+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | September 8th, 2000 Volume 1, Number 19a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for glibc, screen, apache, and suidperl. The advisories released were from Caldera, Conectiva, Debian, Mandrake, Slackware, SuSE, and Trustix. The glibc, screen, and suidperl vulnerabilities can result in a local root compromise. This week has been full of advisories from various Linux distributions regarding two severe problems with glibc. Confusing the issue, more than one vulnerability is involved and they were reported at different times. That means that some of the updates only fixed the first reported problem, while others fixed both problems. -- OpenDoc Publishing ------------------------------------------------- // Our sponsor this week is OpenDoc Publishing. Their 480-page comprehensive security book, Securing and Optimizing Linux, takes a hands-on approach to installing, optimizing, configuring, and securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL, ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2 PowerTools edition. https://secure.linuxports.com/cart/security/ +---------------------------------+ | Installing a new package: | ----------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the advisory. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing it. +---------------------------------+ | glibc Advisories | ----------------------------// +---------------------------------+ * September 5th, 2000 -- Caldera: 'glibc' vulnerability http://www.linuxsecurity.com/advisories/caldera_advisory-688.html A bug in the parsing of these locale names allows an attacker to trick glibc into using locale information files provided by the attacker, which can make an application crash. ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ 9509340276c43bdcbeee2d95e82b9d03 RPMS/glibc-2.1.1-3.i386.rpm * September 5th, 2000 -- Conectiva: glibc vulnerabilities http://www.linuxsecurity.com/advisories/other_advisory-684.html http://www.linuxsecurity.com/advisories/other_advisory-689.html Several problems have been found in the glibc code that allow a local attacker to obtain root privileges. ftp://atualizacoes.conectiva.com.br/4.0/i386/glibc-2.1.2-14cl.i386.rpm * September 4th, 2000 -- Debian: glibc vulnerabilities http://www.linuxsecurity.com/advisories/debian_advisory-687.html http://www.linuxsecurity.com/advisories/debian_advisory-683.html Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. http://security.debian.org/dists/slink/updates/binary-i386/ libc6-dbg_2.0.7.19981211-6.2_i386.deb MD5 checksum: 23f5aace9db7104163b2422d600d8869 * September 7th, 2000 -- Mandrake: 'glibc' vulnerabilities http://www.linuxsecurity.com/advisories/mandrake_advisory-694.html It is highly probable that some of these bugs can be used for local root exploits. ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates * September 5th, 2000 -- Slackware: glibc vulnerabilities http://www.linuxsecurity.com/advisories/slackware_advisory-690.html Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access. Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to the new glibc packages in the -current branch. ftp://ftp.slackware.com/pub/slackware/slackware-current/ slakware/a1/glibcso.tgz md5sum: 1119944158 781102 a1/glibcso.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/ slakware/d1/glibc.tgz md5sum: 4150671113 22146158 d1/glibc.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/ slakware/des1/descrypt.tgz md5sum: 95989487 95843 des1/descrypt.tgz * September 6th, 2000 -- SuSE: 'shlibs' vulnerability http://www.linuxsecurity.com/advisories/suse_advisory-692.html The glibc implementations in all SuSE distributions starting with SuSE-6.0 have multiple security problems where at least one of them allows any local user to gain root access to the system. ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/ shlibs-2.1.3-154.i386.rpm 753176172ebf628c6567c70a9b950933 * September 7th, 2000 -- Trustix: 'glibc' updates. http://www.linuxsecurity.com/advisories/other_advisory-695.html glibc-2.1.3-10tr.i586.rpm glibc-devel-2.1.3-10tr.i586.rpm glibc-profile-2.1.3-10tr.i586.rpm scd-2.1.3-10tr.i586.rpm ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ +---------------------------------+ | Other Linux Advisories |--------------------------------- // +---------------------------------+ * September 4th, 2000 -- Debian: 'screen' vulnerability http://www.linuxsecurity.com/advisories/debian_advisory-686.html A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. http://security.debian.org/dists/stable/updates/main/binary-i386/ screen_3.9.5-9_i386.deb MD5 checksum: 139c65e404139f6681a4e60b4ef708f1 * September 3rd, 2000 -- Slackware: 'suidperl' vulnerability. http://www.linuxsecurity.com/advisories/slackware_advisory-685.html A root exploit was found in the /usr/bin/suidperl5.6.0 program that shipped with the Slackware 7.1 perl.tgz package. It is recommended that all users of Slackware 7.1 (and -current) upgrade to the perl.tgz package available in the Slackware current branch. ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/ 1027099174 6464627 ./perl.tgz 0dfc1c46e3dd22033850fc69928588ec * September 7th, 2000 -- SuSE: 'apache' vulnerabilities. http://www.linuxsecurity.com/advisories/suse_advisory-696.html The configuration file that comes with the package contains two security relevant errors: Starting in SuSE-6.0, a section in apache's configuration file /etc/httpd/httpd.conf reads Alias /cgi-bin-sdb//usr/local/httpd/ cgi-bin/ This allows remote users to read the cgi script sources of the server, located in /usr/local/httpd/cgi-bin/. Opposing the recommendations on the WebDAV homepage under http://www.webdav.org /mod_dav/#security, there is no access control or authentification activated. This should most definitely be considered a security problem. ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/apache-1.3.12-107.i386.rpm 65bac933de7676ad3d8f63b32c608dad * September 6th, 2000 -- SuSE: 'screen' vulnerability http://www.linuxsecurity.com/advisories/suse_advisory-693.html screen, a tty multiplexer, is installed suid root by default on SuSE Linux distributions. By supplying a thoughtfully designed string as the visual bell message, local users can obtain root privilege. Exploit information has been published on security forums. ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/screen-3.9.8-1.i386.rpm 84b6330f0b9ac7600cc5ec53a9dfdbe9 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------