Linux Advisory Watch for September 8th, 2000. Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for glibc, screen, apache, and suidperl from Caldera, Conectiva, Debian, Mandrake, Slackware, SuSE, and Trustix.
58e4fa5accfb242abf0994a96a96bd8ca1fa2451c8d22c4f82165eca1089d646
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| September 8th, 2000 Volume 1, Number 19a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines
the security vulnerabilities that have been announced throughout the
week. It includes pointers to updated packages and descriptions of
each vulnerability.
This week, advisories were released for glibc, screen, apache, and
suidperl. The advisories released were from Caldera, Conectiva, Debian,
Mandrake, Slackware, SuSE, and Trustix. The glibc, screen, and suidperl
vulnerabilities can result in a local root compromise.
This week has been full of advisories from various Linux distributions
regarding two severe problems with glibc. Confusing the issue, more than
one vulnerability is involved and they were reported at different times.
That means that some of the updates only fixed the first reported
problem, while others fixed both problems.
-- OpenDoc Publishing -------------------------------------------------
//
Our sponsor this week is OpenDoc Publishing. Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2
PowerTools edition.
https://secure.linuxports.com/cart/security/
+---------------------------------+
| Installing a new package: | ----------------------------//
+---------------------------------+
# rpm -Uvh <package-name.rpm>
# dpkg -i <package-name.deb>
Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager). Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the advisory.
+---------------------------------+
| Checking Package Integrity: | -----------------------------//
+---------------------------------+
The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied. It can be used to compare against a previously-generated
sum to determine whether the file has changed. It is commonly used
to ensure the integrity of updated packages distributed by a vendor.
# md5sum <package-name>
ebf0d4a0d236453f63a797ea20f0758b <package-name>
The string of numbers can then be compared against the MD5 checksum
published by the packager. While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing it.
+---------------------------------+
| glibc Advisories | ----------------------------//
+---------------------------------+
* September 5th, 2000 -- Caldera: 'glibc' vulnerability
https://www.linuxsecurity.com/advisories/caldera_advisory-688.html
A bug in the parsing of these locale names allows an attacker to
trick glibc into using locale information files provided by the
attacker, which can make an application crash.
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
9509340276c43bdcbeee2d95e82b9d03 RPMS/glibc-2.1.1-3.i386.rpm
* September 5th, 2000 -- Conectiva: glibc vulnerabilities
https://www.linuxsecurity.com/advisories/other_advisory-684.html
https://www.linuxsecurity.com/advisories/other_advisory-689.html
Several problems have been found in the glibc code that allow
a local attacker to obtain root privileges.
ftp://atualizacoes.conectiva.com.br/4.0/i386/glibc-2.1.2-14cl.i386.rpm
* September 4th, 2000 -- Debian: glibc vulnerabilities
https://www.linuxsecurity.com/advisories/debian_advisory-687.html
https://www.linuxsecurity.com/advisories/debian_advisory-683.html
Recently two problems have been found in the glibc suite, which
could be used to trick setuid applications to run arbitrary code.
https://security.debian.org/dists/slink/updates/binary-i386/
libc6-dbg_2.0.7.19981211-6.2_i386.deb
MD5 checksum: 23f5aace9db7104163b2422d600d8869
* September 7th, 2000 -- Mandrake: 'glibc' vulnerabilities
https://www.linuxsecurity.com/advisories/mandrake_advisory-694.html
It is highly probable that some of these bugs can be used
for local root exploits.
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
* September 5th, 2000 -- Slackware: glibc vulnerabilities
https://www.linuxsecurity.com/advisories/slackware_advisory-690.html
Three locale-related vulnerabilities with glibc 2.1.3 were recently
reported on BugTraq. These vulnerabilities could allow local users
to gain root access.
Users of Slackware 7.0, 7.1, and -current are strongly urged to
upgrade to the new glibc packages in the -current branch.
ftp://ftp.slackware.com/pub/slackware/slackware-current/
slakware/a1/glibcso.tgz
md5sum: 1119944158 781102 a1/glibcso.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/
slakware/d1/glibc.tgz
md5sum: 4150671113 22146158 d1/glibc.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/
slakware/des1/descrypt.tgz
md5sum: 95989487 95843 des1/descrypt.tgz
* September 6th, 2000 -- SuSE: 'shlibs' vulnerability
https://www.linuxsecurity.com/advisories/suse_advisory-692.html
The glibc implementations in all SuSE distributions starting with
SuSE-6.0 have multiple security problems where at least one of them
allows any local user to gain root access to the system.
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/
shlibs-2.1.3-154.i386.rpm
753176172ebf628c6567c70a9b950933
* September 7th, 2000 -- Trustix: 'glibc' updates.
https://www.linuxsecurity.com/advisories/other_advisory-695.html
glibc-2.1.3-10tr.i586.rpm
glibc-devel-2.1.3-10tr.i586.rpm
glibc-profile-2.1.3-10tr.i586.rpm
scd-2.1.3-10tr.i586.rpm
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
+---------------------------------+
| Other Linux Advisories |--------------------------------- //
+---------------------------------+
* September 4th, 2000 -- Debian: 'screen' vulnerability
https://www.linuxsecurity.com/advisories/debian_advisory-686.html
A format string bug was recently discovered in screen which can
be used to gain elevated privilages if screen is setuid.
https://security.debian.org/dists/stable/updates/main/binary-i386/
screen_3.9.5-9_i386.deb
MD5 checksum: 139c65e404139f6681a4e60b4ef708f1
* September 3rd, 2000 -- Slackware: 'suidperl' vulnerability.
https://www.linuxsecurity.com/advisories/slackware_advisory-685.html
A root exploit was found in the /usr/bin/suidperl5.6.0 program that
shipped with the Slackware 7.1 perl.tgz package. It is recommended
that all users of Slackware 7.1 (and -current) upgrade to the
perl.tgz package available in the Slackware current branch.
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/
1027099174 6464627 ./perl.tgz 0dfc1c46e3dd22033850fc69928588ec
* September 7th, 2000 -- SuSE: 'apache' vulnerabilities.
https://www.linuxsecurity.com/advisories/suse_advisory-696.html
The configuration file that comes with the package contains
two security relevant errors:
Starting in SuSE-6.0, a section in apache's configuration file
/etc/httpd/httpd.conf reads Alias /cgi-bin-sdb//usr/local/httpd/
cgi-bin/ This allows remote users to read the cgi script sources
of the server, located in /usr/local/httpd/cgi-bin/.
Opposing the recommendations on the WebDAV homepage under
https://www.webdav.org /mod_dav/#security, there is no access
control
or authentification activated. This should most definitely be
considered a security problem.
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/apache-1.3.12-107.i386.rpm
65bac933de7676ad3d8f63b32c608dad
* September 6th, 2000 -- SuSE: 'screen' vulnerability
https://www.linuxsecurity.com/advisories/suse_advisory-693.html
screen, a tty multiplexer, is installed suid root by default on
SuSE
Linux distributions. By supplying a thoughtfully designed string as
the visual bell message, local users can obtain root privilege.
Exploit information has been published on security forums.
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/screen-3.9.8-1.i386.rpm
84b6330f0b9ac7600cc5ec53a9dfdbe9
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------