[ISN] Linux Advisory Watch - March 02 2001 (fwd)

Dave Dittrich dittrich at cac.washington.edu
Sat Mar 3 07:50:03 PST 2001


---------- Forwarded message ----------
Date: Fri, 2 Mar 2001 13:25:19 -0500
Subject: [ISN] Linux Advisory Watch - March 02 2001
From: vuln-newsletter-admins at linuxsecurity.com
To: ISN at SECURITYFOCUS.COM

+----------------------------------------------------------------+

| LinuxSecurity.com Linux Advisory Watch |

| March 2nd, 2001 Volume 2, Number 9a |

+----------------------------------------------------------------+

Editors: Dave Wreski Benjamin Thomas
dave at linuxsecurity.com ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for sudo, dump, lpr, php, sumrpc,
zope, and analog. The vendors include Conectiva, Debian, Immunix,
FreeBSD, Mandrake, Red Hat, Slackware, and Trustix. It is critical
that you update all vulnerable packages.

*Linux 2.4: Next Generation Kernel Security *
This document outlines the kernel security improvements that have
been made in the 2.4 kernel. A number of significant improvements
including cryptography and access control make 2.4 a serious
contender for secure corporate environments as well as private
virtual networking.

http://www.linuxsecurity.com/feature_stories/kernel-24-security.html


FREE SECURITY BOOKS - Guardian Digital has just announced an offer
for free 2 free security books with the purchase of any secure Linux
Lockbox. The Lockbox is an Open Source network server appliance
engineered to be a complete secure e-business solution. It can be
used as a commerce server, web server, DNS, mail, and database
server. Please see Guardian Digital's website for details.

http://www.guardiandigital.com/bookoffer.html


HTML Version of Newsletter:
http://www.linuxsecurity.com/vuln-newsletter.html


+---------------------------------+

| Installing a new package: | ------------------------------//

+---------------------------------+

# rpm -Uvh
# dpkg -i

Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.

+---------------------------------+

| Checking Package Integrity: | -----------------------------//

+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

# md5sum
ebf0d4a0d236453f63a797ea20f0758b

The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing


+---------------------------------+

| Conectiva | ----------------------------//

+---------------------------------+

* Conectiva: 'sudo' buffer overflow
February 26th, 2001

"sudo" is a program used to delegate superuser privileges to ordinary
users and only for specific commands. There is a buffer overflow
vulnerability in sudo which could be used by an attacker to obtain
higher privileges.

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-1.6.3p6-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/
sudo-doc-1.6.3p6-1cl.i386.rpm

Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1170.html


+---------------------------------+

| Debian | ----------------------------//

+---------------------------------+

* Debian: 'sudo' buffer overflow
February 28th, 2001

Todd Miller announced a new version of sudo which corrects a buffer
overflow that could potentially be used to gain root privilages on
the local system. The fix from sudo 1.6.3p6 is available in sudo
1.6.2p2-1potato1 for Debian 2.2 (potato).

Alpha architecture:
http://security.debian.org/debian-security/dists/stable/
updates/main/binary-alpha/sudo_1.6.2p2-1potato1_alpha.deb
MD5 checksum: 16ff5db5460f787b859efc512b00fb32

Intel ia32 architecture:
http://security.debian.org/debian-security/dists/
stable/updates/main/binary-i386/sudo_1.6.2p2-1potato1_i386.deb
MD5 checksum: 837a528b2e0ad0971931794e1319b0f8

Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1177.html


+---------------------------------+

| Immunix | ----------------------------//

+---------------------------------+


* Immunix: 'sudo' buffer overflow
February 28th, 2001

The version of sudo shipped in Immunix OS 7.0-beta and 7.0 contains a
buffer overflow of a variable that is on the heap (which StackGuard
does not protect against.) This problem was originally reported by
Chris Wilson The 1.6.3p6 version of sudo was released to fix this
problem.

http://immunix.org/ImmunixOS/7.0/updates/RPMS/
sudo-1.6.3p6-1_imnx_1.i386.rpm
37ab56877a9f5444af8f7716117c8b8d

Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1179.html



* Immunix: 'dump' update; 'lpr' and 'php' vulnerabilities
February 26th, 2001

The dump package shipped with Immunix OS 6.2 had setuid bits set on
it. Also a buffer overflow was found in dump, but was stopped by
StackGuard. A new package has been released. The lpr package shipped
with Immunix OS 6.2 had a format string security bug, a potential
race condition, and a few LPRng compatibility issues. A new package
has been released fixing these problems. The php3 package shipped
with Immunix OS 6.2 had a number of logic bugs, which this 3.0.18
release should solve

PLEASE SEE VENDOR ADVISORY

Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1173.html



+---------------------------------+

| FreeBSD | ----------------------------//

+---------------------------------+


* FreeBSD: 'sunrpc' DoS
February 28th, 2001

A well known bug I first publicised back in 1998 still exists in the
FreeBSD libc sunrpc code. Linux glibc, OpenBSD and possibly even Sun
fixed the problem back in 1998

Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1178.html


+---------------------------------+

| Mandrake | ----------------------------//

+---------------------------------+


* Mandrake: 'sudo' buffer overflow
February 26th, 2001

A buffer overflow exists in the sudo program which could be used by
an attacker to obtain higher privileges. sudo is a program used to
delegate superuser privileges to ordinary users and only for specific
commands.

7.2/RPMS/sudo-1.6.3p6-1.1mdk.i586.rpm
fe583824271ac2a5af6dd533027e8794
http://www.linux-mandrake.com/en/ftp.php3

Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1172.html


* Mandrake: 'zope' vulnerability
February 26th, 2001

A new Hotfix for Zope has been released that fixes a very important
security issue that affects all versions of Zope prior to and
including 2.3.1b1. Users can use through-the-web scripting
capabilities on a Zope site to view and assign class attributes to
ZClasses, possibly allowing them to make inappropriate changes to
ZClass instances.

PLEASE SEE VENDOR ADVISORY FOR UPDATE
http://www.linux-mandrake.com/en/ftp.php3

Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1175.html


+---------------------------------+

| Red Hat | ----------------------------//

+---------------------------------+

* Red Hat: 'zope' vulnerabilities
February 26th, 2001

We *highly* recommend that any Zope site running versions of Zope up
to and including 2.3.1 b1 have this hotfix product installed to
mitigate these issues if the site is accessible by untrusted users
who have through-the-web scripting privileges."

PLEASE SEE VENDOR ADVISORY FOR COMPLETE UPDATE

Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1171.html


* Red Hat: 'analog' buffer overflow
February 23rd, 2001

Previous releases of analog were vulnerable to a buffer overflow
vulnerability where a malicious user could use an ALIAS command to
construct very long strings which were not checked for length.

ftp://updates.redhat.com/secureweb/2.0/i386/
analog-4.16-1.i386.rpm
5e52037dfd712a36a0aaec4b60bfba35

ftp://updates.redhat.com/secureweb/2.0/i386/
analog-form-4.16-1.i386.rpm
d7e7b05487b8cc744d90de91e0e184eb

Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1168.html



+---------------------------------+

| Slackware | ----------------------------//

+---------------------------------+

* Slackware: 'sudo' buffer overflow
February 26th, 2001

Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware
-current. This release fixes a known buffer overflow, which could be
used by malicious users to compromise parts of the system. If you
rely on Sudo and use one of the above versions of Slackware, it is
recommended that you upgrade to the new sudo.tgz package for the
version you're running.

ftp://ftp.slackware.com/pub/slackware/slackware-7.1/
patches/packages/sudo.tgz
8e5453142a9beab02384d26a323273eb

Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-1169.html



+---------------------------------+

| Trustix | ----------------------------//

+---------------------------------+


* Trustix: 'sudo' buffer overflow
February 26th, 2001

Trustix today released an updated version of the sudo package fixing
a buffer overflow, as announced by the sudo maintainer Todd C.
Miller.

sudo-1.6.3p6-1tr.i586.rpm
cc969c9746bea3ff01470c1eaf3ee415
ftp://ftp.trustix.net/pub/Trustix/updates/

Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1174.html











------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com

To unsubscribe email vuln-newsletter-request at linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV at SecurityFocus.com with a message body of
"SIGNOFF ISN".




More information about the Linux mailing list