LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Linux Advisory Watch - December 24th 2004 Print E-mail
User Rating:      How can I rate this item?
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Happy Holidays! This week, advisories were released for cscope, htget, a2ps, ethereal, xzgv, debmake, xcdroast, udev, cups, postgresql, namazu, pam, samba, glibc, krb5, php, gnumeric, abiword, libtiff, kfax, abcm2ps, phpMyAdmin, WordPress, NASM, mplayer, mpg123, wget, urpmi, aspell, krb5, logcheck, samba, Linux kernel, kerberos5, libxml, gd, XFree86, and nfs-utils. The distributors include Debian, Fedora, Gentoo, Mandrake, NetBSD, Trustix, Red Hat, and SuSE.


Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!

State of Linux Security 2004

In 2004, security continued to be a major concern. The beginning of the year was plagued with several kernel flaws and Linux vendor advisories continue to be released at an ever-increasing rate. This year, we have seen the reports touting Window's security superiority, only to be debunked by other security experts immediately after release. Also, Guardian Digital launched the new LinuxSecurity.com, users continue to be targeted by automated attacks, and the need for security awareness and education continues to rise.

2004 started off on shaky ground with a flaw found in mremap(), a piece of kernel code that controls virtual memory. It affected versions 2.2, 2.4, and 2.6. It was later discovered that the same vulnerability was used to exploit several high-profile Linux development sites in November 2003. Patches were released in early January by each of the major distributions. The flaw was fixed in further kernel releases. In February, a second mremap vulnerability was discovered by the Polish security consulting firm ISec. The second mremap flaw was unrelated, but just as serious as the first. In theory, it could result in a denial of service or privilege escalation to root. Vendors responded much more quickly in this second instance. Fixes for 2.4 and 2.6 were released only in a matter of hours this second time. In March, Paul Starzetz of ISec released proof-of-concept exploit code for the second mremap flaw that was released in February. Several news sites failed to accurately read the report released in March and reported that a third kernel flaw as found. This was wrong, but it sparked a lot of interest in rumors. Many were relieved to find out that the "third vulnerability" was in fact a misinterpretation. It was beginning to look like the "year of the kernel flaw," but luckily things quieted down in second quarter. The remaining portion of the year was scattered with other kernel vulnerabilities, but non received as much press as mremap. Another notable one was discovered in 2.6 last October. It was claimed that the vulnerability could be used to shut down 2.6-based systems remotely. It only affected those systems using iptables based firewalls, because the flaw had to do with the way 2.6 handled firewall logging. Patches were released and the problem was resolved.

Read the rest of the article here:
http://www.linuxsecurity.com/content/view/117655/49/

 

LinuxSecurity.com Feature Extras:

Users Respond with Constructive Feedback - When the new version of LinuxSecurity.com was launched on December 1st, we also asked our readers to " Tell us what you think ." You have spoken, and we appreciate that! We received hundreds of comments & requests, and have been addressing a majority of them. We thought it was important to share some of the comments with you. While some were purely positive acknowledgements, others were thoughtful criticisms. We take every critique into account and address each as resources become available or when the criticism becomes the concern of many.

Vincenzo Ciaglia Speaks Security 2004 - Vincenzo Ciaglia of Linux Netwosix talks about this year of Linux Security. A full immersion in the world of Linux Security from many sides and points of view.

Mass deploying Osiris - Osiris is a centralized file-integrity program that uses a client/server architecture to check for changes on a system. A central server maintains the file-integrity database and configuration for a client and at a specified time, sends the configuration file over to the client, runs a scan and sends the results back to the server to compare any changes. Those changes are then sent via email, if configured, to a system admin or group of people. The communication is all done over an encrypted communication channel.

 

Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.

 

   Debian
  Debian: cscope insecure temporary file
  17th, December, 2004

A vulnerability has been discovered in cscope, a program to interactively examine C source code, which may allow local users to overwrite files via a symlink attack.

http://www.linuxsecurity.com/content/view/117531
 
  Debian: htget arbitrary code execution fix
  20th, December, 2004

"infamous41md" discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL.

http://www.linuxsecurity.com/content/view/117568
 
  Debian: a2ps arbitrary command execution fix
  20th, December, 2004

Rudolf Polzer discovered a vulnerability in a2ps, a converter and pretty-printer for many formats to PostScript. The program did not escape shell meta characters properly which could lead to the execution of arbitrary commands as a privileged user if a2ps is installed as a printer filter.

http://www.linuxsecurity.com/content/view/117569
 
  Debian: ethereal denial of service fix
  21st, December, 2004

Brian Caswell discovered that an improperly formatted SMB packet could make ethereal hang and eat CPU endlessly.

http://www.linuxsecurity.com/content/view/117609
 
  Debian: xzgv arbitrary code execution fix
  21st, December, 2004

Luke "infamous41md" discoverd multiple vulnerabilities in xzgv, a picture viewer for X11 with a thumbnail-based selector. Remote exploitation of an integer overflow vulnerability could allow the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117610
 
  Debian: debmake insecure temporary directories fix
  22nd, December, 2004

Javier Fern‡ndez-Sanguino Pe–a noticed that the debstd script from debmake, a deprecated helper package for Debian packaging, created temporary directories in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the victim.

http://www.linuxsecurity.com/content/view/117630
 
   Fedora
  Fedora: selinux-policy-targeted-1.17.30-2.51 update
  16th, December, 2004

Fix problems with winbind, nscd, apache and others.

http://www.linuxsecurity.com/content/view/117525
 
  Fedora: xcdroast-0.98a15-8 update
  16th, December, 2004

fixed frozen progress bars with patch from Didier Heyden (bug #134334)

http://www.linuxsecurity.com/content/view/117529
 
  Fedora: udev-039-10.FC3.6 update
  16th, December, 2004

fixed a case where reading /proc/ide/hd?/media returns EIO (bug rh#142713) and added simple dvb rules

http://www.linuxsecurity.com/content/view/117530
 
  Fedora: cups-1.1.20-11.7 update
  17th, December, 2004

Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed.

http://www.linuxsecurity.com/content/view/117540
 
  Fedora: cups-1.1.22-0.rc1.8.1 update
  17th, December, 2004

Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed.

http://www.linuxsecurity.com/content/view/117541
 
  Fedora: postgresql-7.4.6-1.FC2.2 update
  17th, December, 2004

Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003)

http://www.linuxsecurity.com/content/view/117542
 
  Fedora: postgresql-7.4.6-1.FC3.2 update
  17th, December, 2004

Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003)

http://www.linuxsecurity.com/content/view/117543
 
  Fedora: namazu-2.0.14-0.FC2.0 update
  20th, December, 2004

Security fix release.

http://www.linuxsecurity.com/content/view/117604
 
  Fedora: namazu-2.0.14-0.FC3.0 update
  20th, December, 2004

Security fix release.

http://www.linuxsecurity.com/content/view/117605
 
  Fedora: pam-0.77-66.1 update
  20th, December, 2004

add argument to pam_console_apply to restrict its work to specified files. #140451 parse passwd entries correctly and test for failure

http://www.linuxsecurity.com/content/view/117606
 
  Fedora: samba-3.0.10-1.fc2 update
  20th, December, 2004

New upstream release that closes CAN-2004-1154 bz#142544. Include the -64bit patch from Nalin. This closes bz#142873. Update the -logfiles patch to work with 3.0.10

http://www.linuxsecurity.com/content/view/117623
 
  Fedora: samba-3.0.10-1.fc3 update
  20th, December, 2004

New upstream release that closes CAN-2004-1154 bz#142544. Include the -64bit patch from Nalin. This closes bz#142873. Update the -logfiles patch to work with 3.0.10

http://www.linuxsecurity.com/content/view/117624
 
  Fedora: glibc-2.3.4-2.fc3 update
  21st, December, 2004

work around rpm bug some more, this time by copying iconvconfig to iconvconfig.%{_target_cpu}.

http://www.linuxsecurity.com/content/view/117625
 
  Fedora: krb5-1.3.6-1 update
  21st, December, 2004

A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC.

http://www.linuxsecurity.com/content/view/117626
 
  Fedora: krb5-1.3.6-2 update
  21st, December, 2004

A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm's master Kerberos KDC.

http://www.linuxsecurity.com/content/view/117627
 
  Fedora: php-4.3.10-3.2 update
  21st, December, 2004

This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019) and exif image parsing (CVE CAN-2004-1065).

http://www.linuxsecurity.com/content/view/117628
 
  Fedora: php-4.3.10-2.4 update
  21st, December, 2004

This update includes the latest release of PHP 4.3, including fixes for security issues in the unserializer (CVE CAN-2004-1019), exif image parsing (CVE CAN-2004-1065), and form upload parsing (CVE CAN-2004-0958 and CAN-2004-0959).

