Conectiva Linux Advisories: mc, libxml2, ethereal, openssl

Apr 01, 2004, 20:56 (0 Talkback[s])

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : mc
SUMMARY : Buffer overflow vulnerability
DATE : 2004-03-31 15:03:00
ID : CLA-2004:833
RELEVANT RELEASES : 8, 9

DESCRIPTION
Midnight Commander (MC) is a visual shell and a file manager for text consoles.

This update fixes a buffer overflow vulnerability[1] in the code that handles symlinks in the virtual filesystem module. An attacker could create a specially crafted archive (like a .tar.gz or a cpio file) containing symlinks that when opened by an mc user would trigger the execution of arbitrary code with its privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-1023 to this issue[2].

SOLUTION
All users of the mc package should upgrade.

REFERENCES
1.http://www.securityfocus.com/bid/8658/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : libxml2
SUMMARY : Buffer overflow vulnerability
DATE : 2004-03-31 18:05:00
ID : CLA-2004:836
RELEVANT RELEASES : 8, 9

DESCRIPTION
The XML C library (libxml2) is used by many programs to load and save extensible datastructures or to manipulate several kinds of XML files.

This update fixes a buffer overflow vulnerability[1,2] in the URI parsing code of the nanoftp and nanohttp modules of libxml2. An attacker can exploit this vulnerability to execute arbitrary code with the privileges of the user running an affected application. Depending of the scenario where this application is used, this vulnerability can be remotely exploitable.

SOLUTION
All users should update.

REFERENCES
1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110
2.http://www.securityfocus.com/bid/9718

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : ethereal
SUMMARY : Several remote vulnerabilities
DATE : 2004-03-31 17:50:00
ID : CLA-2004:835
RELEVANT RELEASES : 8, 9

DESCRIPTION
Ethereal[1] is a powerful network traffic analyzer with a graphical user interface (GUI).

This update fixes several vulnerabilities[2] in Ethereal:

CAN-2004-0176: Stefan Esser discovered thirteen buffer overflows in the dissector of the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP protocol dissectors[3].

CAN-2004-0365: Jonathan Heussser discovered a denial of service vulnerability in the RADIUS protocol dissector[4].

CAN-2004-0367: A zero-length presentation protocol selector can be exploited to cause a denial of service[5].

These vulnerabilities can be exploited by a attacker who is able to insert crafted packets in the wire being monitored by ethereal or make an user open a trace file with such packets inside. When reading this data, Ethereal will crash (characterizing a denial of service condition) or, in the case of the buffer overflow vulnerabilities, may execute arbitrary code with the privileges of the user running it (usually root).

SOLUTION
It is recommended that all Ethereal users upgrade their packages.

REFERENCES
1.http://www.ethereal.com/
2.http://www.ethereal.com/appnotes/enpa-sa-00013.html
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : openssl
SUMMARY : Remote denial of service vulnerabilities
DATE : 2004-03-31 16:49:00
ID : CLA-2004:834
RELEVANT RELEASES : 8, 9

DESCRIPTION
OpenSSL[1] implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as full-strength general purpose cryptography functions. It's used (as a library) by several projects, like Apache, OpenSSH, Bind, OpenLDAP and many others clients and servers programs.

This update fixes three denial of service vulnerabilities that affect OpenSSL versions distributed with Conectiva Linux:

CAN-2004-0079: Null-pointer assignment during SSL handshake[3]. A remote attacker can exploit this vulnerability by performing a specially crafted SSL handshake that will crash the application. This vulnerability was discovered by the OpenSSL team using the Codenomicon TLS Test Tool and affects OpenSSL versions distributed with Conectiva Linux 8 (0.9.6c) and 9 (0.9.7a).

CAN-2004-0081: Infinite loop when handling unknown TLS message types[4]. A remote attacker can exploit this vulnerability by sending specially crafted TLS messages, causing the application to enter an infinite loop. Conectiva Linux 9 (OpenSSL-0.9.7a) is not vulnerable to this issue.

CAN-2004-0112: Out-of-bounds read with Kerberos ciphersuites[5]. Stephen Henson discovered a vulnerability in the SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker can exploit it to crash an application which uses Kerberos ciphersuites. The OpenSSL version distributed with Conectiva Linux 8 (OpenSSL-0.9.6c) is not vulnerable to this issue and there are no known applications using Kerberos ciphersuites in Conectiva Linux 9.

SOLUTION
All openssl users should upgrade.

Please notice that in order to complete the upgrade process, you must restart all running aplications that are linked to openssl libraries after the new packages are installed. You can see a list of such applications using the lsof utility, as seen below:

# lsof | egrep '(libcrypto|libssl)'

Services (like apache and openssh daemons) can be restarted using the "service" command. For example:

# service httpd restart
# service sshd restart

REFERENCES
1.http://www.openssl.org/
2.http://www.openssl.org/news/secadv_20040317.txt
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0079
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0081
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0112

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

run: apt-get update
after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en

Top White Papers

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Conectiva Linux Advisories: mc, libxml2, ethereal, openssl