NEWS: This weeks bugs and patches
Results 1 to 2 of 2

Thread: NEWS: This weeks bugs and patches

  1. #1
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121

    NEWS: This weeks bugs and patches

    Brought to you by our friends at the SANS Institute.


    -- Security Alert Consensus --
    Number 037 (02.37)
    Thursday, September 19, 2002
    Created for you by
    Network Computing and the SANS Institute
    Powered by Neohapsis

    ----------------------------------------------------------------------

    Welcome to SANS' distribution of the Security Alert Consensus.



    If you haven't heard by now, a worm is slithering around and
    exploiting Apache servers, making them vulnerable to an OpenSSL buffer
    overflow. Upon successfully breaking in, the worm creates a DDoS agent
    on the system and then continues to probe other systems. Fortunately,
    Apache displays the exact software versions by default in the HTTP
    Server response header, so it's extremely easy to remotely determine

    http://archives.neohapsis.com/archiv...2-q3/0009.html

    To go along with this week's release of NetBSD 1.6, the NetBSD team
    also has released a flood of security advisories withheld pending
    the new version's debut. NetBSD folks will notice a lot of traffic
    under the BSD category.

    Until next week,
    --Security Alert Consensus Team

    ************************************************************************

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    TABLE OF CONTENTS:

    {02.37.018} Win - Savant Web server multiple vulnerabilities
    {02.37.019} Win - PlanetWeb server URL request overflow
    {02.37.002} Linux - Update {02.33.024}: Multiple Postgres function
    buffer overflows
    {02.37.003} Linux - Purity two buffer overflows
    {02.37.005} Linux - Update {01.27.039}: PHP mail() command may bypass
    safe_mode
    {02.37.006} Linux - Update {02.30.003}: chfn /etc/ptmp lockfile
    vulnerability
    {02.37.008} BSD - TIOCSCTTY ioctl DoS
    {02.37.009} BSD - setlocale array element overflow
    {02.37.010} BSD - Update {02.32.002}: NFS server empty payload infinite
    loop DoS
    {02.37.011} BSD - fd_set overflows fd_setsize
    {02.37.012} BSD - shutdown with SHUT_RD causes instability
    {02.37.014} BSD - libkvm ports can read /dev/(k)mem
    {02.37.017} NApps - Enterasys SSR8000 MPS port DoS
    {02.37.015} Other - Tru64 SSRT-547: TCP ISN, ARP and ftpd
    vulnerabilities
    {02.37.004} Cross - Update {02.30.001}: OpenSSL multiple overflows and
    ASN1 parse vulnerabilities
    {02.37.007} Cross - Konqueror subframe CSS and insecure cookie
    vulnerabilities
    {02.37.013} Cross - Heimdal kfd multiple vulnerabilities
    {02.37.016} Cross - xbreaky highscores file symlink vulnerability
    {02.37.020} Cross - UT2003 small ping DoS
    {02.37.001} Tools - NetBSD 1.6 available


    - --- Windows News
    -------------------------------------------------------

    *** {02.37.018} Win - Savant Web server multiple vulnerabilities

    Savant Web server version 3.1 contains multiple vulnerabilities: a
    buffer overflow in the cgitest.exe sample CGI; an application crash
    when a negative Content-Length header is given; and an authorization
    bypass on password-protected folders.

    These vulnerabilities are not confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0151.html

    *** {02.37.019} Win - PlanetWeb server URL request overflow

    PlanetWeb version 1.14 reportedly contains a buffer overflow in the
    handling of large URL requests, thereby allowing a remote attacker
    to execute arbitrary code on the system.

    This vulnerability has not been confirmed.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0166.html


    - --- Linux News
    ---------------------------------------------------------

    *** {02.37.002} Linux - Update {02.33.024}: Multiple Postgres function
    buffer overflows

    Debian released updated Postgres packages that fix the vulnerability
    discussed in {02.33.024} ("Multiple Postgres function buffer
    overflows").

    Updated DEBs are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archiv...2-q3/0032.html

    *** {02.37.003} Linux - Purity two buffer overflows

    The purity game application contains two buffer overflows that let
    a local attacker gain group 'games' privileges.

    Debian confirmed this vulnerability and released updated DEBs, which
    are listed at the reference URL below.