http://www.linuxsecurity.com/content/view/117629
 
  Fedora: gnumeric-1.2.13-10 update
  22nd, December, 2004

#rh133662# printer font fallback

http://www.linuxsecurity.com/content/view/117648
 
  Fedora: selinux-policy-targeted-1.17.30-2.58 update
  22nd, December, 2004

Several updates to fix problems with Apache, Squid, postgresql

http://www.linuxsecurity.com/content/view/117649
 
  Fedora: abiword-2.0.12-9 update
  22nd, December, 2004

RH#143180# backport fix for really stupid ownership of string bug

http://www.linuxsecurity.com/content/view/117650
 
  Fedora: libtiff-3.5.7-21.fc2 update
  22nd, December, 2004

Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisory: CAN-2004-1308

http://www.linuxsecurity.com/content/view/117651
 
  Fedora: libtiff-3.6.1-8.fc3 update
  22nd, December, 2004

Fix several buffer overflow problems that could be used as an exploit. Fixes the following security advisory: CAN-2004-1308

http://www.linuxsecurity.com/content/view/117652
 
   Gentoo
  Gentoo: cscope Insecure creation of temporary files
  16th, December, 2004

Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

http://www.linuxsecurity.com/content/view/117558
 
  Gentoo: Adobe Acrobat Reader Buffer overflow vulnerability
  16th, December, 2004

Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117559
 
  Gentoo: samba Integer overflow
  17th, December, 2004

Samba contains a bug that could lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117560
 
  Gentoo: PHP Multiple vulnerabilities
  19th, December, 2004

Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117576
 
  Gentoo: Ethereal Multiple vulnerabilities
  19th, December, 2004

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

http://www.linuxsecurity.com/content/view/117577
 
  Gentoo: kdelibs, kdebase Multiple vulnerabilities
  19th, December, 2004

kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.

http://www.linuxsecurity.com/content/view/117578
 
  Gentoo: kfax Multiple overflows in the included TIFF library
  19th, December, 2004

kfax contains several buffer overflows potentially leading to execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117579
 
  Gentoo: abcm2ps Buffer overflow vulnerability
  19th, December, 2004

abcm2ps is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/117580
 
  Gentoo: phpMyAdmin Multiple vulnerabilities
  19th, December, 2004

phpMyAdmin contains multiple vulnerabilities which could lead to file disclosure or command execution.

http://www.linuxsecurity.com/content/view/117581
 
  Gentoo: WordPress HTTP response splitting and XSS vulnerabilities
  19th, December, 2004

Thomas Waldegger, who discovered these vulnerabilities, reported that these issues were not fixed in version 1.2.1. After notifying the developers, they released 1.2.2 to fix these flaws.

http://www.linuxsecurity.com/content/view/117582
 
  Gentoo: NASM Buffer overflow vulnerability
  20th, December, 2004

NASM is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious object file.

http://www.linuxsecurity.com/content/view/117583
 
  Gentoo: MPlayer Multiple overflows
  20th, December, 2004

Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.

http://www.linuxsecurity.com/content/view/117584
 
  Gentoo: mpg123 Playlist buffer overflow
  21st, December, 2004

mpg123 is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious playlist.

http://www.linuxsecurity.com/content/view/117611
 
  Gentoo: Zwiki XSS vulnerability
  21st, December, 2004

Zwiki is vulnerable to cross-site scripting attacks.

http://www.linuxsecurity.com/content/view/117622
 
   Mandrake
  Mandrake: wget download bug fix
  17th, December, 2004

A problem in wget prevents it from downloading very large data files. The updated packages are patched to fix the problem.

http://www.linuxsecurity.com/content/view/117536
 
  Mandrake: urpmi ssh parallel support fix
  17th, December, 2004

A bug in the parallel ssh extension in urpmi would prevent parallel installations using ssh; urpmi would crash. The updated pacakges fix the problem.

http://www.linuxsecurity.com/content/view/117537
 
  Mandrake: urpmi ssh parallel support fix
  18th, December, 2004

A bug in the parallel ssh extension in urpmi would prevent parallel installations using ssh; urpmi would crash. The updated pacakges fix the problem.

http://www.linuxsecurity.com/content/view/117574
 
  Mandrake: php multiple vulnerabilities fix
  18th, December, 2004

A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the packages provided, with the exception of the Corporate Server 2.1 packages, include fixes for all of the vulnerabilities, thanks to the efforts of the OpenPKG team who extracted and backported the fixes.

http://www.linuxsecurity.com/content/view/117575
 
  Mandrake: aspell vulnerability fix
  20th, December, 2004

A vulnerability was discovered in the aspell word-list-compress utility that can allow an attacker to execute arbitrary code.

http://www.linuxsecurity.com/content/view/117607
 
  Mandrake: ethereal multiple vulnerabilities fix
  20th, December, 2004

A number of vulnerabilities were discovered in Ethereal.

