|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Linux Advisory Watch - April 06 2001
vuln-newsletter-admins
linuxsecurity.com
Date: Fri Apr 06 2001 - 11:08:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 6th, 2001 Volume 2, Number 14a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
davelinuxsecurity.com benlinuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for the Linux kernel, ntp, and
openssh. The vendors include Caldera, Debian, NetBSD, Red Hat, and
Trustix. Soon after being plagued by Ramen and the Lion worm, Linux
administrators are finding themselves at mercy to another worm,
Adore. The worm scans the Internet looking for Linux hosts
vulnerable to LPRng, rcp-statd, wu-ftpd, and Bind. It emails
sensitive information to various anonymous email addresses and
installs a backdoor, leaving you vulnerable to future attacks.
Although information to prevent this worm has been publicly available
for months, we recommend that you check your systems again and
install the appropriate update patches. We have included links to
all of the updated packages to protect your system.
Here is a listing of vendor advisories that can prevent the spread of
the Adore worm.
To find the vendor advisory for your specific distribution, click on
the link below and then enter your distro name into the search field,
refine search.. (ie. LPRng Caldera) That search would return LPRng
advisories for (or that mentions) Caldera only. The process is the
same for other distributions.
* LPRng advisories
http://search.linuxsecurity.com/cgi-bin/htsearch?sort=score&words=lprng
* rcp-statd advisories
http://search.linuxsecurity.com/cgi-bin/htsearch?sort=score&words=rpc.statd
* wu-ftp advisories
http://search.linuxsecurity.com/cgi-bin/htsearch?sort=score&words=wu-ftpd
* Bind advisories
http://search.linuxsecurity.com/cgi-bin/htsearch?sort=score&words=bind+8
Are you sick and tired of having to apply system updates week after
week? Why not use a distribution specifically for built for
security, but still maintaining maximum usability and flexibility.
EnGarde is now available for download. For more information please
visit: http://www.engardelinux.org
### FREE Apache SSL Guide from Thawte ###
Planning Web Server Security? Find out how to implement SSL! Get the
free Thawte Apache SSL Guide and find the answers to all your Apache
SSL security issues and more at:
http://www.thawte.com/ucgi/gothawte.cgi?a=n322405480022000
HTML Version of Newsletter:
http://www.linuxsecurity.com/vuln-newsletter.html
+---------------------------------+
| Installing a new package: | ------------------------------//
+---------------------------------+
# rpm -Uvh
# dpkg -i
Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the Advisories.
+---------------------------------+
| Checking Package Integrity: | -----------------------------//
+---------------------------------+
The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.
# md5sum
ebf0d4a0d236453f63a797ea20f0758b
The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing
+---------------------------------+
| Caldera | ----------------------------//
+---------------------------------+
* Caldera: 'kernel' vulnerabilities
April 3rd, 2001
During code audits of the Linux Kernel several security problems have
been found. Some of them allow a local attacker to gain root
privileges through race conditions, others allow reading and possibly
writing of random kernel memory.
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
PLEASE SEE VENDOR ADVISORY FOR PACKAGE INFORMATION
Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1253.html
+---------------------------------+
| Debian | ----------------------------//
+---------------------------------+
* Debian: 'ntp' buffer overflow
April 5th, 2001
Przemyslaw Frasunek reported that ntp
daemons such as that released with Debian GNU/Linux are vulnerable to
a buffer overflow that can lead to a remote root exploit. This has
been corrected for Debian 2.2 (potato) in ntp version
4.0.99g-2potato1.
Architecture-independent files:
http://security.debian.org/debian-security/dists/
stable/updates/main/binary-all/ntp-doc_4.0.99g-2potato1_all.deb
MD5 checksum: 01c31ea28c198cc81535aa448e89c7d1
http://security.debian.org/debian-security/
dists/stable/updates/main/binary-all/xntp3_4.0.99g-2potato1_all.deb
MD5 checksum: 69290af3b3f49c3e7b9c3f0838cbd553
Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1257.html
+---------------------------------+
| NetBSD | ----------------------------//
+---------------------------------+
* NetBSD: "ntp" buffer overflow
April 5th, 2001
The NTP time synchronisation service shipped with NetBSD and many
other systems is vulnerable to a buffer-overflow attack. This
vulnerability may lead to arbitrary code execution as the user
running the NTP daemon, usually root.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1257.html
+---------------------------------+
| Red Hat | ----------------------------//
+---------------------------------+
* Red Hat: 'openssh' vulnerability
April 2nd, 2001
The init script supplied with a previous openssh update used the
daemon() shell function to start the sshd daemon. This function will
not start the server if a process of the same name is already
executing. As a result, attempts to start the sshd server will always
fail if any users are logged in remotely.
i386:
ftp://updates.redhat.com/7.0/en/os/i386/
openssh-2.5.2p2-1.7.2.i386.rpm
95507572bf35fb8ccb25dfa4deaa4eba
ftp://updates.redhat.com/7.0/en/os/i386/
openssh-clients-2.5.2p2-1.7.2.i386.rpm
8ce6ee307032311074d970d3171c6c25
ftp://updates.redhat.com/7.0/en/os/i386/
openssh-server-2.5.2p2-1.7.2.i386.rpm
6380c474d1fadeb84c3853ced3340c3e
ftp://updates.redhat.com/7.0/en/os/i386/
openssh-askpass-2.5.2p2-1.7.2.i386.rpm
a7417b93177ba35737d88a54e72642e0
ftp://updates.redhat.com/7.0/en/os/i386/
openssh-askpass-gnome-2.5.2p2-1.7.2.i386.rpm
36ddf72eba1a9aaa8f16cab844f06f08
Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1258.html
+---------------------------------+
| Trustix | ----------------------------//
+---------------------------------+
* Trustix: 'kernel' vulnerability
April 5th, 2001
Some time ago, a vulnerability was discovered that allowed for root
access through ptrace call in the linux kernel. This was originally
considered fixed in a previous patch, but as it turns out, it wasn't.
This is fixed in kernel version 2.2.19.
http://www.trustix.net/pub/Trustix/updates/
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1256.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestlinuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]