![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Advisory Watch - November 9th 2001
Date: Mon, 12 Nov 2001 03:42:23 -0600 (CST)
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| November 9th, 2001 Volume 2, Number 45a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for procmail, lpd, webalizer,
sendmail, w3m, htdig, iptables, and the Linux kernel. The vendors include
Caldera, Conectiva, EnGarde, Red Hat, and SuSE.
Setup a Rock-Solid Server in Minutes! The EnGarde Linux distribution was
designed from the ground up as a secure solution, starting with the
principle of least privilege, and carrying it through every aspect of its
implementation.
http://www.engardelinux.org
** FREE Apache SSL Guide from Thawte **
Planning Web Server Security? Find out how to implement SSL!
Get the free Thawte Apache SSL Guide and find the answers to all
your Apache SSL security issues and more at:
http://www.gothawte.com/rd90.html
Take advantage of our Linux Security discussion list! This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
+---------------------------------+
| procmail | ----------------------------//
+---------------------------------+
Procmail is an incoming mail processor, typically used to implement mail
filters as well as sorting incoming mail into folders. There are several
signal handling race conditions in procmail that could be used by a local
attacker to gain root privileges.
Conectiva: 7.0
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
procmail-3.22-1U70_2cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1685.html
+---------------------------------+
| lpd | ----------------------------//
+---------------------------------+
There are multiple vulnerabilities in several implementations of the line
printer daemon (lpd). The line printer daemon enables various clients to
share printers over a network. Review your configuration to be sure you
have applied all relevant patches. We also encourage you to restrict
access to the lpd service to only authorized users.
PLEASE SEE LPD ADVISORY
LDP Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1686.html
+---------------------------------+
| webalizer | ----------------------------//
+---------------------------------+
An exploitable bug was found in webalizer which allows a remote attacker
to execute commands on other client machines or revealing sensitive
information by placing HTML tags in the right place. This is possible due
to missing sanity checks on untrusted data - hostnames and search keywords
in this case - that are received by webalizer. This kind of attack is also
known as "Cross-Site Scripting Vulnerability".
i386 Intel Platform: SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/
webalizer-2.01.06-140.i386.rpm
3525fd6ab9c27be34edad9bef05ff061
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1687.html
+---------------------------------+
| sendmail | ----------------------------//
+---------------------------------+
An input validation error exists in Sendmail's debugging functionality.
This could be used by an unauthorized user to gain privilege.
Caldera:
ftp://stage.caldera.com/pub/security/openunix/
CSSA-2001-SCO.31/sendmail.Z
d6fbe6e6ab98a0170c2d5029b4ade1bf
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1688.html
+---------------------------------+
| w3m | ----------------------------//
+---------------------------------+
Ogasawara Satoshi and Kobayashi Shigehiro discovered a vulnerability[1] in
a MIME header parsing routine. A malicious web server administrator could
execute arbitrary code in the client machine by sending malformed MIME
headers inside the server HTTP responses.
Conectiva:
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/
w3m-0.2.1-4U70_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1690.html
+---------------------------------+
| htdig | ----------------------------//
+---------------------------------+
In the previous version, the htsearch CGI script used to accept the -c
switch remotely--asking htdig to use a different configuration file. The
update removes this potential exploit.
Red Hat 7.2 i386:
ftp://updates.redhat.com/7.2/en/os/i386/
htdig-3.2.0-1.b4.0.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/
htdig-web-3.2.0-1.b4.0.72.i386.rpm
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1691.html
+---------------------------------+
| iptables | ----------------------------//
+---------------------------------+
A new version of iptables fixing various minor security problems and some
other bugs is available.
Red Hat i386:
ftp://updates.redhat.com/7.2/en/os/i386/iptables-1.2.4-2.i386.rpm
6434f2a021ac8ca30b04d3f560f7a76a
ftp://updates.redhat.com/7.2/en/os/i386/i
ptables-ipv6-1.2.4-2.i386.rpm
b8abccb90b6a019a8c0ca5f4c43da8b5
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1689.html
+---------------------------------+
| kernels | ----------------------------//
+---------------------------------+
There are is a vulnerability in the kernel's syncookie code which can
allow a remote attacker to potentially guess the cookie and bypass
firewall rules. Some firewall systems implement rules based on the TCP
flags set. They may drop or reject incoming packets that have the SYN bit
set, which normally indicates the start of a new connection. It is
possible for an attacker to flood the server with SYN packets, causing a
DoS attack. To protect against this DoS the kernel implements something
called "syncookies".
PLEASE SEE VENDOR ADVISORY
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1680.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1681.html
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1682.html
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1683.html
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1684.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.