See also: last week's Security page.

Security

News

An update to our reports on security problems with proftpd and wu-ftp is available on our front page.

Security Reports

ISS issued an advisory on "Super", a utility which allows restricted super user privileges for some users. The advisory tested the problem on Debian GNU/Linux, though Super is also available for other Linux and Unix distributions. Debian uploaded a fix for the problem within a few hours. An official notice of the fix is being held until binary packages for all architectures are available and the mirrors have been updated.

Alfonso De Gregorio reported two bugs in traceroute which allow it to be used as a UDP or TCP flooder. The problems have been confirmed and, so far, updates for FreeBSD have been released.

Juan Diego Bolanos filed a report on /tmp problems with all versions of lynx. Follow ups on Bugtraq indicate that this is not a new problem; /tmp problem reports for lynx date back to March of 1998. No one seems to be stepping up to the plate to address the problems, however. In the mean time, Glynn Clements and Piotr Klaban stepped up to suggest some workarounds.

Kenn Humborg reported what turns out to be a problem with the rpms for ssh from ftp.replay.com. His followup describes the source of the problem and indicates that he'll contact the creators of the rpms and ask him to rebuild them.

A security patch for Network Flight Recorder is now available. They recommend installing the patch immediately. It appears to fix a variety of buffer overruns and some difficulties handling large alert queues when the central NFR system cannot be reached. This advisory from NAI details the vulnerability for which the patch was released.

A reported buffer overflow in mc, detailed here, does not appear to be exploitable in any way, at least according to this report from Julien Nadeau. It has been reported to the mc authors.

A buffer overflow in snplog was reported by Rupert Weber-Henschel. Check his posting for more details.

HERT reports a buffer overflow in lsof. lsof is a tool used on many systems to list open files. The HERT advisory indicates that the buffer overflow is vulnerable when lsof is installed setuid root or setgid. Vulnerable Linux distributions reported include SuSE, Debian and Red Hat. The workaround is easy, just change the permissions on lsof to 0755.

Updates

The Pine Development Team officially responded to last week's pine exploit report. In it, they explain that the problem lies not in pine but in metamail and specifically in the default mailcap file distributed the metamail MIME-support package. Thomas Roessler followed up with a description of how mutt handles the situation.

John D. Hardin updated his MIME-sanitization procmail filter to address the metamail vulnerability that affected pine. Here is his note with pointers to the new version.

Debian released an updated version of their advisory on wu-ftpd.

Resources

Version 1.0 of the Linux IP Firewall Log Analyzer (ipfwlog.pl) is available. More information and the script itself are available on the web.

Rob Slade has made available his review of "Fighting Computer Crime" by Donn B. Parker, 1998. He dislikes the beginning and end of the book but indicates that there is a great deal of useful information for the security practitioner.

The February 15th edition of CRYPTO-GRAM, Bruce Schneier's monthly newsletter, is now available. [From ISN]

Next: Kernel