Linux Advisory Watch - September 14th 2001
This week, advisories were released for fetchmail, sendmail, xinetd, bugzilla,
apache-contrib, uucp, and xloadimage. The vendors include Caldera, Conectiva, Red Hat,
and SuSE. It has been a tragic week. Our own Dave Wreski writes, "Today's events mark
more than a display of courage by Americans, an effort to exact retribution on those who
committed this senseless act, and how this country will be changed as a result. It directly
impacts us all on an international scale as individual architects of the global Internet."
L33tdawg: The full report is in the readmore.
By LinuxSecurity.com Contributors
Posted By: Benjamin D. Thomas.
9/14/2001 2:09.
Special: International Security, Privacy and Solidarity
http://www.linuxsecurity.com/feature_stories/feature_story-92.html
Packages Vendors fetchmail Red Hat sendmail Red Hat xinetd Red Hat bugzilla Red Hat apache-contrib SuSE uucp Caldera, Conectiva xloadimage Mandrake
Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.
Linux Advisory Watch is a comprehensive newsletter that outlinesthe security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability.
Fetchmail versions up to 5.8.9 are susceptible to remote attacks from malicious servers. When fetchmail attempts to create an index of messages in the remote mailbox being polled, it uses index numbers sent by the server as an index into an internal array. If a server sends fetchmail a negative number, fetchmail will attempt to write data outside the bounds of the array.
Red Hat 7.1: i386:
ftp://updates.redhat.com/7.1/en/os/i386/
fetchmail-5.9.0-0.7.1.i386.rpm
50d7a9d1276701fc425a6bc42d9e4e95ftp://updates.redhat.com/7.1/en/os/i386/
fetchmailconf-5.9.0-0.7.1.i386.rpm
77e22d5c9d02d26ba9013df9e25ee71dRed Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1601.html
An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.
i386:
ftp://updates.redhat.com/7.1/en/os/i386/
sendmail-8.11.6-1.7.1.i386.rpm
15237d7b23d9108f8dd1c42e3091d37aftp://updates.redhat.com/7.1/en/os/i386/
sendmail-cf-8.11.6-1.7.1.i386.rpm
8768f3d21e52716dfb6af035fe0760ffftp://updates.redhat.com/7.1/en/os/i386/
sendmail-doc-8.11.6-1.7.1.i386.rpm
2e167dfbeade1d2cb6641ce3a901ed43Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1602.html
A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure. Also, memsetting too much memory to 0 would eventually lead to segfaults when executing services. This internal bug was fixed.
Red Hat 7.1: i386:
ftp://updates.redhat.com/7.1/en/os/i386/
xinetd-2.3.3-1.i386.rpm
548a0c82a06b69d1c24ed6f23dfd14f3Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1603.html
The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.
Red Hat 7.1 i386:
ftp://updates.redhat.com/7.1/en/powertools/i386/
perl-Chart-0.99c.pre3-1.i386.rpm
90dd575efe9bb5fa967b78be84f2bcd9ftp://updates.redhat.com/7.1/en/powertools/i386/
perl-GD-1.33-1.i386.rpm
1e1babf666f35b529dd4831e8d4f49a6ftp://updates.redhat.com/7.1/en/powertools/i386/
perl-DBD-MySQL-1.2215-1.i386.rpm
2867be3dbdc4c2fdc3d026578d55b4aaRed Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1604.html
The Apache module mod_auth_mysql 1.4,which is shipped since SuSE Linux 7.1, was found vulnerable to possible bypass authentication by MySQL command injection. An adversary could insert MySQL commands along with a password and these commands will be interpreted by MySQL while mod_auth_mysql is doing the password lookup in the database. A positive authentication could be returned.
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/
apache-contrib-1.0.9-94.i386.rpm
7c84f6c3f8aaf2b96a312fea4d36abceSuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1605.html
There is a argument handling problem which allows a local attacker to gain access to the uucp group. Using this access the attacker could use badly written scripts to gain access to the root account.
PLEASE SEE VENDOR ADVISORY
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1606.htmlConectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1608.html
A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the
victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and
Sun-Raster images.
Mandrake Linux 8.0:
8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm
f1eff4c239eaebb0ff41f169de8ccd3ehttp://www.linux-mandrake.com/en/ftp.php3
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1609.html