Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Linux Advisory Watch, Nov 10th 2000

From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 10 Nov 2000 11:07:42 -0500
+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux  Advisory Watch  |
|  November 10th, 2000                     Volume 1, Number 28a  |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                  Benjamin Thomas
               dave () linuxsecurity com       ben () linuxsecurity com

This week, advisories were released for netscape, xfce, global, top,
tcpdump, usermode, and dump.  The vendors include FreeBSD, RedHat,
and Trustix.  If you have FreeBSD systems, we recommend that you
update immediately.  I am beginning to wonder if the Linux vendors
were caught up in the election.  Five of the seven advisories this
week were from FreeBSD.  If you have not been keeping up with
advisories, it may be a good idea to go back a few weeks and make
sure your system has been properly patched.  Older advisories can be
found at

http://www.linuxsecurity.com/advisories/index.html

-- OpenDoc Publishing --
Our sponsor this week is OpenDoc Publishing.  Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.

http://www.linuxsecurity.com/sponsors/opendocs.html

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html


+---------------------------------+
|   Installing a new package:     | ------------------------------//
+---------------------------------+

   # rpm  -Uvh
   # dpkg -i

Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager).  Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.

+---------------------------------+
|   Checking Package Integrity:   | -----------------------------//
+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied.  It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

  # md5sum
    ebf0d4a0d236453f63a797ea20f0758b

The string of numbers can then be compared against the MD5 checksum
published by the packager.  While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing



+---------------------------------+
|        FreeBSD Advisories       | ----------------------------//
+---------------------------------+

* FreeBSD:  'xfce' ports vulnerability
November 7th, 2000

Local users can monitor and control the contents of the X display
running xfce, as well as input devices such as mice and keyboards.

 Updated Package: xfce-3.12.tgz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/

 Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/freebsd_advisory-854.html



* FreeBSD:  'netscape' ports vulnerability
November 7th, 2000

Remote attackers can execute arbitrary code on the local system by
convincing users to visit a malicious website. Versions of netscape
prior to 4.76 allow a client-side exploit through a buffer overflow
in html code. A malicious website operator can cause arbitrary code
to be executed by the user running the netscape client.

 Updated Package:
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/

 Vendor Advisory:
 -> http://www.linuxsecurity.com/advisories/freebsd_advisory-855.html



* FreeBSD: 'tcpdump' vulnerability
November 6th, 2000

Remote users can cause the local tcpdump process to crash, and (under
FreeBSD 4.0-RELEASE, 4.1-RELEASE, 4.1.1-RELEASE and 4.1.1-STABLE
prior to the correction date) may be able to cause arbitrary code to
be executed as the user running tcpdump, usually root.

 Updated Package: tcpdump-4.x.patch.v1.1
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/

 Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/freebsd_advisory-851.html



* FreeBSD: 'global' root compromise
November 6th, 2000

If the 'htags -f' command is used to generate a CGI script which is
then installed under a webserver, then remote users may execute
arbitrary commands on the local system as the user which runs the CGI
script. If you have not chosen to install the global port/package, or
you have not used the 'htags -f' command to produce a CGI script,
then your system is not vulnerable to this problem.

 Updated Package: global-4.0.1.tgz
 ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/

 Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/freebsd_advisory-853.html




* FreeBSD: 'top' vulnerability
November 6th, 2000

Local users can read privileged data from kernel memory which may
provide information allowing them to further increase their local or
remote system access privileges.

 Updated Package: top.patch.v1.1
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/

 Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/freebsd_advisory-852.html



+---------------------------------+
|       RedHat  Advisories        | ----------------------------//
+---------------------------------+

* RedHat: 'usermode' format-string vulnerability
November 9th, 2000

The usermode package contains a binary (/usr/bin/userhelper), which
is used to control access to programs which are to be executed as
root. Because programs invoked by userhelper are not actually running
setuid-root, security measures built into recent versions of glibc
are not active.

 Red Hat Linux 6.2:

 alpha:
 ftp://updates.redhat.com/6.2/alpha/usermode-1.37-1.6.alpha.rpm
 MD5 Checksum:  978af994a09fcbc4bf1cb2fa2723bfe7

 ftp://updates.redhat.com/6.2/alpha/SysVinit-2.78-5.alpha.rpm
 MD5 Checksum:  546bf7949c5be73b9f28b1819bfbd7c6

 sparc:
 ftp://updates.redhat.com/6.2/sparc/usermode-1.37-1.6.sparc.rpm
 MD5 Checksum:  ba94a59a3a8195346735f202f28af3f8

 ftp://updates.redhat.com/6.2/sparc/SysVinit-2.78-5.sparc.rpm
 MD5 Checksum:  4dfeacb8db12af4b2666f2792e1027c1

 i386:
 ftp://updates.redhat.com/6.2/i386/usermode-1.37-1.6.i386.rpm
 MD5 Checksum:  e8fe2db6f95348a93a373673b1c87443

 ftp://updates.redhat.com/6.2/i386/SysVinit-2.78-5.i386.rpm
 MD5 Checksum:  ca5b97a1abb47b64d71ef69ab96fcb8a


 Red Hat Linux 7.0:

 i386:
 ftp://updates.redhat.com/7.0/i386/usermode-1.37-2.i386.rpm
 MD5 Checksum:  c32888b6f362b04f8a3805d4465c042a

 Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/redhat_advisory-856.html



+---------------------------------+
|        Trustix Advisories       | ----------------------------//
+---------------------------------+

* Trustix:  'dump' vulnerability
November 4th, 2000

All released versions of Trustix Secure Linux contain a version of
dump that is known to have a local root exploit. People with
untrusted local users should upgrade as soon as possible.

 Package Name: dump-0.4b19-2tr.i586.rpm
 ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
 MD5 Checksum: fd266c1a6a8a5d2ab9b65fc0f9affc32

 Pacakge Name: rmt-0.4b19-2tr.i586.rpm
 ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
 MD5 Checksum: a1429d8d752e0cbff0154b0c3ff90b0c

 Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-850.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request () linuxsecurity com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: