Information Security News mailing list archives
Linux Advisory Watch, Oct 27th 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 27 Oct 2000 10:21:56 -0400
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 27th, 2000 Volume 1, Number 26a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave () linuxsecurity com ben () linuxsecurity com
This week, advisories were released for apache, gnupg, ping, ypbind,
ypserve, mysql, cyrus-sal, curl, ppp-off, and xlockmore. The vendors
include Immunix, Mandrake, Red Hat, and Slackware. It is critical
that you update all vulnerable packages to reduce the risk of being
compromised.
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
-- OpenDoc Publishing --
Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat
6.2 PowerTools edition.
http://www.linuxsecurity.com/sponsors/opendocs.html
+---------------------------------+
| Installing a new package: | ------------------------------//
+---------------------------------+
# rpm -Uvh
# dpkg -i
Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.
+---------------------------------+
| Checking Package Integrity: | -----------------------------//
+---------------------------------+
The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.
# md5sum
ebf0d4a0d236453f63a797ea20f0758b
The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing
+---------------------------------+
| Immunix Advisories | ----------------------------//
+---------------------------------+
* Immunix: 'apache' update
October 26th, 2000
SEE VENDOR ADVISORY FOR UPDATED PACKAGES
Vendory Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-832.html
* Immunix: 'ping' update
October 25th, 2000
I have built packages for this update for Immunix OS 6.2
(StackGuarded versions of the RedHat packages.)
Package Name: iputils-20001010-1.6x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 Checksum: a2ca041fcf413ca9f6f1a3a339baede2
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-827.html
* Immunix: 'ypbind' update
October 25th, 2000
Package Name: ypbind-1.7-0.6.x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 Checksum: ffad6480d58893e981fca4dfdf6b7ab0
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-828.html
* Immunix: 'gnupg' update
October 25th, 2000
SEE RED HAT ADVISORY FOR VULNERABILITY DESCRIPTION
Package Name: gnupg-1.0.4-4.6.x_StackGuard.i386.rpm
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/
MD5 Checksum: 26e72a961ff0d7f8fb7035bc14e1e47f
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-826.html
+---------------------------------+
| Mandrake Advisories | ----------------------------//
+---------------------------------+
* Mandrake: 'gnupg' update
October 21st, 2000
A problem exists in all versions of GnuPG prior to and including
1.0.3. Because of this problem, GnuPG may report files which have
been signed with multiple keys (one or more of which may be
incorrect) to be valid even if one of the signatures is in fact
valid.
Linux-Mandrake 7.0: gnupg-1.0.4-1mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 Checksum: 7109e14adec57754a7131a08f8d478f7
Linux-Mandrake 7.1: gnupg-1.0.4-1mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 Checksum: 7f07af78eff4d14b24c6a7300301eab8
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/mandrake_advisory-818.html
* Mandrake: 'ypbind' and 'ypserv' updates
October 24th, 2000
A format string parsing bug exists in ypbind 3.3 if it is run in
debug mode which leaks file descriptors under certain circumstances
which can lead to a DoS. In addition, ypbind may suffer from buffer
overflows. In the ypserv program, a buffer overflow and format bug
exist if the build system does not have vsyslog() or if configure
fails to detect it.
Linux-Mandrake 6.0: ypbind-3.3-25mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/
MD5 Checksum: c94e16fe0699ef929c231e9dc02f8416
ypserv-1.3.9-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/
MD5 Checksum: 09c51e63bd71a9ef94d6f6abffad2698
-
Linux-Mandrake 6.1: ypbind-3.3-25mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/
MD5 Checksum: e4432a5714fb995ea6c272206eff8f40
ypserv-1.3.9-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/
MD5 Checksum: e7cbe8440877516c8b5dec04ca6429da
-
Linux-Mandrake 7.0: ypbind-3.3-25mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 Checksum: 52dcef1933b60d109d752965e9ea0789
ypserv-1.3.9-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/
MD5 Checksum: bea6a3029a09a7e8e291d742c5d4c08f
-
Linux-Mandrake 7.1: ypbind-3.3-25mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 Checksum: 4ca3ef370ecb639c7d8d62900e2f9482
ypserv-1.3.9-4mdk.i586.rpm
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/
MD5 Checksum: dd943d35562464810c88bceb02d3ee76
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/mandrake_advisory-822.html
+---------------------------------+
| MySQL Advisories | ----------------------------//
+---------------------------------+
* Other: 'pam_mysql' vulnerability
October 26th, 2000
pam_mysql is a pluggable authentication module to allow user
authentication against mysql databases. The module constructs SQL
statements using user input (username and password) without escaping
it. This leads to trivial attacks that can result in the exposure of
plaintext passwords/hashes to remote unauthorized login.
Updated Package:
http://download.sourceforge.net/pam-mysql/pam_mysql-0.4.7.tar.gz
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-833.html
* MySQL Weak Authentication Advisory
October 24th, 2000
The "MySQL Database Engine" uses an authentication scheme designed to
prevent the flow of plaintext passwords over the network and the
storage of them in plaintext. For that purpose a challenge-response
mechanism for authentication has been implemented on all versions of
MySQL. Slight variations are to be found between version 3.20 and
3.21 and above.
Regrettably, this authentication mechanism is not
cryptographically strong. Specifically, each time a user executes
this mechanism, information allowing an attacker to recover this
user's password is leaked. Using an attack of our design, described
in the "Technical details" section of this advisory, an eavesdropper
is able to recover the user's password after witnessing only a few
executions of this protocol, and thence is able to authenticate to
the database engine impersonating a valid user.
PLEASE SEE ADVISORY FOR UPDATE INFORMATION
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/other_advisory-824.html
+---------------------------------+
| Red Hat Advisories | ----------------------------//
+---------------------------------+
* Redhat: 'cyrus-sasl' update
October 26th, 2000
An error existed in the authorization checks in the version of
cyrus-sasl shipped with Red Hat Linux 7. Due to this bug, users who
had been successfully authenticated could be allowed access to
resources even if the system had been configured to deny these users
access.
Red Hat Linux 7.0 i386: cyrus-sasl-1.5.24-11.i386.rpm
ftp://updates.redhat.com/7.0/i386/
MD5 Checksum: 59aaec92c60ddaed257bd581d976055b
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/redhat_advisory-830.html
* Redhat: 'apache' update
October 23rd, 2000
A vulnerability in the mod_rewrite module and vulnerabilities in the
virtual hosting facility in versions of Apache prior to 1.3.14 may
allow attackers to view files on the server which are meant to be
inaccessible. Format string vulnerabilities have been found in PHP
versions 3 and 4.
PLEASE SEE VENDOR ADVISORY FOR UPDATED PACKAGES
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/redhat_advisory-820.html
* Redhat: 'curl' update
October 23rd, 2000
A bug in some versions of curl would cause it to incorrectly parse
error responses from FTP servers. A malicious FTP server could use
this bug to crash its client.
Red Hat Powertools 6.1 and 6.2:
alpha: curl-7.3-3.6.x.alpha.rpm
ftp://updates.redhat.com/powertools/6.2/alpha/
MD5 Checksum: bc82e6d136648cd1572c463d3cd4731d
sparc: curl-7.3-3.6.x.sparc.rpm
ftp://updates.redhat.com/powertools/6.2/sparc/
MD5 Checksum: 3b56782e10342ef8cab6d877f9aa7d93
i386: curl-7.3-3.6.x.i386.rpm
ftp://updates.redhat.com/powertools/6.2/i386/
MD5 Checksum: e7c01e83605fc3e117f5f02ae9807109
-
Red Hat Powertools 7.0:
i386: curl-7.3-4.i386.rpm
ftp://updates.redhat.com/powertools/7.0/i386/
MD5 Checksum: 65ea31811f5c85f52843bb925f235c8b
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/redhat_advisory-821.html
* Redhat: 'ypbind' vulnerability
October 23rd, 2000
Systems using Network Information Service, or NIS, use a daemon
called ypbind to request information from a NIS server. This
information is then used by the local machine. The logging code in
ypbind is vulnerable to a printf string format attack which an
attacker could exploit by passing ypbind a carefully crafted request.
This attack can successfully lead to local root access.
Red Hat Linux 5.x alpha: ypbind-3.3-10.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/
MD5 Checksum: 127274f9828d27f895e8d8eee8d38db6
Red Hat Linux 5.x sparc: ypbind-3.3-10.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/
MD5 Checksum: 3d0cd8b8700182b9b815525e1f99c82d
Red Hat Linux 5.x i386: ypbind-3.3-10.i386.rpm
ftp://updates.redhat.com/5.2/i386/
MD5 Checksum: 7bbf68a42a3c996c6f69b5ffaf2911f7
-
Red Hat Linux 6.x alpha: ypbind-1.7-0.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/
MD5 Checksum: 3a426e3060d31aa37b2a41d973ac3f63
Red Hat Linux 6.x sparc: ypbind-1.7-0.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/
MD5 Checksum: 411017238af9a0a8891bd3078547336c
Red Hat Linux 6.x i386: ypbind-1.7-0.6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/
MD5 Checksum: 3beff51d6a0292fd9d50fe24d07097ac
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/redhat_advisory-819.html
* Redhat: GnuPG update
October 20th, 2000
A problem has been found in GnuPG versions (up to and including
1.0.3). Due to this problem, GnuPG may report files which have been
signed with multiple keys (one or more of which may be incorrect) to
be valid even if one of the signatures is invalid.
Red Hat Linux 6.2:
alpha: gnupg-1.0.4-4.6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/
MD5 Checksum: 204298ddaaa03d880099ee7c2129f8da
sparc: gnupg-1.0.4-4.6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/
MD5 Checksum: 427e64e2057c003c9f8e0fe05e72e168
i386: gnupg-1.0.4-4.6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/
MD5 Checksum: 7a8aecf95b78e5a94468426bb8cfafba
Red Hat Linux 7.0:
i386: gnupg-1.0.4-5.i386.rpm
ftp://updates.redhat.com/7.0/i386/
MD5 Checksum: fc0d8aec076b4a9b8ed526a9ec5323a1
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/redhat_advisory-817.html
+---------------------------------+
| Slackware Advisories | ----------------------------//
+---------------------------------+
* Slackware: local /tmp vulnerability
October 25th, 2000
A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug
could allow a local user to corrupt system files. A fix has been made
and an updated package is now available in the -current branch.
Package Name: ppp.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/
MD5 Checksum: c879dd34413a5d9cf367640206492852
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/slackware_advisory-825.html
* Slackware: 'xlockmore' update
October 24th, 2000
A root exploit has been found in xlockmore packaged with Slackware.
By providing a carefully crafted display variable to xlock, it is
possible for a local attacker to gain root access. Anyone running
xlock on a public machine should upgrade to this version of xlock (or
disable xlock altogether) immediately.
Package Name: xlock.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/x1/
MD5 Checksum: ca171919342cd7a3e18a3ac3cd91e252
Vendor Advisory:
-> http://www.linuxsecurity.com/advisories/slackware_advisory-823.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request () linuxsecurity com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, Oct 27th 2000 vuln-newsletter-admins (Oct 30)