    Source: Debian
    http://archives.neohapsis.com/archiv...2-q3/0039.html

    *** {02.37.005} Linux - Update {01.27.039}: PHP mail() command may
    bypass safe_mode

    Mandrake released updated PHP packages that fix the vulnerability
    discussed in {01.27.039} ("PHP mail() command may bypass safe_mode").

    Updated RPMs are listed at the reference URL below.

    Source: Mandrake
    http://archives.neohapsis.com/archiv...2-q3/0169.html

    *** {02.37.006} Linux - Update {02.30.003}: chfn /etc/ptmp lockfile
    vulnerability

    Conectiva released updated util-linux packages that fix the
    vulnerability discussed in {02.30.003} ("chfn /etc/ptmp lockfile
    vulnerability").

    Updated RPMs are listed at the reference URL below.

    Source: Conectiva
    http://archives.neohapsis.com/archiv...2-q3/0020.html


    - --- BSD News
    -----------------------------------------------------------

    *** {02.37.008} BSD - TIOCSCTTY ioctl DoS

    A NetBSD advisory indicates that it's possible for a local attacker
    to issue multiple TIOCSCTTY ioctl requests. Eventually, this will
    overflow an internal kernel counter and lead to a kernel panic.

    This vulnerability is confirmed and was fixed in NetBSD-current and
    - -1.6 on July 31, 2002. It also was fixed in -1.5 on Sept. 5, 2002.

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0183.html

    *** {02.37.009} BSD - setlocale array element overflow

    A NetBSD advisory indicates that a local buffer overflow exists in
    the setlocale() libc function whereby a malicious locale definition
    will overwrite the bounds of an array. Certain setuid applications
    (xterm, in particular) could yield local root privileges.

    This vulnerability is confirmed and fixed. NetBSD-current and -1.6
    as of Aug. 8, 2002, contain a fix. NetBSD-1.5 as of Sept. 5, 2002,
    contains a fix.

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0187.html

    *** {02.37.010} BSD - Update {02.32.002}: NFS server empty payload
    infinite loop DoS

    NetBSD released updates that fix the vulnerability discussed in
    {02.32.002} ("NFS server empty payload infinite loop DoS").

    NetBSD-current and NetBSD-1.6 as of Aug. 3, 2002, contain a
    fix. NetBSD-1.5 as of Sept. 5, 2002, contains a fix.

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0188.html

    *** {02.37.011} BSD - fd_set overflows fd_setsize

    A NetBSD advisory indicates that the fd_set() function used by select()
    overflows the fd_setsize maximum if a local attacker opens multiple
    file descriptors before executing a program. This can lead to a local
    root compromise via exploitation of mrinfo, mtrace or pppd.

    This vulnerability is confirmed. NetBSD-current and NetBSD-1.6 as of
    Aug. 11, 2002, and NetBSD-1.5 as of Sept. 5, 2002, contain fixes.

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0189.html

    *** {02.37.012} BSD - shutdown with SHUT_RD causes instability

    A NetBSD advisory indicates that the shutdown() function does
    not properly handle the SHUT_RD parameter, thereby causing system
    instability when traffic is received. This could potentially be used
    as a locally induced denial of service.

    NetBSD confirmed this vulnerability. NetBSD-current, -1.6 and -1.5
    as of Sept. 7, 2002, contain the fixes.

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0194.html

    *** {02.37.014} BSD - libkvm ports can read /dev/(k)mem

    Various setuid applications in the FreeBSD ports collection, which
    are based on libkvm, allow local attackers to read /dev/(k)mem,
    potentially allowing them to recover sensitive information. FreeBSD
    versions 4.6.2-RELEASE and prior are vulnerable.

    The advisory indicates confirmation by the vendor, which committed
    fixes to the 4.6-STABLE and RELENG branches.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0115.html


    - --- Network Appliances News
    --------------------------------------------

    *** {02.37.017} NApps - Enterasys SSR8000 MPS port DoS

    The Enterasys SSR8000 switch prior to firmware version 8.3.0.10 crashes
    when a remote attacker sends malformed packets to the MPS service ports
    (15077 and 15078). This leads to a denial of service.

    This vulnerability is not confirmed. The advisory indicates that
    firmware version 8.3.0.10 fixes the vulnerability.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0141.html


    - --- Other News
    ---------------------------------------------------------

    *** {02.37.015} Other - Tru64 SSRT-547: TCP ISN, ARP and ftpd
    vulnerabilities

    HP/Compaq released SSRT-547 for Tru64. It contains security fixes
    for weak TCP initial sequence numbers, arp spoofing and ftpd globbing
    overflows.

    A full patch list is available at the reference URL below.

    Source: HP/Compaq
    http://archives.neohapsis.com/archiv...2-q3/0017.html


    - --- Cross-Platform News
    ------------------------------------------------

    *** {02.37.004} Cross - Update {02.30.001}: OpenSSL multiple overflows
    and ASN1 parse vulnerabilities

    Debian and HP released patches that fix the vulnerability discussed
    in {02.30.001} ("OpenSSL multiple overflows and ASN1 parse
    vulnerabilities").

    Debian rereleased prior DEBs because of packaging issues. The DEBs
    are available at:
    http://archives.neohapsis.com/archiv...2-q3/0118.html

    HP released Apache HP-UX updates, which are available at:
    http://www.software.hp.com/ISS_products_list.html

    Source: Debian, HP
    http://archives.neohapsis.com/archiv...2-q3/0118.html
    http://archives.neohapsis.com/archiv...2-q3/0081.html

    *** {02.37.007} Cross - Konqueror subframe CSS and insecure cookie
    vulnerabilities

    KDE's Konqueror browser reportedly contains a cross-site scripting
    error when handling various frame and iframe HTML elements. The
    browser also does not honor the 'secure' cookie flag, which is used
    to ensure that the browser only sends the cookie over SSL. KDE 2.2.2,
    3.0.3 and prior are vulnerable.

    The vendor confirmed these vulnerabilities and released updated
    versions of kdelibs.

    Debian released updated DEBs, which are listed at:
    http://archives.neohapsis.com/archiv...2-q3/0105.html

    Source: SecurityFocus Bugtraq, Debian
    http://archives.neohapsis.com/archiv...2-09/0102.html
    http://archives.neohapsis.com/archiv...2-09/0103.html
    http://archives.neohapsis.com/archiv...2-q3/0105.html

    *** {02.37.013} Cross - Heimdal kfd multiple vulnerabilities

    The Heimdal Kerberos suite prior to version 0.5 contains multiple
    vulnerabilities in the kf and kfd applications. Running kfd allows
    a remote attacker to gain local root access.

    NetBSD confirmed these vulnerabilities and committed fixes to the
    NetBSD-current and -1.5 branches as of Sept. 11, 2002.

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0195.html

    *** {02.37.016} Cross - xbreaky highscores file symlink vulnerability

    The xbreaky application is vulnerable to a symlink attack in the
    handling of the .xbreakyhighscores files. Because xbreaky can be
    set setuid root, a local attacker can overwrite arbitrary files on
    the system.

    The advisory indicates confirmation by the vendor, which released
    version 0.0.5.

    Source: SecurityFocus Bugtraq
    http://archives.neohapsis.com/archiv...2-09/0131.html

    *** {02.37.020} Cross - UT2003 small ping DoS

    The Unreal Tournament 2003 client and server reportedly crash when from
    one to three characters are sent to UDP port 7778 or port 10777. This
    leads to a remote denial of service attack.

    The advisory indicates vendor confirmation.

    Source: VulnWatch
    http://archives.neohapsis.com/archiv...2-q3/0116.html


    - --- Tool Announcements News
    --------------------------------------------

    *** {02.37.001} Tools - NetBSD 1.6 available

    The NetBSD team released NetBSD version 1.6. It contains the
    security-related fixes that have been patched for prior versions
    (as reported in this issue).

    The latest version is available at:
    http://www.netbsd.org/mirrors/

    Source: NetBSD
    http://archives.neohapsis.com/archiv...2-q3/0176.html

    ************************************************************************

  2. #2
    Banned
    Join Date
    Sep 2002
    Posts
    108
    Indeed, thank you for your weekly fix of security news, bugs, patches, etc etc. I'm looking forward to NetBSD 1.6 and I think I will give it a shot. To me, FreeBSD is my favorite OS and my favorite programming language(s) are C and Assembly. I don't know why I said that, lol, but just to get that off. Thank you again xmadness!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides