2004.02_Xfree86, Zebra, Pan, Debian Compromised.pdf

NEWS

Insecurity

Insecurity News

Pan

Pan is a Gnome/GTK+ newsreader.

Kasper Dupont discovered a bug in Pan

versions prior to 0.13.4 that can cause

Pan to crash when parsing an article

header containing a very long author

email address. This bug causes a crash

(denial of service) but is not otherwise

exploitable. Charles Kerr has produced a

patch. The Common Vulnerabilities and

Exposures project has assigned the name

CAN-2003-0855 to this issue.

XFree86

XFree86 is an implementation of the

X Window System providing the core

graphical user interface and video

drivers. XDM is the X display manager.

Multiple integer overflows in the trans-

fer and enumeration of font libraries in

XFree86 allow local or remote attackers

to cause a denial of service or execute

arbitrary code via heap-based and stack-

based buffer overflow attacks. The

Common Vulnerabilities and Exposures

project has assigned the name CAN-

2003-0730 to this issue.

The risk to users from this vulnerabil-

ity is limited because only clients can be

affected by these bugs, however in some

(non-default) configurations, both xfs

and the X Server can act as clients to

remote font servers.

XDM does not verify whether the

pam_setcred function call succeeds,

which may allow attackers to gain root

privileges by triggering error conditions

within PAM modules, as demonstrated in

certain configurations of the pam_krb5

module. The Common Vulnerabilities

and Exposures project has assigned the

name CAN-2003-0690 to this issue.

XDM uses a weak session cookie gen-

eration algorithm that does not provide

128 bits of entropy, which allows attack-

ers to guess session cookies via brute

force methods and gain access to the

user session. The Common Vulnerabili-

ties and Exposures project has assigned

the name CAN-2003-0692 to this issue. ■

Red Hat reference RHSA-2003:288-05

■

Red Hat reference RHSA-2003:311-06

EPIC

EPIC (Enhanced Programmable ircII

Client) is an advanced ircII chat client

designed to connect to Internet Relay

Chat (IRC) servers.

A bug in various versions of EPIC

allows remote malicious IRC servers to

cause a denial of service (crash) and exe-

cute arbitrary code via a CTCP request

from a large nickname, which causes an

incorrect length calculation. The Com-

mon Vulnerabilities and Exposures

project has assigned the name CAN-

2003-0328 to this issue.

Zebra

Jonny Robertson reported that Zebra, an

implementation of TCP/IP routing, can

be remotely crashed if a Zebra password

has been enabled and an attacker can

connect to the Zebra telnet management

port. The Common Vulnerabilities and

Exposures project has assigned the name

CAN-2003-0795 to this issue.

■

Red Hat reference RHSA-2003:342-05

Red Hat reference RHSA-2003:307-09

glibc

glibc packages contain GNU libc, which

provides standard system libraries.

A vulnerability in the getgrouplist

function can cause a buffer overflow if

the size of the group list is too small to

hold all the user’s groups. This overflow

can cause segmentation faults in user

applications, which may have security

implications. This vulnerability exists

only when an administrator has placed a

user in a number of groups larger than

that expected by an application. There-

fore, there is no risk in instances where

users are members of few groups. The

Common Vulnerabilities and Exposures

project has assigned the name CAN-

2003-0689 to this issue.

Herbert Xu reported that various appli-

cations can accept spoofed messages

sent on the kernel netlink interface by

other users on the local machine. This

could lead to a local denial of service

attack. The Common Vulnerabilities and

Exposures project has assigned the name

CAN-2003-0859 to this issue.

■

Security Posture of Major Distributions

Distributor

Security Sources

Comments

Debian

Info: http://www.debian.org/security/

The current Debian security advisories are included

List: http://lists.debian.org/debian-

on the homepage. Advisories are provided as HTML

security-announce/ Reference: DSA-… 1)

pages with links to the patches. The security advisory

also contains a reference to the mailing list.

Gentoo

Forum: http://forums.gentoo.org/

Unfortunately, Gentoo does not offer a website with

List: http://www.gentoo.org/main/

security updates or other security information. This

en/lists.xml Reference: GLSA: … 1)

forum is the only alternative.

Mandrake

Info: http://www.mandrakesecure.net

MandrakeSoft runs its own Web site on security topics.

List: http://www.mandrakesecure.net/

Among other things, it includes security advisories

en/mlist.php Reference: MDKSA-… 1)

and references to the mailing lists. The advisories are

HTML pages, but there are no links to the patches.

