Get the LinuxSecurity news you want faster with RSS
Powered By
Linux Advisory Watch: January 21st 2005
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas
This week, advisories were released for twiki, xine, libtiff, mc, gatos, playmidi, chbg, cups, imagemagick, mysql, xpdf, xtrlock, mysql, sword, squid, gimp, dovecot, dhcp, bind, vixie-cron, sysklogd, alsa-lib, grep, kernel-utils, ethereal, mpg123, playmidi, and krb5. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.
Internet
Productivity Suite: Open Source Security - Trust Internet Productivity Suite's
open source architecture to give you the best security and productivity applications
available. Collaborating with thousands of developers, Guardian Digital security
engineers implement the most technologically advanced ideas and methods into their
design. Click
to find out more!
Assurance via Documentation
In all business environments management must give a certain
level of trust to staff in order for work to get done. In
security, trust is extremely important. Security managers must
trust staff to properly setup and configure systems, give
appropriate access, and fix vulnerabilities as they arise.
Trusting staff to get the job done is a fundamental part of
doing business. As a manager, how can one be sure that the
security staff is properly addressing security issues? How
can one be sure that vulnerabilities are fixed and logs are
monitored? Peter F. Drucker, a well known writer on business
management topics once wrote, "if you cannot measure it, you
cannot manage it."
This is directly relevant to security. How can a manager be
sure that the backups are getting done? Are the IDS and
firewall logs properly monitored? A manager can easily have
trust in employees, but assurance also must be provided.
Management should require staff to log backups, log reviews,
server patching, etc. Rather than trusting staff to get the
job done, it is necessary to have assurance. All general
security maintenance tasks can be, and should be audit-able.
How will extra paper work help security? Will staff get fed
up with all of the extra documentation? The purpose of extra
documentation is not to burden staff, it is to increasingly
justify security spending. If a security department is
properly doing its job, incidents will have little affect.
However, if the department isn't doing its job, something
catastrophic could happen. It is hard for people not in
security to see the value in spending more money when
there are no security incidents. Having audit-able
documented evidence of thwarted security attempts, log
reviews, etc. can have a huge impact on the image of the
security department. Rather than relying on trust, giving
assurance and quantifying security will help get the budget
necessary to have the appropriate level of protection.
Encrypting
Shell Scripts - Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn't have a "ps -ef" loop running in an attempt to capture
that sensitive info (though some applications mask passwords in "ps" output).
A 2005
Linux Security Resolution - Year 2000, the coming of the new millennium,
brought us great joy and celebration, but also brought great fear. Some believed
it would result in full-scale computer meltdown, leaving Earth as a nuclear
wasteland. Others predicted minor glitches leading only to inconvenience. The
following years (2001-2004) have been tainted with the threat of terrorism worldwide.
State
of Linux Security 2004 - In 2004, security continued to be a major
concern. The beginning of the year was plagued with several kernel flaws and
Linux vendor advisories continue to be released at an ever-increasing rate.
This year, we have seen the reports touting Window's security superiority, only
to be debunked by other security experts immediately after release. Also, Guardian
Digital launched the new LinuxSecurity.com, users continue to be targeted by
automated attacks, and the need for security awareness and education continues
to rise.
Bulletproof
Virus Protection - Protect your network from costly security
breaches with Guardian Digital’s multi-faceted security applications.
More then just an email firewall, on demand and scheduled scanning detects
and disinfects viruses found on the network. Click
to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with "subscribe" as the subject.
Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week's most relevant Linux security headline.
Contectiva
Conectiva: twiki Fix for twiki remote
vulnerability
14th, January, 2005
A vulnerability in twiki was found where a remote attacker could
exploit it to run arbitrary shell commands on the server. For further
information on this vulnerability, please, refer to the authors' announcement[2].
http://www.linuxsecurity.com/content/view/117926
Conectiva: xine-lib Fixes for xine-lib
vulnerabilities
19th, January, 2005
Ariel Berkman discovered a buffer overflow vulnerability[2]
in demux_aiff.c, where it reads specific input data into an array without
checking the input size. http://www.linuxsecurity.com/content/view/117967
Conectiva: libtiff3 Fixes for libtiff
vulnerabilities
20th, January, 2005
This announcement fixes several integer overflow vulnerabilities[3,4]
that were encountered in libtiff by iDefense which could lead to remote
arbitrary code execution. http://www.linuxsecurity.com/content/view/117982
Debian
Debian: New mc packages fix several vulnerabilities
14th, January, 2005
ndrew V. Samoilov has noticed that several bugfixes which were
applied to the source by upstream developers of mc, the midnight commander,
a file browser and manager, were not backported to the current version
of mc that Debian ships in their stable release. http://www.linuxsecurity.com/content/view/117925
Debian: New gatos packages fix arbitrary
code execution
17th, January, 2005
Erik Sjšlund discovered a buffer overflow in xatitv, one of
the programs in the gatos package, that is used to display video with
certain ATI video cards. xatitv is installed setuid root in order to gain
direct access to the video hardware. http://www.linuxsecurity.com/content/view/117938
New playmidi packages fix local root
exploit
17th, January, 2005
Erik Sjšlund discovered that playmidi, a MIDI player, contains
a setuid root program with a buffer overflow that can be exploited by
a local attacker. http://www.linuxsecurity.com/content/view/117939
Debian: New gallery packages fix several
vulnerabilities
Debian: New chbg packages fix arbitrary
code execution
18th, January, 2005
Danny Lungstrom discoverd a vulnerability in chbg, a tool to
change background pictures. A maliciously crafted configuration/scenario
file could overflow a buffer and lead to the execution of arbitrary code
on the victim's machine. http://www.linuxsecurity.com/content/view/117952
Debian: New CUPS packages fix arbitrary
code execution
19th, January, 2005
iDEFENSE has reported a buffer overflow in xpdf, the portable
document format (PDF) suite. Similar code is present in the PDF processing
part of CUPS. A maliciously crafted PDF file could exploit this problem,
resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117963
Debian: New ImageMagick packages fix
arbitrary code execution
19th, January, 2005
Andrei Nigmatulin discovered a buffer overflow in the PSD image-decoding
module of ImageMagick, a commonly used image manipulation library. Remote
exploition with a carefully crafted image could lead to the execution
of arbitrary code. http://www.linuxsecurity.com/content/view/117964
Debian: New mysql packages fix insecure
temporary files
19th, January, 2005
Javier Fernandez-Sanguino Pena from the Debian Security Audit
Project discoverd a temporary file vulnerability in the mysqlaccess script
of MySQL that could allow an unprivileged user to let root overwrite arbitrary
files via a symlink attack and could also could unveil the contents of
a temporary file which might contain sensitive information. http://www.linuxsecurity.com/content/view/117965
Debian: New xpdf packages fix arbitrary
code execution
19th, January, 2005
iDEFENSE has reported a buffer overflow in xpdf, the portable
document format (PDF) suite. A maliciously crafted PDF file could exploit
this problem, resulting in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117966
Debian: New xtrlock packages fix authentication
bypass
20th, January, 2005
A buffer overflow has been discovered in xtrlock, a minimal
X display lock program which can be exploited by a malicious local attacker
to crash the lock program and take over the desktop session. http://www.linuxsecurity.com/content/view/117981
Debian: New sword packages fix arbitrary
command execution
20th, January, 2005
Ulf Hþrnhammar discovered that due to missing input sanitising
in diatheke, a CGI script for making and browsing a bible website, it
is possible to execute arbitrary commands via a specially crafted URL.