http://www.linuxsecurity.com/content/view/117608
 
  Mandrake: krb5 buffer overflow vulnerability fix
  22nd, December, 2004

Michael Tautschnig discovered a heap buffer overflow in the history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server.

http://www.linuxsecurity.com/content/view/117641
 
  Mandrake: kdelibs multiple vulnerability fix
  22nd, December, 2004

A vulnerability in the Konqueror webbrowser was discovered where an untrusted java applet could escalate privileges (through JavaScript calling into Java code). This includes the reading and writing of files with the privileges of the user running the applet.

http://www.linuxsecurity.com/content/view/117642
 
  Mandrake: logcheck temporary file vulnerability fix
  22nd, December, 2004

A vulnerability was discovered in the logcheck program by Christian Jaeger. This could potentially lead to a local attacker overwriting files with root privileges.

http://www.linuxsecurity.com/content/view/117643
 
  Mandrake: mplayer multiple vulnerabilities fix
  22nd, December, 2004

A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code.

http://www.linuxsecurity.com/content/view/117645
 
   NetBSD
  NetBSD: Insufficient argument validation in compat code
  17th, December, 2004

Some of the translation functions performed unsafe operations using the syscall arguments, and were exploitable to cause kernel traps. Some of the flaws may be exploitable and result in privilege escalation.

http://www.linuxsecurity.com/content/view/117538
 
   Trustix
  Trustix: samba, php security update
  20th, December, 2004

Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

http://www.linuxsecurity.com/content/view/117571
 
  Trustix: kernel Remote hole, local DoS
  20th, December, 2004

Paul Starzetz discovered a bug in the IGMP networking modules of the Linux kernel. This allows for a remote DoS and local root exploit.

http://www.linuxsecurity.com/content/view/117572
 
  Trustix: anaconda, mailcap, mkinitrd, vim, postgresql, ntp, sqlgrey, db4, rsync, postgresql bugfixes
  20th, December, 2004

The previous attempt to get PXE booting working with more network cards turned out not to work. This update fixes that.

http://www.linuxsecurity.com/content/view/117573
 
  Trustix: kerberos5 execution of arbitary code by authenticated user
  21st, December, 2004

There is a buffer overflow in the password history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitary code on a Key Distribution Center (KDC) server.

http://www.linuxsecurity.com/content/view/117612
 
   Red Hat
  Red Hat: zip security issue fix
  16th, December, 2004

An updated zip package that fixes a buffer overflow vulnerability is now available.

http://www.linuxsecurity.com/content/view/117532
 
  Red Hat: libxml security vulnerabilities
  16th, December, 2004

An updated libxml package that fixes multiple buffer overflows is now available.

http://www.linuxsecurity.com/content/view/117533
 
  Red Hat: samba security issue fix
  16th, December, 2004

Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 3.

http://www.linuxsecurity.com/content/view/117534
 
  Red Hat: gd security issues fix
  17th, December, 2004

Updated gd packages that fix security issues with overflow in various memory allocation calls are now available.

http://www.linuxsecurity.com/content/view/117535
 
  Red Hat: Xfree86 security issues fix
  20th, December, 2004

Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 2.1.

http://www.linuxsecurity.com/content/view/117570
 
  Red Hat: rh-postgresql update
  20th, December, 2004

Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to this issue.

http://www.linuxsecurity.com/content/view/117601
 
  Red Hat: nfs-utils security vulnerabilities fix
  20th, December, 2004

SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1014 to this issue.

http://www.linuxsecurity.com/content/view/117602
 
  Red Hat: glibc update
  20th, December, 2004

This errata fixes several bugs in the GNU C Library.

http://www.linuxsecurity.com/content/view/117603
 
  Red Hat: php security issues and bugs fix
  21st, December, 2004

Updated php packages that fix various security issues and bugs are now available for Red Hat Enterprise Linux 3.

http://www.linuxsecurity.com/content/view/117620
 
  Red Hat: samba security issue fix
  21st, December, 2004

Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1

http://www.linuxsecurity.com/content/view/117621
 
   SuSE
  SuSE: various kernel problems
  21st, December, 2004

Several vulnerabilities have been found and fixed in the Linux kernel.

http://www.linuxsecurity.com/content/view/117618
 
  SuSE: samba remote privilege escalation
  22nd, December, 2004

The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code.

http://www.linuxsecurity.com/content/view/117619
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
University of California, Berkeley Hacked, Data Compromised
London teen pleads guilty to Spamhaus DDoS
New England security group shares threat intelligence, strives to bolster region
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.