Red Hat

Info: http://www.redhat.com/errata/

Red Hat files security advisories as so-called Errata:

List: http://www.redhat.com/mailing

Issues for each Red Hat Linux version are then

-lists/ Reference: RHSA-… 1)

grouped. The security advisories are provided in the

form of an HTML page with links to patches.

Slackware

Info: http://www.slackware.com/

The start page contains links to the security mailing

security/ List: http://www.slackware.

list archive. No additional information on Slackware

com/lists/ (slackware-security)

security is available.

Reference: [slackware-security] … 1)

Suse

Info: http://www.suse.de/uk/private/

There is no longer a link to the security page after

support/security/ Patches: http://www.

changes to the Web site. It contains information on the

suse.de/uk/private/download/updates/

mailing list and the advisories. The security patches for

List: suse-security-announce

the individual Suse Linux versions are shown in red on

Reference: SUSE-SA … 1)

the general updates site. A short description of the

vulnerability the patch resolves is provided

■

1) All distributors indicate security mails in the subject line.

Red Hat reference RHSA-2003:325-10

February 2004

www.linux-magazine.com

■

Insecurity

NEWS

Linux Kernel

A flaw in bounds checking in the

do_brk() function in the Linux kernel

versions 2.4.22 and previous can allow a

local attacker to gain root privileges.

This issue is known to be exploitable; an

exploit has been seen in the wild. The

Common Vulnerabilities and Exposures

project has assigned the name CAN-

2003-0961 to this issue.

Debian Compromised

The Debian project has issued the fol-

lowing announcement:

“Some Debian Project machines com-

promised November 21st, 2003.

This is a very unfortunate incident to

report about. Some Debian servers

were found to have been compromised

in the last 24 hours. The archive is not

affected by this compromise!

In particular the following machines

have been affected:

• master (Bug Tracking System)

• murphy (mailing lists)

• gluck (web, cvs, people)

• klecker (security, non-us, web

search, www-master, qa)

Some of these services are currently

not available while the machines

undergo close inspection. Some ser-

vices have been moved to other

machines ( http://www.debian.org for

example).

The security archive will be verified

from trusted sources before it becomes

available again. Please note that we

■

have recently prepared a new point

release for Debian GNU/Linux 3.0

( woody ), release 3.0r2. While it has

not been announced yet, it has been

pushed to our mirrors already. The

announcement was scheduled for this

morning but had to be postponed. This

update has now been checked and it is

not affected by the compromise.

We apologise for the disruptions of

some services over the next few days.

We are working on restoring the ser-

vices and verifying the content of our

archives.”

Red Hat reference RHSA-2003:392-05

SUSE reference SuSE-SA:2003:049

Net-SNMP

The Net-SNMP project includes various

Simple Network Management Protocol

(SNMP) tools.

A bug in Net-SNMP version 5.0.9

could allow an existing user/community

to gain access to data in MIB objects that

were explicitly excluded from their view.

The Common Vulnerabilities and Expo-

sures project has assigned the name

CAN-2003-0935 to this issue.

■

Minimalist

A security-related problem has been dis-

covered in minimalist, a mailing list

manager, which allows a remote attacker

to execute arbitrary commands.

The Common Vulnerabilities and

Exposures project has assigned the name

CAN-2003-0902 to this issue.

■

Debian reference DSA-402-1 minimalist –

unsanitised input

Red Hat reference RHSA-2003:335-07

Mandrake reference MDKSA-2003:115

DUAL AMD OPTERON

LINUX WORKSTATION

Dual Opteron processors

64-bit platform

Up to 16.0GB of RAM

Dual channel memory

64-bit PCI-X bus

NVIDIA graphics

Gigabit Ethernet

5.1 digital audio

64-bit Red Hat OS

3 year warranty

OUR FASTEST WORKSTATION to date

is now available for less than £1300.

Opteron 64-bit processors, it is

available as a dual processor number

cruncher with lots of RAM. It makes an

excellent development system or a

powerful graphics workstation.

At Digital Networks, we specialise in

servers, storage, workstations and

desktops designed specifically for Linux

deployment.

Prices from £1250 + VAT

Above specification is an example, and

is fully configurable. Prices correct as of

16/9/03. Please check www.dnuk.com

for current prices.

Visit www.dnuk.com and find out why

corporate customers, small and

medium businesses and most UK

universities choose us for their IT

requirements.

■

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: