Jul 19th 2002
7 issues (LAW)
Package: tcpdump
Package: ktrace
Package: bind
Package: squid
Package: modssl
Package: openssh
Package: libpng

Jul 15th 2002
16 issues (ISS)
NNTP error message format string
Webresolve long hostname buffer overflow
ROX-Filer has insecure file permissions
Pen netlog() buffer overflow
iPlanet Web Server search enabled NS-rel-doc-name
kmMail "safe" tag cross-site scripting
Nagios plugin shell metacharacter command execution
Share360 cross-site scripting
Linux kernel NR_RESERVED_FILES limit exceeded
iPlanet Web Server search engine NS-query-pat
GoAhead WebServer 404 message cross-site scripting
GoAhead WebServer hexadecimal URL encoded "dot dot"
Apache Tomcat /servlet/ mapping cross-site
Icecast "dot dot" sequences could be used to
Double Choco Latte allows HTML injection
Fluid Dynamics Search Engine "Rank" and "Match"

Jul 12th 2002
3 issues (LAW)
LRPng
squid
bind/glibc

------------------------------
Linux Advisory Watch

LRPng
Matthew Caron pointed out that using the LPRng default configuration, the
lpd daemon will accept job submissions from any remote host. These
updated LPRng packages modify the job submission policy in /etc/lpd.perms
to refuse print jobs from remote hosts by default.
Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2188.html

squid
An attacker can exploit some of these vulnerabilities to execute arbitrary
code remotely as the user running squid (which in Conectiva Linux is
"proxy" or "nobody"), cause a Denial-of-Service (DoS) in the server or
inject/get invalid data in/from the network.
Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2189.html
SuSE Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2191.html

bind/glibc
A vulnerability has been discovered in some resolver library functions.
The affected code goes back to the resolver library shipped as part of
BIND4; code derived from it has been included in later BIND releases as
well as the GNU libc.
SuSE Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2193.html

------------------------------
Internet Security Systems

Date Reported: 07/04/2002
Brief Description: nn NNTP error message format string
Risk Factor: High
Attack Type: Network Based
Platforms: nn 6.6.3 and earlier, Unix All versions
Vulnerability: nn-error-msg-format-string
X-Force URL: http://www.iss.net/security_center/static/9491.php

Date Reported: 07/07/2002
Brief Description: Webresolve long hostname buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux All versions, Webresolve 0.1.0 and earlier
Vulnerability: webresolve-hostname-bo
X-Force URL: http://www.iss.net/security_center/static/9503.php

Date Reported: 07/05/2002
Brief Description: ROX-Filer has insecure file permissions
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux All versions, ROX-Filer prior to 1.2.1, Unix
All versions
Vulnerability: rox-filer-insecure-permissions
X-Force URL: http://www.iss.net/security_center/static/9504.php

Date Reported: 07/03/2002
Brief Description: Pen netlog() buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux All versions, Pen 0.9.2 and earlier, Unix All
versions, Windows All versions
Vulnerability: pen-netlog-bo
X-Force URL: http://www.iss.net/security_center/static/9505.php

Date Reported: 07/09/2002
Brief Description: iPlanet Web Server search enabled NS-rel-doc-name
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: HP-UX 11.00, HP-UX 11i, iPlanet Web Server 4.1,
iPlanet Web Server 6.0, Red Hat Linux 6.2, Solaris
2.6, Solaris 7, Solaris 8, Tru64 DIGITAL UNIX 5.0A,
Tru64 DIGITAL UNIX 5.1, Tru64 DIGITAL UNIX 5.1A,
Windows 2000, Windows NT 4.0
Vulnerability: iplanet-search-bo
X-Force URL: http://www.iss.net/security_center/static/9506.php

Date Reported: 07/05/2002
Brief Description: kmMail "safe" tag cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: kmMail prior to 1.0b.1, Linux All versions, Unix
All versions, Windows All versions
Vulnerability: kmmail-safe-tag-xss
X-Force URL: http://www.iss.net/security_center/static/9507.php

Date Reported: 07/04/2002
Brief Description: Nagios plugin shell metacharacter command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux All versions, Nagios 1.0b3 and earlier
Vulnerability: nagios-plugin-command-execution
X-Force URL: http://www.iss.net/security_center/static/9508.php

Date Reported: 07/03/2002
Brief Description: Share360 cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: FreeBSD All versions, Linux All versions, Share360
1.1, Windows All versions
Vulnerability: share360-xss
X-Force URL: http://www.iss.net/security_center/static/9510.php

Date Reported: 07/07/2002
Brief Description: Linux kernel NR_RESERVED_FILES limit exceeded
denial of service
Risk Factor: Low
Attack Type: Host Based
Platforms: Linux kernel 2.4.x
Vulnerability: linux-file-limit-dos
X-Force URL: http://www.iss.net/security_center/static/9515.php

Date Reported: 07/09/2002
Brief Description: iPlanet Web Server search engine NS-query-pat
command can be used to view any file
Risk Factor: Medium
Attack Type: Network Based
Platforms: iPlanet Web Server 4.1, iPlanet Web Server 6.0,
Windows 2000, Windows NT
Vulnerability: iplanet-search-view-files
X-Force URL: http://www.iss.net/security_center/static/9517.php

Date Reported: 07/10/2002
Brief Description: GoAhead WebServer 404 message cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: GoAhead WebServer 2.1, Linux All versions, Novell
NetWare All versions, Windows 95, Windows 98,
Windows CE, Windows NT
Vulnerability: goahead-error-msg-xss
X-Force URL: http://www.iss.net/security_center/static/9518.php

Date Reported: 07/10/2002
Brief Description: GoAhead WebServer hexadecimal URL encoded "dot dot"
directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: GoAhead WebServer 2.1, Linux All versions, Novell
NetWare All versions, Windows 95, Windows 98,
Windows CE, Windows NT
Vulnerability: goahead-encoded-directory-traversal
X-Force URL: http://www.iss.net/security_center/static/9519.php

Date Reported: 07/10/2002
Brief Description: Apache Tomcat /servlet/ mapping cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux All versions, Tomcat 4.0.3, Windows All
versions
Vulnerability: tomcat-servlet-xss
X-Force URL: http://www.iss.net/security_center/static/9520.php

Date Reported: 07/09/2002
Brief Description: Icecast "dot dot" sequences could be used to
determine sensitive information
Risk Factor: Low
Attack Type: Network Based
Platforms: Icecast 1.3.12, Linux All versions, Windows All
versions
Vulnerability: icecast-dotdot-information-disclosure
X-Force URL: http://www.iss.net/security_center/static/9530.php

Date Reported: 07/07/2002
Brief Description: Double Choco Latte allows HTML injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: BSD All versions, Double Choco Latte prior to
20020706, Linux All versions, Unix All versions,
Windows All versions
Vulnerability: dcl-html-injection
X-Force URL: http://www.iss.net/security_center/static/9532.php

Date Reported: 07/10/2002
Brief Description: Fluid Dynamics Search Engine "Rank" and "Match"
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Fluid Dynamics Search Engine 2.0.0.0054 and prior,
Linux All versions, Unix All versions, Windows All
versions
Vulnerability: fd-search-xss
X-Force URL: http://www.iss.net/security_center/static/9533.php

Package: tcpdump
Date: 07-12-2002
Description: It is not currently known whether this buffer overflow is exploitable. If it were, an attacker could inject specially crafted packets into the network which, when processed by tcpdump, could lead to arbitrary code execution with the privileges of the user running tcpdump (typically `root').
Vendor Alerts:
FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2195.html

Package: ktrace
Date: 07-12-2002
Description: In theory, local users on systems where ktrace is enabled through the KTRACE kernel option might obtain sensitive information, such as password files or authentication keys. No specific utility is currently known to be vulnerable to this particular problem.
Vendor Alerts:
FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2196.html

Package: bind
Date: 07-15-2002
Description: "A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system."
Vendor Alerts:
Trustix Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2197.html
Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2200.html

Package: squid
Date: 07-15-2002
Description: Numerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft.
Vendor Alerts:
Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2204.html
Trustix Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2198.html

Package: modssl
Date: 07-16-2002
Description: The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Versions of mod_ssl prior to 2.8.10 are subject to a single NULL overflow that can cause arbitrary code execution. In order to exploit this vulnerability, the Apache Web server has to be configured to allow overriding of configuration settings on a per-directory basis, and untrusted local users must be able to modify a directory in which the server is configured to allow overriding. The local attacker maythen become the user that Apache is running as (usually 'www' or 'nobody').
Vendor Alerts:
Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2201.html
Caldera Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2202.html

Package: openssh
Date: 07-15-2002
Description: An remote attacker using an SSH client modified to send carefully crafted SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain superuser privileges on the server.
Vendor Alerts:
FreeBSD Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2199.html

Package: libpng
Date: 07-17-2002
Description: The 1.2.4* and 1.0.14 releases of libpng solve a potential buffer overflow vulnerability[1] in some functions related to progressive image loading. Programs such as mozilla and various others use these functions. An attacker could exploit this to remotely run arbitrary code or crash an application by using a specially crafted png image.
Vendor Alerts:
Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisor...sory-2203.html