1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Linux Vulnerabilities: Febuary

Discussion in 'Linux and Unix' started by eddie5659, Feb 2, 2003.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    36,380
    Hiya

    Florian Lohoff discovered a bug in the dhcrelay causing it to send a
    continuing packet storm towards the configured DHCP server(s) in case
    of a malicious BOOTP packet, such as sent from buggy Cisco switches.

    When the dhcp-relay receives a BOOTP request it forwards the request
    to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff
    which causes the network interface to reflect the packet back into the
    socket. To prevent loops the dhcrelay checks whether the
    relay-address is its own, in which case the packet would be dropped.
    In combination with a missing upper boundary for the hop counter an
    attacker can force the dhcp-relay to send a continuing packet storm
    towards the configured dhcp server(s).

    This patch introduces a new commandline switch ``-c maxcount'' and
    people are advised to start the dhcp-relay with ``dhcrelay -c 10''
    or a smaller number, which will only create that many packets.

    The dhcrelay program from the ``dhcp'' package does not seem to be
    affected since DHCP packets are dropped if they were apparently
    relayed already.

    For the stable distribution (woody) this problem has been fixed in
    version 3.0+3.0.1rc9-2.2.

    The old stable distribution (potato) does not contain dhcp3 packages.

    For the unstable distribution (sid) this problem has been fixed in
    version 1.1.2-1.

    We recommend that you upgrade your dhcp3 package when you are using
    the dhcrelay server.


    http://www.linuxsecurity.com/advisories/debian_advisory-2820.html

    Multiple vulnerabilities have been found in MIT Kerberos 5 releases
    prior to release 1.2.5. MIT recommends updating to 1.2.7 if possible.

    http://www.linuxsecurity.com/advisories/other_advisory-2821.html

    Vincent Danen of Mandrake Linux noticed that according to the change
    log [0] for MySQL release 3.23.55 [1] a vulnerbility has been fixed
    where a double-free pointer bug in mysql_change_user() handling
    enabled a specially hacked version of MySQL client to crash mysqld.
    The vendor states that one needs to successfully login to the server
    by using a valid user account to be able to exploit this bug.

    Please check whether you are affected by running "/bin/rpm -q
    mysql". If you have the "mysql" package installed and its version is
    affected (see above), we recommend that you immediately upgrade it


    http://www.linuxsecurity.com/advisories/other_advisory-2822.html

    The developers of tomcat discovered several problems in tomcat version
    3.x. The Common Vulnerabilities and Exposures project identifies the
    following problems:

    . CAN-2003-0042: A maliciously crafted request could return a
    directory listing even when an index.html, index.jsp, or other
    welcome file is present. File contents can be returned as well.

    . CAN-2003-0043: A malicious web application could read the contents
    of some files outside the web application via its web.xml file in
    spite of the presence of a security manager. The content of files
    that can be read as part of an XML document would be accessible.

    . CAN-2003-0044: A cross-site scripting vulnerability was discovered
    in the included sample web application that allows remote attackers
    to execute arbitrary script code.

    For the stable distribution (woody) this problem has been fixed in
    version 3.3a-4.1.

    The old stable distribution (potato) does not contain tomcat packages.

    For the unstable distribution (sid) this problem has been fixed in
    version 3.3.1a-1.

    We recommend that you upgrade your tomcat package.



    http://www.linuxsecurity.com/advisories/debian_advisory-2823.html

    The developers of courier, an integrated user side mail server,
    discovered a problem in the PostgreSQL auth module. Not all
    potentially malicious characters were sanitized before the username
    was passed to the PostgreSQL engine. An attacker could inject
    arbitrary SQL commands and queries exploiting this vulnerability. The
    MySQL auth module is not affected.

    For the stable distribution (woody) this problem has been fixed in
    version 0.37.3-3.3.

    The old stable distribution (potato) does not contain courier packages.

    For the unstable distribution (sid) this problem has been fixed in
    version 0.40.2-3.

    We recommend that you upgrade your courier-authpostgresql package.

    http://www.linuxsecurity.com/advisories/debian_advisory-2824.html

    Kerberos is a network authentication system.

    A problem has been found in the Kerberos ftp client. When retrieving a
    file with a filename beginning with a pipe character, the ftp client will
    pass the filename to the command shell in a system() call. This could
    allow a malicious ftp server to write to files outside of the current
    directory or execute commands as the user running the ftp client.