http://www.linuxsecurity.com/content/view/117990
This update fixes bug #143946, where system-config-kickstart
cannot load kickstart configuration files. It also incorporates all the
other fixes and improvements that have taken place since the FC2 version
of this utility. http://www.linuxsecurity.com/content/view/117934
Fedora Core 3 Update: gimp-2.2.2-0.fc3.2
16th, January, 2005
This is a major version upgrade from 2.0.x to 2.2.x but it is
designed to be binary compatible in order that old plug-ins and scripts
continue to work. http://www.linuxsecurity.com/content/view/117937
This is a bug fix update for the Dovecot IMAP server. This brings
the Red Hat Dovecot rpm up to date with the latest upstream release from
Timo Sirainen, version 0.99.13 released on Jan 6th 2005. http://www.linuxsecurity.com/content/view/117955
Fedora Core 3 Update: dovecot-0.99.13-3.FC3
18th, January, 2005
This is a bug fix update for the Dovecot IMAP server. This brings
the Red Hat Dovecot rpm up to date with the latest upstream release from
Timo Sirainen, version 0.99.13 released on Jan 6th 2005. http://www.linuxsecurity.com/content/view/117956
Fedora Core 3 Update: dhcpv6-0.10-11_FC3
19th, January, 2005
Updated dhcpv6 package, adding Relay Agent support, Support
for prefix delegation to radvd on interface other than lease reception
interface and Fix cores on resolv.conf and radvd.conf update http://www.linuxsecurity.com/content/view/117969
This package fixes a buffer overflow which may possibly allow
attackers to execute arbitrary code as the "lp" user. The Common Vulnerabilities
and Exposures projects (cve.mitre.org) has assigned the name CAN-2005-0064
to this issue. http://www.linuxsecurity.com/content/view/117983
Fedora Core 3 Update: cups-1.1.22-0.rc1.8.4
20th, January, 2005
This package fixes a buffer overflow which may possibly allow
attackers to execute arbitrary code as the "lp" user. The Common Vulnerabilities
and Exposures projects (cve.mitre.org) has assigned the name CAN-2005-0064
to this issue. http://www.linuxsecurity.com/content/view/117984
Fedora Core 3 Update: alsa-lib-1.0.6-7.FC3
20th, January, 2005
A flaw in the alsa mixer code was discovered, which disabled
stack execution protection for the libasound.so library distributed with
Fedora Core 3. The effect of this flaw resulted in stack execution protection,
through NX or Exec-Shield, which was disabled for any application linked
to libasound. http://www.linuxsecurity.com/content/view/117985
Squid contains vulnerabilities in the the code handling NTLM
(NT Lan Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol)
which could lead to denial of service and arbitrary code execution.
http://www.linuxsecurity.com/content/view/117936
Multiple vulnerabilities exist in Ethereal, which may allow
an attacker to run arbitrary code, crash the program or perform DoS by
CPU and disk utilization. http://www.linuxsecurity.com/content/view/118005
Mandrake
Mandrake: CUPS multiple vulnerabilities
fix
17th, January, 2005
A buffer overflow was discovered in the ParseCommand function
in the hpgltops utility. An attacker with the ability to send malicious
HPGL files to a printer could possibly execute arbitrary code as the "lp"
user (CAN-2004-1267). http://www.linuxsecurity.com/content/view/117947
Mandrake: Updated mpg123 packages fix
19th, January, 2005
A vulnerability in mpg123's ability to parse frame headers in
input streams could allow a malicious file to exploit a buffer overflow
and execute arbitray code with the permissions of the user running mpg123.
http://www.linuxsecurity.com/content/view/117978
Mandrake: Updated playmidi packages
19th, January, 2005
Erik Sjolund discovered a buffer overflow in playmidi that could
be exploited by a local attacker if installed setuid root. Note that by
default Mandrakelinux does not ship playmidi installed setuid root.
http://www.linuxsecurity.com/content/view/117979
Mandrake: Updated xine packages fix
19th, January, 2005
iDefense discovered that the PNA_TAG handling code in pnm_get_chunk()
does not check if the input size is larger than the buffer size (CAN-2004-1187).
As well, they discovered that in this same function, a negative value
could be given to an unsigned variable that specifies the read length
of input data (CAN-2004-1188). Ariel Berkman discovered that xine-lib
reads specific input data into an array without checking the input size
making it vulnerable to a buffer overflow problem (CAN-2004-1300).
http://www.linuxsecurity.com/content/view/117980
Stefan Esser and Marcus Boerger found several buffer overflow
problems in the unserializer functions of PHP (CAN-2004-1019) and Ilia
Alshanetsky (CAN-2004-1065) found one in the exif parser. Any of them
could allow remote attackers to execute arbitrary code as the user running
the PHP interpreter. http://www.linuxsecurity.com/content/view/117944
