PLUG into Linux News - May 2003, Page 5

To start pageTo NewsletterGo to Memberhip InfoGet Linux CDsTo other articlesTo Meeting LogsTo Software PicksContact Us

Template

Our LUG is sponsored by Netraverse

 

Security Watch

Compiled by Jason Wallwork

 
First, some words on how I compile this list of patches. I'm subscribed to the vendor security lists of Mandrake, Red Hat, SuSE and Debian. Then I find the exploits that affect the most Linux distributions, and use the best "plain English" explanations of the security problem. I'm also focusing on the desktop software patches more than the server ones since those are the ones that affect more users.

If you find this article useful, let me know and we'll keep it going. If not, let me know that as well. It takes some time to put together and I can spend that time on another topic that you are interested in, instead. Since this issue was late, I've included patches for April 1, 2003 through May 23, 2003.

 
glibc - April 9, 10, 2003

Red Hat & Debian
CAN-2003-0028

The glibc package contains standard libraries that are used by multiple programs on the system.

Sun RPC is a remote procedure call framework that allows clients to invoke procedures in a server process over a network. XDR is a mechanism for encoding data structures for use with RPC. Glibc contains an XDR encoder/decoder derived from Sun's RPC implementation, which was demonstrated to be vulnerable to an integer overflow. An integer overflow is present in glibc 2.3.1 and earlier. Depending upon the application, this vulnerability could cause buffer overflows and may be exploitable leading to arbitrary code execution.

 
GnuPG - May 20, 22, 2003

Red Hat & Mandrake
CAN-2003-0255

The GNU Privacy Guard (GnuPG) is a utility for encrypting data and creating digital signatures. When evaluating trust values for different UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID with the highest trust value with every UID assigned to that key. This would prevent an expected warning message from being generated.

 
kde3 (most packages and libraries) - April 12, 17, 23, 24, 30, May 13, 2003

Debian, Mandrake, SuSE, Red Hat
CAN-2003-0204

A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.

 
kernel 2.4 - April 9, 10, 2003

Red Hat, Mandrake
CAN-2003-0127

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.

 
kernel 2.4 - May 14, 2003

Red Hat
CAN-2003-0244 CAN-2003-0246

A flaw has been found in several implementations in the kernelnetworking code. A remote attacker could send packets with carefully chosen, forged source addresses in such a way thatthe kernel would use a disproportionate amount of processor time to deal with new packets, resulting in a remote denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0244 to this issue.

A flaw has been found in a programming system call, which fails to properly restrict privileges. This flaw can allow an unprivileged local user to gain read and write access to I/O ports on the system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0246 to this issue.

 
kernel 2.4 - May 21, 2003

Red Hat

A flaw has been discovered in the kernel code handling translation lookaside buffer flushing. The flaw made it possible for a multithreaded process (with threads running on more than one processor) to fail to note that the TLB should be flushed for every processor on which the process's threads had run.

 
samba - April 4, 7, 8, 9, 2003

Mandrake, Debian, SuSE, Red Hat
CAN-2003-0196 CAN-2003-0201

Samba is a suite of utilities which provide file and printer sharingservices to SMB/CIFS clients.

A security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine.

 
xinetd - May 13, 14, 2003

Red Hat, Mandrake
CAN-2003-0211

Xinetd is a 'master server' that is used to to accept service connection requests and start the appropriate servers.

Because of a programming error, memory was allocated and never freed if a connection was refused for any reason.  An attacker could exploit this flaw to crash the xinetd server, rendering all services it controls unavaliable.

In addition, other flaws in xinetd could cause incorrect operation in certain unusual server configurations.

 
evolution - April 15, 2003

Mandrake

Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources.

 

 

Previous article

 

 

©2003 Peterborough Linux User Group, All Rights Reserved. Logos and buttons are used by permission of their respective owners. PLUG can not be held liable for damages resulting from the use or misuse of the information at this website or from its members. Don't run with scissors.
 
Comments can be sent to Jason Wallwork, Webmaster.