    The Kerberos ftp client runs as the default ftp client when the Kerberos
    package krb5-workstation is installed on a Red Hat Linux distribution.

    All users of Kerberos are advised to upgrade to these errata packages which
    contain a backported patch and are not vulnerable to this issue.


    http://www.linuxsecurity.com/advisories/redhat_advisory-2825.html

    Double-free vulnerabiity in CVS allows remote attackers to cause
    a denial of service and possibly execute arbitrary code via a
    malformed Directory request.

    http://www.linuxsecurity.com/advisories/caldera_advisory-2826.html

    Regards

    eddie
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    36,380
    Hiya

    An insecure use of a temporary file has been found in Python. This erratum
    provides updated Python packages.

    [updated Feb 12 2003]
    Updated packages for Red Hat Linux 7.3 are available that fix a binary
    incompatibility change in the original erratum packages that affected
    redhat-config-users, and to add back the missing python-tools package.

    http://www.linuxsecurity.com/advisories/redhat_advisory-2849.html

    Updated PAM packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and
    8.0. These packages correct a bug in pam_xauth's handling of authorization
    data for the root user.


    http://www.linuxsecurity.com/advisories/redhat_advisory-2850.html

    New fileutils packages for Red Hat Linux 6.2, 7.0, 7.1, 7.2 and 7.3 fix a
    race condition in recursive remove and move commands.


    http://www.linuxsecurity.com/advisories/redhat_advisory-2851.html

    Hironori Sakamoto, one of the w3m developers, found two security
    vulnerabilities in w3m and associated programs. The w3m browser does
    not properly escape HTML tags in frame contents and img alt
    attributes. A malicious HTML frame or img alt attribute may deceive a
    user to send his local cookies which are used for configuration. The
    information is not leaked automatically, though.

    For the stable distribution (woody) these problems have been fixed in
    version 0.3.p23.3-1.5. Please note that the update also contains an
    important patch to make the program work on the powerpc platform again.

    The old stable distribution (potato) is not affected by these
    problems.

    For the unstable distribution (sid) these problems have been fixed in
    version 0.3.p24.17-3 and later.

    We recommend that you upgrade your w3mmee-ssl packages.

    http://www.linuxsecurity.com/advisories/debian_advisory-2852.html

    Mozilla is an open-source web browser designed for standards
    compliance, performance and portability.

    This update addresses several vulnerabilities found after the mozilla
    1.0rc2 release, wich was the last version sent as an official
    update[1] for Conectiva Linux distributions. A complete list of such
    vulnerabilities can be obtained in [2,3], and details about the most
    known ones in [5,6,7,8,9].

    A remote attacker could exploit these vulnerabilities by creating
    malicious web pages that, when acessed, would crash the browser,
    potentially allow remote arbitrary code execution or cause some sort
    of unexpected behavior.

    The packages from this update are of Mozilla 1.2.1, which is the
    latest stable release[10] from mozilla.org and includes fixes for the
    known vulnerabilities. Besides the security fixes, it also includes
    several new features and other minor corrections.

    The vulnerabilities aforementioned also affect the Galeon web
    browser, which uses the Mozilla engine. Galeon is being updated to
    the version 1.2.7 in Conectiva Linux 8, but not in Conectiva Linux
    6.0 and 7.0. The Galeon version distributed in these versions of
    Conectiva Linux was in its early stages of development and would not
    work with the new Mozilla packages. A new version of Galeon for these
    distributions would need many other updated packages and therefore
    will not be provided.

    http://www.linuxsecurity.com/advisories/connectiva_advisory-2853.html

    Hironori Sakamoto, one of the w3m developers, found two security
    vulnerabilities in w3m and associated programs. The w3m browser does
    not properly escape HTML tags in frame contents and img alt
    attributes. A malicious HTML frame or img alt attribute may deceive a
    user to send his local cookies which are used for configuration. The
    information is not leaked automatically, though.

    For the stable distribution (woody) these problems have been fixed in
    version 0.3-2.4.

    The old stable distribution (potato) is not affected by these
    problems.

    For the unstable distribution (sid) these problems have been fixed in
    version 0.3.2.2-1 and later.

    We recommend that you upgrade your w3m and w3m-ssl packages.

    http://www.linuxsecurity.com/advisories/debian_advisory-2855.html

    The util-linux package provides the mcookie utility, a tool for
    generating random cookies that can be used for X authentication. The
    util-linux packages that were distributed with Mandrake Linux 8.2 and
    9.0 had a patch that made it use /dev/urandom instead of /dev/random,
    which resulted in the mcookie being more predictable than it would
    otherwise be. This patch has been removed in these updates, giving
    mcookie a better source of entropy and making the generated cookies
    less predictable. Thanks to Dirk Mueller for pointing this out.

    http://www.linuxsecurity.com/advisories/mandrake_advisory-2854.html

    Regards

    eddie
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    36,380
    Hiya

    A problem has been discovered in slocate, a secure locate replacement.
    A buffer overflow in the setuid program slocate can be used to execute
    arbitrary code as superuser.

    For the stable distribution (woody) this problem has been
    fixed in version 2.6-1.3.1.

    The old stable distribution (potato) is not affected by this problem.

    For the unstable distribution (sid) this problem has been fixed in
    version 2.7-1.

    We recommend that you upgrade your slocate package immediately.

    http://www.linuxsecurity.com/advisories/debian_advisory-2880.html

    LDAP servers and clients, as well as interfaces to other protocols.
    Note that this does not include the slapd interface to X.500 and
    therefore does not require the ISODE package.


    Problem description:
    Several minor security issues where fixed in the new upstream version:
    1.2.13

    http://www.linuxsecurity.com/advisories/trustix_advisory-2882.html

    MySQL is a true multi-user, multi-threaded SQL (Structured Query
    Language) database server. MySQL is a client/server implementation
    that consists of a server daemon (mysqld) and many different client
    programs/libraries.


    Problem description:
    The new upstream version of mysql, 3.23.55, included several minor
    security fixes.


    http://www.linuxsecurity.com/advisories/trustix_advisory-2883.html

    PostgreSQL is an advanced Object-Relational database management system
    (DBMS) that supports almost all SQL constructs (including
    transactions, subselects and user-defined types and functions). The
    postgresql package includes the client programs and libraries that
    you'll need to access a PostgreSQL DBMS server. These PostgreSQL
    client programs are programs that directly manipulate the internal
    structure of PostgreSQL databases on a PostgreSQL server. These client
    programs can be located on the same machine with the PostgreSQL
    server, or may be on a remote machine which accesses a PostgreSQL
    server over a network connection. This package contains the docs
    in HTML for the whole package, as well as command-line utilities for
    managing PostgreSQL databases on a PostgreSQL server.


    http://www.linuxsecurity.com/advisories/trustix_advisory-2884.html

    From the openssl advisory:
    OpenSSL version since 0.9.6c supposedly treat block cipher padding
    errors like MAC verification errors during record decryption
    (see http://www.openssl.org/~bodo/tls-cbc.txt), but MAC verification
    was still skipped after detection of a padding error, which allowed
    the timing attack. (Note that it is likely that other SSL/TLS
    implementations will have similar problems.)

    OpenSSL 0.9.6i and 0.9.7a perform a MAC computation even if incorrrect
    block cipher padding has been found to minimize information leaked via
    timing. For earlier versions starting with 0.9.6e, the enclosed
    security patch can be used.

    http://www.linuxsecurity.com/advisories/trustix_advisory-2885.html

    The initscripts package contains the basic system scripts used to boot
    your Trustix system, change run levels, and shut the system down
    cleanly. Initscripts also contains the scripts that activate and
    deactivate most network interfaces.

    PAM (Pluggable Authentication Modules) is a system security tool
    which allows system administrators to set authentication policy
    without having to recompile programs which do authentication.

    The SysVinit package contains a group of processes that control
    the very basic functions of your system. SysVinit includes the init
    program, the first program started by the Linux kernel when the
    system boots. Init then controls the startup, running and shutdown
    of all other programs.


    http://www.linuxsecurity.com/advisories/trustix_advisory-2881.html

    "Due to a remotely exploitable security hole being discovered that
    effects all previous Webmin releases, version 1.070 is now available
    for download from http://www.webmin.com/ and mirror sites. This
    problem was reported by Cintia M. Imanishi, but fortunately there
    have been no known malicious exploits of it yet. However, all users
    should upgrade to 1.070 as soon as possible."


    http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/116669

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice