Information Security News mailing list archives
Linux Advisory Watch, Oct 27th 2000
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 27 Oct 2000 10:21:56 -0400
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | October 27th, 2000 Volume 1, Number 26a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com This week, advisories were released for apache, gnupg, ping, ypbind, ypserve, mysql, cyrus-sal, curl, ppp-off, and xlockmore. The vendors include Immunix, Mandrake, Red Hat, and Slackware. It is critical that you update all vulnerable packages to reduce the risk of being compromised. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. -- OpenDoc Publishing -- Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. http://www.linuxsecurity.com/sponsors/opendocs.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing +---------------------------------+ | Immunix Advisories | ----------------------------// +---------------------------------+ * Immunix: 'apache' update October 26th, 2000 SEE VENDOR ADVISORY FOR UPDATED PACKAGES Vendory Advisory: -> http://www.linuxsecurity.com/advisories/other_advisory-832.html * Immunix: 'ping' update October 25th, 2000 I have built packages for this update for Immunix OS 6.2 (StackGuarded versions of the RedHat packages.) Package Name: iputils-20001010-1.6x_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ MD5 Checksum: a2ca041fcf413ca9f6f1a3a339baede2 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/other_advisory-827.html * Immunix: 'ypbind' update October 25th, 2000 Package Name: ypbind-1.7-0.6.x_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ MD5 Checksum: ffad6480d58893e981fca4dfdf6b7ab0 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/other_advisory-828.html * Immunix: 'gnupg' update October 25th, 2000 SEE RED HAT ADVISORY FOR VULNERABILITY DESCRIPTION Package Name: gnupg-1.0.4-4.6.x_StackGuard.i386.rpm http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/ MD5 Checksum: 26e72a961ff0d7f8fb7035bc14e1e47f Vendor Advisory: -> http://www.linuxsecurity.com/advisories/other_advisory-826.html +---------------------------------+ | Mandrake Advisories | ----------------------------// +---------------------------------+ * Mandrake: 'gnupg' update October 21st, 2000 A problem exists in all versions of GnuPG prior to and including 1.0.3. Because of this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is in fact valid. Linux-Mandrake 7.0: gnupg-1.0.4-1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/ MD5 Checksum: 7109e14adec57754a7131a08f8d478f7 Linux-Mandrake 7.1: gnupg-1.0.4-1mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/ MD5 Checksum: 7f07af78eff4d14b24c6a7300301eab8 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/mandrake_advisory-818.html * Mandrake: 'ypbind' and 'ypserv' updates October 24th, 2000 A format string parsing bug exists in ypbind 3.3 if it is run in debug mode which leaks file descriptors under certain circumstances which can lead to a DoS. In addition, ypbind may suffer from buffer overflows. In the ypserv program, a buffer overflow and format bug exist if the build system does not have vsyslog() or if configure fails to detect it. Linux-Mandrake 6.0: ypbind-3.3-25mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/ MD5 Checksum: c94e16fe0699ef929c231e9dc02f8416 ypserv-1.3.9-4mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.0/RPMS/ MD5 Checksum: 09c51e63bd71a9ef94d6f6abffad2698 - Linux-Mandrake 6.1: ypbind-3.3-25mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/ MD5 Checksum: e4432a5714fb995ea6c272206eff8f40 ypserv-1.3.9-4mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/6.1/RPMS/ MD5 Checksum: e7cbe8440877516c8b5dec04ca6429da - Linux-Mandrake 7.0: ypbind-3.3-25mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/ MD5 Checksum: 52dcef1933b60d109d752965e9ea0789 ypserv-1.3.9-4mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.0/RPMS/ MD5 Checksum: bea6a3029a09a7e8e291d742c5d4c08f - Linux-Mandrake 7.1: ypbind-3.3-25mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/ MD5 Checksum: 4ca3ef370ecb639c7d8d62900e2f9482 ypserv-1.3.9-4mdk.i586.rpm ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates/7.1/RPMS/ MD5 Checksum: dd943d35562464810c88bceb02d3ee76 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/mandrake_advisory-822.html +---------------------------------+ | MySQL Advisories | ----------------------------// +---------------------------------+ * Other: 'pam_mysql' vulnerability October 26th, 2000 pam_mysql is a pluggable authentication module to allow user authentication against mysql databases. The module constructs SQL statements using user input (username and password) without escaping it. This leads to trivial attacks that can result in the exposure of plaintext passwords/hashes to remote unauthorized login. Updated Package: http://download.sourceforge.net/pam-mysql/pam_mysql-0.4.7.tar.gz Vendor Advisory: -> http://www.linuxsecurity.com/advisories/other_advisory-833.html * MySQL Weak Authentication Advisory October 24th, 2000 The "MySQL Database Engine" uses an authentication scheme designed to prevent the flow of plaintext passwords over the network and the storage of them in plaintext. For that purpose a challenge-response mechanism for authentication has been implemented on all versions of MySQL. Slight variations are to be found between version 3.20 and 3.21 and above. Regrettably, this authentication mechanism is not cryptographically strong. Specifically, each time a user executes this mechanism, information allowing an attacker to recover this user's password is leaked. Using an attack of our design, described in the "Technical details" section of this advisory, an eavesdropper is able to recover the user's password after witnessing only a few executions of this protocol, and thence is able to authenticate to the database engine impersonating a valid user. PLEASE SEE ADVISORY FOR UPDATE INFORMATION Vendor Advisory: -> http://www.linuxsecurity.com/advisories/other_advisory-824.html +---------------------------------+ | Red Hat Advisories | ----------------------------// +---------------------------------+ * Redhat: 'cyrus-sasl' update October 26th, 2000 An error existed in the authorization checks in the version of cyrus-sasl shipped with Red Hat Linux 7. Due to this bug, users who had been successfully authenticated could be allowed access to resources even if the system had been configured to deny these users access. Red Hat Linux 7.0 i386: cyrus-sasl-1.5.24-11.i386.rpm ftp://updates.redhat.com/7.0/i386/ MD5 Checksum: 59aaec92c60ddaed257bd581d976055b Vendor Advisory: -> http://www.linuxsecurity.com/advisories/redhat_advisory-830.html * Redhat: 'apache' update October 23rd, 2000 A vulnerability in the mod_rewrite module and vulnerabilities in the virtual hosting facility in versions of Apache prior to 1.3.14 may allow attackers to view files on the server which are meant to be inaccessible. Format string vulnerabilities have been found in PHP versions 3 and 4. PLEASE SEE VENDOR ADVISORY FOR UPDATED PACKAGES Vendor Advisory: -> http://www.linuxsecurity.com/advisories/redhat_advisory-820.html * Redhat: 'curl' update October 23rd, 2000 A bug in some versions of curl would cause it to incorrectly parse error responses from FTP servers. A malicious FTP server could use this bug to crash its client. Red Hat Powertools 6.1 and 6.2: alpha: curl-7.3-3.6.x.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/ MD5 Checksum: bc82e6d136648cd1572c463d3cd4731d sparc: curl-7.3-3.6.x.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/ MD5 Checksum: 3b56782e10342ef8cab6d877f9aa7d93 i386: curl-7.3-3.6.x.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/ MD5 Checksum: e7c01e83605fc3e117f5f02ae9807109 - Red Hat Powertools 7.0: i386: curl-7.3-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/ MD5 Checksum: 65ea31811f5c85f52843bb925f235c8b Vendor Advisory: -> http://www.linuxsecurity.com/advisories/redhat_advisory-821.html * Redhat: 'ypbind' vulnerability October 23rd, 2000 Systems using Network Information Service, or NIS, use a daemon called ypbind to request information from a NIS server. This information is then used by the local machine. The logging code in ypbind is vulnerable to a printf string format attack which an attacker could exploit by passing ypbind a carefully crafted request. This attack can successfully lead to local root access. Red Hat Linux 5.x alpha: ypbind-3.3-10.alpha.rpm ftp://updates.redhat.com/5.2/alpha/ MD5 Checksum: 127274f9828d27f895e8d8eee8d38db6 Red Hat Linux 5.x sparc: ypbind-3.3-10.sparc.rpm ftp://updates.redhat.com/5.2/sparc/ MD5 Checksum: 3d0cd8b8700182b9b815525e1f99c82d Red Hat Linux 5.x i386: ypbind-3.3-10.i386.rpm ftp://updates.redhat.com/5.2/i386/ MD5 Checksum: 7bbf68a42a3c996c6f69b5ffaf2911f7 - Red Hat Linux 6.x alpha: ypbind-1.7-0.6.x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/ MD5 Checksum: 3a426e3060d31aa37b2a41d973ac3f63 Red Hat Linux 6.x sparc: ypbind-1.7-0.6.x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/ MD5 Checksum: 411017238af9a0a8891bd3078547336c Red Hat Linux 6.x i386: ypbind-1.7-0.6.x.i386.rpm ftp://updates.redhat.com/6.2/i386/ MD5 Checksum: 3beff51d6a0292fd9d50fe24d07097ac Vendor Advisory: -> http://www.linuxsecurity.com/advisories/redhat_advisory-819.html * Redhat: GnuPG update October 20th, 2000 A problem has been found in GnuPG versions (up to and including 1.0.3). Due to this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is invalid. Red Hat Linux 6.2: alpha: gnupg-1.0.4-4.6.x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/ MD5 Checksum: 204298ddaaa03d880099ee7c2129f8da sparc: gnupg-1.0.4-4.6.x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/ MD5 Checksum: 427e64e2057c003c9f8e0fe05e72e168 i386: gnupg-1.0.4-4.6.x.i386.rpm ftp://updates.redhat.com/6.2/i386/ MD5 Checksum: 7a8aecf95b78e5a94468426bb8cfafba Red Hat Linux 7.0: i386: gnupg-1.0.4-5.i386.rpm ftp://updates.redhat.com/7.0/i386/ MD5 Checksum: fc0d8aec076b4a9b8ed526a9ec5323a1 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/redhat_advisory-817.html +---------------------------------+ | Slackware Advisories | ----------------------------// +---------------------------------+ * Slackware: local /tmp vulnerability October 25th, 2000 A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug could allow a local user to corrupt system files. A fix has been made and an updated package is now available in the -current branch. Package Name: ppp.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/ MD5 Checksum: c879dd34413a5d9cf367640206492852 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/slackware_advisory-825.html * Slackware: 'xlockmore' update October 24th, 2000 A root exploit has been found in xlockmore packaged with Slackware. By providing a carefully crafted display variable to xlock, it is possible for a local attacker to gain root access. Anyone running xlock on a public machine should upgrade to this version of xlock (or disable xlock altogether) immediately. Package Name: xlock.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/x1/ MD5 Checksum: ca171919342cd7a3e18a3ac3cd91e252 Vendor Advisory: -> http://www.linuxsecurity.com/advisories/slackware_advisory-823.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch, Oct 27th 2000 vuln-newsletter-admins (Oct 30)