network is by employing a packet sniffer on a already compromised host. This "sniffer" just listens on the Ethernet port for things like passwd and login and su in the packet stream and then logs the traffic after that. This way, attackers gain passwords for systems they are not even attempting to break into. Clear-text passwords are very vulnerable to this attack.
Example: Host A has been compromised. Attacker installs a sniffer. Sniffer picks up admin logging into Host B from Host C. It gets the admins personal password as they login to B. Then, the admin does a su to fix a problem. They now have the root password for Host B. Later the admin lets someone telnet from his account to Host Z on another site. Now the attacker has a password/login on Host Z.
In this day and age, the attacker doesn't even need to compromise a system to do this: they could also bring a laptop or pc into a building and tap into your net.
Using ssh or other encrypted password methods thwarts this attack. Things like APOP for POP accounts also prevents this attack. (Normal POP logins are very vulnerable to this, as is anything that sends clear-text passwords over the network.)
Excerpt from LinuxSecurity HowTO:
/howtos
By: Dave Wreski (
LinuxSecurity.com Feature Extras:
Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.
AIDE and CHKROOTKIT -Network security is continuing to be a big problem for companies and home users. The problem can be resolved with an accurate security analysis. In this article I show how to approach security using aide and chkrootkit.
An Interview with Gary McGraw, Co-author of Exploiting Software: How to Break Code - Gary McGraw is perhaps best known for his groundbreaking work on securing software, having co-authored the classic Building Secure Software (Addison-Wesley, 2002). More recently, he has co-written with Greg Hoglund a companion volume, Exploiting Software, which details software security from the vantage point of the other side, the attacker. He has graciously agreed to share some of his insights with all of us at LinuxSecurity.com.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: hpsockd denial of service fix | ||
| 3rd, December, 2004
"infamous41md" discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect. advisories/debian/debian-hpsockd-denial-of-service-fix |
||
| Debian: viewcvs information leak fix | ||
| 6th, December, 2004
Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough. advisories/debian/debian-viewcvs-information-leak-fix |
||
| Debian: nfs-util denial of service fix | ||
| 8th, December, 2004
SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the "SIGPIPE". Hence, a client prematurely terminating the TCP connection could also terminate the server process. advisories/debian/debian-nfs-util-denial-of-service-fix |
||
| Fedora | ||
| Fedora: cyrus-imapd-2.2.10-3.fc2 update | ||
| 3rd, December, 2004
The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits revealed a package installation problem. advisories/fedora/fedora-cyrus-imapd-2210-3fc2-update-17-42-57-117366 |
||
| Fedora: cyrus-imapd-2.2.10-3.fc3 update | ||
| 3rd, December, 2004
The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits revealed a package installation problem. If the main configuration files for cyrus-imapd advisories/fedora/fedora-cyrus-imapd-2210-3fc3-update-17-44-13-117367 |
||
| Fedora: netatalk-1.6.4-2.2 update | ||
| 6th, December, 2004
Fix to temp file vulnerability in /etc/psf/etc2ps advisories/fedora/fedora-netatalk-164-22-update-16-31-37-117395 |
||
| Fedora: netatalk-1.6.4-4 update | ||
| 6th, December, 2004
Fix temp file vulnerability in /etc/psf/etc2ps advisories/fedora/fedora-netatalk-164-4-update-16-32-49-117396 |
||
| Fedora: gaim-1.1.0-0.FC2 update | ||
| 6th, December, 2004
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. advisories/fedora/fedora-gaim-110-0fc2-update-16-34-28-117397 |
||
| Fedora: gaim-1.1.0-0.FC3 update | ||
| 6th, December, 2004
Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. advisories/fedora/fedora-gaim-110-0fc3-update-16-35-55-117398 |
||
| Fedora: rhpl-0.148.1-2 update | ||
| 6th, December, 2004
Remove synaptics requires (#137935) advisories/fedora/fedora-rhpl-01481-2-update-16-41-19-117399 |
||
| Fedora: ttfonts-ja-1.2-36.FC3.0 update | ||
| 7th, December, 2004
reverted the previous changes so that it broke ghostscript working. (#139798) advisories/fedora/fedora-ttfonts-ja-12-36fc30-update-08-33-13-117404 |
||
| Fedora: mc-4.6.1-0.11FC3 update | ||
| 7th, December, 2004
The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support. advisories/fedora/fedora-mc-461-011fc3-update-17-02-19-117417 |
||
| Fedora: udev-039-10.FC3.4 update | ||
| 7th, December, 2004
udev is a implementation of devfs in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. advisories/fedora/fedora-udev-039-10fc34-update-17-03-19-117418 |
||
| Fedora: udev-039-10.FC3.5 update | ||
| 7th, December, 2004
fixed udev.rules for cdrom symlinks (bug 141897) advisories/fedora/fedora-udev-039-10fc35-update-17-04-16-117419 |
||
| Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update | ||
| 7th, December, 2004
fixed again gnome-bluetooth-manager script for 64bit (bug 134864) advisories/fedora/fedora-gnome-bluetooth-051-5fc31-update-17-05-31-117420 |
||
| Fedora: rsh update | ||
| 8th, December, 2004
fixed rexec fails with "Invalid Argument" (#118630) advisories/fedora/fedora-rsh-update-00-00-00-117432 |
||
| Fedora: Omni-0.9.2-1.1 update | ||
| 8th, December, 2004
This is the 0.9.2 release of the Omni printer driver collection. It also fixes a library path problem on multilib architectures such as x86_64. advisories/fedora/fedora-omni-092-11-update-00-00-00-117433 |
||
| Fedora: mysql-3.23.58-9.1 update | ||
| 8th, December, 2004
fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 (bugs #135372, 135375, 135387) advisories/fedora/fedora-mysql-32358-91-update-00-00-00-117434 |
||
| Fedora: libpng-1.2.8-1.fc2 update | ||
| 9th, December, 2004
Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html advisories/fedora/fedora-libpng-128-1fc2-update-12-12-32-117439 |
||
| Fedora: libpng10-1.0.18-1.fc2 update | ||
| 9th, December, 2004
Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html advisories/fedora/fedora-libpng10-1018-1fc2-update-12-13-40-117440 |
||
| Fedora: glib2-2.4.8-1.fc2 update | ||
| 9th, December, 2004
Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see https://mail.gnome.org/archives/gnome-announce-list/2004-December/msg00004.html advisories/fedora/fedora-glib2-248-1fc2-update-12-14-52-117441 |
||
| Fedora: gtk2-2.4.14-1.fc2 update | ||
| 9th, December, 2004
Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see https://mail.gnome.org/archives/gnome-announce-list/2004-December/msg00007.html advisories/fedora/fedora-gtk2-2414-1fc2-update-12-15-55-117442 |
||
| Fedora: libpng10-1.0.18-1.fc3 update | ||
| 9th, December, 2004
Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html advisories/fedora/fedora-libpng10-1018-1fc3-update-12-16-56-117443 |
||
| Fedora: libpng-1.2.8-1.fc3 update | ||
| 9th, December, 2004
Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html advisories/fedora/fedora-libpng-128-1fc3-update-12-17-55-117444 |
||
| Fedora: glib2-2.4.8-1.fc3 update | ||
| 9th, December, 2004
Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see https://mail.gnome.org/archives/gnome-announce-list/2004-December/msg00004.html advisories/fedora/fedora-glib2-248-1fc3-update-12-18-53-117445 |
||
| Fedora: gtk2-2.4.14-1.fc3 update | ||
| 9th, December, 2004
Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see https://mail.gnome.org/archives/gnome-announce-list/2004-December/msg00007.html advisories/fedora/fedora-gtk2-2414-1fc3-update-12-19-47-117446 |
||
| Fedora: postgresql-odbc-7.3-6.2 update | ||
| 9th, December, 2004
This update fixes problems occurring on 64-bit platforms. advisories/fedora/fedora-postgresql-odbc-73-62-update-12-20-43-117447 |
||
| Fedora: postgresql-odbc-7.3-8.FC3.1 update | ||
| 9th, December, 2004
This update fixes problems occurring on 64-bit platforms. advisories/fedora/fedora-postgresql-odbc-73-8fc31-update-12-21-40-117448 |
||
| Fedora: postgresql-7.4.6-1.FC2.1 update | ||
| 9th, December, 2004
This update synchronizes PostgreSQL for FC2 with the version already released in FC3. advisories/fedora/fedora-postgresql-746-1fc21-update-12-25-36-117449 |
||
| Fedora: shadow-utils-4.0.3-55 update | ||
| 9th, December, 2004
A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature with useradd. Also, the maximum length for a username/groupname is now 31 (previously it was 32). The lastlog command can now handle extremely large (greater than 4GB) lastlogs. advisories/fedora/fedora-shadow-utils-403-55-update-18-05-45-117452 |
||
| Fedora: shadow-utils-4.0.3-56 update | ||
| 9th, December, 2004
A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature with useradd. Also, the maximum length for a username/groupname is now 31 (previously it was 32). The lastlog command can now handle extremely large (greater than 4GB) lastlogs. advisories/fedora/fedora-shadow-utils-403-56-update-18-07-02-117453 |
||
| Gentoo | ||
| Gentoo: rssh, scponly Unrestricted command execution | ||
| 3rd, December, 2004
rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell. |
||
| Gentoo: PDFlibs Multiple overflows in the included TIFF library | ||
| 6th, December, 2004
PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code. |
||
| Gentoo: imlib Buffer overflows in image decoding | ||
| 6th, December, 2004
Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code. |
||
| Gentoo: perl Insecure temporary file creation | ||
| 6th, December, 2004
Perl is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: mirrorselect Insecure temporary file creation | ||
| 7th, December, 2004
mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Mandrake | ||
| Mandrake: drakxtools update | ||
| 7th, December, 2004
Beginning immediately, all bug reports for stable releases will be handled via Bugzilla at . The drakbug tool has been updated to point users of stable releases to Bugzilla. |
||
| Mandrake: dietlibc fix | ||
| 7th, December, 2004
There was a problem with dietlibc in Mandrakelinux 10.0/amd64 where it would not provide proper support for the AMD64 architecture. The updated package fixes this. |
||
| Mandrake: gzip fix | ||
| 7th, December, 2004
The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. |
||
| Mandrake: ImageMagick fix | ||
| 7th, December, 2004
A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. |
||
| Mandrake: lvml fix | ||
| 7th, December, 2004
The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script. |
||
| Mandrake: rp-pppoe fix | ||
| 7th, December, 2004
Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid root, however the packages have been patched to prevent this problem. |
||
| Mandrake: nfs-utils fix | ||
| 7th, December, 2004
SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the "SIGPIPE" signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. |
||
| Mandrake: openssl fix | ||
| 7th, December, 2004
The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack. |
||
| Trusix | ||
| Trustix: multiple package bugfixes | ||
| 9th, December, 2004
amavisd-new |
||
| Trustix: nfs-util Remote denial of service | ||
| 9th, December, 2004
SGI developers discovered a remote Denial of Service in the NFS statd server where it did not ignore the "SIGPIPE" signal. This could cause the server to shut down if a client terminates prematurely. |
||
| Red Hat | ||
| Red Hat: ImageMagick security vulnerability fix | ||
| 8th, December, 2004
Updated ImageMagick packages that fixes a buffer overflow are now available. advisories/red-hat/red-hat-imagemagick-security-vulnerability-fix-RHSA-2004-636-01 |
||
| SuSE | ||
| SuSE: cyrus-imapd remote command execution | ||
| 3rd, December, 2004
Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended. |
||
| TurboLinux | ||
| TurboLinux: samba, cups vulnerabilities | ||
| 8th, December, 2004
Two vulnerabilities discovered in Samba. DoS vulnerability in cups. |
||
